[Teas] AD review of draft-ietf-teas-ietf-network-slices-19
John Scudder <jgs@juniper.net> Tue, 30 May 2023 21:50 UTC
Return-Path: <jgs@juniper.net>
X-Original-To: teas@ietfa.amsl.com
Delivered-To: teas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3832CC151B03 for <teas@ietfa.amsl.com>; Tue, 30 May 2023 14:50:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 4.348
X-Spam-Level: ****
X-Spam-Status: No, score=4.348 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, GB_SUMOF=5, HTML_MESSAGE=0.001, HTML_TAG_BALANCE_BODY=0.1, LONGWORDS=2.035, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_HTML_ATTACH=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b="YV3F/n2X"; dkim=pass (1024-bit key) header.d=juniper.net header.b="jJnIA/qh"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8GenV2rnEewK for <teas@ietfa.amsl.com>; Tue, 30 May 2023 14:50:42 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19AA1C151B02 for <teas@ietf.org>; Tue, 30 May 2023 14:50:42 -0700 (PDT)
Received: from pps.filterd (m0108158.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 34ULN0cr001160; Tue, 30 May 2023 14:50:35 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : content-type : mime-version; s=PPS1017; bh=MS/9bHEzTPp8o6Y1jA8d7PnzpKt5hthqWk7ixBtDr2M=; b=YV3F/n2X3/lZZcvt6pK0VAYEeVrVEHsqsYc+8jqv3jxZdsLNlt0aGv5n4d05bqtfhUx3 jI1dqX7FZEVfFIGM7+LhniL60a+FRCaBwOQaopLPRahyEBzJQyte8EnLTOsp/aIFcJLS 6LxnsPpLAX7jMJ5fxTkhqb0mptlFBwW8zY9lGOQl+UZ01PBz94b1b+YKGHBv/XfVr09U j83qiakkEXLrmWcGff4qikOkvi5p0SKdlVPH1EbULAsQLOOGb/hoXi0+pXCcvJJ5M09x vYVERI8EBDZDzwe9/Ub6K0wpnIBqpMXk6D7sjP1STOnwlIMBMyqitVEnuZbIrgbLcz3r /Q==
Received: from dm4pr02cu002.outbound.protection.outlook.com (mail-centralusazlp17013030.outbound.protection.outlook.com [40.93.13.30]) by mx0a-00273201.pphosted.com (PPS) with ESMTPS id 3qwpt7r8ne-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 30 May 2023 14:50:33 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KubCIEoHn9Taxbx4NBejU3r9GAB2lee6zMUyPGi56ziQ6uAeUudjHSkfOleRtxfbeftlx3VutoxveyY4Hm+ix5ETK3rZ9GnzTdGEB0CKFFtldIeQJjYVdh2kH2GcsaQinFs+YSJAjvKtOItBBPOKo+Ecj2T+yZdVtcUngvOsKZEj5U0kBFQei2szKvhOJAewMu+GLGp4lqaldCOO/sdTKuCRN4pLziZb0FV6AcEMVXrpQNNzSAzNN81I+4nPu2tzvEQ1YDJg/s7ofJJw4mxrq31Lkva34AJIBoId5Vp65tgOJMCKf3Bt1PukKVHswQRgRuyMb8NIOycVaYRSrvMNEw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MS/9bHEzTPp8o6Y1jA8d7PnzpKt5hthqWk7ixBtDr2M=; b=iecF+XWJ4hviiIvv/2Axu8MWNT5dwbskvb+1RIX06S5FDaAjuvjTEllnxkOfFdOl8xl8nOI2/KFEC+K9YT2lB2167m5xJHQEPagGB3oK7n8PUqpRBoJ3iFQYKhuYes41GYQq+w3XXZWvmJemlU9AcYu5ycxObbBPqH5iCarx/OFOejtFVZVul0sMMrgukAZ4jESxpCbkfJ6TIYv5M0FL21IuyyTizHp3EBTBZXD0ScZSop+krzTK4ZpOf4b1nkoO5tr5MahXVsi7aEs3OtAHfyt/RfCJx/LBR3yp8VvNmq37W/yzYyiqiz/foEJ4paxNzHAy9nDCTTPnuq1+jqxuZQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MS/9bHEzTPp8o6Y1jA8d7PnzpKt5hthqWk7ixBtDr2M=; b=jJnIA/qh8/EKvEJ5lDf6mbakVTDxkFL48RYD83lDJkWbBBuuTx7p9Ymbsv3AIYqOLt44LulVuT/m5SFJm8T82mQL9aa0Y2pbrMpw7HiBaEy88wWmrsqBqRGfUqyf2ctVD3UjL29y5B1ODrsQ0cXbytSayKGifUCmuNODLVenuOk=
Received: from MN2PR05MB6109.namprd05.prod.outlook.com (2603:10b6:208:c4::20) by SN7PR05MB7567.namprd05.prod.outlook.com (2603:10b6:806:f5::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.23; Tue, 30 May 2023 21:50:29 +0000
Received: from MN2PR05MB6109.namprd05.prod.outlook.com ([fe80::9ab0:387b:409:ee41]) by MN2PR05MB6109.namprd05.prod.outlook.com ([fe80::9ab0:387b:409:ee41%7]) with mapi id 15.20.6455.020; Tue, 30 May 2023 21:50:28 +0000
From: John Scudder <jgs@juniper.net>
To: "shunsuke.homma.ietf@gmail.com" <shunsuke.homma.ietf@gmail.com>, Adrian Farrel <adrian@olddog.co.uk>, "luismiguel.contrerasmurillo@telefonica.com" <luismiguel.contrerasmurillo@telefonica.com>, Jeff Tantsura <jefftant.ietf@gmail.com>, "kiranm@futurewei.com" <kiranm@futurewei.com>, "rrokui@ciena.com" <rrokui@ciena.com>, John E Drake <jdrake@juniper.net>
CC: Vishnu Pavan Beeram <vbeeram@juniper.net>, "teas@ietf.org" <teas@ietf.org>
Thread-Topic: AD review of draft-ietf-teas-ietf-network-slices-19
Thread-Index: AQHZk0C/VX/MlEap6EO8hYRb4VhOGg==
Date: Tue, 30 May 2023 21:50:28 +0000
Message-ID: <8A15C3B8-3CE8-4967-9C04-900679795549@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3696.120.41.1.2)
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN2PR05MB6109:EE_|SN7PR05MB7567:EE_
x-ms-office365-filtering-correlation-id: 2fa145a2-b891-4839-cb2b-08db6157e225
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: tuC++BULUcZjr94/A/4/rsl/hMJQqaQ+am6KYyAQ558tGJvYV9+iIWFHDvoHuhkRr0rB/92QLq1YyzLYaMDpp7TX+X4OH/AQTACN9uq+YV2fNebdSMc059qC9aXqh4RTj5krHrwwpJGzzQHoIVPWj516z17V3I/jUh5JK6HP8FXnmlAFjpdNbK0MRsx+J+qSXfKkW1Hg1lNI4qcY3akzrW5HC3sRwmcXOsOLdwT2ZUf2rTY5RZ9vuilTejccugoJNR/PLFRYr2uWR5IovYFqFeWhYHAhPbspQylvQzweZ8gTysy4z4zxZAZspzuwxEMctCrDsKOND8RIr5VxtdORCk1E93uccuTrL9pCCYYhyWdaZaOM3TvdRt796uHttVyrOuyaHn//ZXTndxVppTb4pQgCCwZ8TqwT4GWLJp55HQuuqZUn4Toys4Z7KQYOjfXp2Af1wFgcZvTAmi/GOLiQxiJS1nyiokIrSAL9yBs5REIg5sW7N1xGMiLlwrXPBwTu3CMK9L2XM2XhXqgTFeeZEXe55yxT02EigadZ/KUctiYr9HAi17fvNZVzpDIF4feKsbrkt7I4B5bZ40EtbE7nXs793xZPrk9hDakiixS3aTzNElhzupAdMMhzP9hjvkxv
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR05MB6109.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(376002)(346002)(136003)(396003)(39860400002)(366004)(451199021)(478600001)(8676002)(8936002)(110136005)(54906003)(33656002)(41300700001)(5660300002)(86362001)(71200400001)(6486002)(316002)(4326008)(6636002)(64756008)(66556008)(76116006)(66446008)(66476007)(91956017)(6512007)(66946007)(6506007)(26005)(66899021)(38070700005)(186003)(83380400001)(2616005)(30864003)(2906002)(36756003)(38100700002)(122000001)(99936003)(45980500001)(579004); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: lnpKHnObPS1En5sTHTf9dSXjxF7sHQBvlYmMmxkpdCbXTcbSIDHN9T6vm1B2T6BPFAignAyUuIYWgSdNorl8lsZu6NF0gqt2iTx3Sn7jrImyAzU2dNI/z7DZ9IeKMDlcANYpOcF3KhlR7umUxeLXZFUE9yzk1TB5g7jA+Ig2/T/TKOzUtfVPRwjyuPbAiReUkU5AeDc2wjbznWAUOBn4kjgiONV/L9g1y/HoZZrs641a5igxLNfCTF6zWYEO+tyNwtNsBE3PPj658oM0/azHDlx3RoEDCvbCtWhLu7RQlbN7wGG7LUJuOXqykwuVryq92l/SfVjoF2DxspDcaaCqJC3Ecyj5YB78Kh6aopdR9xZ9BwHfN5qf3XHI/CywWOcSEh9abSxwVolkXRQ2VDTvjOQ33xAaBMPGYhZ17XNK+15H5kPFlprhkkQ/R5rp8ckJNlaQRpjV26Sn/Y1fGUKVVlhn76f3FAIsdKxW/C+kkQyDJMbEP3Z4ykGFEWjwg0ZAH5jkpPXoKCrW8w9tdFrVGhKkPqAQi731mgPhnJ6d7XhEjGY5surGqNh7y44Cfts0oORg+/82T1Y6UCPQOYPx/m7TY9FfPmCr+fX6DM6imwEcWa+xx3K9y7KlkXrIQeeqDBcQJnD9Spsy+K/tonsqkoC4qVd5crPidQyTSrLCpzHZ+Q2bNMt0sk8fqsb4APqPkD4OMTjRN1oDB/F4m4jx8PRg80KQAnaPJvFT9VtVACOJjLutdPVjLv5rmRVmCbr1qUT7Tm/DroA2kcOGcl1A9cNZuJFy869suRqriTII6iHCDTyTeoYi64gDFo5faGd2ftw5rxVnHhfN0NyfpJDeMkOoKUIGpVqel3MMcclQbp5RA6KAKJqsJSzqh/5srDA8Q8QAMvcnLQ6edx0OeietDAwjiBMbShSFRoQts+aUDs6TWNZPOFFdinPkUHvIdRIG05LYsNGEmcluyb1fJgzhCRwdEux/lNCXY00eDKpnZVkNLYHV1GT7Eg8GiQOhoJAnO83g+HEPrR/2cqU9oFYhIsBOJbaojzwW1yT0YnIOOhS1dfPNRTyGsh/4xqt88DE8FmYIRj7XQlc7qUQaeZ1Afp2h26ZA8BY9m0CUhe0Lg/hscp5jDEXP+0O7w3BARH57uzDW/6EHRXDvIKEdj4LpiLssCiLLAJfi5DDeaaG1ISuNWsL4FdojKZdyp7bLtbGpudBpe7Mn+NT1+0PRMNeWTdauQS/RMARBO0aLWDhzC+BC4oOuJQABoaCBVituQnWn6ArheGIo2JBZvvV4SZEc+jJFnoYHkS8hHGd0xuzfDDOdjiQ2omBOMphcw/4rfSp6Oq8cHXCApKGWcDMa9wDodxF3Z38Fn3vnkjmAi3wRk3ZSoFY53tjesyT/ulEIeasciElYarf7Y0PcbF4UiUg35nzEuiuR/CEzdDv6gu4eP0Mjkn1M9/Q4vtpXKD1n7PAuJqLdedJMsj9c7lSLjKdGdXVVm+nb0icGt5zP2FU43C/drQhBouLgenRMiWpnV1vQgseEwPeh2fxZO3np+yYw65z29x6lGW5JTVtAZWG0GzBh99jFiFsFqes3r/bhx4zI
Content-Type: multipart/mixed; boundary="_003_8A15C3B83CE849679C04900679795549junipernet_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR05MB6109.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2fa145a2-b891-4839-cb2b-08db6157e225
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 May 2023 21:50:28.7172 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 4oNENolEGnyR+b6It1bnoO9Yp8aTTgMsFKfq/3cKIwbtRdYl1bPLbWadT7wd/l9v
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR05MB7567
X-Proofpoint-ORIG-GUID: kbbhiE5almY2v8s4bsJu4eJz_HsD6lUU
X-Proofpoint-GUID: kbbhiE5almY2v8s4bsJu4eJz_HsD6lUU
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-05-30_16,2023-05-30_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 mlxscore=0 spamscore=0 mlxlogscore=999 impostorscore=0 bulkscore=0 adultscore=0 phishscore=0 clxscore=1011 malwarescore=0 lowpriorityscore=0 suspectscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2304280000 definitions=main-2305300177
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas/906dGX3cal__6A6jgT0uNjFMUjo>
Subject: [Teas] AD review of draft-ietf-teas-ietf-network-slices-19
X-BeenThere: teas@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teas>, <mailto:teas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas/>
List-Post: <mailto:teas@ietf.org>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teas>, <mailto:teas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 May 2023 21:50:46 -0000
Hi Authors, WG, Thanks for this well-written document. I’ve supplied my questions and comments in the form of an edited copy of the draft. Minor editorial suggestions I’ve made in place without further comment, more substantive questions and comments are done in-line and prefixed with “jgs:”. You can use your favorite diff tool to review them; I’ve attached the iddiff output for your convenience if you’d like to use it. I’ve also pasted a traditional diff below in case you want to use it for in-line reply. Thanks, —John --- draft-ietf-teas-ietf-network-slices-19.txt 2023-05-30 16:23:10.000000000 -0400 +++ draft-ietf-teas-ietf-network-slices-19-jgs-comments.txt 2023-05-30 17:43:02.000000000 -0400 @@ -175,6 +175,9 @@ * Network infrastructure sharing among operators * NFV connectivity and Data Center Interconnect +-- +jgs: please expand "NFV" on first use +-- Further analysis of the needs of IETF Network Slice service customers is provided in [I-D.ietf-teas-ietf-network-slice-use-cases]. @@ -193,6 +196,9 @@ interfaces and technologies. For example, virtual private networks (VPNs) have served the industry +-- +jgs: example of what? +-- well as a means of providing different groups of users with logically isolated access to a common network. The common or base network that is used to support the VPNs is often referred to as an underlay @@ -292,7 +298,7 @@ * SLO: Service Level Objective - The meaning of these abbreviations is defined in greater details in + The meaning of these abbreviations is defined in greater detail in the remainder of this document. 3.2. Core Terminology @@ -315,7 +321,7 @@ Network Slice service. A provider is the network operator that controls the network resources used to construct the network slice (that is, the network that is sliced). The provider's network - maybe a physical network, or may be a virtual network created + may be a physical network, or may be a virtual network created within the operator's network or supplied by another service provider. @@ -326,6 +332,10 @@ functions, and PEPs (Performance Enhancing Proxy). In some circumstances CEs are provided to the customer and managed by the provider. +-- +jgs: maybe it's just me but I would have benefited from a reference for +HTTP header enrichment +-- Provider Edge (PE): The device within the provider network to which a CE is attached. A CE may be attached to multiple PEs, and @@ -343,6 +353,12 @@ exchanged. An AC is, by definition, technology specific: that is, the AC defines how customer traffic is presented to the provider network. The customer and provider agree (through configuration) +-- +jgs: Is "through configuration" meant to be limiting? The way you've +written it, it is, that is to say you've ruled out the customer and +provider agreeing through some other means, such as a protocol. Maybe +"for example, through configuration"? +-- on which values in which combination of layer 2 and layer 3 header and payload fields within a packet identify to which {IETF Network Slice service, connectivity construct, and SLOs/SLEs} that packet @@ -513,7 +529,7 @@ 4.2.1. Connectivity Constructs The approach of specifying a Network Slice service as a set of SDPs - with connectiviy constructs, results in the following possible + with connectivity constructs, results in the following possible connectivity constructs: * For a P2P connectivity construct, there is one sending SDP and one @@ -662,9 +678,22 @@ address, or it may be a placeholder, e.g., IPTV or DNS server, which is resolved within the provider's network when the IETF Network Slice service is instantiated. +-- +jgs: I found this paragraph hard to follow, especially the first +sentence. AFAICT the ancillary CE construct is introduced as a way +of allowing the SP to include application-layer things as part of +their offering. I wonder if there is some more straightforward way +of saying this. +-- Thus, an ancillary CE may be a node within the provider network (i.e., not a CE). An example is a node that provides a service +-- +jgs: "an ancillary CE" is "not a CE". Unless you're deliberately +trying to wake the reader up by making them resolve a quick paradox, +it would probably be better to add an adjective, as in "not a conventional +CE". +-- function. Another example is a node that acts as a hub. There will @@ -808,10 +837,10 @@ the IETF Network Slice service that a customer requests. These would be specified in further documents. - If the IETF Network Slice service is traffic aware, other traffic - specific characteristics may be valuable including MTU, traffic-type - (e.g., IPv4, IPv6, Ethernet or unstructured), or a higher-level - behavior to process traffic according to user-application (which may + If the IETF Network Slice service is traffic-aware, other traffic + specific characteristics may be valuable including MTU, traffic type + (e.g., IPv4, IPv6, Ethernet, or unstructured), or a higher-level + behavior to process traffic according to user application (which may be realized using network functions). 5.1.2. Service Level Expectations @@ -1130,7 +1159,7 @@ dedicated network resources and/or functions allocated in a shared underlay network to satisfy the needs of the IETF Network Slice service customer. In at least some examples of underlay network - technologies, the integration between the overlay and various + technologies, integration between the overlay and various underlay resources is needed to ensure the guaranteed performance requested for different IETF Network Slices. @@ -1241,6 +1270,9 @@ exposed to the customer. (Note - a customer should not use network information not exposed via the IETF Network Slice Service Interface, even if that information is available.) +-- +jgs: Instead of "should not use" perhaps "should not rely on"? +-- * Scalability: Customers do not need to know any information concerning network topology, capabilities, or state beyond that @@ -1251,7 +1283,7 @@ This framework document does not assume any particular technology layer at which IETF Network Slices operate. A number of layers - (including virtual L2, Ethernet or, IP connectivity) could be + (including virtual L2, Ethernet, or IP connectivity) could be employed. Data models and interfaces are needed to set up IETF Network Slices, @@ -1306,8 +1338,8 @@ implements them using a suitable underlay technology. An IETF NSC is the key component for control and management of the IETF Network Slice. It provides the creation/modification/deletion, monitoring - and optimization of IETF Network Slices in a multi-domain, a multi- - technology and multi-vendor environment. + and optimization of IETF Network Slices in a multi-domain, multi- + technology, and multi-vendor environment. The main task of an IETF NSC is to map abstract IETF Network Slice service requirements to concrete technologies and establish required @@ -1330,6 +1362,15 @@ exposed by this interface communicates the Service Demarcation Points of the IETF Network Slice, IETF Network Slice SLO/SLE parameters (and possibly monitoring thresholds), applicable input +-- +jgs: Here and in at least one place following you talk about SLE parameters +as being something that can be exposed in a programmatic interface. Is it +then intended that all SLEs although not directly measurable, must be +expressible in this fashion? I guess this might be worth saying, because +I had read Section 5.1.2 as meaning that an SLE is more or less, anything +I can write into a contract -- and as anyone who has reviewed a contract +knows, that doesn't rule out very much. +-- selection (filtering) and various policies, and provides a way to monitor the slice. @@ -1366,6 +1407,11 @@ construct and IETF network slice and necessary according to the realization solution, and how traffic should be treated to meet the SLOs and SLEs of the connectivity construct. +-- +jgs: I found the above sub-bullet hard to understand. At minimum it needs +some repair around "and necessary according", but while you're at it, +please consider overall readability of the paragraph. +-- * Collects telemetry data (e.g., OAM results, statistics, states, etc.) via a network configuration interface for all elements in @@ -1375,6 +1421,11 @@ parameters using the telemetry data from the underlying realization of an IETF Network Slice (i.e., services/paths/ tunnels). Exposes this performance to the IETF Network Slice +-- +jgs: is the forgoing really an "i.e." or is it an "e.g."? I would have +thought the latter since otherwise you're prescribing the acceptable +realization mechanisms. +-- service customer via the IETF Network Slice Service Interface. The IETF Network Slice Service Interface may also include the capability to provide notifications if the IETF Network Slice @@ -1421,7 +1472,7 @@ +------------------------------------------+ | Customer higher level operation system | - | (e.g E2E network slice orchestrator, | + | (e.g. E2E network slice orchestrator, | | customer network management system) | +------------------------------------------+ A @@ -1686,6 +1737,15 @@ underlay network. This could be a physical network, but may be a virtual network. The underlay network is provisioned through network controllers that may utilize device controllers [RFC8309]. +-- +jgs: Although RFC 8309 mentions "device controllers" in one place,[*] it +doesn't define the term anywhere. Possibly a careful read of RFC 8309 would +leave me with an understanding of what a "device controller" is, but I +don't think it's a clean cite as written. + +[*] Third paragraph of Section 1, inconveniently line-broken so a search +for "device controller" won't find it. +-- The underlay network may optionally be filtered or customized by the network operator to produce a number of network topologies that we @@ -1693,8 +1753,12 @@ specific resources (e.g., nodes and links) from the underlay network according to their capabilities and connectivity in the underlay network. These actions are configuration options or operator +-- +jgs: What are "these actions"? Filtering and customization? If so I'd +suggest writing that instead of "these actions". +-- policies that preselect links and nodes with certain performance - characteristics to enable more easy construction of NRPs (see below) + characteristics to enable easier construction of NRPs (see below) that can reliably support specific IETF Network Slice SLAs: for example, preselection of links with certain security characteristics, preselection of links with specific geographic properties, or mapping @@ -1742,6 +1806,9 @@ Realizations of an NRP may be built on a range of existing or new technologies, and this document explicitly does not constrain solution technologies. +-- +jgs: You don't really need "explicitly" above, though you do you. +-- One or more connectivity constructs from one or more IETF Network Slices are mapped to an NRP. A single connectivity construct is @@ -1818,14 +1885,23 @@ respond that the slice has or has not been created, and may supplement a negative response with information about what it could support were the customer to change some requirements. +-- +jgs: I found the "and supplement a negative response" in the two bullets +above to be curious. It seems rather open-ended, after all, "change some +requirements" doesn't leave much out, and the universe of what it +*could* support might be large. Further, it's a little weird to think +about how to represent this in a programmatic interface. I would have +imagined it more straightforward both in representation, and execution, +to indicate what requirement(s) caused the request to fail. +-- * When processing a customer request for an IETF Network Slice service, an NSC maps the request to the network capabilities and applies provider policies before creating or supplementing the NRP. - Regardless of how IETF Network Slice is realized in the network - (i.e., using tunnels of different types), the definition of the IETF + Regardless of how a IETF Network Slice is realized in the network + (e.g., using tunnels of different types), the definition of the IETF Network Slice service does not change at all. The only difference is how the slice is realized. The following sections briefly introduce how some existing architectural approaches can be applied to realize @@ -1871,6 +1947,13 @@ services, by utilizing an approach that is based on existing VPN and TE technologies and adds characteristics that specific services require over and above VPNs as they have previously been specified. +-- +jgs: depending on what you mean, either "adds" should be "adding", or +you should make it clear that the final clause is not associated with +the "by utilizing" part. The latter would most straightforwardly be +accomplished by putting a period after "TE technologies" and starting +the resulting new sentence like "It adds..." +-- An enhanced VPN can be used to provide enhanced connectivity services between customer sites and can be used to create the infrastructure @@ -1926,6 +2009,9 @@ At this stage, it is inappropriate to mention any of these proposed solutions that are currently work in progress and not yet adopted as IETF work. +-- +jgs: I might have said "cite" instead of "mention". +-- 7.6. Network Slicing and Service Function Chaining (SFC) @@ -2020,6 +2106,12 @@ paths for critical traffic, dedicating specific network resources for a selected number of IETF Network Slices. +-- +jgs: The way that last sentence is written, I *think* what you mean is +"... reserving backup paths for critical traffic, in other words, dedicating +specific network resources...". On first reading, it seemed like two +unrelated things. +-- 9. Management Considerations @@ -2044,9 +2136,9 @@ some aspects of security may be expressed in SLEs. IETF NSC authentication: Underlay networks need to be protected - against the attacks from an adversary NSC as this could + against attacks from an adversary NSC as these could destabilize overall network operations. An IETF Network Slice may - span across different networks, therefore, an NSC should have + span different networks, therefore, an NSC should have strong authentication with each of these networks. Furthermore, both the IETF Network Slice Service Interface and the Network Configuration Interface need to be secured. @@ -2055,7 +2147,7 @@ requests means that it should not be possible to attack an IETF Network Slice service by varying the traffic on other services or slices carried by the same underlay network. In general, - isolation is expected to strengthen the IETF Network Slice + isolation is expected to strengthen IETF Network Slice security. Data Integrity of an IETF Network Slice: A customer wanting to @@ -2094,15 +2186,31 @@ underlay network (and other) resources from other virtual networks sharing those resources. - For example, if a service requires a specific upper bound of latency, + For example, if a service requires a specific upper bound on latency, then that service can be degraded by added delay in transmission of service packets caused by the activities of another service or application using the same resources. +-- +jgs: my proofreading correction notwithstanding, I don't understand the +above paragraph. +-- Similarly, in a network with virtual functions, noticeably impeding access to a function used by another IETF Network Slice (for instance, compute resources) can be just as service-degrading as delaying physical transmission of associated packet in the network. +-- +jgs: I found this one difficult too. I guess taking the last three +paragraphs together, you're saying (paragraph one) virtualization is +hard, (paragraph two) if you get it wrong you can blow your latency +SLO, (paragraph three) virtualized upper-layer functions matter too? + +To some extent I think none of this needs to be in the SecCons; after +all, much of the document is *about* providing isolation between +different slices. So I for one would be OK with fixing it by reducing +or cutting the text. But if not, I encourage you to consider whether +there's some clearer way to put it. +-- 11. Privacy Considerations @@ -2473,13 +2581,13 @@ Appendix A. Examples - This appendix contains realisation examples. This is mot intended to - be a complete set of possible deployments. Nor does it provide + This appendix contains realisation examples. This is not intended to + be a complete set of possible deployments, nor does it provide definitive ways to realise these deployments. The examples shown here must not be considered to be normative. The descriptions of terms and concepts in the body of the document take - precedence. The examples + precedence. A.1. Multi-Point to Point Service @@ -2554,7 +2662,7 @@ constructs (CE1-CE2 and CE2-CE3 represented as *** in the figure). Alternatively, the service function for the same CE1 to CE3 flow may - be hosted at a node within the network operator's. This is an + be hosted at a node within the network operator's infrastructure. This is an ancillary CE in the IETF Network Slice service that the customer requests. This service contains two P2P connectivity constructs (CE1-ACE1 and ACE1-CE3 represented as ooo in the figure). How the @@ -2566,7 +2674,7 @@ is able to provide the service function, but not know the location of the ancillary CE at which the service function is hosted. Indeed, it may be that the service function is hosted at a number of ancillary - CEs (ACE2, ACE3, and ACE4 in the figure): the customer may or know + CEs (ACE2, ACE3, and ACE4 in the figure): the customer may know the identities of the ancillary CEs, but be unwilling or unable to choose one; or the customer may not know about the ancillary CEs. In this case, the IETF Network Slice Service request contains two P2P @@ -2608,6 +2716,9 @@ connectivity constructs. For the P2MP case, does nor specify a single P2MP connectivity +-- +jgs: Possibly "does nor" was supposed to say "the customer does not"? +-- construct (in this case, CE3-{CE1+CE2}), but requests three P2P connectivity constructs (as CE3-Hub, Hub-CE1, and Hub-CE2). It is the hub's responsibility to replicate the traffic from CE3 and send @@ -2776,7 +2887,7 @@ It may be that end-to-end connectivity is achieved using a set of cooperating networks as described in Section 5.3. For example, there - may be multiple inter-connected networks that provide the required + may be multiple interconnected networks that provide the required connectivity as shown in Figure 11. The networks may utilize different technologies and may be under separate administrative control. @@ -2813,7 +2924,7 @@ are sliced individually and coordination is necessary to deliver the desired connectivity. The network to network interfaces (NNIs) are present as SDPs for the IETF Network Slices in each network so that - each network is individually sliced. In the example in Figure 11, + each network is individually sliced. In the example in Figure 12, this is illustrated as network 1 (N/w1) being sliced between SDP1 and SDPX, N/w2 being sliced between SDPY and SDPU, etc. The coordination activity involves binding the SDPs, and hence the connectivity @@ -2837,6 +2948,11 @@ with Inter- connected Networks The controller/coordinator relationship is shown in Figure 13. +-- +jgs: It seems as though the "coordinator" construct introduced here +deserved to get a paragraph in the main body text, instead of being +relegated to a casual mention in a sub-appendix. +--
- [Teas] AD review of draft-ietf-teas-ietf-network-… John Scudder
- Re: [Teas] AD review of draft-ietf-teas-ietf-netw… Adrian Farrel
- Re: [Teas] AD review of draft-ietf-teas-ietf-netw… Adrian Farrel
- Re: [Teas] AD review of draft-ietf-teas-ietf-netw… John Scudder
- Re: [Teas] AD review of draft-ietf-teas-ietf-netw… Adrian Farrel