Re: [Teas] [non-zip]RE: A question about draft-ietf-teas-te-service-mapping-yang

Adrian Farrel <adrian@olddog.co.uk> Thu, 15 April 2021 20:19 UTC

Return-Path: <adrian@olddog.co.uk>
X-Original-To: teas@ietfa.amsl.com
Delivered-To: teas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E9773A2D78; Thu, 15 Apr 2021 13:19:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.783
X-Spam-Level:
X-Spam-Status: No, score=0.783 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MAY_BE_FORGED=2.699, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XcNIJ6oAadH8; Thu, 15 Apr 2021 13:18:58 -0700 (PDT)
Received: from mta6.iomartmail.com (mta6.iomartmail.com [62.128.193.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B29543A2D73; Thu, 15 Apr 2021 13:18:57 -0700 (PDT)
Received: from vs1.iomartmail.com (vs1.iomartmail.com [10.12.10.121]) by mta6.iomartmail.com (8.14.4/8.14.4) with ESMTP id 13FKIslL030318; Thu, 15 Apr 2021 21:18:54 +0100
Received: from vs1.iomartmail.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0E7222203B; Thu, 15 Apr 2021 21:18:54 +0100 (BST)
Received: from asmtp2.iomartmail.com (unknown [10.12.10.249]) by vs1.iomartmail.com (Postfix) with ESMTPS id EC7542203A; Thu, 15 Apr 2021 21:18:53 +0100 (BST)
Received: from LAPTOPK7AS653V (74.197.bbplus.pte-ag1.dyn.plus.net [81.174.197.74] (may be forged)) (authenticated bits=0) by asmtp2.iomartmail.com (8.14.4/8.14.4) with ESMTP id 13FKInnI017927 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 15 Apr 2021 21:18:50 +0100
Reply-To: <adrian@olddog.co.uk>
From: "Adrian Farrel" <adrian@olddog.co.uk>
To: "'Ogaki, Kenichi'" <ke-oogaki@kddi.com>, "=?UTF-8?Q?'Oscar_Gonz=C3=A1lez_de_Dios'?=" <oscar.gonzalezdedios@telefonica.com>, "'Dhruv Dhody'" <dhruv.ietf@gmail.com>
Cc: <draft-ietf-teas-te-service-mapping-yang@ietf.org>, "'TEAS WG'" <teas@ietf.org>, <ta-miyasaka@kddi.com>, <ry-fukui@kddi.com>
References: <TY2PR01MB3562540E0CC73E39184AB8F4904E9@TY2PR01MB3562.jpnprd01.prod.outlook.com>
In-Reply-To: <TY2PR01MB3562540E0CC73E39184AB8F4904E9@TY2PR01MB3562.jpnprd01.prod.outlook.com>
Date: Thu, 15 Apr 2021 21:18:48 +0100
Organization: Old Dog Consulting
Message-ID: <00d501d73234$8dae2f50$a90a8df0$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_00D6_01D7323C.EF752F60"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQJbEZy+LUeCoYPkeJUGaKW4My6P/KmuLlIw
Content-Language: en-gb
X-Originating-IP: 81.174.197.74
X-Thinkmail-Auth: adrian@olddog.co.uk
X-TM-AS-GCONF: 00
X-TM-AS-Product-Ver: IMSVA-9.0.0.1623-8.2.0.1013-26094.002
X-TM-AS-Result: No--15.543-10.0-31-10
X-imss-scan-details: No--15.543-10.0-31-10
X-TMASE-Version: IMSVA-9.0.0.1623-8.2.1013-26094.002
X-TMASE-Result: 10--15.543400-10.000000
X-TMASE-MatchedRID: 8HTFlOrbAtHxIbpQ8BhdbI61Z+HJnvsOOxjb9QQbt+QrxUs8Nw/2fn7l TvgE+xJyOelJXrqHws1d/rEYPrbJUWNB3r4i/hp1xVQFfLw4zf+lhc243Qzx9TGnMWgJkpRotoa 372/xU0N/dg6kUxmzhsbHioG8KFDpOjl3g2p4XXByxbfjhbMtyHH9gj5nlAmStfDUisJZGntVcX P3eMLfF1Udag+8fyZT0ewWeSi3LUkKlOLZpoNxyNDpfiDMTFm7Dvc/j9oMIgW2duf1KYOL/NOsO e65m68W9LXRiCO6ekzZq7KnwCRxJor66epvBOvDTZa3qzG2hgC1/ZtMczrMRijCkOoEU36vPieV RgmhMn9tIv0A3hSOW3gRM43TwoXJAR5S4/o46aI14ETxvAKbsiIk3dpe5X+h8XwYMdE34i2RHno f8YOK/Y8L7nnbdh8cdXIESSxAXRwO0G36v8LMKvGSfx66m+aMtpNO59/WrhprBXz6g6OAdTde18 J/6zdzSbUj0ewgHPORT2RRsSFe2UGpYFFdx/uz5dgjTPgwOPSZrgJQpYk0s9jo8uM+0y8OfQ28T 7selJyEyi522pjiFtHv8kXlv4issaLhFLnhBw4OOK9P8WgPzXuD4ZSjCHdRjeQUVA0FKpHis28O hvFZGVVkg3S0cPgffylF9exmNpv1s8eCOeeiYAPZZctd3P4BZbvACQZDzTCvloAnGr4qhmw4zGB 4CrdZPanTAYrU1JSssgH08nDQaVqNtEVB3mh49cb9iRwZHB+pvf+jmz45w/A56pGWxGWYciKfaF fvUqtcVrYp3WyMWHVdLuwj7h9qxCM37nrsLxOeAiCmPx4NwGmRqNBHmBveGtkvK5L7RXGw7M6dy uYKg4VH0dq7wY7uZF5C35Br5k1WH/kvAp03GVK0p507nFHHlMUvnz82vG4nlpYCQQauZw==
X-TMASE-SNAP-Result: 1.821001.0001-0-1-12:0,22:0,33:0,34:0-0
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas/AlIKWWJsJxo-zP7x7lQS7Sp2lTI>
Subject: Re: [Teas] [non-zip]RE: A question about draft-ietf-teas-te-service-mapping-yang
X-BeenThere: teas@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teas>, <mailto:teas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas/>
List-Post: <mailto:teas@ietf.org>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teas>, <mailto:teas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Apr 2021 20:19:03 -0000

Thanks for continuing this discussion, Kenichi. I believe it is helping me to understand the differences as well.

 

What I find very significant is that in all your figures you place the VN insider the Provider space.

 

In the case of “VN as a service” (Yes, we agree that no one is offering this as a service to external customers yet, but perhaps it is offered as a service to other divisions of the same company? In that case, the “consumer” should be treated as a separate administrative organisation.) the VN is *realised* inside the Provider space, but it is handed over to the Consumer as a separate network that the Consumer operates. I would draw…

 

         +----------+

         | VPN as a | CNC-1 (Controller for VPN)

         | service  |  :

         +----------+-CMI-LxSM-VPN service request-----

         |          |  :

         |   VPN    | MDSC-1 VPN Orchestrator (LxNM)

         | instance |  : 

         |          |  :       CNC-2 (Controller for VN)

         |          |  :         :

Consumer +----------+-MPI-------CMI VN service request-

         |          |  :         : 

---------|   VN     | PNC-1 (VN) :

         | instance |          MDSC-2 VN Orchestrator

         |          |            :  

Provider +----------+-----------MPI--------------------

         | Physical |            : 

         | Network  |          PNC-2 (Phys network)

         +----------+

 

A bit complicated 😊 But this is the consequence of providing a service on top of another service

 

In the other situations, where the VN is entirely inside the Provider network, the Consumer is actually unaware that there is a VN. The Consumer just asks for a VPN service to be provided by the Provider. If the Provider chooses to build a VN to support the Consumer’s VPN that is a private matter for the Provider – It is a bit like the Provider deciding to make some network slices to support different customer requests.

 

Essentially, where a VN is used, this figure remains exactly the same except that the line separating the Consumer and the Provider can be moved upwards when the VN is hidden from the Consumer.

 

Of course, an implementation may bundle MDSC-1 with CNC-2 into a single code component. Similarly, PNC-1 and MDSC-2 may be bundled together.

 

Best,

Adrian

 

From: Ogaki, Kenichi <ke-oogaki@kddi.com> 
Sent: 14 April 2021 02:27
To: adrian@olddog.co.uk; 'Oscar González de Dios' <oscar.gonzalezdedios@telefonica.com>om>; 'Dhruv Dhody' <dhruv.ietf@gmail.com>
Cc: draft-ietf-teas-te-service-mapping-yang@ietf.org; 'TEAS WG' <teas@ietf.org>rg>; ta-miyasaka@kddi.com; ry-fukui@kddi.com
Subject: [non-zip]RE: [Teas] A question about draft-ietf-teas-te-service-mapping-yang

 

Hi Adrian,

 

I understood what’s difference between what you and I see.

I don’t object the following Scenario 1) and 3) at all, but I have seen Scenario 2) with te-service-mapping-yang as a first scenario, once VN service emerges/is exposed to consumer.

If this is not general requirement for providers like us, we only use the current version of te-service-mapping-yang as LxSM augmentation even if LxSM augmentation is omitted in the future version.

 

 

Scenario 1) 

 

Consumer

              VPN' as a service

------------+--------------+----LxSM-------

              | VPN'instance |     LxNM

Provider     +--------------+     MDSC

              |  VN instance |

              +--------------+

 

 

Scenario 2)

 

Consumer

              VPN' as a service

-----------+--------+---+--------+--LxSM’--MDSC-

             |  VPN    | + |    VN   |   LxNM

Provider   |instance|    |instance|

             +--------+    +--------+

 

 

 

Scenario 3)

 

               VPN' as a service

Consumer      +--------------+    LxSM

                | VPN'instance |    LxNM

-------------+--------------+----MDSC--------

                |  VN instance |

Provider      +--------------+

 

 

 

[AF2] When the VN is provided as a service to the consumer, the operation of the VN belongs to the consumer.

If the consumer decides to operate a VPN over the VN then the consumer is responsible for realising the VPN over the VN.

That means that the consumer runs the VN Orchestrator. In this case, the LxNM is present in the consumer's management space, and it is augmented by the mapping model to coordinate with the resources in the VN. But the LxSM is still unaware of the tunnels and network resources.

 

[AF2] I think I still disagree ☹

When the VN is exposed as a service, it is the customer's job to manage that VN. In particular, it is the customer's job to orchestrate the VN to support the VPN service.

The LxSM is how the customer configures and requests a VPN service.

The LxNM is how the orchestrator operates the network to support the VPN service.

That means the LxNM is used by the VN orchestrator to manage the VN. 

In my opinion, that means that the LxSM never has knowledge of the underlying network resources, but the LxNM does have that knowledge.

 

[KO3] I can’t still understand why the consumer run the VN Orchestrator in cases of Scenario 2) and 3). What do you mean “the operation of the VN”, “manage that VN” and “orchestrate the VN”? If you are saying that the consumer create a different VN on top of the provided VN using VN orchestrator, I agree. But, if the case that the consumer just uses the provided VN like provided VPN, the consumer doesn’t need the VN Orchestrator. Am I something misunderstanding?

 

Thanks,

Kenichi

 

 

-----Original Message-----
From: Adrian Farrel <adrian@olddog.co.uk <mailto:adrian@olddog.co.uk> > 
Sent: Tuesday, April 13, 2021 6:46 PM
To: 大垣 健一 <ke-oogaki@kddi.com <mailto:ke-oogaki@kddi.com> >; 'Oscar González de Dios' <oscar.gonzalezdedios@telefonica.com <mailto:oscar.gonzalezdedios@telefonica.com> >; 'Dhruv Dhody' <dhruv.ietf@gmail.com <mailto:dhruv.ietf@gmail.com> >
Cc: draft-ietf-teas-te-service-mapping-yang@ietf.org <mailto:draft-ietf-teas-te-service-mapping-yang@ietf.org> ; 'TEAS WG' <teas@ietf.org <mailto:teas@ietf.org> >; 宮坂 拓也 <ta-miyasaka@kddi.com <mailto:ta-miyasaka@kddi.com> >; 福井 良平 <ry-fukui@kddi.com <mailto:ry-fukui@kddi.com> >
Subject: RE: [Teas] A question about draft-ietf-teas-te-service-mapping-yang

 

Hello again 😊

 

> But

> what was NOT included in the draft is any detail on a) how the network 

> is “traffic engineered” b) which charateristics must this traffic 

> engineering have and c) which traffic of the VPN goes into which 

> tunnel…. One of the main reasons to leave that out was to avoid the “boiling the ocean”

> problem and limit the scope to opsawg. TE… would be dealt of course in 

> TEAS ☺

 

OK, and those three objectives (a, b, c) are reasonable things to put into the network model. Just not, IMHO, into the customer service model.

 

[KO] As Adrian described below, when VN is a service and our customer uses the VN as a service, why is the VN put into the network model reasonable? Am I something misunderstanding?

"In this case, in my opinion, the cooked topology delivered to the customer is in the form of a service already. It might be a VN or it might be a set of connectivity services (i.e., tunnels). In this case, the delivery of a service over a service is highly ambiguous and I don’t think it falls within the operator’s capabilities to achieve it. The cooked topology is for the customer to use as they see fit."

 

[AF] I think the key here is to understand the layering. So when you say *the* network model I think there may be some ambiguity.

 

I see...

 

VPN

------- LxSM model -- Customer ask for a VPN operated over the VN

------- LxNM model -- VN orchestrator plans and provisions the VPN over the VN VN

------- VN service model -- Customer asks for a VN over the operator network

------- VN network model -- Operator's network orchestrator provisions the VN

 

[KO2] If this layering is correct, meaning VN as a service is not commonly used by an end-customer like our current VPN users, I agree.

 

In this case, the LxNM is operating in the customer's management space. The operator is unaware of the VPN and is unaware of how the VN is being used by the customer.

 

We must be careful to not think that the LxSM is the interface between customer and operator. It is the interface between consumer and provider which, in this case, are both within the customer's control.

 

[KO2] What do you mean by "are both within the customer's control"? What "are both within the customer's control"

 

[AF2] When the VN is provided as a service to the consumer, the operation of the VN belongs to the consumer.

If the consumer decides to operate a VPN over the VN then the consumer is responsible for realising the VPN over the VN.

That means that the consumer runs the VN Orchestrator. In this case, the LxNM is present in the consumer's management space, and it is augmented by the mapping model to coordinate with the resources in the VN. But the LxSM is still unaware of the tunnels and network resources.

 

[AF2]Talking to someone else yesterday, they suggested that the VN may be created by the operator to enable services for a customer, but that the VN is not exposed to the customer. It is a way for the operator to "partition" their network and provide service guarantees to the customer.

I think this is OK, but in this case the consumer is entirely unaware of the VN. When the consumer asks for a VPN service they do not see any difference if there is a VN or no VN. That is, the LxSM model is not augmented by the mapping model.

The operator may need features to map the VPN service onto the VN, and this shows up in the LxNM via the mapping model.

 

>>> Now, perhaps we should consider the ACTN use case where a VN has 

>>> been built for and delivered to the customer. In this case, the 

>>> question arises as to whether the LxVPN is supported over the VN or 

>>> supported over the provider's network using the resources of the VN.

>>> In my view of this, the LxVPN is supported over the VN: it is the 

>>> VN's management system that realises the VPN using TE tunnels in the 

>>> VN, and the VN with it's management system and TE tunnels is treated 

>>> just like a real network.

 

[KO] I think this might be technically correct, but VN service and VN's management system have never commercially existed yet, and there are only LxVPN's management systems. Under this situation, operators should desire the existing LxVPN's management systems to utilize/map VN resources for the existing LxVPN service, when the VN service has emerged. Thus, I believe te-service-mapping-yang should exist.

 

[AF] I'm having trouble following this.

I think you are saying that (today) no one sells a VN, and (in consequence) there is no such thing as a management system for a VN. I can believe that.

But then you say that it is important to be able to map the VPN onto the VN resources. This I can't understand because a VN is a service, and you have said that service doesn't exist. In particular, the customer will not be aware of the VN resources because they are not aware of the VN service.

 

[KO2] You are right. I just indicated a possible next step, not current situation.

I may require a shortcut solution for a) and A,B,C,D), once VN service with actn-vn-yang , for example, emerges.

As you wrote, VN service should exist behind LxNM optimally and not be exposed to any end-customer. However, once we decide that VN service is exposed to an end-customer like a large enterprise user, this becomes a case.

 

[AF2] I think I still disagree ☹

When the VN is exposed as a service, it is the customer's job to manage that VN. In particular, it is the customer's job to orchestrate the VN to support the VPN service.

The LxSM is how the customer configures and requests a VPN service.

The LxNM is how the orchestrator operates the network to support the VPN service.

That means the LxNM is used by the VN orchestrator to manage the VN. 

In my opinion, that means that the LxSM never has knowledge of the underlying network resources, but the LxNM does have that knowledge.

 

Best,

Adrian