Re: [Teas] A question about draft-ietf-teas-te-service-mapping-yang

Adrian Farrel <adrian@olddog.co.uk> Tue, 13 April 2021 09:46 UTC

Return-Path: <adrian@olddog.co.uk>
X-Original-To: teas@ietfa.amsl.com
Delivered-To: teas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BE4D3A0E66; Tue, 13 Apr 2021 02:46:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.782
X-Spam-Level:
X-Spam-Status: No, score=0.782 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MAY_BE_FORGED=2.699, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VefSVv4PFA-4; Tue, 13 Apr 2021 02:46:12 -0700 (PDT)
Received: from mta7.iomartmail.com (mta7.iomartmail.com [62.128.193.157]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D26B73A0E68; Tue, 13 Apr 2021 02:46:10 -0700 (PDT)
Received: from vs1.iomartmail.com (vs1.iomartmail.com [10.12.10.121]) by mta7.iomartmail.com (8.14.4/8.14.4) with ESMTP id 13D9k7DI030634; Tue, 13 Apr 2021 10:46:07 +0100
Received: from vs1.iomartmail.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 91AE722040; Tue, 13 Apr 2021 10:46:07 +0100 (BST)
Received: from asmtp3.iomartmail.com (unknown [10.12.10.224]) by vs1.iomartmail.com (Postfix) with ESMTPS id 7BD1A2203C; Tue, 13 Apr 2021 10:46:07 +0100 (BST)
Received: from LAPTOPK7AS653V (74.197.bbplus.pte-ag1.dyn.plus.net [81.174.197.74] (may be forged)) (authenticated bits=0) by asmtp3.iomartmail.com (8.14.4/8.14.4) with ESMTP id 13D9k6EM023630 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 13 Apr 2021 10:46:06 +0100
Reply-To: <adrian@olddog.co.uk>
From: "Adrian Farrel" <adrian@olddog.co.uk>
To: "'Ogaki, Kenichi'" <ke-oogaki@kddi.com>, "=?UTF-8?Q?'Oscar_Gonz=C3=A1lez_de_Dios'?=" <oscar.gonzalezdedios@telefonica.com>, "'Dhruv Dhody'" <dhruv.ietf@gmail.com>
Cc: <draft-ietf-teas-te-service-mapping-yang@ietf.org>, "'TEAS WG'" <teas@ietf.org>, <ta-miyasaka@kddi.com>, <ry-fukui@kddi.com>
References: <085201d72cbd$ff5ff9c0$fe1fed40$@olddog.co.uk> <CAB75xn7918o5CcJ8zaGUPw7B-f4HtbYDGf=4Hi3y==eUL38ydQ@mail.gmail.com> <PAXPR06MB787220F5CB9936C46C042A28FD739@PAXPR06MB7872.eurprd06.prod.outlook.com> <091701d72d3f$5ae2edd0$10a8c970$@olddog.co.uk> <TY2PR01MB3562A0265D671FCFB905973D90709@TY2PR01MB3562.jpnprd01.prod.outlook.com> <0a8e01d72f7d$589ef970$09dcec50$@olddog.co.uk> <TY2PR01MB356236299E2F68FE0B55D73F904F9@TY2PR01MB3562.jpnprd01.prod.outlook.com>
In-Reply-To: <TY2PR01MB356236299E2F68FE0B55D73F904F9@TY2PR01MB3562.jpnprd01.prod.outlook.com>
Date: Tue, 13 Apr 2021 10:46:05 +0100
Organization: Old Dog Consulting
Message-ID: <0c3501d73049$d36311b0$7a293510$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQHuybqhXPeuqzK5WVjkh5P9WVHmOgH2EXzjAhz5gPQDDzYBtwEXj2B9AdjjwhkCQpxbBKogUpPg
Content-Language: en-gb
X-Originating-IP: 81.174.197.74
X-Thinkmail-Auth: adrian@olddog.co.uk
X-TM-AS-GCONF: 00
X-TM-AS-Product-Ver: IMSVA-9.0.0.1623-8.2.0.1013-26088.006
X-TM-AS-Result: No--11.451-10.0-31-10
X-imss-scan-details: No--11.451-10.0-31-10
X-TMASE-Version: IMSVA-9.0.0.1623-8.2.1013-26088.006
X-TMASE-Result: 10--11.450900-10.000000
X-TMASE-MatchedRID: gTucSmrmRMPxIbpQ8BhdbPHkpkyUphL9pWOBfK9L1z+GToisPp3j9VdK M2MemW5vhzDgOw9eJF+ysuSMg9a9d3YW6xdvJ5vM/QrUTNJyjilx/YI+Z5QJknl6zzqNhyHU1Br 5wWX7YQ2l+yVqdiggdDabGNadpD/FFoE0U9dQrdwdZEkR8Y/meXiywgNDw+2oBCzD0Dc8iUsNHI nSWVidKoTKLnbamOIW0e/yReW/iKyxouEUueEHDjXgRPG8ApuyTkb11RY7XpfRdVkadqUlW0oCV CczA5wZi4HCqJY4pUbX/4cXJB77Gzl8kSL3NFxD9Ib/6w+1lWQ+o2J7yBsE6zqUJVT3gpbT6+pb A1zmYaP7nEVkbEIKqGroPGZ83Cj9h4VXNRuIPBwZcXg/5C4Vht+c6+y7vzzuHTMj5a5/7iYGhyL tK9BH7PKKATI0L1+OJQzZIotuusjc8m5nJPE0kx3EEAbn+GRbEeXPNyiMU06zht7teFbZnub5gC bPfcioOHQMPkdZKVOMxhyiHPi4/EqPNTuMhrYg1ilQ4KKAwreFThMCX7VKlwj8qRm6EUNIbs0fR FSkBB2yniowqjihGJ7CW7C6MguUcxn0f85VZlqiVU7u7I4INYhQfPD8Hiq1RJts9OIxqBOg0hWz UrznJ7xyt3J2mQfMSUY98RpfcdFUmikXgjVtgzn/wcdfjLjCS0TkOT3WTnybKItl61J/yY3BZj4 qY5QbDMq3z/Y/gtUgBwKKRHe+rx1W1Rn6jxAfTV6QUxCX1VAT8nis90FZGfIERndc//hcqm4fan XFLfU=
X-TMASE-SNAP-Result: 1.821001.0001-0-1-12:0,22:0,33:0,34:0-0
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas/aj4j-Uu-ev9iaB1S3MShSeuYmiY>
Subject: Re: [Teas] A question about draft-ietf-teas-te-service-mapping-yang
X-BeenThere: teas@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teas>, <mailto:teas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas/>
List-Post: <mailto:teas@ietf.org>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teas>, <mailto:teas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Apr 2021 09:46:14 -0000

Hello again 😊

> But
> what was NOT included in the draft is any detail on a) how the network 
> is “traffic engineered” b) which charateristics must this traffic 
> engineering have and c) which traffic of the VPN goes into which 
> tunnel…. One of the main reasons to leave that out was to avoid the “boiling the ocean”
> problem and limit the scope to opsawg. TE… would be dealt of course in 
> TEAS ☺

OK, and those three objectives (a, b, c) are reasonable things to put into the network model. Just not, IMHO, into the customer service model.

[KO] As Adrian described below, when VN is a service and our customer uses the VN as a service, why is the VN put into the network model reasonable? Am I something misunderstanding?
 "In this case, in my opinion, the cooked topology delivered to the customer is in the form of a service already. It might be a VN or it might be a set of connectivity services (i.e., tunnels). In this case, the delivery of a service over a service is highly ambiguous and I don’t think it falls within the operator’s capabilities to achieve it. The cooked topology is for the customer to use as they see fit."

[AF] I think the key here is to understand the layering. So when you say *the* network model I think there may be some ambiguity.

I see...

VPN
------- LxSM model -- Customer ask for a VPN operated over the VN
------- LxNM model -- VN orchestrator plans and provisions the VPN over the VN VN
------- VN service model -- Customer asks for a VN over the operator network
------- VN network model -- Operator's network orchestrator provisions the VN

[KO2] If this layering is correct, meaning VN as a service is not commonly used by an end-customer like our current VPN users, I agree.

In this case, the LxNM is operating in the customer's management space. The operator is unaware of the VPN and is unaware of how the VN is being used by the customer.

We must be careful to not think that the LxSM is the interface between customer and operator. It is the interface between consumer and provider which, in this case, are both within the customer's control.

[KO2] What do you mean by "are both within the customer's control"? What "are both within the customer's control"

[AF2] When the VN is provided as a service to the consumer, the operation of the VN belongs to the consumer.
If the consumer decides to operate a VPN over the VN then the consumer is responsible for realising the VPN over the VN.
That means that the consumer runs the VN Orchestrator. In this case, the LxNM is present in the consumer's management space, and it is augmented by the mapping model to coordinate with the resources in the VN. But the LxSM is still unaware of the tunnels and network resources.

[AF2]Talking to someone else yesterday, they suggested that the VN may be created by the operator to enable services for a customer, but that the VN is not exposed to the customer. It is a way for the operator to "partition" their network and provide service guarantees to the customer.
I think this is OK, but in this case the consumer is entirely unaware of the VN. When the consumer asks for a VPN service they do not see any difference if there is a VN or no VN. That is, the LxSM model is not augmented by the mapping model.
The operator may need features to map the VPN service onto the VN, and this shows up in the LxNM via the mapping model.

>>> Now, perhaps we should consider the ACTN use case where a VN has 
>>> been built for and delivered to the customer. In this case, the 
>>> question arises as to whether the LxVPN is supported over the VN or 
>>> supported over the provider's network using the resources of the VN.
>>> In my view of this, the LxVPN is supported over the VN: it is the 
>>> VN's management system that realises the VPN using TE tunnels in the 
>>> VN, and the VN with it's management system and TE tunnels is treated 
>>> just like a real network.

[KO] I think this might be technically correct, but VN service and VN's management system have never commercially existed yet, and there are only LxVPN's management systems. Under this situation, operators should desire the existing LxVPN's management systems to utilize/map VN resources for the existing LxVPN service, when the VN service has emerged. Thus, I believe te-service-mapping-yang should exist.

[AF] I'm having trouble following this.
I think you are saying that (today) no one sells a VN, and (in consequence) there is no such thing as a management system for a VN. I can believe that.
But then you say that it is important to be able to map the VPN onto the VN resources. This I can't understand because a VN is a service, and you have said that service doesn't exist. In particular, the customer will not be aware of the VN resources because they are not aware of the VN service.

[KO2] You are right. I just indicated a possible next step, not current situation.
I may require a shortcut solution for a) and A,B,C,D), once VN service with actn-vn-yang , for example, emerges.
As you wrote, VN service should exist behind LxNM optimally and not be exposed to any end-customer. However, once we decide that VN service is exposed to an end-customer like a large enterprise user, this becomes a case.

[AF2] I think I still disagree ☹
When the VN is exposed as a service, it is the customer's job to manage that VN. In particular, it is the customer's job to orchestrate the VN to support the VPN service.
The LxSM is how the customer configures and requests a VPN service.
The LxNM is how the orchestrator operates the network to support the VPN service.
That means the LxNM is used by the VN orchestrator to manage the VN. 
In my opinion, that means that the LxSM never has knowledge of the underlying network resources, but the LxNM does have that knowledge.

Best,
Adrian