IETF Logo Mail Archive

Re: [yang-doctors] Yangdoctors last call review of draft-ietf-i2nsf-nsf-monitoring-data-model-06

"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Thu, 29 April 2021 14:47 UTC

Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: yang-doctors@ietfa.amsl.com
Delivered-To: yang-doctors@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DFD43A0AD0; Thu, 29 Apr 2021 07:47:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.455
X-Spam-Level:
X-Spam-Status: No, score=-1.455 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HK_NAME_FM_MR_MRS=0.631, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FREEMAIL_DOC_PDF=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zbx3kaHGJNMh; Thu, 29 Apr 2021 07:47:10 -0700 (PDT)
Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65E823A0AD1; Thu, 29 Apr 2021 07:47:09 -0700 (PDT)
Received: by mail-lf1-x135.google.com with SMTP id 2so12540069lft.4; Thu, 29 Apr 2021 07:47:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=G3rX0Lt797b+g03qcDecLL6CYHnQZ4J8KRxVL+BKIDw=; b=PSGsVjc+QuY8zKeRX2P7ValF/A4b7dZpXfnU7oDx+VSA9QORCQWgMpVnfLT/+UiEpj FBAIIQ4Ih5XEXSbyxRmPztyc4Tnl2/X13sVVPabGeQMtn3FUU1Ppnb1vzdX4pViovy9Y DYOk/ryNrASMGRlzFQvQria4dMkkH7eUtpwNmEYoyPmWGGo3HpEGT2rg6/AkbE3iNQSW /hG7l2sLQqPJyNjjWvL82KP2M+53SINmMmGoJanzVNL+WzrIiQ6e+OKJvc20BxQDMGQO iVQSgtewP1iKQmpFTCwYhBJzUSOKXwQl39IhBc27leupbAOlYPu5bGkVsn2xSy2Kb8tV 8XBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=G3rX0Lt797b+g03qcDecLL6CYHnQZ4J8KRxVL+BKIDw=; b=Z7qQY/CDY/O1RaX17Bi5OgU3FUCuNolNhv+ZfCWzLb6I0zfscYBrbSmZ4tIi7X1Gtw x3FQIHqiVn5p9jgouKAV3/6o7RPalgKH1eyzYzsetQbTlvrotvXPsCq/hr88+PL/s66q VvSiwQRpN4EhMctmLnc4wUb9nByYA4ZZ5eyOR9WErv/G3mBZVDHF4o05QqE4Mgionjgg C+8sT1xDk1aoZn4ux2m+Uc6EPvefkOkX4vAS2rpRU39IrdxBKRidUHIAE2rC4olsDHOL NkVBSk7/fCcRL/EkM8mmf5ze/C/fA9S02z7a+e01UX3vkE+ULCAi2xpBbbTV/mc3Kd/Q Ci0Q==
X-Gm-Message-State: AOAM531oqNJNKU41xHXHsAi5wOvih1+wcM3MWMaJQvJ/rDDpmRMer8po NC5ltvw+RA0+3VS2Zu8CfQk05Bo2urX1dsZpucI6O781Vh4=
X-Google-Smtp-Source: ABdhPJxzJAAocOyt51D7wL1r+rEodIHpsYbSSKmTUSy3gC0EAy1UGpCrqrhore6QvFHllQodeC/Rqht2wSHrIPnXAk8=
X-Received: by 2002:ac2:499b:: with SMTP id f27mr25453222lfl.287.1619707626248; Thu, 29 Apr 2021 07:47:06 -0700 (PDT)
MIME-Version: 1.0
References: <161652444666.30886.1452719047245335791@ietfa.amsl.com> <CAPK2Dezp8EZ9S4oCVz2YmAzXKxbne6qGoc5vfz=4MQvr3sWhGA@mail.gmail.com> <CABCOCHQ2EpS2BqTkGcnuNpSXfacn4MMT=XDJvo4SSETQEiwmxQ@mail.gmail.com>
In-Reply-To: <CABCOCHQ2EpS2BqTkGcnuNpSXfacn4MMT=XDJvo4SSETQEiwmxQ@mail.gmail.com>
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Thu, 29 Apr 2021 23:46:29 +0900
Message-ID: <CAPK2DeyGheCOaNEH6AzNdg9Me6iVC+c=Q7KthRjd-9vbf4X2Wg@mail.gmail.com>
To: Andy Bierman <andy@yumaworks.com>
Cc: Linda Dunbar <linda.dunbar@futurewei.com>, Yoav Nir <ynir.ietf@gmail.com>, YANG Doctors <yang-doctors@ietf.org>, "i2nsf@ietf.org" <i2nsf@ietf.org>, draft-ietf-i2nsf-nsf-monitoring-data-model.all@ietf.org, Last Call <last-call@ietf.org>, skku-iotlab-members <skku-iotlab-members@googlegroups.com>, Patrick Lingga <patricklink888@gmail.com>, "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Content-Type: multipart/mixed; boundary="000000000000b3f56405c11d916f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/yang-doctors/C_ulraEzMMy6P3RVH-qans5xg8Q>
Subject: Re: [yang-doctors] Yangdoctors last call review of draft-ietf-i2nsf-nsf-monitoring-data-model-06
X-BeenThere: yang-doctors@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email list of the yang-doctors directorate <yang-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/yang-doctors/>
List-Post: <mailto:yang-doctors@ietf.org>
List-Help: <mailto:yang-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Apr 2021 14:47:17 -0000

Hi Andy,
Patrick and I have addressed the description on the dampening period in the
following revision.
https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-nsf-monitoring-data-model-08

I attach our revision letter.

Thanks.

Best Regards,
Paul


On Fri, Apr 9, 2021 at 2:08 AM Andy Bierman <andy@yumaworks.com> wrote:

> Hi,
>
> I reviewed your note, the diffs and the YANG module.
> I think draft-07 is ready (no issues or nits)
>
> There are probably some clarifications needed to adapt YANG Push dampening
> to I2NSF. YP refers to the data nodes changing within the dampening period.
> In this case, the notes to implementers should be clear about any events
> sent at the end
> of the dampening period because events were suppressed (if any). There
> might be a different
> procedure for each event or sub-event.
>
>
> Andy
>
>
> On Wed, Mar 31, 2021 at 7:09 PM Mr. Jaehoon Paul Jeong <
> jaehoon.paul@gmail.com> wrote:
>
>> Hi Andy, Linda, and Yoav,
>> Patrick and I have addressed all the comments from Andy.
>> Here is the revised draft -07:
>> https://tools.ietf.org/html/draft-ietf-i2nsf-nsf-monitoring-data-model-07
>>
>> I attach a revision letter to explain how we addressed the comments.
>>
>> There are the major updates in this revision as follows:
>> ---
>>    o  This version is revised according to the comments of Andy Bierman
>>       who is a YANG doctor.
>>
>>    o  This version updates its title as "I2NSF NSF Monitoring Interface
>>       YANG Data Model".  It clarifies the NSF Monitoring Interface to
>>       deliver NSF monitoring data to an NSF data collector (e.g.,
>>       Security Controller and NSF data analyzer).
>>
>>    o  This version adds an attack destination IP address for DDoS-attack
>>       event to provide an NSF data collector with more information about
>> the
>>       destination of DDoS-attack packets.
>>
>>    o  This version supports a notification for monitoring traffic flows
>>      to detect the source and destination (as a victim) of security
>> attacks
>>      such as DDoS attack.
>> ---
>> If you have questions and comments, please let me know.
>>
>> Thanks.
>>
>> Best Regards,
>> Paul
>>
>>
>> On Wed, Mar 24, 2021 at 3:34 AM Andy Bierman via Datatracker <
>> noreply@ietf.org> wrote:
>>
>>> Reviewer: Andy Bierman
>>> Review result: Ready with Issues
>>>
>>>
>>> Status: Ready with Issues
>>>
>>> Most of the issues raised in the review of draft-04 have been
>>> addressed.
>>>
>>> Major Issues:
>>>
>>>  - None
>>>
>>> Moderate Issues:
>>>
>>> 1) too many YANG features
>>>
>>> There are 13 YANG features, one for each of the 13 notification-stmts
>>> defined.  There should be as few YANG features defined as possible.
>>> They should only be used if it is an unreasonable burden (compared
>>> to the feature value) for all servers to support the functionality.
>>>
>>> 2) list /i2nsf-monitoring-configuration/system-alarm
>>>
>>> This is yet another alarm management system created in the IETF.
>>> I guess the WG decided that RFC 8632 was not suitable.
>>>
>>> It is not clear how this system prevents excessive notifications
>>> sent to a client.
>>>
>>> What happens when the CPU, memory, or disk usage crosses back and
>>> forth over the threshold? Seems like an alarm is generated for each
>>> upward crossing of the threshold leaf.
>>>
>>> The precise behavior for triggering and then re-arming an alarm
>>> needs to be specified in the YANG module.
>>>
>>> RMON Alarms (RFC 2819) defines one way to prevent bursts of
>>> SNMP notifications, using an alarm reset threshold.
>>>
>>> YANG Push (RFC 8641) uses a dampening-period approach to prevent
>>> flooding the receiver with notifications.
>>>
>>> Also, it is not clear what use-case is served by "threshold = 0".
>>> The range is 0..100 instead of 1..100.
>>>
>>>
>>> Minor Issues:
>>>
>>> 3) too many notifications
>>>
>>> This module creates a lot of notifications to manage, and they are
>>> all optional to implement. This increases complexity in both
>>> the client implementation and operations.
>>>
>>> If you really need all 13 notifications then OK, but
>>> 13 notification events is a lot for one YANG module,
>>> especially if this set will get even larger over time.
>>>
>>> Here is one way to reduce the number of event definitions.
>>> The example below has 1 event and 13 sub-event types, but it could
>>> also apply to N event types each with some sub-event types.
>>>
>>> This design template adds one more layer in the notification message,
>>> but it is probably easier for the client and operator to manage.
>>> The deployment may require filters and access control rules that become
>>> more complex for a large number of notifications.
>>>
>>>
>>>     notification i2nsf-event {
>>>       description
>>>         "Wrapper for all I2NSF events";
>>>
>>>       choice sub-event-type {
>>>         description
>>>           "This choice must be augmented with cases for each allowed
>>>            sub-event.  Only 1 sub-event will be instantiated in each
>>>            i2nsf-event message. Each case is expected to define one
>>>            container with all the sub-event fields.";
>>>
>>>          // could put sub-events inline
>>>          case i2nsf-system-detection-alarm {
>>>            if-feature "i2nsf-system-detection-alarm";
>>>            container i2nsf-system-detection-alarm {
>>>              // contents of i2nsf-system-detection-alarm data
>>>            }
>>>          }
>>>
>>>        }
>>>      }
>>>
>>>
>>>      // could add sub-events via augments at any time
>>>      augment "/i2nsf-event/sub-event-type" {
>>>        case i2nsf-system-detection-event {
>>>          if-feature "i2nsf-system-detection-event";
>>>          container i2nsf-system-detection-event {
>>>            // contents of i2nsf-system-detection-event data
>>>          }
>>>        }
>>>      }
>>>
>>>
>>> Nits:
>>>
>>> 4) underscore vs. hyphen
>>>
>>> There are many field names in sec. 7 that are incorrect
>>> because they use an underscore instead of a hyphen char
>>> (e.g. req_cookies but leaf name is req-cookies)
>>>
>>> 5) verbose SNMP-style names
>>>
>>> The term -configuration in the object names is unusual.
>>> Repeating the parent name (like SMIv2) is not usually done in YANG.
>>> (e.g., i2nsf-system-detection-event-configuration)
>>>
>>> 6) identifiers should use well-known abbreviations or spell
>>> out the word if not too long.  E.g "ave" -> "average"
>>>
>>> 7) Is there a reason some identities are ALL-CAPS and others
>>> are all-lower-case? This should be explained in the YANG module.
>>>
>>>
>>>
>>>
>>>
>>>
>>>

v2.23.0 | Report a Bug | By Email