IETF Logo Mail Archive

Re: [yang-doctors] Yangdoctors last call review of draft-ietf-i2nsf-nsf-monitoring-data-model-06

"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Thu, 01 April 2021 02:10 UTC

Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: yang-doctors@ietfa.amsl.com
Delivered-To: yang-doctors@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F0AB3A0E14; Wed, 31 Mar 2021 19:10:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.587
X-Spam-Level:
X-Spam-Status: No, score=-0.587 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HK_NAME_FM_MR_MRS=1.499, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FREEMAIL_DOC_PDF=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n7bRckj7amZN; Wed, 31 Mar 2021 19:09:57 -0700 (PDT)
Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22EBD3A0E0F; Wed, 31 Mar 2021 19:09:56 -0700 (PDT)
Received: by mail-lf1-x131.google.com with SMTP id q29so506161lfb.4; Wed, 31 Mar 2021 19:09:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=prGK0RtGSLBXmEg0UCclTgNrcnOIUF+DnkeBgUKSIdk=; b=Y3QTKj4BbqI4XOCyTLW2B34UtVSP6anera+U55IEsR67sfMgn2KkHkvj8L4TbXmcsa 3KUj2w9rYGVPI5m2g5v/n48QYncRgqW/yIubBxPelzScfQ9xu53lGqBY4ZiDA4zqSxuA dWIeuQuURDle5zOvRDWtLvx+aFMyi4xecBzjCMKLW3Y7mmNQ6dVotVagiYmjmYb8Zwdi MK7C/Ycq4mRcb9eVoMACT9pJuHnDPnqJspVUgNfH/qi1hbtcI1CNsdol/a6Ua4zuvoAT deDi9cuDHTTARJF2CCp6sWJFn2M48LDbxPVco3HIcteOHRlgf1IsMPGB1q0qqpErkJ5O 8RVA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=prGK0RtGSLBXmEg0UCclTgNrcnOIUF+DnkeBgUKSIdk=; b=cRc42jIVwW7Jf44QbrYnzPy/wKhJyaMMFFhS8OO5VsnUaknYMNGwFadGgCT+kQktHL YOaqtTzwl0m49Yu+z1WN967FYXAvdEQ+J4lPksOmLXL9+Mc5PFKIMBXj3kwtZle5XoyT DxlOXfPpimrHLwOJiDk4rdbI+wc69FmDLyzeYZyS33hyAZXedbIyNsH1hIu3gCQMsPsS RKM/PHWUe+hUDOZz9AjBGVBcNr0TtfRaE/lGSZwBbpWGhVkSdG49g1s/f0YHAhAOPQNq zrcCK0QM6PiQ02CPNfTezi2RjU0CKqNHz/KnhvoO4cfqJIECkD08D3xyO5FT3s1ZHppF igZQ==
X-Gm-Message-State: AOAM530fbN8HBVzqEWxTrfV3iWD7uSX6aDsI1pqh7bFuwbveqPd5AzAg w6aDB5N+ieesSz2XhBXI5g3BozWv0RKd5BS31vE=
X-Google-Smtp-Source: ABdhPJzdlgvkFJcwP4aUbGxpA8OHwXNbvl+Zz4RdTVczeV8j86kZWqyT7AAQC++9Le+sM8S41qPz1SckW5YosEMaRYM=
X-Received: by 2002:ac2:4192:: with SMTP id z18mr3699941lfh.19.1617242988588; Wed, 31 Mar 2021 19:09:48 -0700 (PDT)
MIME-Version: 1.0
References: <161652444666.30886.1452719047245335791@ietfa.amsl.com>
In-Reply-To: <161652444666.30886.1452719047245335791@ietfa.amsl.com>
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Thu, 01 Apr 2021 11:09:12 +0900
Message-ID: <CAPK2Dezp8EZ9S4oCVz2YmAzXKxbne6qGoc5vfz=4MQvr3sWhGA@mail.gmail.com>
To: Andy Bierman <andy@yumaworks.com>, Linda Dunbar <linda.dunbar@futurewei.com>, Yoav Nir <ynir.ietf@gmail.com>
Cc: YANG Doctors <yang-doctors@ietf.org>, "i2nsf@ietf.org" <i2nsf@ietf.org>, draft-ietf-i2nsf-nsf-monitoring-data-model.all@ietf.org, Last Call <last-call@ietf.org>, skku-iotlab-members <skku-iotlab-members@googlegroups.com>, "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Content-Type: multipart/mixed; boundary="000000000000d9c7fd05bedfb932"
Archived-At: <https://mailarchive.ietf.org/arch/msg/yang-doctors/e4DyCVnQ9tzISMR5iK_iFPUe3hs>
Subject: Re: [yang-doctors] Yangdoctors last call review of draft-ietf-i2nsf-nsf-monitoring-data-model-06
X-BeenThere: yang-doctors@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email list of the yang-doctors directorate <yang-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/yang-doctors/>
List-Post: <mailto:yang-doctors@ietf.org>
List-Help: <mailto:yang-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Apr 2021 02:10:03 -0000

Hi Andy, Linda, and Yoav,
Patrick and I have addressed all the comments from Andy.
Here is the revised draft -07:
https://tools.ietf.org/html/draft-ietf-i2nsf-nsf-monitoring-data-model-07

I attach a revision letter to explain how we addressed the comments.

There are the major updates in this revision as follows:
---
   o  This version is revised according to the comments of Andy Bierman
      who is a YANG doctor.

   o  This version updates its title as "I2NSF NSF Monitoring Interface
      YANG Data Model".  It clarifies the NSF Monitoring Interface to
      deliver NSF monitoring data to an NSF data collector (e.g.,
      Security Controller and NSF data analyzer).

   o  This version adds an attack destination IP address for DDoS-attack
      event to provide an NSF data collector with more information about the
      destination of DDoS-attack packets.

   o  This version supports a notification for monitoring traffic flows
     to detect the source and destination (as a victim) of security attacks
     such as DDoS attack.
---
If you have questions and comments, please let me know.

Thanks.

Best Regards,
Paul


On Wed, Mar 24, 2021 at 3:34 AM Andy Bierman via Datatracker <
noreply@ietf.org> wrote:

> Reviewer: Andy Bierman
> Review result: Ready with Issues
>
>
> Status: Ready with Issues
>
> Most of the issues raised in the review of draft-04 have been
> addressed.
>
> Major Issues:
>
>  - None
>
> Moderate Issues:
>
> 1) too many YANG features
>
> There are 13 YANG features, one for each of the 13 notification-stmts
> defined.  There should be as few YANG features defined as possible.
> They should only be used if it is an unreasonable burden (compared
> to the feature value) for all servers to support the functionality.
>
> 2) list /i2nsf-monitoring-configuration/system-alarm
>
> This is yet another alarm management system created in the IETF.
> I guess the WG decided that RFC 8632 was not suitable.
>
> It is not clear how this system prevents excessive notifications
> sent to a client.
>
> What happens when the CPU, memory, or disk usage crosses back and
> forth over the threshold? Seems like an alarm is generated for each
> upward crossing of the threshold leaf.
>
> The precise behavior for triggering and then re-arming an alarm
> needs to be specified in the YANG module.
>
> RMON Alarms (RFC 2819) defines one way to prevent bursts of
> SNMP notifications, using an alarm reset threshold.
>
> YANG Push (RFC 8641) uses a dampening-period approach to prevent
> flooding the receiver with notifications.
>
> Also, it is not clear what use-case is served by "threshold = 0".
> The range is 0..100 instead of 1..100.
>
>
> Minor Issues:
>
> 3) too many notifications
>
> This module creates a lot of notifications to manage, and they are
> all optional to implement. This increases complexity in both
> the client implementation and operations.
>
> If you really need all 13 notifications then OK, but
> 13 notification events is a lot for one YANG module,
> especially if this set will get even larger over time.
>
> Here is one way to reduce the number of event definitions.
> The example below has 1 event and 13 sub-event types, but it could
> also apply to N event types each with some sub-event types.
>
> This design template adds one more layer in the notification message,
> but it is probably easier for the client and operator to manage.
> The deployment may require filters and access control rules that become
> more complex for a large number of notifications.
>
>
>     notification i2nsf-event {
>       description
>         "Wrapper for all I2NSF events";
>
>       choice sub-event-type {
>         description
>           "This choice must be augmented with cases for each allowed
>            sub-event.  Only 1 sub-event will be instantiated in each
>            i2nsf-event message. Each case is expected to define one
>            container with all the sub-event fields.";
>
>          // could put sub-events inline
>          case i2nsf-system-detection-alarm {
>            if-feature "i2nsf-system-detection-alarm";
>            container i2nsf-system-detection-alarm {
>              // contents of i2nsf-system-detection-alarm data
>            }
>          }
>
>        }
>      }
>
>
>      // could add sub-events via augments at any time
>      augment "/i2nsf-event/sub-event-type" {
>        case i2nsf-system-detection-event {
>          if-feature "i2nsf-system-detection-event";
>          container i2nsf-system-detection-event {
>            // contents of i2nsf-system-detection-event data
>          }
>        }
>      }
>
>
> Nits:
>
> 4) underscore vs. hyphen
>
> There are many field names in sec. 7 that are incorrect
> because they use an underscore instead of a hyphen char
> (e.g. req_cookies but leaf name is req-cookies)
>
> 5) verbose SNMP-style names
>
> The term -configuration in the object names is unusual.
> Repeating the parent name (like SMIv2) is not usually done in YANG.
> (e.g., i2nsf-system-detection-event-configuration)
>
> 6) identifiers should use well-known abbreviations or spell
> out the word if not too long.  E.g "ave" -> "average"
>
> 7) Is there a reason some identities are ALL-CAPS and others
> are all-lower-case? This should be explained in the YANG module.
>
>
>
>
>
>
>

v2.23.0 | Report a Bug | By Email