A Framework for Automating Service and Network Management with YANG
draft-ietf-opsawg-model-automation-framework-10

Note: This ballot was opened for revision 07 and is now closed.

Robert Wilton Yes

Deborah Brungard No Objection

Alissa Cooper No Objection

Roman Danyliw No Objection

Comment (2020-10-20 for -07)
Thank you for responding to the SECDIR Review (and thank you to Christian Huitema for providing the review)

Focusing primarily on Section 3 and 4 (and ignoring the examples in Section 5), I didn’t find much guidance on using YANG as was suggested by the introductory materials.

** Section 3.1.  Figure 2 notes “full guarantees class” and “delay guarantees class” which seems to speak to a particular class of traffic, but I didn’t follow what these were.

** Section 6.  Per “ The YANG modules cited in this document define schema for data that are designed to be accessed via network management protocols such as  NETCONF [RFC6241] or RESTCONF [RFC8040]”, this seems to conflict with Section 1 which reminds us that “any of the YANG modules listed in this document are used to exchange data between a NETCONF/RESTCONF clients and servers [RFC6241][RFC8040].  Nevertheless, YANG is transport independent data modeling language.  It can thus be used independently of NETCONF/RESTOCNF.”  To be clear, the behavior described in the latter is not part of this architecture?

** Section 6.  The following architectural assumptions seem to conflict:

-- Section 3.1, “All these elements (i.e., Orchestrator(s), Controller(s), device(s)) are under the responsibility of the same operator.

-- Section 6.1. “A provider may rely on services offered by other providers to build composite services.”

Is the assumption that “under the responsibility of” to include contractual arrangement with the service provider?

** Section 6.  Per “In order to prevent leaking sensitive information, special care should be considered when translating between the various layers in Section 4 or when aggregating data retrieved from various sources.”, agreed.  However, as Section 6.1. suggests that services from other providers may also be used, this caution should extend to be both in the layer and inter and intra layers.

** Editorial Nits
Section 1.  Editorial.  s/Dynamically fed/Dynamically feed/

Section 3.1.  Typo. s/Connectivty/Connectivity/

Section 3.3. Typo. s/Fullfillment/Fulfillment/

Martin Duke No Objection

Benjamin Kaduk No Objection

Comment (2020-10-21 for -07)
Sorry that there are so many editorial nits mixed in with actual
content-ful comments.  I think they are all marked as such, at least.

Section 1

   o  The lack of standard data input/output (i.e., data model) raises
      many challenges in system integration and often results in manual
      configuration tasks.

(nit) I feel like this would read better with "interfaces" after
"input/output".

   o  Ease data inheritance and reusability among the various
      architecture layers promoting thus a network-wise provisioning
      instead of device-specific configuration.

nit: this looks better with "thus" and "promoting" swapped.

   o  Dynamically fed a decision-making process (e.g., Controllers,

nit: s/fed/feed/.

      Orchestrators) with notifications that will trigger appropriate
      actions allowing thus to continuously adjust a network (and thus
      involved resources) to comply the intended service to deliver.

nit: the wording here also feels a bit unusual.  Perhaps:

%    o  Dynamically fedd a decision-making process (e.g., Controllers,
%       Orchestrators) with notifications that will trigger appropriate
%       actions, allowing them to continuously adjust a network (and
%       thus, the involved resources) to deliver service that conforms
%       to the intended parameters.

Section 2.2

"AP" should probably be in the list as well.
We don't seem to define "PM" as such anywhere (though "Performance
Monitoring" appears four or five times), but do use it in Appendix A.4.4.

Section 3.1

   Each level maintains a view of the supported YANG modules provided by
   low-levels (see for example, Appendix A).

nit(?): "lower levels"

Section 3.2

   Distributed Denial-of-Service (DDoS) attacks [RFC8783].  The service
   filtering request modelled using [RFC8783] will be translated into
   device-specific filtering (e.g., ACLs defined in [RFC8519]) that to
   fulfil the service request.

nit: s/that to/that/

Section 3.3

   Note that it is important to correlate telemetry data with
   configuration data to be used for closed loops at the different
   stages of service delivery, from resource allocation to service
   operation, in particular.

Is "closed loops" a well-known term in this space?

Section 4.1.2

   service requirements in the service request can be met (i.e., whether
   there is sufficient resources that can be allocated with the
   requested guarantees).

nit: s/is/are/

   In addition, a customer may require to change the underlying network
   infrastructure to adapt to new customer's needs and service
   requirements.  This service modification can be issued following the
   same Service Model used by the service request.

I'm not sure I understand what "underlying network infrastructure" means
here -- are there supposed to come into being new routers because the
customer issues a request in the Service Model?

Section 4.1.3

   Performance measurement telemetry model can tie with Service or
   Network Models to monitor network performance or Service Level
   Agreement.

nit: missing article (e.g., "The performance measurement telemetry
model").

Section 4.1.4

   Service optimization is a technique that gets the configuration of
   the network updated due to network changes, incidents mitigation, or

nit: s/incidents/incident/

Section 4.2.1

   configuration models for network elements; the configuration
   information includes:
   [...]
   o  Security

I think we need some more details than just "Security".  Are these
security protocols?  Security properties?  Physical security?  What is
in or out of scope for being covered by any indicated security
mechanisms?

Section 4.2.2

   For example, a customer creates an interface "eth-0/0/0" but the
   interface does not physically exist at this point, then configuration
   data appears in the <intended> status but does not appear in
   <operational> datastore.

nit: I think this reads better as "if a customer creates" (added "if").

Section 4.2.3

   When a configuration is in effect in a device, <operational>

nit: "the <operational>".

Section 4.3

   Another example is to map service parameters in the L3SM into Traffic
   Engineered (TE) tunnel parameter (e.g., Tunnel ID) in TE model and

nit: "parameters" plural.

Section 5.1

   L3NM inherits some of data elements from the L3SM.  Nevertheless, the
   L3NM does not expose some information to the above layer such as the
   capabilities of an underlying network (which can be used to drive
   service order handling) or notifications (to notify subscribers about
   specific events or degradations as per agreed SLAs).  Some of this

I'm having a bit of trouble putting this bit together -- specifically
the "not" in "does not expose".  The rest of the text makes it sound
like having the Service layer know some capabilities of the underlying
network, or receive notifications from network-layer events, will be
useful to the Orchestrator.  But the text as-is seems to say that such
information will not be provided to the Service layer.

Section 5.2

   3.  The customer exchanges with the Orchestrator the connectivity
       matrix on the abstract node and explicit paths using the TE

nit: I think this is still the "abstract node topology".

   4.  The telemetry model which augments the VN model and corresponding
       TE tunnel model can be used to subscribe to performance
       measurement data and notify all the parameter changes and network

nit: "notify" takes an object that is the entity receiving the
notifications; the current wording as literally written says that "all
the parameter changes and network performance changes" will receive
notifications; I believe that the intent is that notifications about
such changes are delivered to something (the Orchestrator?), so we
should instead say "provide notifications about" or specify the actual
object of "notify".

Section 5.3

       actions are defined and correlated with network events (e.g.,
       allow the NETCONF server to send updates only when the value
       exceeds a certain threshold for the first time, but not again
       until the threshold is cleared), which constitute an

It's perhaps a little risky to mention such threshold-based behavior
without mentioning hysteresis as well.

       the server via YANG Push subscription [RFC8641], monitors state
       parameters, and takes simple and instant actions when associated
       event condition on state parameters is met.  ECA notifications

nit: "an" or "the" associated event condition.

Section 6

I agree with the secdir reviewer that it's worth repeating the
disclaimer that customer/provider interfaces (and thus, the security
considerations thereof) are out of scope for this document.

When the service configuration incluedes "security" parameters (see my
comment on §4.2.1), it is important to include the relevant information
in the monitoring/assurance pipelines so that the correct functioning of
the security mechanisms is tracked.

   In order to prevent leaking sensitive information, special care
   should be considered when translating between the various layers in
   Section 4 or when aggregating data retrieved from various sources.

It's also important to perform the necessary authentication and
authorization checks (more specifically than just "special care") for
operations that cross abstraction-layer boundaries.  The "confused
deputy problem" may be relevant for some of these cases, and is an
important topic to mention as well.

Section 6.1

   providers.  The characterization of a service disruption (including,
   mean time between failures, mean time to repair), the escalation
   procedure, and penalties are usually documented in contractual
   agreements (e.g., Section 2.1 of [RFC4176]).  Misbehaving peer

nit: pedantically, this is saying that Section 2.1 of RFC 4176 is an
example of a contracutal agreement; we may want to say "e.g., as
described in Section 2.1 of [RFC4176]" instead.

Section 6.2

   o  Some Service Models may include a traffic isolation clause,
      appropriate technology-specific actions must be enforced at the
      underlying network (and thus involved network devices) to avoid
      that such traffic is accessible to non-authorized parties.

It may be worth mentioning the potential misconception that a "virtual
private network" always provides privacy against an attacker able to tap
the network link(s); only some VPN technologies (can be configured to)
do so.  In some sense, whether such wire-level encryption is in use
could be an aspect exposed at the service model layer.

Section A.3

   o  Network Topologies Model: [RFC8345] defines a base model for
      network topology and inventories.  Network topology data include
      link resource, node resource, and terminate-point resources.

nit: probably all three instances should be "resources" plural?

Section A.4

   Network Element models (Figure 10) are used to describe how a service
   can be implemented by activating and tweaking a set of functions
   (enabled in one or multiple devices, or hosted in cloud
   infrastructures) that are involved in the service delivery.

I don't really see how Figure 10 helps demonstrate *how* "a service can
be implemented by activating and tweaking a set of functions"; it seems
to just be a listing/categorization of things that have YANG models.

Erik Kline No Objection

Comment (2020-10-20 for -07)
[[ nits ]]

[ section 1 ]

* "processing of customer's" -> "processing of customer", perhaps

* The colon-delimited sentence ending the paragraph doesn't seem to imply
  that list is what should logically follow.  I think the sentence aims to
  imply that in-house and silo nature of existing work has lead the some
  challenges, including the ones listed.  I think a slight reword might
  fix this up pretty easily.

* "between a NETCONF/RESTCONF clients and servers" ->
  "between NETCONF/RESTCONF clients and servers"

* "YANG is transport independent" -> "YANG is a transport-independent"

* "model composing" -> "model composition" perhaps?

* "out of the scope" -> "out of scope"

[ section 3.2 ]

* "that to fulfil the service request"?
  perhaps "that fulfill the service request"?

[ section 3.4 ]

* "to support newly added module", suggest either:
  "to support newly added modules" or "to support a newly added module"
  (probably the former, given subsequent "and features")

[ section 4.2.4 ]

* "or network resources be mis-allocated" ->
  "or network resources might be mis-allocated"

Murray Kucherawy No Objection

Warren Kumari No Objection

Barry Leiba No Objection

Alvaro Retana No Objection

Martin Vigoureux No Objection

Éric Vyncke No Objection

Comment (2020-10-19 for -07)
Thank you for the work put into this document. 

Please find below a couple of non-blocking COMMENT points and nits. I hope that this helps to improve the document,

Regards,

-éric

== COMMENTS ==

A generic comment: it hurts my eyes to see several occurrences of "NAT" as a service in an IETF document in 2020...

Should there be a reference to draft-claise-opsawg-service-assurance-architecture (albeit not yet an adopted document) ?

There are a lot of detailed service creations with a good decomposition of all the required steps; but, little is written on the importance of YANG models (as opposed to any standard data exchange), so, the current title seems a little misleading.


-- Abstract --
To be honest, I fail to understand why data models can be used to 'derive' configuration information. Did the authors mean 'describe' or 'specify' ?

Later "This document describes an architecture" while the title of this document if "framework" ? Slight semantic difference ;-)

And later "accommodate modules that", is it 'YANG modules' or 'data models' ?


-- Section 4 --
The complex figure 4 would benefit from some textual introduction referring to the subsections. Also, the meaning of the arrow would gain if specified. E.g., why "Service Diagnosis" does not have a loop back to optimization or assurance ?

-- Section 4.2.2 --
If not mistaken, this is the first appearance of the notation "<intended>". Do the angle brackets have a specific meaning?

-- Section 4.2.3 --
Suggestion to use the figure 4 wording as the title esp. since the wording of MDT is not really used in the sub-section.

-- Section 6 --
Is it required/useful to have the 'standard YANG security considerations" in this document that does not contain any YANG module?

-- Section 10.1 --
Most of the references should probably be informational only.


== NITS ==

Generic nit, I found the use of capitalized "Service Model" or "Network Models" a little disturbing.

-- Section 1 --
"how different layer YANG data models" is rather difficult to parse, suggest to rephrase it.

-- Section 4.4 --
Is it "service decomposing" or "service decomposition" ?