Note: This ballot was opened for revision 07 and is now closed.
Thank you for responding to the SECDIR Review (and thank you to Christian Huitema for providing the review) Focusing primarily on Section 3 and 4 (and ignoring the examples in Section 5), I didn’t find much guidance on using YANG as was suggested by the introductory materials. ** Section 3.1. Figure 2 notes “full guarantees class” and “delay guarantees class” which seems to speak to a particular class of traffic, but I didn’t follow what these were. ** Section 6. Per “ The YANG modules cited in this document define schema for data that are designed to be accessed via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]”, this seems to conflict with Section 1 which reminds us that “any of the YANG modules listed in this document are used to exchange data between a NETCONF/RESTCONF clients and servers [RFC6241][RFC8040]. Nevertheless, YANG is transport independent data modeling language. It can thus be used independently of NETCONF/RESTOCNF.” To be clear, the behavior described in the latter is not part of this architecture? ** Section 6. The following architectural assumptions seem to conflict: -- Section 3.1, “All these elements (i.e., Orchestrator(s), Controller(s), device(s)) are under the responsibility of the same operator. -- Section 6.1. “A provider may rely on services offered by other providers to build composite services.” Is the assumption that “under the responsibility of” to include contractual arrangement with the service provider? ** Section 6. Per “In order to prevent leaking sensitive information, special care should be considered when translating between the various layers in Section 4 or when aggregating data retrieved from various sources.”, agreed. However, as Section 6.1. suggests that services from other providers may also be used, this caution should extend to be both in the layer and inter and intra layers. ** Editorial Nits Section 1. Editorial. s/Dynamically fed/Dynamically feed/ Section 3.1. Typo. s/Connectivty/Connectivity/ Section 3.3. Typo. s/Fullfillment/Fulfillment/
Sorry that there are so many editorial nits mixed in with actual content-ful comments. I think they are all marked as such, at least. Section 1 o The lack of standard data input/output (i.e., data model) raises many challenges in system integration and often results in manual configuration tasks. (nit) I feel like this would read better with "interfaces" after "input/output". o Ease data inheritance and reusability among the various architecture layers promoting thus a network-wise provisioning instead of device-specific configuration. nit: this looks better with "thus" and "promoting" swapped. o Dynamically fed a decision-making process (e.g., Controllers, nit: s/fed/feed/. Orchestrators) with notifications that will trigger appropriate actions allowing thus to continuously adjust a network (and thus involved resources) to comply the intended service to deliver. nit: the wording here also feels a bit unusual. Perhaps: % o Dynamically fedd a decision-making process (e.g., Controllers, % Orchestrators) with notifications that will trigger appropriate % actions, allowing them to continuously adjust a network (and % thus, the involved resources) to deliver service that conforms % to the intended parameters. Section 2.2 "AP" should probably be in the list as well. We don't seem to define "PM" as such anywhere (though "Performance Monitoring" appears four or five times), but do use it in Appendix A.4.4. Section 3.1 Each level maintains a view of the supported YANG modules provided by low-levels (see for example, Appendix A). nit(?): "lower levels" Section 3.2 Distributed Denial-of-Service (DDoS) attacks [RFC8783]. The service filtering request modelled using [RFC8783] will be translated into device-specific filtering (e.g., ACLs defined in [RFC8519]) that to fulfil the service request. nit: s/that to/that/ Section 3.3 Note that it is important to correlate telemetry data with configuration data to be used for closed loops at the different stages of service delivery, from resource allocation to service operation, in particular. Is "closed loops" a well-known term in this space? Section 4.1.2 service requirements in the service request can be met (i.e., whether there is sufficient resources that can be allocated with the requested guarantees). nit: s/is/are/ In addition, a customer may require to change the underlying network infrastructure to adapt to new customer's needs and service requirements. This service modification can be issued following the same Service Model used by the service request. I'm not sure I understand what "underlying network infrastructure" means here -- are there supposed to come into being new routers because the customer issues a request in the Service Model? Section 4.1.3 Performance measurement telemetry model can tie with Service or Network Models to monitor network performance or Service Level Agreement. nit: missing article (e.g., "The performance measurement telemetry model"). Section 4.1.4 Service optimization is a technique that gets the configuration of the network updated due to network changes, incidents mitigation, or nit: s/incidents/incident/ Section 4.2.1 configuration models for network elements; the configuration information includes: [...] o Security I think we need some more details than just "Security". Are these security protocols? Security properties? Physical security? What is in or out of scope for being covered by any indicated security mechanisms? Section 4.2.2 For example, a customer creates an interface "eth-0/0/0" but the interface does not physically exist at this point, then configuration data appears in the <intended> status but does not appear in <operational> datastore. nit: I think this reads better as "if a customer creates" (added "if"). Section 4.2.3 When a configuration is in effect in a device, <operational> nit: "the <operational>". Section 4.3 Another example is to map service parameters in the L3SM into Traffic Engineered (TE) tunnel parameter (e.g., Tunnel ID) in TE model and nit: "parameters" plural. Section 5.1 L3NM inherits some of data elements from the L3SM. Nevertheless, the L3NM does not expose some information to the above layer such as the capabilities of an underlying network (which can be used to drive service order handling) or notifications (to notify subscribers about specific events or degradations as per agreed SLAs). Some of this I'm having a bit of trouble putting this bit together -- specifically the "not" in "does not expose". The rest of the text makes it sound like having the Service layer know some capabilities of the underlying network, or receive notifications from network-layer events, will be useful to the Orchestrator. But the text as-is seems to say that such information will not be provided to the Service layer. Section 5.2 3. The customer exchanges with the Orchestrator the connectivity matrix on the abstract node and explicit paths using the TE nit: I think this is still the "abstract node topology". 4. The telemetry model which augments the VN model and corresponding TE tunnel model can be used to subscribe to performance measurement data and notify all the parameter changes and network nit: "notify" takes an object that is the entity receiving the notifications; the current wording as literally written says that "all the parameter changes and network performance changes" will receive notifications; I believe that the intent is that notifications about such changes are delivered to something (the Orchestrator?), so we should instead say "provide notifications about" or specify the actual object of "notify". Section 5.3 actions are defined and correlated with network events (e.g., allow the NETCONF server to send updates only when the value exceeds a certain threshold for the first time, but not again until the threshold is cleared), which constitute an It's perhaps a little risky to mention such threshold-based behavior without mentioning hysteresis as well. the server via YANG Push subscription [RFC8641], monitors state parameters, and takes simple and instant actions when associated event condition on state parameters is met. ECA notifications nit: "an" or "the" associated event condition. Section 6 I agree with the secdir reviewer that it's worth repeating the disclaimer that customer/provider interfaces (and thus, the security considerations thereof) are out of scope for this document. When the service configuration incluedes "security" parameters (see my comment on §4.2.1), it is important to include the relevant information in the monitoring/assurance pipelines so that the correct functioning of the security mechanisms is tracked. In order to prevent leaking sensitive information, special care should be considered when translating between the various layers in Section 4 or when aggregating data retrieved from various sources. It's also important to perform the necessary authentication and authorization checks (more specifically than just "special care") for operations that cross abstraction-layer boundaries. The "confused deputy problem" may be relevant for some of these cases, and is an important topic to mention as well. Section 6.1 providers. The characterization of a service disruption (including, mean time between failures, mean time to repair), the escalation procedure, and penalties are usually documented in contractual agreements (e.g., Section 2.1 of [RFC4176]). Misbehaving peer nit: pedantically, this is saying that Section 2.1 of RFC 4176 is an example of a contracutal agreement; we may want to say "e.g., as described in Section 2.1 of [RFC4176]" instead. Section 6.2 o Some Service Models may include a traffic isolation clause, appropriate technology-specific actions must be enforced at the underlying network (and thus involved network devices) to avoid that such traffic is accessible to non-authorized parties. It may be worth mentioning the potential misconception that a "virtual private network" always provides privacy against an attacker able to tap the network link(s); only some VPN technologies (can be configured to) do so. In some sense, whether such wire-level encryption is in use could be an aspect exposed at the service model layer. Section A.3 o Network Topologies Model: [RFC8345] defines a base model for network topology and inventories. Network topology data include link resource, node resource, and terminate-point resources. nit: probably all three instances should be "resources" plural? Section A.4 Network Element models (Figure 10) are used to describe how a service can be implemented by activating and tweaking a set of functions (enabled in one or multiple devices, or hosted in cloud infrastructures) that are involved in the service delivery. I don't really see how Figure 10 helps demonstrate *how* "a service can be implemented by activating and tweaking a set of functions"; it seems to just be a listing/categorization of things that have YANG models.
[[ nits ]] [ section 1 ] * "processing of customer's" -> "processing of customer", perhaps * The colon-delimited sentence ending the paragraph doesn't seem to imply that list is what should logically follow. I think the sentence aims to imply that in-house and silo nature of existing work has lead the some challenges, including the ones listed. I think a slight reword might fix this up pretty easily. * "between a NETCONF/RESTCONF clients and servers" -> "between NETCONF/RESTCONF clients and servers" * "YANG is transport independent" -> "YANG is a transport-independent" * "model composing" -> "model composition" perhaps? * "out of the scope" -> "out of scope" [ section 3.2 ] * "that to fulfil the service request"? perhaps "that fulfill the service request"? [ section 3.4 ] * "to support newly added module", suggest either: "to support newly added modules" or "to support a newly added module" (probably the former, given subsequent "and features") [ section 4.2.4 ] * "or network resources be mis-allocated" -> "or network resources might be mis-allocated"
Thank you for the work put into this document. Please find below a couple of non-blocking COMMENT points and nits. I hope that this helps to improve the document, Regards, -éric == COMMENTS == A generic comment: it hurts my eyes to see several occurrences of "NAT" as a service in an IETF document in 2020... Should there be a reference to draft-claise-opsawg-service-assurance-architecture (albeit not yet an adopted document) ? There are a lot of detailed service creations with a good decomposition of all the required steps; but, little is written on the importance of YANG models (as opposed to any standard data exchange), so, the current title seems a little misleading. -- Abstract -- To be honest, I fail to understand why data models can be used to 'derive' configuration information. Did the authors mean 'describe' or 'specify' ? Later "This document describes an architecture" while the title of this document if "framework" ? Slight semantic difference ;-) And later "accommodate modules that", is it 'YANG modules' or 'data models' ? -- Section 4 -- The complex figure 4 would benefit from some textual introduction referring to the subsections. Also, the meaning of the arrow would gain if specified. E.g., why "Service Diagnosis" does not have a loop back to optimization or assurance ? -- Section 4.2.2 -- If not mistaken, this is the first appearance of the notation "<intended>". Do the angle brackets have a specific meaning? -- Section 4.2.3 -- Suggestion to use the figure 4 wording as the title esp. since the wording of MDT is not really used in the sub-section. -- Section 6 -- Is it required/useful to have the 'standard YANG security considerations" in this document that does not contain any YANG module? -- Section 10.1 -- Most of the references should probably be informational only. == NITS == Generic nit, I found the use of capitalized "Service Model" or "Network Models" a little disturbing. -- Section 1 -- "how different layer YANG data models" is rather difficult to parse, suggest to rephrase it. -- Section 4.4 -- Is it "service decomposing" or "service decomposition" ?