Skip to main content

Minutes IETF100: opsawg

Meeting Minutes Operations and Management Area Working Group (opsawg) WG
Date and time 2017-11-14 07:50
Title Minutes IETF100: opsawg
State Active
Other versions plain text
Last updated 2017-11-15

[ Warren Kumari Note: Thanks to Elliot Lear (and others) for taking minutes ]
Agenda bashing/Note Well
We bashed the agenda - no change.


Kathleen's presentation

Goal- document issues that are introduced by encryption at different layers. 
Goal is not to try to address all of the issues raised.  Each section could be
a draft on its own.  We just try to document the current state. She discussed
motivations for encryption.  They vary based on type of network because...
Impact varies depending on the type of network. This draft is meant to be an
initial step toward balance with regard to network management/monitoring.
Briefly reviewed opportunistic encryption. TLS 1.3 and potential issues.
Kathleen's view: absent having this discussion "head on" we won't see the
adoption of encryption that we like Ad Injection.  An example where providers
found a way to prevent encryption. Load balancers and DPI could use a bit more
attention. Content filters and load balancing proxies could use a little more
attention. Tried to get diverse input.  Got it for DDOS- not so much elsewhere.
ALPN needs some work because it's a moving target. Mobility needs some
updating. Sometimes sharing more on operational practices may help make
encryption more acceptable.


{Couldn't get name} from Huawei}: one could be talking about the impact of
network management on the security of the network. Warren: Read the document! 
Tone has changed substantially! Lee Howard:  I've skimmed, but great balance on
tone.  I will review it as much as I can.  Please others review. Mike Ackerman:
why is it different when things are in a cloud-hosted environment? Kathleen:
motivations are different. Mike: things get a little darker when in the cloud.
Ignas Bagdonas: Different language used between here and operational community.
  Maybe we need to translate this document to get more info from the
operational community.  Better examples, for instance, around IGP snooping. 
(Russian speaking) ENOG, EuroIX, RIPE meeting, smaller country operator groups.
Benoit: can you quantify? Ignas: 500-600 for E-NOG 100 - RIPE sometimes
mid-digit 10s. Quite a lot of security aspects depend on network design.  Some
assumptions of what goes where (like in our out of the data center) may not
always reflect actual deployments.  Each deployments are unique, although there
are some common denominators that may not align to what is in the document.
Does this mean that encryption is evil and we should do less of it? Kathleen:
really no.  It's all about how to get encryption deployed. Benoit: we should be
documenting what we may be losing with encryption. Kathleen: we need to
document difference between 5-tuple and 2-tuple in terms of impact. Darin
Pettis: I'm an operator. There are some very real needs here.  Definitely
looking for the balance you discuss.  There is a lot of finger pointing between
cloud and enterprise *is* an issue. Joel Jaeggli:  We have over time revisited
technologies and decided to abandon them.  Some mechanisms change out of
necessity.  We may need to address the most problematic tools that are well
deployed. Kathleen: goal of the document is to highlight what is changing. Lars
Eggert: not speaking as chair, we have a challenging problem with QUIC.  One
option in QUIC is to expose hidden information to authorized parties.  But just
because information is going to move into the clear doesn't mean you can trust
it because the protocol machinery may not act on it.  It would be awfully nice
to {know?} {whether operators would accept untrustworthy information}

Supervised Heterogeneous Network Slicing
Liang Gang
Outgrowth from BoF at IETF-99:
Should we still do network slicing still in the IETF?  YES.
We don't have a consensus on what a network slice is.
A network slice is a dedicated network and a group of components, and
generalized (physical or virtual) service functions that can be exposed to
tenants. It has to be supervision, otherwise there is no service guarantee. See
ASCII art in presentation for the architecture. There are numerous domains
within the network.  Legacy, OT, Access. Components for network slicing: Common
Operation and Management for Network Slice == COMS Slide discusses flow. A
common information model is key. Also, life cycle management, monitoring, etc. 
From those come derived models. Southbound interface might need to be
standardized.  Neeed east-west interface.

5G does network slicing, please consider using a different term or one of the
existing definitions within the industry. Network slicing is end to end.  How
to get access, code, etc, put in place.  This must all work together. Concerned
that at the end of the day this solution may not be compatible with 3GPP. Liang:
   { Lots of internal discussion about the relationship between SA2 and SA5 and
   the IETF}
Plenty of end to end use cases just internal to IETF
Juerg Mayer:
3GPP does not have any official requirements towards the IETF.  What we said
last time: if the IETF sees a need to work on slicing, you should go ahead. 
Transport network is left out of our focus. This work is going on in parallel. 
We will for sure create some confusion, which is inescapable.  Look at it from
the IETF perspective for now, and then we will see what we can incorporate what
is appropriate for 5G. Nurit:
    We do need SOME coordination, and something that delivers a valid end to
    end solution.
Jari Arkko:
There are all sorts of technologies that we need to build on, like
orchestration software.  What is the specific work that we should do here at
the IETF?  Much of this is IETF technology.  It's our job to make sure that
this technology is up to speed for 5G use cases (for example). There will a
presentation in routing area working group on some of this (Jari and Jeff
Cantor). Data models is an area we need to work on.  How does it relate to
other data models? Mehmet I have an issue with the term "common information
model".  Give a more precise title. NFV has existed for many years, and there
are different SDOs working on information models tied to that. Some are useful,
others can be harmonized. Will you use an existing information model or create
it from scratch? Terms need to be harmonize with existing information models
and not do it from scratch. Liang: A common information model is
technology-non-specific.  Stil prefer this term Network configuration model is
the mapping to specific technology. Use cases: Customization, resource
utilization, and new technologies

    They are looking for a BOF at the next IETF.

Alex ?:
I don't think this group will create a common information model across all
SDOs.  This is just for network slicing {for what you are building}, but
because you use a lot of technology, you will need to coordinate. Need both
bottom up (from technology) and top down views and good linkage between the two.

Success can also be we gain an understanding of what we need to do and place
that work into multiple different working groups. Let's first figure out what
we need.

Onward to the OPSAWG part of the meeting

Working group status
Shepherd needed for draft-ietf-opsawg-ipfix-bgp-community-03
TACACS doc needs some additional review.

YANG data model for NAT
Draft has been around.
four revisions since last IETF.
Got some external review.
A number of reviewers contributed (Lee, Jordi, Fred, Tore Anderson, Rajiv
Asati). Updates on CLAT, NPTv6, NAT64, EAM. Support CGN Got YANG doctors review
Removed logging based on feedback. Had to clarify relationship with NAT-MIB

 how many revisions did you go through between the last [missed (last ietf?)]
 and this one.  You should go through WGLC to produce a yang model with some

MUD update
Changes coming up from WGLC and IETF LC
Tied to JSON compatability
If you have an objection speak up soon
model number
element that specifies name for signature will be needed
Going back to UTF-8
Propose to ADs: pause for a little while and wait for apple model and then
create a new draft for IESG review next steps: extensions to the model will
come in London

Joe C:
    Have you asked operators?
"yeah, ok..." and don't care much

Network Data Use Case for Wavelength Service
Chen Li

This was a presentation that went into OAM with Wavelength service.

need 2119 language
What do you want to do with this work?
It's accademic
I'm not sure we have the right reviewers [here]