Minutes for ANIMA at IETF-92
minutes-92-anima-4

ANIMA WG, IETF-92 (Dallas)

   Autonomic Networking Integrated Model and Approach
   Chairs: Toerless Eckert & Sheng Jiang
 
   The Tuesday 2-hour session is dedicated for urgent WG 
   milestones; the Friday 1.5-hour session is mainly for 
   other work items relevant to autonomic network but not 
   in urgent WG milestones.
   
-------------------------------------------------------------------------

Tuesday (March 24, 2015) 2-hour session:
1520-1720  Afternoon Session II, Oak

1.      16:20 - 15:25 WG Dash 5 min ANIMA WG Chairs Slides
-no comment from the room.

2.      Discovery and negotiation function - 45 min

   15:25 - 15:45 Generic Discovery and Negotiation Protocol - 20 min
   Brian Carpenter, draft-carpenter-anima-gdn-protocol-02, Slides

   brief overview of the protocol
      .3 types of objective: discovery, negotiation, synchronization
      .initiator/responder model
      .operates above layer 3, ipv6 preferred
      .authentication and replay protection
   
   protocol walk-through

      Hannes Tschofenig: Are the flows shown meant to work without 
         config and manufacturing certificate ?
      Brian: almost nothing (e.g. an ID)
   
      Hannes: trust relay is also part of draft-pritikin-anima-
         bootstrapping-keyinfra, not part of your presentation 
      Brian: yes, it is part of draft-bootstrapping
      Randy Turner : is the discovery multicast 
      Brian: yes
    
   open issues
      .UDP vs. TCP
      .DTLS vs. TLS vs. built-in security mechanism
      .dos attack protection TBD
      .DNS like alternative to discovery
      .expand objective description
      .protocol walk-through
      .cross-check against other ANIMA docs
      .write code

   questions
      Mehmet Toy: why running on layer 3 (only)  What about layer 2 
      Brian: mainly manage L3 resources, autonomic functions at 
         layer 3, but nothing prevents from negotiating layer 2 
         resources
      Michael A.: homenet discussion on ISIS running directly over 
         layer 2 and people complaining... do you want to bring it 
         also there 
      Rene: regarding TLS, can you develop the part on costly crypto  
      Brian: cost of asymmetric key for every packet is too high
      Rene: TLS is a family of algorithms so can use any of them 
         (fitting the needs)


   15:25 - 15:55 Autonomic Distributed Node Consensus Protocol - 10 min
   Markus Stenberg, draft-stenberg-anima-adncp-00, Slides, OriginalURL

      DNCP is a generalization of HNCP
      DNCP leaves some details to DNCP profiles
      scalability issues because of single areas, use of UDP
      ADNCP extends DNCP for multiple areas and TLS for unicast 
         (still udp for multicast)
      per objective DNCP possible
   Raise of hands, ca. 8 people read the draft.

   15:55 - 16:10 Combined discussion for GDNP&DNCP - 15 min

   questions
      Bing Liu: are these extensions to DNCP to make it autonomic 
      Markus: not really autonomic, but add features to scale...; 
         can use some point-to-point TLVs range for defining 
         arbitrary messages for autonomic use, but it doesn't actually 
         go into detail what point-to-point exchange would be.
      Bing: is the goal of ADNCP to fulfill requirements of ANIMA 
      Markus: in current DNCP, you can implement more arbitrary 
         autonomic objectives, but it doesn't mean I want to use DNCP 
         in that way, it's only a stating.
      Stuart: ADNCP does not add (more) autonomic features to DNCP 
         than it already has.
      Markus: add features to address scalability issues essentially
      Markus: why generic  Should be called autonomic, generic is 
         misleading.
      Sheng: requirements for the autonomic nodes to communicate 
         among them.
      Brian: the main reason that GDNP leaves a lot of things open 
         is because we don't know the scope of resources/objectives 
         we want to negotiate
      Markus: seems like flooding a lot, not good.
      Brian: victim of ARP storm 25 years ago. In a very large 
         (prof-managed) network possibly arrange to stop the flooding.
      Markus: design of the protocol... 
      Brian: take a use case and compare the different solutions
      Toerless: we already have simple example use case: set up of the 
         autonomic control plane
      Markus: too simple, not interesting
      Toerless: need information to decide which protocol to choose
      Markus: this is only an academic exercise (ADCNP)
      Sheng: would you been interested in joining a design team 
      Markus: possibly...
      Michael R.: don't understand what GDNP is for. There are good 
         reasons to separate discovery from negotiation. DNS-SD is 
         not applicable here. I don't want to do the 2 steps 
         (bootstrap & discovery) together, prior to boot strap. If 
         already boot strap, then it is able to talk to proper 
         machines to achieve the same.
      Markus: not what you want, because not secure
      Michael R.: I now understand if the discovery is after 
         bootstrap, maybe the node can be told the capabilities  
         ratherthan discovery.
      Sheng: notification the capability is also a way of discovery.
      Brian: under resource consumption, can be completely event 
         driven. At UCAN BoF several use cases to exemplify GDNP.
      Michael B.: distinguish between establish trust and discovery. 
         Want to have the same protocol to find the place to enroll 
         (trust anchor).
      Tommy Pauly: talking on behalf of Stuart Chesire. Discovery 
         process, could explore if DNSSD can apply using proxy/
         filtering, for that initial bootstrapping process, it seems 
         exactly a bonjour request for finding a trustee.
      Markus: find onlink neighbor is ok. But find offlink node is 
         different.
      Toerless: big difference between making DNSSD on top of these 
         protocols and running MDNS.


3.      Auto bootstrapping - 45 min

   16:10 - 16:25 Bootstrapping-keyinfra - 15 min
   Michael Behringer, draft-pritikin-anima-bootstrapping-keyinfra-01,
   Raise of hands, ca. 10 people read the draft.

      Steven: more secure than DHCP. If add a device to a link with 
         already initial config, can break your scheme.
      Mehmet Toy: where is the network authentication on your slide? 
      Michael: the network is (only) "passing" the ID.
      Max (remote): answering Mehmet Toy, the authorization of the 
         network is a joining step by device vivificating the token;  
         register verifying in the log.
      Mehmet Ersue: will something go wrong if zero-touch netconf does 
         not follow your approach 
     (after Kent's presentation)

   16:25 - 16:35 Netconf zero touch update for anima - 10 min
   Kent Watsen, draft-ietf-netconf-zerotouch-02, Slides
   Raise of hands, ca. 8 people read the draft.

      Hannes: how done in OMA M2M, maybe relates. Is what I have 
         described in relation with what you are doing  Is it the same 
         problem or a different one trying to solve. 
      Kent: terminology issue.
      Sheng: after next presentation
      Michael: different case, because you assume a certificate 
         already in the device.
      Max (remote): Zero-Touch draft not incorporated with the 3 
         points in slide 9. Difference between ownership VS. math 
         authorization: in ownership, you expecting vendors to be all 
         to known to the security channel, but math authorization does 
         not do it, am I correct in interpretation 
      Kent: discussion on who is the rightful owner.

   16:35 - 16:45 Survey of Security Bootstrapping - 10 min
   Raise of hands, ca. 4 people read the draft.

      Danping He, draft-he-6lo-analysis-iot-sbootstrapping-00, Slides
      Hannes: all the 3 mechanisms provide authentication. It's hard 
         to say which one is better, it depends on many aspects.
    
   16:45 - 16:55 Combine discussion - 10 min
   too late. no discussion.


4.      Autonomic Control Plane & Discussion - 25 min
   Raise of hands, ca. 12 people read the draft.

   16:55 - 17:20 Michael Behringer, 
   draft-behringer-anima-autonomic-control-plane-02, Slides
      Mehmet T.: what are you configuring with this solution 
      Michael: not about configuration at all.
      Brian: you could run netconf on top of it
      Michael: we are not looking for devices with absolute no 
         dependency to configuration. This is for the longer term 
         future.
      Michael A.: not solving the case of layer 1 connectivity/
         reachability.
      Mohamed Boucadair: deterministic behavior of the network. Any 
         way to have an exit button  Fallback to legacy mode of 
         operation. 
      Michael: work with existing data plane processes.
      Mohamed: the option should be left to the operator's choice, 
         not in the design, maybe beyond your presentation.
      Michael: Do the participants think the ACP is useful 
      Michael A.: It should restrict to useful in some scenarios.
      The room hummed 

--------------------------------------------------------------------------
Friday (March 27, 2015) 1.5-hour session
1150-1320 Afternoon Session I, Parisian
     change in agenda: Presentation by Rene is cancelled/postponed.

1. Reference model - 20 min
   Michael Behringer, draft-behringer-anima-reference-model-00, Slides

   John Strassner: do you plan to re-use work from other groups e.g. 
      service discovery.
   Michael: yes. We will steal whatever we can.
   John: MANET has mechanisms for discovery. Mentions DLEP as 
      mechanism for neighbor discovery.
   Toerless: Please open a discussion on the mailing list on that
      topic! 
 
   Dean Bogdanovic: started simple prototype implementation of 
      autonomic networking. Thinks it is necessary that a single 
      agent can covers multiple devices that are geographically 
      close to the agent.
   Toerless (as an author): Supporting this notion. Explain how 
      draft authors did not want to put it from the beginning to 
      not boil the ocean before having confirmation of requirements/
      interests.
   Sheng: We are at the beginning stage to understand the 
      requirements for the autonomic network. We encourage you to 
      raise your specific requirements. The chair may later form a 
      design team to work on the common reference model.

   John Strassner: worked a bit on autonomics, urge the WG to not 
      just think in terms of APIs but as software contracts 
      (pre/post conditions), do not change over the life-cycle of a 
      function. bring rigor. Capabilities: willing to work to define 
      more formally this aspect. GDNP seems overloaded if tries to 
      negotiate for everything.

   Toerless: Asks where formalisms mentioned exist (not aware of 
      IETF formalisms).
   John: not in IETF, but in other SDOs.
   Bing Liu: Willing to contribute also on current un-filled 
      contents and also possible extensions of reference model. 
      Section 7: Distinguish ACP as component of the ANI and the 
      ASAs running to top of the ACP, might need to distinguish 
      them more clearly in the draft.
   Michael: correct.

2. Observations on bootstrapping and synchronization - 15 min
   Rene Struik, no draft, no slides received
   Postponed by the speaker.

3. Coordinating multiple (conflicting) autonomic functions - 15 min
   Laurent Ciavaglia, no draft

   Toerless: Please provide a simple example to illustrate.
   Laurent: ECMP agents and power saving agents. ECMP agent try to 
      keep up links to best utilize bandwidth but power saving agents 
      try to shut down links. Conflict of interest between agents 
      requires coordination between them (who is more important 
      compromise.. ).

   Michael: Lot of this happens at ASA level. Is something missing 
      in the infrastructure for this 
   Laurent: Unclear. Will review documents to identify gaps.

   John Strassner: Work on knowledge representation. May need to be 
      explicitly added to the infrastructure to be able to be 
      explicitly used by infrastructure. Need some way to reason 
      about knowledge. Otherwise two different services looking same 
      at the surface but incompatible due to their dependencies. Look 
      at KIF/Common Logic.

   Brian: What is common between separated coordination function in 
      different Autonomic server agents  Is it a separate ASA or 
      common for all ASA (in the infra).
   Laurent: we need to answer that in the coming work.

   Michael: what is need in the infrastructure 
   Laurent: It depends on the definition of infrastructure. It may be
      implementation choice or deployment model choice. We need to 
      work on it further.

   Sheng: But, it is still confuse whether this is requirements for 
      each ASA or a reusable component to support all ASA. The 
      current WG charter is focusing on reusable component in the AN 
      infrastructure. We certainly think coordinating is important 
      since there are conflictions. You need to come back with a 
      concrete functional requirement.
   Laurent: understand that.

   John: it should be added in the infrastructure. It should be a 
      function that every ASA can use. Would be happy to help on 
      how to exchange the knowledge.

4.  Self-Managed Networks with Fault Management Hierarchy - 15 min
    Toy Mehmet, no draft, Slides

   Bhumip Khasnabish: Is this deployed/implemented in Comcast network 
   Mehmet: Vendors not yet implementing required dependencies.

   Bhumip K.: if NEs starts testing at the same time, can break your 
      network.
   Mehmet: no, run the testing in the background

5.  Predictive risk awareness for proactive management - 15 min
    Laurent Ciavaglia, no draft, slides

   Toerless: Requirements against underlying infra for Laurent 
      "predictive" and Toy's "reactive/tracking" management actions 
      look very overlapping, true 
   Laurent: Yes, Toy nodding.

   Brian Carpenter: very interesting. Would have liked to see 
      compressed version of Comcast presentation to be able to 
      extracts requirements against the infrastructure.
   
   Bing Liu: is ASA-ASA communication involved for it 
   Laurent: two models, one is one ASA local decision; the other 
      involves ASA-ASA communication

6.     Closing by Co-Chairs - 10 min

   Toerless:
      Would like to start building design teams for a) bootstrap 
      and b) signaling, which are milestone building blocks.

      If interested to participate, please send mail to chairs. 
      We will also reach out to the candidates we think would be 
      great to have.

      Goal of design teams of course is to work on a common solution.
      Do not want various contributors to come in and beat each other 
      up on competing solutions - but rather work towards a common 
      goal.

      Think ACP is at the current level of design uncontentuous enough
      that we do not need a design team. But ACP depends on the other 
      two components, so the design teams shuould not only resolve 
      their own requirements but those of the two other milestone 
      building blocks.

      Think that bootstrap is the most urgent problems due to ongoing 
      work in NETCONF (and others...). Plan to set up a virtual interim
      for it.

      To ensure that we really make progress towards the three 
      milestones, the chairs will post questions about

         - Scenarios to understand the scope that the design teams 
           feel they want to cover and
         - How the components of the milestone building blocks could 
           interact.

      So that we quickly resolve agreed mutual requirements that the 
      design teams need to resolve.

   Sheng: the participants who are interested in the design team also 
      need to feedback their time zones so that the chairs can organize 
      interim meetings accordingly. If the chairs cannot find a good 
      time suitable for all design team members because the global 
      distribution, we have to share the pain by switching between 
      two chosen times.