Last Call Review of draft-ietf-opsawg-yang-vpn-service-pm-12
review-ietf-opsawg-yang-vpn-service-pm-12-secdir-lc-migault-2022-10-07-00

Request Review of draft-ietf-opsawg-yang-vpn-service-pm
Requested revision No specific revision (document currently at 15)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2022-10-04
Requested 2022-09-20
Authors Bo Wu , Qin Wu , Mohamed Boucadair , Oscar Gonzalez de Dios , Bin Wen
I-D last updated 2022-10-07
Completed reviews Rtgdir Early review of -08 by Dhruv Dhody (diff)
Yangdoctors Early review of -05 by Ladislav Lhotka (diff)
Yangdoctors Last Call review of -07 by Radek Krejčí (diff)
Tsvart Last Call review of -11 by Bob Briscoe (diff)
Genart Last Call review of -12 by Elwyn B. Davies (diff)
Secdir Last Call review of -12 by Daniel Migault (diff)
Assignment Reviewer Daniel Migault
State Completed
Request Last Call review on draft-ietf-opsawg-yang-vpn-service-pm by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/txpRqARrZb_R00waOH_h4bUtqN4
Reviewed revision 12 (document currently at 15)
Result Ready
Completed 2022-10-07
review-ietf-opsawg-yang-vpn-service-pm-12-secdir-lc-migault-2022-10-07-00
Hi,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is Ready with nits, but I am not an expert
in this area, so please take this comments as questions that came to
me while reading the document.

Introduction:

[...]

   The performance of VPN services is associated with the performance
   changes of the underlay networks that carries VPN services.  For
   example, link delay between PE and P

<mglt>
It seems to me that is the first time these acronyms are introduced - same with
CE. </mglt>

   devices and packet loss status
   on Layer 2 and Layer 3 interfaces connecting PEs and CEs directly
   impact VPN service performance.  Additionally, the integration of
   Layer 2/Layer 3 VPN performance and network performance data enables
   the orchestrator to subscribe uniformly.

<mglt>
I do not understand "subscribe uniformly".
My impression is that here the orchestrator is responsible to enforce some
network performances, and depending on the performance to meet, it will choose
one configuration or the other. Does the use of one configuration versus the
other is seen as a subscription ?  If that is correct, this sounds like a
cooperation between various actor. If so, that surprises me. </mglt>

Therefore, this document
   defines a YANG module for both network and VPN service performance
   monitoring (PM).  The module can be used to monitor and manage
   network performance on the topology level or the service topology
   between VPN sites.

   This document defines a base YANG data model for monitoring of
   network performance and VPN service performance.
<mglt>
I have the impression the text above repeats the previous paragraph.
</mglt>

[...]

3.  Network and VPN Service Performance Monitoring Model Usage

   As shown in Figure 1, in the context of the layered model
   architecture described in [RFC8309], the network and VPN service
   performance monitoring (PM) model can be used to expose operational
   performance information to the layer above, e.g., to an orchestrator
   or other client application, via standard network management APIs.

<mglt>
I am wondering if the client application is related to the Customer.
I do not think so, but I might be wrong. I am wondering if that would
make sense to have the client application being mentioned on the figure.
</mglt>