Combined OpsAWG / OpsArea Minutes

Minutes Takers:

OpsAWG Section

Henk opened the meeting with noting well lots of things. "Be nice," etc. Then remote attendance tips.

Introduction of the various jabbers, minutes, meeting, material, and of course the chairs.

Then came working group status.

Congratulations to editors on RFC 9105 on TACACS+.

Next, draft-ietf-opsawg-ipfix-mpls-sr-label-type in RFC editor queue.

Adrian: l2nm document is stunningly long, and he is shepherding that doc. He's is hopeing to complete his shepherd review, so long as the meeting is "suitably boring."

MED: draft-ietf-ospawg-vpn-common is also in the RFC Editor Queue.

Two new IDs adopted. Licensing content, (-opsawg-ol) and opsawg-pcap.

The agenda was bashed. Skepticism was exhibited on Eliot claiming only to want two minutes for sbom-access.

The agenda was... lengthy. There was no bashing.

Onward to Benoit...

SAIN (Service Assurance for Intent-based Networking)

When a service degrade, where is the fault?
When a network component fails, which services are impacted?

Assurance Graph shown. This version -02 has a DAG. Avoid circular dependencies, and the orchestrator should detect them.

Graph transformation then discussed.

YANG model unchanged.

Align terminology with NMRG draft.

Next steps
- a hackathon on examples?
- Actionable symptoms?
- If no more issues by next IETF, last call?

Draft is incredibly important.
Would be very useful to show what transformations mean operationally. Perhaps use DNS as an example.

Benoit: We could use that? But perhaps we should have a call?

ELiot: Graph indicates where services reside, so changing the graph means changing the graph.

Benoit: Doesn't show this in all cases, it also shows dependecies. Just organizing those dependencies will give the same requirements.

Joe: how do you decide what needs to be inserted as the top level service to remove the circular dependency? Concretely, what is "top"?

Benoit: we need to specify that a bit better.

Henk: very important to have appropriate telementry that supports the assertions of what the services are and how they are composed.

Rob: rather than forcing the graph to change, insert some rules to break the chain?

Benoit: we could add a rule that prevents them, but in practice they may be discovered.

Rob: allow circular dependencies that have certain rules in place.

Operational Considerations for use of DNS in IoT devices

no real change from 111. Beware geofencing with MUD. This should be resolved.

Eliot: Not sure how strongly we are disagreeing, but perhaps list those out in the draft. Don't want to discuss this here, but perhaps we can discuss on the list.

Michael: Yes, I'll bring the issue up again on the list. Open question is about making normative updates to the MUD controller.

PCAP Next Generation (pcapng) Capture File Format and PCAP

What happened with the adoption of pcap and pcapng?

Proposal to remove LINKTYPE registry to another document.

IANA would be happy to receive LINKTYPE table in XML.

Henk: pcap->historic
Henk: we had some logistical problems with the call for adoption; people didn't speak up.

Eliot: pcapng to hold the LINKTYPE registry?
MCR: that seems ok.

Henk: Take it to the list.

A YANG Model for Network and VPN Service Performance Monitoring

No update to this draft since last meeting.

"pm-source" should use identity type.
Model proposed.

Adding some sort of aggregate to the model.

class-id specific metrics.
change pm-statistics to be a a list with class-id as a key.

Direction definition was thought to be confusing.

Eliot: Are the new elements under the vpn access statistics, are they meant to be aggregates? I'm not sure what is meant by those objects.

Bo: These statistics are from L2NM and L3NM, but these are showed in the overlay topology.

Eliot: It should be really clear what the counters are counting in the ASCII art. May want to give an example of where those counters actually are and what they are counting.

Discovering and Retrieving Software Transparency and Vulnerability Information

[insert minutes here]

Eliot presenting.

Extension covering about learning where an SBOM is.

Need some more reviews before WG LC. I would like to see a bit more implementation. Probably need one more update. Reviews should continue, and would like chairs to facilitate that.

Henk: We will request the necessary reviews.

Data Model for Lifecycle Management and Operations


Draft talks about different states an asset passes through; management of licensing of the asset and features on the device. This is also tied to one's measurement framework for particular features.

Need to handle renewal, as well.

We have good models for fault / service management frameworks. But we may need additional metrics that may not seem obvious; but may be relevant to business data.

This is the focus of this data model.

Use case discussion.

Information model presented.

Looking for feedback.

Benoit: - This draft makes a lot of sense.
- One detail about the name: is this "lifecycle" management? Not really, it's about collection
- In the industry we are seeing lots of inventory efforts (from network elements, from the yangcatalog). And we start to have capabilities discovery as well. There is a draft later on related to data manifest. We might need to align all these efforts.
- This draft will be successful if it's multi-vendor. Some parts will difficult: licensing scares me
- Happy to collaborate

Marisol: we are indeed looking for a good name. Looking to align on other drafts.

Joe: these are all good questions to discuss on list.

Qin: Asset lifecycle management?

To the list!

Transport Layer Security Verion 1.3 (TLS 1.3) Transport Model for the Simple Network Management Protocol Version 3 (SNMPv3)

SNMP for ITS, and what does it mean SNMP with ITS.
CISA recommends SNMPv3 over DTLS/1.2. So this is an update to RFC 6353 to use DTLS/1.3.

Eliot: Thank for this presentation. How well fields is RFC6353 fielded in ITS.

Kenneth: Somewhat limited.

Eliot: Should stop paying ping pong. Reasonable to get to TLS 1.3. Seem to have intest. Assuming that there other participants that are willing to implement. This work needs to be closely tied back to the TLS WG. We should work on the logistics.

Rob: important that this work get done. Might prefer "update" rather than "obsolete"

Joe: agrees that we should stop the pingponging. Agrees that more tactical type changes would be beneficial.

Adoption call to take place on list.

Data Manifest for Streaming Telemetry

How do you interpret the value 42?
What was the initial cadence that you requested and what was the cadence that you received?
In terms of interpreting the data, even OS versions might change the meaning.

2 yang models, one for platform manifest, one for data manifest.

Use the YANG instance draft to store the info.

Want to be able to link deviations on that device.

Include source of data. What is the trust model?

Rob: use YANG packages to describe manfiest?

Henk: how does this interact with SBOM effort?

Benoit: yes, it seems so.

Henk: will try to organize an inventory dedicated effort

Frank Brockners: how to sift through different types of information (like runtime info).

Eliot: important to give integrity of the information a lot of thought.

Problem Statement and Requirement for Inband Flow Learning

Expressed need for flow identification at scale. Mixue ran out of time.

Joe: bring out question of which WG on the list.

A YANG Data Model for Optical Network Inventory

Just inventory for a network model.

Eliot: Fifth draft today covering inventory. May be using the word in different ways, or perhaps they are talking about the same thing. I would suggest an interim on this. Do we need a new WG on this, or an existing WG.

Italo: This is an inventory of the hardware.

Chair's note: the concept of inventory seems to be in need of disambiguation. A corresponding dedicated interim seems to be in order. Marisol, Benoit, Eliot, Italo should be part of the nucleus in manifesting such a conversation.

A Network YANG Model for Service Attachment Points

This is a revived draft, clarifies how this model relates to other topology models.

Service Attachment Point used to decice where you can deliver a service. Designed for service orchestration layer, which wants to know available endpoints.

Service may span across multiple domains.

There's a pretty good illustration of the purpose of this model and where it fits on Slide 4.

Adrian points out that this seems to align with TEAS work.

Qin: This is aligning with nano-slicing in TEAS.

Joe: presented before, will poll on the list for this draft.

Qin: thanks, Joe.

Source Address Validation: Use Cases and Gap Analysis

General discussion of challenges with source address validation- intra/inter-AS challenges.

Some chat in the jabber about whether this work belongs here or in opsec. Was also presented in intarea.

Problem statement: an ideal SAV mechanism should guarantee accuracy.

Proposal: a path probing method.

Joe: Go to opsec.

Ops-Area Section

Administrivia - scribes, minutes, etc.

With just two minutes...

Warren: thanks to the OPSAWG chairs. If anyone wants to talk to Rob or me, we'll be in

Open Mic

No time.

Meeting adjourned.