What: Joint OpsAWG / OpsArea
When: 09:30-11:30, Wednesday Session I, Nov 9, 2022
Where: Mezzanine 10-11
Administrivia - scribes, minutes, etc.
Tianran / Joe / Henk
5 minutes
MUD Updates
Michael Richardson
10min
https://datatracker.ietf.org/doc/draft-ietf-opsawg-mud-iot-dns-considerations/
https://datatracker.ietf.org/doc/draft-ietf-opsawg-mud-acceptable-urls/
IPFIX Proposals
Thomas Graf
15min
https://datatracker.ietf.org/doc/html/draft-ietf-opsawg-ipfix-srv6-srh
5min
https://datatracker.ietf.org/doc/html/draft-tgraf-opsawg-ipfix-inband-telemetry
IPFIX-SRv6-SRH:
IPFIX-Inband-Telemetry:
An Update to the tcpControlBits IP Flow Information Export (IPFIX) Information Element
Mohamed Boucadair
5min
https://datatracker.ietf.org/doc/draft-boucadair-opsawg-rfc7125-update/
Show of hands: 14 responsed all showing interest in solving this problem
Rob: It is better for this work to go through the WG if possible, better consensus and less overload.
Joe: we will look at this work, but perhaps we can push forward with a broader look at the registries.
Asserting Wireless Network Connections Using DNS Revolvers' Identities
Tirumal Reddy
10min
https://datatracker.ietf.org/doc/draft-wing-opsawg-authenticating-network/
Warren: Might need to forget 802.1X ID (e.g., joining IETF network). What happens if DNS changes? Will users know enough to say, "yes, this is valid". There needs to be a mechanism to allow users to switch from using old encrypted DNSes or know that a change in DNS is legit.
A Data Manifest for Contextualized Telemetry Data
Benoit Claise
10min
https://datatracker.ietf.org/doc/draft-claise-opsawg-collected-data-manifest/
External Transaction ID for Configuration Tracing
Jean Quilbeuf
15min
https://datatracker.ietf.org/doc/draft-quilbeuf-opsawg-configuration-tracing/
Jan: Definitely a problem to be solved, I already have two drafts in this area. Removed form the transaction-id becase that was the consensus at the time. In the light of these other drafts perhaps we'll add it back in. Definitely should include NETCONF and RESTCONF. The other solution aligns with existing technology. Interested in working together. Some areas are the same, some are different.
Rob: Good that both sides are willing to work together; where to do this work? Would NETCONF be a better place for this?
Joe: As abitrary string with no coordination, clients could choose the same string?
Need a unique id.
Jean: We do need unique IDs and persistence. This is hard problem to solve, but we will look at this
Rob: In terms of conflicting client IDs, push this downstream (i.e., out of scope but advice can be given)
Joe: As chair, think that NETCONF might be a better area for this work.
On poll, 18 people raised hand in support of working on this problem space, no hands not raised; though NETCONF seems like perhaps a btter place for this given other related work
Data Model for Lifecycle Management and Operations
Camilo Cardona
10min
https://datatracker.ietf.org/doc/html/draft-palmero-opsawg-dmlmo
Olga Havel: Kind of confusing to have "lifecycle operation" in the name as this does not have to be in scope; there seems to be a missing YANG module on ietf-dmlmo in the latest revision that was present in -05
Alex Clemm: Not quite sure why this is separate work from inventory; this would be things you'd likely want to aggregate at the OSS level; does this need to be instrumented in the network?
Camilo: This is highly dependent on inventory, and then we will use that
Alex: But you are talking about aggregate metrics across the network, but why instrument at the device level? This should be at the OSS/controller level not in individual NEs, right?
Camilo: That is an open question as to whether or not this should be centralized at a controller or on individual devices
Rob: (as AD) Different groups interested in inventory models; interest to compare/contrast and bring those together; next step to create a mailing list to bring all parties together; interesting to decouple inventory from use; perhaps there is an idea to spin up a spec interest or WG group to coordinate a cohesive set of modules/models; AI on Rob to create mailing list
Qin: Had side meeting, like the idea of a mailing list
Henk: (no hats) on the license front: there are a lot of work going on into licenses in other groups (specially on software); [Michael] might be confusing things on licensing (might want entitlements, not licenses)
Camilo: Might not be able to answer directly. Here we are defining licences in the ability to run a feature or product. E.g., how many users can use that feature. Not like software licenses.
Henk: The exact scope of licenses should be obvious, everyone else will jump on this.
Michael: The term that you want is entitlements
Diego: Reaching the point that everything to do with the operational behaviour of the device, including inventory. I think that it is worth considering a group to help coordiante.
Rob: (as AD) create the mailing list, then see what comes from that
Bo: What is the scope of asset (it just mentions physical or virtual/software); what about Enterprise IT assets?
Camilo: There can be software assets, but haven't thought through to the Enterprise assets
Had to lock the queue; told Marisol to take comment to the list (or to the new mailing list)
An Inventory Management Model for Enterprise Networks
Bo Wu
10min
https://datatracker.ietf.org/doc/draft-wzwb-opsawg-network-inventory-management/
A Policy-based Network Access Control
Qiufang Ma
10min
https://datatracker.ietf.org/doc/draft-ma-opsawg-ucl-acl/
Rob: Should we have something more generic that time period as condition to enable ACLs?
Joe: netmod gave ospawg first right of refusal; running a poll to see if there is interest here to work on this
Poll resulted in 14 raised hands and 8 no hands raised
Joe to provide feedback on list
David Sommer-Haris: You have user groups. Are you assuming that some other system is tracking the other IPs. I wasn't sure that I saw how this tracks the use case.
Qin: This has been discussed in netmod. Can use this to restrict access for particular groups.
David: Didn't define domains here. No definition of a domain (e.g. youtube.com is a domain). How is this done here?
Qin: Could add more attributes to cover your usecases. Good point, we can think about it.
Qin: Also been discussed in NETMOD, also a proposal for ACL extensions. Time based could be considered in generic ACL model.
(Bill Fenner [in netmod] raised that ical work on time might be useful to import and use here)
If Time Allows:
PCAP and PCAPng and PCAP Link Types
Michael Richardson
5min
https://datatracker.ietf.org/doc/draft-richardson-opsawg-pcaplinktype/
Rob: (no hats) Try to get it through a WG; we should try to get this done
Michael: Would like to see all three documents adopted and move quickly
AI: Call for adoption post 115
Administrivia - scribes, minutes, etc.
Warren / Rob
5 minutes
Requirements DetNet in large scale networks
Toerless Eckert
10min
Open Mic
EOM