draft-ietf-opsawg-operations-and-management-04.txt   draft-ietf-opsawg-operations-and-management-05.txt 
Network Working Group D. Harrington Network Working Group D. Harrington
Internet-Draft Huawei Technologies USA Internet-Draft Huawei Technologies USA
Intended status: BCP July 14, 2008 Intended status: BCP October 27, 2008
Expires: January 15, 2009 Expires: April 30, 2009
Guidelines for Considering Operations and Management of New Protocols Guidelines for Considering Operations and Management of New Protocols
draft-ietf-opsawg-operations-and-management-04 draft-ietf-opsawg-operations-and-management-05
Status of This Memo Status of This Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 34 skipping to change at page 1, line 34
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 15, 2009. This Internet-Draft will expire on April 30, 2009.
Abstract Abstract
New protocols or protocol extensions are best designed with due New protocols or protocol extensions are best designed with due
consideration of functionality needed to operate and manage the consideration of functionality needed to operate and manage the
protocol. Retrofitting operations and management is sub-optimal. protocol. Retrofitting operations and management is sub-optimal.
The purpose of this document is to provide guidance to authors and The purpose of this document is to provide guidance to authors and
reviewers of documents defining new protocols or protocol extensions, reviewers of documents defining new protocols or protocol extensions,
covering aspects of operations and management that should be about covering aspects of operations and management that should be
considered. considered.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
2. Design for Operations and Management . . . . . . . . . . . . . 4 2. Design for Operations and Management . . . . . . . . . . . . . 4
2.1. IETF Management Framework . . . . . . . . . . . . . . . . 4 2.1. IETF Management Framework . . . . . . . . . . . . . . . . 5
3. Operational Considerations . . . . . . . . . . . . . . . . . . 5 3. Operational Considerations . . . . . . . . . . . . . . . . . . 6
3.1. Operations Model . . . . . . . . . . . . . . . . . . . . . 6 3.1. Operations Model . . . . . . . . . . . . . . . . . . . . . 6
3.2. Installation and Initial Setup . . . . . . . . . . . . . . 7 3.2. Installation and Initial Setup . . . . . . . . . . . . . . 7
3.3. Migration Path . . . . . . . . . . . . . . . . . . . . . . 8 3.3. Migration Path . . . . . . . . . . . . . . . . . . . . . . 8
3.4. Requirements on Other Protocols and Functional 3.4. Requirements on Other Protocols and Functional
Components . . . . . . . . . . . . . . . . . . . . . . . . 8 Components . . . . . . . . . . . . . . . . . . . . . . . . 8
3.5. Impact on Network Operation . . . . . . . . . . . . . . . 9 3.5. Impact on Network Operation . . . . . . . . . . . . . . . 9
3.6. Verifying Correct Operation . . . . . . . . . . . . . . . 10 3.6. Verifying Correct Operation . . . . . . . . . . . . . . . 9
4. Management Considerations . . . . . . . . . . . . . . . . . . 10 4. Management Considerations . . . . . . . . . . . . . . . . . . 10
4.1. Interoperability . . . . . . . . . . . . . . . . . . . . . 11 4.1. Interoperability . . . . . . . . . . . . . . . . . . . . . 11
4.2. Management Information . . . . . . . . . . . . . . . . . . 13 4.2. Management Information . . . . . . . . . . . . . . . . . . 13
4.3. Fault Management . . . . . . . . . . . . . . . . . . . . . 14 4.3. Fault Management . . . . . . . . . . . . . . . . . . . . . 14
4.3.1. Liveness Detection and Monitoring . . . . . . . . . . 15 4.3.1. Liveness Detection and Monitoring . . . . . . . . . . 15
4.3.2. Fault Determination . . . . . . . . . . . . . . . . . 15 4.3.2. Fault Determination . . . . . . . . . . . . . . . . . 15
4.3.3. Fault Isolation . . . . . . . . . . . . . . . . . . . 16 4.3.3. Fault Isolation . . . . . . . . . . . . . . . . . . . 16
4.3.4. Corrective Action . . . . . . . . . . . . . . . . . . 16
4.4. Configuration Management . . . . . . . . . . . . . . . . . 16 4.4. Configuration Management . . . . . . . . . . . . . . . . . 16
4.4.1. Verifying Correct Operation . . . . . . . . . . . . . 18 4.4.1. Verifying Correct Operation . . . . . . . . . . . . . 18
4.4.2. Control of Function and Policy . . . . . . . . . . . . 18 4.4.2. Control of Function and Policy . . . . . . . . . . . . 18
4.5. Accounting Management . . . . . . . . . . . . . . . . . . 18 4.5. Accounting Management . . . . . . . . . . . . . . . . . . 18
4.6. Performance Management . . . . . . . . . . . . . . . . . . 19 4.6. Performance Management . . . . . . . . . . . . . . . . . . 19
4.7. Security Management . . . . . . . . . . . . . . . . . . . 20 4.7. Security Management . . . . . . . . . . . . . . . . . . . 20
5. Documentation Guidelines . . . . . . . . . . . . . . . . . . . 22 5. Documentation Guidelines . . . . . . . . . . . . . . . . . . . 22
5.1. Recommended Discussions . . . . . . . . . . . . . . . . . 22 5.1. Recommended Discussions . . . . . . . . . . . . . . . . . 22
5.2. Null Manageability Considerations Sections . . . . . . . . 23 5.2. Null Manageability Considerations Sections . . . . . . . . 22
5.3. Placement of Operations and Manageability 5.3. Placement of Operations and Manageability
Considerations Sections . . . . . . . . . . . . . . . . . 23 Considerations Sections . . . . . . . . . . . . . . . . . 23
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23
7. Security Considerations . . . . . . . . . . . . . . . . . . . 23 7. Security Considerations . . . . . . . . . . . . . . . . . . . 23
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 24 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 23
9. Informative References . . . . . . . . . . . . . . . . . . . . 24 9. Informative References . . . . . . . . . . . . . . . . . . . . 24
Appendix A. Review Checklist . . . . . . . . . . . . . . . . . . 26 Appendix A. Operations and Management Review Checklist . . . . . 27
A.1. General Document Checklist . . . . . . . . . . . . . . . . 27 A.1. Operational Considerations . . . . . . . . . . . . . . . . 27
A.2. Operations and Management Checklist . . . . . . . . . . . 27 A.2. Management Considerations . . . . . . . . . . . . . . . . 28
Appendix B. Open Issues . . . . . . . . . . . . . . . . . . . . . 28 A.3. Documentation . . . . . . . . . . . . . . . . . . . . . . 29
Appendix C. DISCUSSES that have yet to be discussed . . . . . . . 28 Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 29
Appendix D. Change Log . . . . . . . . . . . . . . . . . . . . . 31
1. Introduction 1. Introduction
Often when new protocols or protocol extensions are developed, not Often when new protocols or protocol extensions are developed, not
enough consideration is given to how the protocol will be deployed, enough consideration is given to how the protocol will be deployed,
operated and managed. Retrofitting operations and management operated and managed. Retrofitting operations and management
mechanisms is often hard and architecturally unpleasant, and certain mechanisms is often hard and architecturally unpleasant, and certain
protocol design choices may make deployment, operations, and protocol design choices may make deployment, operations, and
management particularly hard. Since the ease of operations and management particularly hard. Since the ease of operations and
management may impact the success of IETF protocols, this document management may impact the success of IETF protocols, this document
provides guidelines to help protocol designers and working groups provides guidelines to help protocol designers and working groups
consider the operations and management functionality needed by their consider the operations and management functionality needed by their
new IETF protocol or protocol extension at an earlier phase. new IETF protocol or protocol extension at an earlier phase.
This document suggests protocol designers to consider operations and This document suggests protocol designers consider operations and
management needs and then recommend appropriate standard management management needs and then recommend appropriate standard management
protocols and data models to address the relevant operations and protocols and data models to address the relevant operations and
management needs. This is similar to a WG considering which security management needs. This is similar to a WG considering which security
threats are relevant to their protocol, and then recommending threats are relevant to their protocol, and then recommending
appropriate standard security protocols to mitigate the relevant appropriate standard security protocols to mitigate the relevant
threats. threats.
The purpose of this document is to provide guidance about what to
consider when thinking about the management and deployment of a new
protocol, and to provide guidance about documenting the
considerations. The following guidelines are designed to help
writers provide a reasonably consistent format for such
documentation. Separate manageability and operational considerations
sections are desirable in many cases, but their structure and
location is a decision that can be made from case to case.
We want to avoid seeming to impose a solution by putting in place a
strict terminology - for example implying that a formal data model,
or even using a management protocol is mandatory. If protocol
designers conclude that its technology can be managed solely by using
proprietary CLIs, and no structured or standardized data model needs
to be in place, this might be fine, but it is a decision that should
be explicit in a manageability discussion, that this is how the
protocol will need to be operated and managed. Protocol designers
should avoid having manageability pushed for a later/never phase of
the development of the standard.
Making a Management Considerations section a mandatory publication
requirement for IETF documents is the responsibility of the IESG, or
specific area directors, or working groups, and this document avoids
recommending any mandatory publication requirements. For a complex
protocol, a completely separate draft on operations and management
might be appropriate, or even a completely separate WG effort.
This document discusses the importance of considering operations and This document discusses the importance of considering operations and
management. Section 1 introduces the subject and section 2 describes management. Section 1 introduces the subject and section 2 describes
the IETF Management Framework. Section 3 discusses operational the IETF Management Framework. Section 3 discusses operational
functionality to consider. Section 4 discusses management functionality to consider. Section 4 discusses management
functionality to consider. functionality to consider.
This document sets forth a list of subjective guidelines and a list This document sets forth a list of subjective guidelines and a list
of objective criteria by which a protocol designer can evaluate of objective criteria by which a protocol designer can evaluate
whether the protocol that he/she has developed addresses common whether the protocol that he/she has developed addresses common
operations and management needs. Operations and management is highly operations and management needs. Operations and management are
dependent on the environment in which it is used, so most guidelines highly dependent on their environment, so most guidelines are
are subjective rather than objective. subjective rather than objective.
We provide some objective criteria to promote interoperability We provide some objective criteria to promote interoperability
through the use of standard management interfaces, such as "did you through the use of standard management interfaces, such as "did you
design counters in a MIB module for monitoring packets in/out of an design counters in a MIB module for monitoring packets in/out of an
interface?" [RFC2863], "did you write an XML-based data model for interface?" The Interfaces Group MIB [RFC2863], "did you write an
configuring your protocol with Netconf?" [RFC4741], and "did you XML-based data model for configuring your protocol with Netconf?"
standardize syslog message content and structured data elements for NETCONF Configuration Protocol [RFC4741], and "did you standardize
reporting events that might occur when operating your protocol?" syslog message content and structured data elements for reporting
events that might occur when operating your protocol?"
[I-D.ietf-syslog-protocol] and "did you consider appropriate [I-D.ietf-syslog-protocol] and "did you consider appropriate
notifications in case of failure situations?? notifications in case of failure situations??
This document only provides guidelines; it does not specify how the
guidelines provided should be used within the IETF.
1.1. Terminology 1.1. Terminology
This document deliberately does not use the (capitalized) key words This document deliberately does not use the (capitalized) key words
described in RFC 2119 [RFC2119]. RFC 2119 states the keywords must described in RFC 2119 [RFC2119]. RFC 2119 states the keywords must
only be used where it is actually required for interoperation or to only be used where it is actually required for interoperation or to
limit behavior which has potential for causing harm (e.g., limiting limit behavior which has potential for causing harm (e.g., limiting
retransmissions). For example, they must not be used to try to retransmissions). For example, they must not be used to try to
impose a particular method on implementers where the method is not impose a particular method on implementers where the method is not
required for interoperability. This document is a set of guidelines required for interoperability. This document is a set of guidelines
based on current practices of protocol designers and operators. This based on current practices of protocol designers and operators. This
document does not describe requirements, so the key words from document does not describe requirements, so the key words from
RFC2119 have no place here. RFC2119 have no place here.
o "new protocol" includes new protocols, protocol extensions, data o "new protocol" includes new protocols, protocol extensions, data
models, or other functionality being designed. models, or other functionality being designed.
o "protocol designer" represents individuals and working groups o "protocol designer" represents individuals and working groups
involved in the development of new protocols. involved in the development of new protocols.
o [DISCUSS] markers indicate a lack of consensus on what should be
written.
o [TODO] markers indicate the editor has a reasonable understanding
of what needs to be (re-)written. Contributions of text would be
welcome.
o Note to RFC Editor - All [DISCUSS] or [TODO] marks should be
resolved before RFC publication. If any still exist, including in
the Terminology section, then please return the document to the
editor for resolution.
2. Design for Operations and Management 2. Design for Operations and Management
"Design for operations and management" means that the operational "Design for operations and management" means that the operational
environment and manageability of the protocol should be considered environment and manageability of the protocol should be considered
from the start when new protocols are designed. from the start when new protocols are designed.
When a WG considers operation and management functionality for a When a WG considers operation and management functionality for a
protocol, the document should contain enough information to protocol, the document should contain enough information to
understand how the protocol will be deployed and managed, but the WG understand how the protocol will be deployed and managed, but the WG
should expect that considerations for operations and management may should expect that considerations for operations and management may
need to be updated in the future, after further operational need to be updated in the future, after further operational
experience has been gained. experience has been gained.
2.1. IETF Management Framework 2.1. IETF Management Framework
For years the IETF has stressed the use of the IETF Standard For years the IETF has stressed the use of the IETF Standard
Management Framework and SMI MIB modules [RFC2578] for managing new Management Framework and MIB modules [RFC2578] for managing new
protocols. The IETF designed the Standard Management Framework and protocols. The IETF designed these to permit multiple protocols to
SMI MIB modules to permit multiple protocols to utilize the MIB data utilize the MIB data [RFC1052], but it became a common
[RFC1052], but it became a common misunderstanding that a MIB module misunderstanding that a MIB module could only be used with the SNMP
could only be used with the SNMP protocol (described in [RFC3410] and protocol (described in [RFC3410] and associated documents).
associated documents).
In 2001, OPS Area design teams were created to document requirements In 2001, OPS Area design teams were created to document requirements
related to configuration of IP-based networks. One output was related to configuration of IP-based networks. One output was
"Requirements for Configuration Management of IP-based Networks" "Requirements for Configuration Management of IP-based Networks"
[RFC3139]. [RFC3139].
In 2003, the Internet Architecture Board (IAB) held a workshop on In 2003, the Internet Architecture Board (IAB) held a workshop on
Network Management [RFC3535] that discussed the strengths and Network Management [RFC3535] that discussed the strengths and
weaknesses of some IETF network management protocols, and compared weaknesses of some IETF network management protocols, and compared
them to operational needs, especially configuration. them to operational needs, especially configuration.
One factor discussed was the user-unfriendliness of the binary format One issue discussed was the user-unfriendliness of the binary format
of SNMP and COPS-PR [RFC3084], and it was recommended that the IETF of SNMP and COPS Usage for Policy Provisioning (COPS-PR) [RFC3084],
explore an XML-based Structure of Management Information, and an XML- and it was recommended that the IETF explore an XML-based Structure
based protocol for configuration. of Management Information, and an XML-based protocol for
configuration.
Another factor discussed was that deployed tools for event/alarm Another conclusion was that the tools for event/alarm correlation and
correlation, root cause analysis and logging are not sufficient, and for root cause analysis and logging are not sufficient, and that
there is a need to support a human interface and a programmatic there is a need to support a human interface and a programmatic
interface. The IETF decided to standardize aspects of the de facto interface. The IETF decided to standardize aspects of the de facto
standard for system logging, especially security and the need for standard for system logging security and programmatic support.
better programmatic support.
In 2006, the IETF discussed whether the Management Framework should In 2006, the IETF discussed whether the Management Framework should
be updated to accommodate multiple IETF standard SMI languages, and be updated to accommodate multiple IETF schema languages for
multiple IETF standard protocols for doing network management. describing the structure of management information, and multiple IETF
standard protocols for doing network management.
This document provides some initial guidelines for considering This document provides some initial guidelines for considering
operations and management in an IETF Management Framework that operations and management in an IETF Management Framework that
consists of multiple protocols and multiple data models, with an eye consists of multiple protocols and multiple data models, with an eye
toward being flexible while also striving for interoperability. toward being flexible while also striving for interoperability.
3. Operational Considerations 3. Operational Considerations
Designers of a new protocol should carefully consider the operational Designers of a new protocol should carefully consider the operational
aspects. A protocol that is defined very precisely in a well-written aspects. To ensure that a protocol will be practical to deploy in
document does not guarantee that it is going to be deployable in the the real world, it is not enough to merely define it very precisely
real world. Operational aspects will have a serious impact on the in a well-written document. Operational aspects will have a serious
actual success of a protocol. Such aspects include bad interactions impact on the actual success of a protocol. Such aspects include bad
with existing solutions, a difficult upgrade path, difficulty of interactions with existing solutions, a difficult upgrade path,
debugging problems, difficulty configuring from a central database, difficulty of debugging problems, difficulty configuring from a
or a complicated state diagram that operations staff will find central database, or a complicated state diagram that operations
difficult to understand staff will find difficult to understand.
BGP flap damping [RFC2439] is an example. It was designed to block BGP flap damping [RFC2439] is an example. It was designed to block
high frequency route flaps, however the design did not consider the high frequency route flaps, however the design did not consider the
existence of BGP path exploration/slow convergence. In real existence of BGP path exploration/slow convergence. In real
operations, people observed the loss of reach-ability due to false operations, path exploration caused false flap damping, resulting in
flap damping that are caused by path exploration. As a result, most loss of reachability. As a result, most places turned flap damping
places turned flap damping off. RIPE even issued official off. Regional Internet Registries even issued an official
recommendation for turning it off. recommendation for turning it off.
[DISCUSS: examples, list of current protocols characteristics and
their impact on the network. e.g., burst traffic impact on network
congestion.]
IPFIX contains congestion awareness enhancements for controlling the
impact of the protocol on the network.
3.1. Operations Model 3.1. Operations Model
Protocol designers can analyze the operational environment and mode Protocol designers can analyze the operational environment and mode
of work in which the new protocol or extension will work. Such an of work in which the new protocol or extension will work. Such an
exercise needs not be reflected directly by text in their document, exercise need not be reflected directly by text in their document,
but could help in visualizing the operational model related to the but could help in visualizing the operational model related to the
applicability of the protocol in the Internet environments where it applicability of the protocol in the Internet environments where it
will be deployed. The operational model should take into account will be deployed. The operational model should take into account
factors such as: factors such as:
o what type of management entities will be involved (agents, network o what type of management entities will be involved (agents, network
management systems)? management systems)?
o what is the possible architecture (client-server, manager-agent, o what is the possible architecture (client-server, manager-agent,
polling-driven or event-driven, autoconfiguration, two levels or poll-driven or event-driven, autoconfiguration, two levels or
hierarchical)? hierarchical)?
o what are the management operations - initial configuration, o what are the management operations - initial configuration,
dynamic configuration, alarms and exceptions reporting, logging, dynamic configuration, alarm and exception reporting, logging,
performance monitoring, performance reporting, debugging? performance monitoring, performance reporting, debugging?
o how are these operations performed - locally, remotely, atomic o how are these operations performed - locally, remotely, atomic
operation, scripts? Are they performed immediately or time operation, scripts? Are they performed immediately or time
scheduled or event triggered? scheduled or event triggered?
o what are the typical user interfaces - Command line (CLI) or o what are the typical user interfaces - Command line (CLI) or
graphical user interface (GUI)? graphical user interface (GUI)?
Protocol designers should consider how the new protocol will be Protocol designers should consider how the new protocol will be
managed in different deployment scales. It might be sensible to use managed in different deployment scales. It might be sensible to use
a local management interface to manage the new protocol on a single a local management interface to manage the new protocol on a single
device, but in a large network, remote management using a centralized device, but in a large network, remote management using a centralized
server and/or using distributed management functionality might make server and/or using distributed management functionality might make
more sense. Auto-configuration and default parameters might be more sense. Auto-configuration and default parameters might be
possible for some new protocols. possible for some new protocols.
There may be a need to support a human interface, e.g., for There may be a need to support a human interface, e.g., for
troubleshooting, and a programmatic interface, e.g., for automated troubleshooting, and a programmatic interface, e.g., for automated
skipping to change at page 7, line 14 skipping to change at page 7, line 19
more sense. Auto-configuration and default parameters might be more sense. Auto-configuration and default parameters might be
possible for some new protocols. possible for some new protocols.
There may be a need to support a human interface, e.g., for There may be a need to support a human interface, e.g., for
troubleshooting, and a programmatic interface, e.g., for automated troubleshooting, and a programmatic interface, e.g., for automated
monitoring and root cause analysis. It might be important that the monitoring and root cause analysis. It might be important that the
internal method routines used by the application programming internal method routines used by the application programming
interfaces and the human interfaces should be the same to ensure that interfaces and the human interfaces should be the same to ensure that
data exchanged between these two interfaces is always consistent. data exchanged between these two interfaces is always consistent.
Mixing methods leads to inconsistency, so identifying consistent Mixing methods leads to inconsistency, so identifying consistent
methods of retrieving information is relevant. [DISCUSS: would the methods of retrieving information is relevant.
example of inconsistency between MIB counters that cannot be reset
and CLI counters that can be rest be useful here?]
Protocol designers should consider what management operations are Protocol designers should consider what management operations are
expected to be performed as a result of the deployment of the expected to be performed as a result of the deployment of the
protocol - such as whether write operations will be allowed on protocol - such as whether write operations will be allowed on
routers and on hosts, or if notifications for alarms or other events routers and on hosts, or whether notifications for alarms or other
will be expected. events will be expected.
3.2. Installation and Initial Setup 3.2. Installation and Initial Setup
Protocol designers should consider default values that make sense To simplify configuration, protocol designers should consider
from the protocol objectives, so as to simplify configuration, specifying reasonable defaults, including default modes and
including default modes and parameters. For example, it could be parameters. For example, it could be helpful or necessary to specify
helpful or necessary to specify default values for modes, timers, default values for modes, timers, default state of logical control
default state of logical control variables, default transports, and variables, default transports, and so on. Even if default values are
so on. Even if default values are used, it must be possible to used, it must be possible to retrieve all the actual values or at
retrieve all the actual values or at least an indication that known least an indication that known default values are being used.
default values are being used.
Protocol designers should consider how to enable operators to Protocol designers should consider how to enable operators to
concentrate on the configuration of the network as a whole rather concentrate on the configuration of the network as a whole rather
than individual devices. than on individual devices.
It is desirable to discuss the background of chosen default values, It is desirable to discuss the background of chosen default values,
or perhaps why a range of values makes sense. In many cases, when or perhaps why a range of values makes sense. In many cases, as
technology changes, the values in an RFC might make less and less technology changes, the values in an RFC might make less and less
sense. It is very useful to understand whether defaults are based on sense. It is very useful to understand whether defaults are based on
best current practice and are expected to change as technologies best current practice and are expected to change as technologies
advance or whether they have a more universal value that should not advance or whether they have a more universal value that should not
be changed lightly. For example, the default interface speed might be changed lightly. For example, the default interface speed might
be expected to change over time due to increased speeds in the be expected to change over time due to increased speeds in the
network, and cryptographical algorithms might be expected to change network, and cryptographical algorithms might be expected to change
over time as older algoithms are "broken". over time as older algoithms are "broken".
it is extremely important to set a sensible default value for all it is extremely important to set a sensible default value for all
parameters parameters
the default value should stay on the conservative side rather than the default value should stay on the conservative side rather than
on the "optimizing performance" side. (example: the initial RTT on the "optimizing performance" side. (example: the initial RTT
and RTTvar values of a TCP connection) and RTTvar values of a TCP connection)
for those parameters that are speed-dependent, instead of using a for those parameters that are speed-dependent, instead of using a
constant, try to set the default value as a function of the link constant, try to set the default value as a function of the link
speed or some other relevant factors. This would help reduce the speed or some other relevant factors. This would help reduce the
chance of technology-advancement causing problems. chance of problems caused by technology advancement.
3.3. Migration Path 3.3. Migration Path
If the new protocol is a new version of an existing protocol, or is If the new protocol is a new version of an existing one, or if it is
replacing another technology, the protocol designer should consider replacing another technology, the protocol designer should consider
how deployments should transition to the new protocol. This should how deployments should transition to the new protocol. This should
include co-existence with previously deployed protocols and/or include co-existence with previously deployed protocols and/or
previous versions of the same protocol, incompatibilities between previous versions of the same protocol, incompatibilities between
versions, translation between versions, and side effects that might versions, translation between versions, and side-effects that might
occur. Are older protocols or versions disabled or do they co-exist occur. Are older protocols or versions disabled or do they co-exist
in the network with the new protocol? in the network with the new protocol?
Another point to consider is extensibility of the management approach
- How open to future protocol extensions are the management
techniques you are defining? [DISCUSS: this could use a good example
of when a protocol designer should consider future extensions to the
management. Are we talking about writing extensible data models? ]
3.4. Requirements on Other Protocols and Functional Components 3.4. Requirements on Other Protocols and Functional Components
Protocol designers should consider the requirements that the new Protocol designers should consider the requirements that the new
protocol might put on other protocols and functional components, and protocol might put on other protocols and functional components, and
should also document the requirements from other protocols that have should also document the requirements from other protocols and
been considered in designing the new protocol. functional elements that have been considered in designing the new
protocol.
These considerations should generally remain illustrative to avoid These considerations should generally remain illustrative to avoid
creating restrictions or dependencies, or potentially impacting the creating restrictions or dependencies, or potentially impacting the
behavior of existing protocols, or restricting the extensibility of behavior of existing protocols, or restricting the extensibility of
other protocols, or assuming other protocols will not be extended in other protocols, or assuming other protocols will not be extended in
certain ways. certain ways.
For example, when RSVP [RFC2205] was designed, each router looked at For example, the design of Resource ReSerVation Protocol (RSVP)
the RSVP PATH message, and if the router understood RSVP, it would [RFC2205] required each router to look at the RSVP PATH message, and
adds its own address to the message to enable automatically tunneling if the router understood RSVP, to add its own address to the message
thru non-RSVP routers. But in reality routers cannot look at an to enable automatically tunneling through non-RSVP routers. But in
otherwise normal IP packet, and potentially take it off the fast reality routers cannot look at an otherwise normal IP packet, and
path! The initial designers overlooked that a new requirement was potentially take it off the fast path! The initial designers
being put on the functional components of a router. The "router overlooked that a new requirement was being put on the functional
alert" option was finally developed to solve this problem for RSVP components of a router. The "router alert" option was finally
and other protocols that require the router take some packets off the developed to solve this problem for RSVP and other protocols that
fast forwarding path. require the router to take some packets off the fast forwarding path.
3.5. Impact on Network Operation 3.5. Impact on Network Operation
The introduction of a new protocol or extensions to an existing The introduction of a new protocol or extensions to an existing
protocol may have an impact on the operation of existing networks. protocol may have an impact on the operation of existing networks.
Protocol designers should outline such impacts (which may be Protocol designers should outline such impacts (which may be
positive) including scaling concerns and interactions with other positive) including scaling concerns and interactions with other
protocols. For example, a new protocol that doubles the number of protocols. For example, a new protocol that doubles the number of
active, reachable addresses in use within a network might need to be active, reachable addresses in use within a network might need to be
considered in the light of the impact on the scalability of the IGPs considered in the light of the impact on the scalability of the IGPs
skipping to change at page 9, line 33 skipping to change at page 9, line 29
The protocol designer should consider the potential impact on the The protocol designer should consider the potential impact on the
behavior of other protocols in the network and on the traffic levels behavior of other protocols in the network and on the traffic levels
and traffic patterns that might change, including specific types of and traffic patterns that might change, including specific types of
traffic such as multicast. Also consider the need to install new traffic such as multicast. Also consider the need to install new
components that are added to the network as result of the changes in components that are added to the network as result of the changes in
the operational model, such as servers performing auto-configuration the operational model, such as servers performing auto-configuration
operations. operations.
The protocol designer should consider also the impact on The protocol designer should consider also the impact on
infrastructure applications like the DNS [RFC1034], registries, or infrastructure applications like DNS [RFC1034], the registries, or
the size of routing tables. For example, SMTP [RFC2821] servers use the size of routing tables. For example, Simple Mail Transfer
a reverse DNS lookup to filter out incoming connection requests. Protocol (SMTP) [RFC2821] servers use a reverse DNS lookup to filter
When Berkeley installed a new spam filter, their mail server stopped out incoming connection requests. When Berkeley installed a new spam
functioning because of the DNS cache resolver overload. filter, their mail server stopped functioning because of the DNS
cache resolver overload.
The impact on performance may also be noted - increased delay or The impact on performance may also be noted - increased delay or
jitter in real-time traffic applications, or response time in client- jitter in real-time traffic applications, or response time in client-
server applications when encryption or filtering are applied. server applications when encryption or filtering are applied.
It must be easy to do consistency checks of versions/revisions of
configurations over time. People tend to be lazy and change
configuration on routers but not update the database. A system
better mandate database-driven configuration to reduce configuration
errors/ inconsistencies. [DISCUSS: is this paragraph really about
protocol design for operability or about operational practice? If
this stays, it probably needs a bit more discussion on database
driven configurations, and how protocol design would be impacted by
the expectation of database-driven configuration. ]
It must be easy to do consistency checks of configurations between
the ends of a link in order to determine the differences between two
configurations and whether the configurations are consistent.
[DISCUSS: this needs rewording to better describe consistency
checking 1) over time, and 2) between ends of a link. probably needs
a bit more discussion on the need to be able to understand and check
what it is happening on the wire actually matches what the Operator
tried to configure. Basically, complexity is your enemy here, and
that cannot be stressed often enough (no idea how you can verify
whether for example a SIP application is actually doing what it is
supposed to do due to the complexity).]
It is important to minimize the impact caused by configuration It is important to minimize the impact caused by configuration
changes. Given configuration A and configuration B, it should be changes. Given configuration A and configuration B, it should be
possible to generate the operations necessary to get from A to B with possible to generate the operations necessary to get from A to B with
minimal state changes and effects on network and systems. minimal state changes and effects on network and systems.
3.6. Verifying Correct Operation 3.6. Verifying Correct Operation
The protocol designer should consider techniques for testing the The protocol designer should consider techniques for testing the
effect that the protocol has had on the network by sending data effect that the protocol has had on the network by sending data
through the network and observing its behavior (aka active through the network and observing its behavior (aka active
monitoring). Protocol designers should consider how the correct end- monitoring). Protocol designers should consider how the correct end-
to-end operation of the new protocol in the network can be tested to-end operation of the new protocol in the network can be tested
actively and passively, and how the correct data or forwarding plane actively and passively, and how the correct data or forwarding plane
function of each network element can be verified to be working function of each network element can be verified to be working
properly with the new protocol. Which metrics are of interest? properly with the new protocol. Which metrics are of interest?
Having simple protocol status and health indicators on network
devices is a recommended means to check correct operation.
4. Management Considerations 4. Management Considerations
The considerations of manageability should start from describing the The considerations of manageability should start from describing the
operational model, which includes identifying the entities to be operational model, which includes identifying the entities to be
managed, how the respective protocol is supposed to be installed, managed, how the respective protocol is supposed to be installed,
configured and monitored, who are the managers and what type of configured and monitored, who are the managers and what type of
management interfaces and protocols they would use. management interfaces and protocols they would use.
Considerations for management should include a discussion of what Considerations for management should include a discussion of what
needs to be managed, and how to achieve various management tasks. needs to be managed, and how to achieve various management tasks.
skipping to change at page 11, line 7 skipping to change at page 10, line 33
observable at one end, while the document does not really cover observable at one end, while the document does not really cover
managing the *protocol* (the coordination of multiple ends), and does managing the *protocol* (the coordination of multiple ends), and does
not even come near managing the *service* (which includes a lot of not even come near managing the *service* (which includes a lot of
stuff that is very far away from the box). This is exactly what stuff that is very far away from the box). This is exactly what
operators hate - you need to be able to manage both ends. As operators hate - you need to be able to manage both ends. As
[RFC3535] says, MIB modules can often be characterized as a list of [RFC3535] says, MIB modules can often be characterized as a list of
ingredients without a recipe. ingredients without a recipe.
Management needs to be considered not only from the perspective of a Management needs to be considered not only from the perspective of a
device, but also from the perspective of network and service device, but also from the perspective of network and service
management perspectives. Often a network element is not aware of the management perspectives. A service might be network and operational
functionality derived from the implementation and deployment of a new
protocol. Often an individual network element is not aware of the
service being delivered. service being delivered.
[DISCUSS: Is a section on P2P vs. central management called for
here?]
WGs should consider how to configure multiple related/co-operating WGs should consider how to configure multiple related/co-operating
devices and how to back off if one of those configurations fails or devices and how to back off if one of those configurations fails or
causes trouble. NETCONF addresses this in a generic manner by causes trouble. NETCONF addresses this in a generic manner by
allowing an operator to lock the configuration on multiple devices, allowing an operator to lock the configuration on multiple devices,
perform the configuration settings/changes, check that they are OK perform the configuration settings/changes, check that they are OK
(undo if not) and then unlock the devices. (undo if not) and then unlock the devices.
Techniques for debugging protocol interactions in a network must be Techniques for debugging protocol interactions in a network must be
part of the network management discussion. Implementation source part of the network management discussion. Implementation source
code should be debugged before ever being added to a network, so code should be debugged before ever being added to a network, so
skipping to change at page 11, line 39 skipping to change at page 11, line 16
In a client/server protocol, it may be more important to instrument In a client/server protocol, it may be more important to instrument
the server end of a protocol than the client end. the server end of a protocol than the client end.
4.1. Interoperability 4.1. Interoperability
Just as when deploying protocols that will inter-connect devices, our Just as when deploying protocols that will inter-connect devices, our
primary goal in considering management should be interoperability, primary goal in considering management should be interoperability,
whether across devices from different vendors, across models from the whether across devices from different vendors, across models from the
same vendor, or across different releases of the same product. same vendor, or across different releases of the same product.
Management interoperability refers to allowing information sharing
and operations between multiple devices and multiple management
applications, often from different vendors. Interoperability allows
for the use of 3rd party applications and the outsourcing of
management services.
Some product designers and protocol designers assume that if a device Some product designers and protocol designers assume that if a device
can be managed individually using a command line interface or a web can be managed individually using a command line interface or a web
page interface, that such a solution is enough. But when equipment page interface, that such a solution is enough. But when equipment
from multiple vendors is combined into a large network, scalability from multiple vendors is combined into a large network, scalability
of management becomes a problem. It is important to have consistency of management becomes a problem. It is important to have consistency
in the management interfaces so network-wide operational processes in the management interfaces so network-wide operational processes
can be automated. For example, a single switch might be easily can be automated. For example, a single switch might be easily
managed using an interactive web interface when installed in a single managed using an interactive web interface when installed in a single
office small business, but when, say, a fast food company installs office small business, but when, say, a fast food company installs
similar switches from multiple vendors in hundreds or thousands of similar switches from multiple vendors in hundreds or thousands of
individual branches and wants to automate monitoring them from a individual branches and wants to automate monitoring them from a
central location, monitoring vendor-and-model-specific web pages central location, monitoring vendor-and-model-specific web pages
would be difficult to automate. would be difficult to automate.
Getting everybody to agree on a certain syntax and the protocol Getting everybody to agree on a single syntax and an associated
associated with that has proven to be difficult. So management protocol to do all management has proven to be difficult. So
systems tend to speak whatever the boxes support, whether the IETF management systems tend to speak whatever the boxes support, whether
likes this or not. The IETF is moving from support for a single the IETF likes this or not. The IETF is moving from support for one
management data modeling language (SMI [RFC2578]) and a single schema language for modeling the structure of management information
management protocol (SNMP [RFC3410]) towards support for additional (Structure of Management Information Version 2 (SMIv2) [RFC2578]) and
management protocols and data models suited to different purposes, one simple network management protocol (Simple Network Management
such as configuration (netconf [RFC4741]), usage accounting (IPFIX Protocol (SNMP) [RFC3410]) towards support for additional schema
[RFC5105]), and logging (syslog [I-D.ietf-syslog-protocol])). Other languages and additional management protocols suited to different
Standard Development Organizations (e.g. DMTF, TMF) also define purposes. Other Standard Development Organizations (e.g. DMTF, TMF)
management mechanisms and these mechanisms may be more suitable than also define schemas and protocols for management and these may be
IETF mechanisms in some cases. more suitable than IETF schemas and protocols in some cases. Some of
the alternatives being considered include
XML Schema Definition [W3C.REC-xmlschema-0-20010502]
and others
and
NETCONF Configuration Protocol [RFC4741]
IP Flow Information Export (IPFIX) Protocol [RFC5101]) for usage
accounting
The syslog Protocol [I-D.ietf-syslog-protocol] for logging
and others
Interoperability needs to be considered on the syntactic level and Interoperability needs to be considered on the syntactic level and
the semantic level. While it can be irritating and time-consuming, the semantic level. While it can be irritating and time-consuming,
application designers including operators who write their own scripts application designers including operators who write their own scripts
can make their processing conditional to accommodate differences can make their processing conditional to accommodate differences
across vendors or models or releases of product. across vendors or models or releases of product.
Semantic differences are much harder to deal with on the manager side Semantic differences are much harder to deal with on the manager side
- once you have the data, its meaning is a function of the managed - once you have the data, its meaning is a function of the managed
entity. For example, if a single counter provided by vendor A counts entity. For example, if a single counter provided by vendor A counts
skipping to change at page 14, line 34 skipping to change at page 14, line 34
relationship? relationship?
Do objects (such as rows in tables) share fate? For example, if a Do objects (such as rows in tables) share fate? For example, if a
row in table A must exist before a related row in table B can be row in table A must exist before a related row in table B can be
created, what happens to the row in table B if the related row in created, what happens to the row in table B if the related row in
table A is deleted? Does the existence of relationships between table A is deleted? Does the existence of relationships between
objects have an impact on fate sharing? objects have an impact on fate sharing?
4.3. Fault Management 4.3. Fault Management
The protocol designer should document the basic faults and health
indicators that need to be instrumented for the new protocol, and the
alarms and events that must be propagated to management applications
or exposed through a data model.
The protocol designer should consider how faults information will be The protocol designer should consider how faults information will be
propagated. Will it be done using asynchronous notifications or propagated. Will it be done using asynchronous notifications or
polling of health indicators? polling of health indicators?
If notifications are used to alert operators to certain conditions, If notifications are used to alert operators to certain conditions,
then the protocol designer should discuss mechanisms to throttle then the protocol designer should discuss mechanisms to throttle
notifications to prevent congestion and duplications of event notifications to prevent congestion and duplications of event
notifications. Will there be a hierarchy of faults, and will the notifications. Will there be a hierarchy of faults, and will the
fault reporting be done by each fault in the hierarchy, or will only fault reporting be done by each fault in the hierarchy, or will only
the lowest fault be reported and the higher levels be suppressed? the lowest fault be reported and the higher levels be suppressed?
should there be aggregated status indicators based on concatenation should there be aggregated status indicators based on concatenation
of propagated faults from a given domain or device? of propagated faults from a given domain or device?
SNMP notifications and SYSLOG messages can alert an operator when an SNMP notifications and SYSLOG messages can alert an operator when an
aspect of the new protocol fails or encounters an error or failure aspect of the new protocol fails or encounters an error or failure
condition, and SNMP is frequently used as a heartbeat monitor. condition, and SNMP is frequently used as a heartbeat monitor.
Should the event reporting be reliable? [DISCUSS: what is reliable?] Should the event reporting provide gyaranteed accurate delivery of
the event information within a given (high) margin of confidence?
Can we poll the latest events in the box? Can we poll the latest events in the box?
4.3.1. Liveness Detection and Monitoring 4.3.1. Liveness Detection and Monitoring
Liveness detection and monitoring applies both to the control plane Liveness detection and monitoring applies both to the control plane
and the data plane. Mechanisms for detecting faults in the control and the data plane. Mechanisms for detecting faults in the control
plane or for monitoring its liveness are usually built into the plane or for monitoring its liveness are usually built into the
control plane protocols or inherited from underlying data plane or control plane protocols or inherited from underlying data plane or
forwarding plane protocols. These mechanisms do not typically forwarding plane protocols. These mechanisms do not typically
require additional management capabilities. However, when a system require additional management capabilities. However, when a system
detects a control plane fault, there is often a requirement to detects a control plane fault, there is often a requirement to
coordinate recovery action through management applications or at coordinate recovery action through management applications or at
least to record the fact in an event log. [DISCUSS: can somebody least to record the fact in an event log.
provide an example?]
Where the protocol is responsible for establishing data or user plane Where the protocol is responsible for establishing data or user plane
connectivity, liveness detection and monitoring usually need to be connectivity, liveness detection and monitoring usually need to be
achieved through other mechanisms. In some cases, these mechanisms achieved through other mechanisms. In some cases, these mechanisms
already exist within other protocols responsible for maintaining already exist within other protocols responsible for maintaining
lower layer connectivity, but it will often be the case that new lower layer connectivity, but it will often be the case that new
procedures are required to detect failures in the data path and to procedures are required to detect failures in the data path and to
report rapidly, allowing remedial action to be taken. report rapidly, allowing remedial action to be taken.
Protocol designers should always build in basic testing features Protocol designers should always build in basic testing features
skipping to change at page 15, line 38 skipping to change at page 15, line 42
used to test for liveness, with an option to enable and disable them. used to test for liveness, with an option to enable and disable them.
4.3.2. Fault Determination 4.3.2. Fault Determination
It can be helpful to describe how faults can be pinpointed using It can be helpful to describe how faults can be pinpointed using
management information. For example, counters might record instances management information. For example, counters might record instances
of error conditions. Some faults might be able to be pinpointed by of error conditions. Some faults might be able to be pinpointed by
comparing the outputs of one device and the inputs of another device comparing the outputs of one device and the inputs of another device
looking for anomalies. looking for anomalies.
[DISCUSS: Ralf: While this sounds good, how do you distinguish How do you distinguish between faulty messages and good messages?
between faulty messages and good messages? It might require complex
functions such as deviation from normal, are you sure you want to
implement those at the device level?]
[DISCUSS: Well, deviation from normal is certainly an NMS tasks, Would some threshold-based mechanisms, such as RMON events/alarms or
while two neighbor interfaces could exchange simple fault counters in the EVENT-MIB, be useable to help determine error conditions? Are
PERCENTAGES that would give the neighbor a hint about issues. E.g. SNMP notifications for all events needed, or are there some
if CRC errors are greater than 1% of total traffic both the neighbor "standard" notifications that could be used? or can the right
and the NMS could be notified to setup an alternative path/link, if counters that can be polled as needed?
possible.]
4.3.3. Fault Isolation 4.3.3. Fault Isolation
It might be useful to isolate faults, such as a system that emits It might be useful to isolate faults, such as a system that emits
malformed messages necessary to coordinate connections properly. malformed messages necessary to coordinate connections properly.
Spanning tree comes to mind. This might be able to be done by Spanning tree comes to mind. This might be able to be done by
configuring next-hop devices to drop the faulty messages to prevent configuring next-hop devices to drop the faulty messages to prevent
them from entering the rest of the network. them from entering the rest of the network.
4.3.4. Corrective Action 4.4. Configuration Management
What sort of corrective action can be taken by an operator for each
of the fault conditions that are being identified?
[DISCUSS: this should be expanded or eliminated. If parallel paths
exist between two neighbor devices they could be activated. Not sure
how much further we can take the idea of automated correction
actions.]
[DISCUSS: Somewhere in the fault management section, we should have A protocol desoigners should document what the basic configuration
pointers to some threshold-based mechanisms, such as RMON events/ parameters that need to be instrumented for a new protocol, as well
alarms or the EVENT-MIB, with the message that we don't need to have as default values and modes of operation.
SNMP notifications for all events if we have the right counters that
can be polled as needed.]
4.4. Configuration Management What information should be maintained across reboots of the device,
or restarts of the management system?
RFC3139 [RFC3139] discusses requirements for configuration "Requirements for Configuration Management of IP-based Networks"
management. This document includes discussion of different levels of [RFC3139] discusses requirements for configuration management. This
management, including high-level-policies, network-wide configuration document includes discussion of different levels of management,
data, and device-local configuration. including high-level-policies, network-wide configuration data, and
device-local configuration.
A number of efforts have existed in the IETF to develop policy-based A number of efforts have existed in the IETF to develop policy-based
management. RFC3198 [RFC3198] was written to standardize the management. "Terminology for Policy-Based Management" [RFC3198] was
terminology for policy-based management across these efforts. written to standardize the terminology across these efforts. Some of
the efforts resulted in proposals that are NOT RECOMMENDED, so a
protocol designer should check the current recommendation status
before depending on a specific protocol suggestion.
It is highly desirable that text processing tools such as diff, and It is highly desirable that text processing tools such as diff, and
version management tools such as RCS or CVS or SVN, can be used to version management tools such as RCS or CVS or SVN, can be used to
process configurations. This approach simplifies comparing the process configurations. This approach simplifies comparing the
current operational state to the initial configuration. current operational state to the initial configuration. It is
commonplace to compare configuration changes to e.g., last day, last
week, last month, etc. -- having configuration in a text, and human-
understandable format is very valuable for various reasons such as
change control (or verification), configuration consistency checks,
etc.
With structured text such as XML, simple text diffs may be found to With structured text such as XML, simple text diffs may be found to
be inadequate and more sophisticated tools may be needed to make any be inadequate and more sophisticated tools may be needed to make any
useful comparison of versions. useful comparison of versions.
To simplify such configuration comparisons, devices should not To simplify such configuration comparisons, devices should not
arbitrarily reorder data such as access control lists. If a protocol arbitrarily reorder data such as access control lists. If a protocol
designer defines mechanisms for configuration, it would be desirable designer defines mechanisms for configuration, it would be desirable
to standardize the order of elements for consistency of configuration to standardize the order of elements for consistency of configuration
and of reporting across vendors, and across releases from vendors. and of reporting across vendors, and across releases from vendors.
[DISCUSS: Ralf: Well, there are two parts to it: 1. An NMS system There are two parts to this: 1. An NMS system could optimize ACLs
could optimize ACLs for performance reasons 2. Unless the device/NMS for performance reasons 2. Unless the device/NMS systems has correct
systems has correct rules/a lot of experience, reordering ACLs can rules/a lot of experience, reordering ACLs can lead to a huge
lead to a huge security issue, therefore I would rephrase this security issue.
paragraph.]
Network wide configurations are ideally stored in central master Network wide configurations are ideally stored in central master
databases and transformed into formats that can be pushed to devices, databases and transformed into formats that can be pushed to devices,
either by generating sequences of CLI commands or complete either by generating sequences of CLI commands or complete
configuration files that are pushed to devices. There is no common configuration files that are pushed to devices. There is no common
database schema for network configuration, although the models used database schema for network configuration, although the models used
by various operators are probably very similar. It is desirable to by various operators are probably very similar. It is desirable to
extract, document, and standardize the common parts of these network extract, document, and standardize the common parts of these network
wide configuration database schemas. A protocol designer should wide configuration database schemas. A protocol designer should
consider how to standardize the common parts of configuring the new consider how to standardize the common parts of configuring the new
protocol, while recognizing the vendors will likely have proprietary protocol, while recognizing the vendors will likely have proprietary
aspects of their configurations. aspects of their configurations.
It is important to distinguish between the distribution of It is important to distinguish between the distribution of
configurations and the activation of a certain configuration. configurations and the activation of a certain configuration.
Devices should be able to hold multiple configurations. NETCONF Devices should be able to hold multiple configurations. NETCONF
[RFC4741], for example, differentiates between the "running" [RFC4741], for example, differentiates between the "running"
configuration and "candidate" configurations. configuration and "candidate" configurations.
[DISCUSS: Also add: backup configurations, i.e. version n-1 and auto-
fallback solutions that automatically return to the previous known
good configuration or adding a backdoor for the operator. One of the
worst scenarios is remote device configuration where the new running
configuration does not work as expected and unlocks the admin.
Vendors may have ways to avoid unlocking the operator but this does
not have to be vendor specific.]
[DISCUSS: 1. Describe the concept of a "Gold config" and updating it
frequently 2. Describe a "backdoor" undo strategy ]
It is important to enable operators to concentrate on the It is important to enable operators to concentrate on the
configuration of the network as a whole rather than individual configuration of the network as a whole rather than individual
devices. Support for configuration transactions across a number of devices. Support for configuration transactions across a number of
devices would significantly simplify network configuration devices would significantly simplify network configuration
management. The ability to distribute configurations to multiple management. The ability to distribute configurations to multiple
devices, or modify "candidate configurations on multiple devices, and devices, or modify "candidate configurations on multiple devices, and
then activate them in a near-simultaneous manner might help. then activate them in a near-simultaneous manner might help.
Protocol designers can consider how it would make sense for their
protocol to be configured across multiple devices. Configuration-
templates might also be helpful.
[DISCUSS: Ralf: This might be a good place for adding the description
of configuration-templates.]
Consensus of the 2002 IAB Workshop was that textual configuration Consensus of the 2002 IAB Workshop was that textual configuration
files should be able to contain international characters. Human- files should be able to contain international characters. Human-
readable strings should utilize UTF-8, and protocol elements should readable strings should utilize UTF-8, and protocol elements should
be in case insensitive ASCII. be in case insensitive ASCII.
A mechanism to dump and restore configurations is a primitive A mechanism to dump and restore configurations is a primitive
operation needed by operators. Standards for pulling and pushing operation needed by operators. Standards for pulling and pushing
configurations from/to devices are desirable. configurations from/to devices are desirable.
Given configuration A and configuration B, it should be possible to Given configuration A and configuration B, it should be possible to
generate the operations necessary to get from A to B with minimal generate the operations necessary to get from A to B with minimal
state changes and effects on network and systems. It is important to state changes and effects on network and systems. It is important to
minimize the impact caused by configuration changes. minimize the impact caused by configuration changes.
Many protocol specifications include timers that are used as part of Many protocol specifications include timers that are used as part of
operation of the protocol. These timers may need default values operation of the protocol. These timers may need default values
suggested in the protocol specification and do not need to be suggested in the protocol specification and do not need to be
otherwise configurable. [DISCUSS: mention NTP?] otherwise configurable.
4.4.1. Verifying Correct Operation 4.4.1. Verifying Correct Operation
An important function that should be provided is a tool set for An important function that should be provided is guidance on how to
verifying the correct operation of a protocol. This may be achieved verify the correct operation of a protocol. A protocol designer
to some extent through access to information and data models that could suggest techniques for testing the impact of the protocol on
report the status of the protocol and the state installed on network the network before it is deployed, and techniques for testing the
devices. It may also be valuable to provide techniques for testing effect that the protocol has had on the network after being deployed.
the effect that the protocol has had on the network by sending data
through the network and observing its behavior. [DISCUSS: Before
deploying? Before operating? How to achieve this?]
Protocol designers should consider how to test the correct end-to-end Protocol designers should consider how to test the correct end-to-end
operation of the network, and how to verify the correct data or operation of the network, and how to verify the correct data or
forwarding plane function of each network element. forwarding plane function of each network element. This may be
achieved through status and statistical information from network
devices.
4.4.2. Control of Function and Policy 4.4.2. Control of Function and Policy
A protocol designer should consider the configurable items that exist A protocol designer should consider the configurable items that exist
for the control of function via the protocol elements described in for the control of function via the protocol elements described in
the protocol specification. For example, Sometimes the protocol the protocol specification. For example, Sometimes the protocol
requires that timers can be configured by the operator to ensure requires that timers can be configured by the operator to ensure
specific policy-based behavior by the implementation. specific policy-based behavior by the implementation.
4.5. Accounting Management 4.5. Accounting Management
A protocol designer should consider whether it would be appropriate A protocol designer should consider whether it would be appropriate
to collect usage information related to this protocol, and if so, to collect usage information related to this protocol, and if so,
what usage information would be appropriate to collect? what usage information would be appropriate to collect?
RFC2975 [RFC2975] Introduction to Accounting Management discusses a
number of factors relevant to monitoring usage of protocols for "Introduction to Accounting Management" [RFC2975] discusses a number
purposes of capacity and trend analysis, cost allocation, auditing, of factors relevant to monitoring usage of protocols for purposes of
and billing. This document also discusses how RADIUS [RFC2865], capacity and trend analysis, cost allocation, auditing, and billing.
TACACS+ [RFC1492], SNMP, IPFIX, and PSAMP protocols can be used for This document also discusses how Remote Authentication Dial In User
these purposes. These factors should be considered when designing a Service (RADIUS) [RFC2865], Terminal Access Controller Access Control
System (TACACS) [RFC1492], SNMP, IPFIX, and Packet Sampling (PSAMP)
Protocol [I-D.ietf-psamp-protocol] protocols can be used for these
purposes. These factors should be considered when designing a
protocol whose usage might need to be monitored, or when recommending protocol whose usage might need to be monitored, or when recommending
a protocol to do usage accounting. a protocol to do usage accounting.
4.6. Performance Management 4.6. Performance Management
Consider information that would be useful when trying to determine Consider information that would be useful when trying to determine
the performance characteristics of a deployed system using the target the performance characteristics of a deployed system using the target
protocol. protocol.
What are the principal performance factors that need to be looked at There are several parts to performance management to be considered:
when measuring the operational performance of the protocol protocol monitoring, services monitoring, and device monitoring (the
implementations? Is it important to measure setup times? throughput? impact of the new protocol/service activation on the device).
quality versus throughput? interruptions? end-to-end throughput? end-
to-end quality? hop-to-hop throughput? From a manageability point of view it is important to determine how
well a network deploying the protocol or technology defined in the
document is doing. In order to do this the network operators need to
consider information that would be useful to determine the
performance characteristics of a deployed system using the target
protocol.
Consider scalability, such as whether performance will be affected by Consider scalability, such as whether performance will be affected by
the number of protocol connections. If so, then it might be useful the number of protocol connections. If so, then it might be useful
to provide information about the maximum number of table entries that to provide information about the maximum number of table entries that
should be expected to be modeled, how many entries an implementation should be expected to be modeled, how many entries an implementation
can support, the current number of instances, and the expected can support, the current number of instances, and the expected
behavior when the current instances exceed the capacity of the behavior when the current instances exceed the capacity of the
implementation. This should be considered in a data-modeling implementation. This should be considered in a data-modeling
independent manner - what makes managed-protocol sense, not what independent manner - what makes managed-protocol sense, not what
makes management-protocol-sense. If it is not managed-protocol- makes management-protocol-sense. If it is not managed-protocol-
dependent, then it should be left for the management-protocol data dependent, then it should be left for the management-protocol data
modelers to decide. For example, VLAN identifiers have a range of modelers to decide. For example, VLAN identifiers have a range of
1..4095 because of the VLAN standards. A MIB implementing a VLAN 1..4095 because of the VLAN standards. A MIB implementing a VLAN
table should be able to support 4096 entries because the content table should be able to support 4096 entries because the content
being modeled requires it. being modeled requires it.
Consider operational activity, such as the number of message in and Any recommendation in the document should be data-modeling language
the messages out, the number of received messages rejected due to independent. The protocol document should make clear the limitations
format problems, the expected behaviors when a malformed message is implicit within the protocol and the behavior when limits are
received. exceeded.
Consider the capability of determining the operational activity, such
as the number of message in and the messages out, the number of
received messages rejected due to format problems, the expected
behaviors when a malformed message is received.
Consider the expected behaviors for counters - what is a reasonable Consider the expected behaviors for counters - what is a reasonable
maximum value for expected usage? should they stop counting at the maximum value for expected usage? should they stop counting at the
maximum value and retain the maximum value, or should they rollover? maximum value and retain the maximum value, or should they rollover?
How can users determine if a rollover has occurred, and how can users How can users determine if a rollover has occurred, and how can users
determine if more than one rollover has occurred? determine if more than one rollover has occurred?
Consider whether multiple management applications will share a
What information should be maintained across reboots of the device, counter; if so, then no one management application should be allowed
or restarts of the management system? to reset the value to zero since this will impact other applications.
Could events, such as hot-swapping a blade in a chassis, cause Could events, such as hot-swapping a blade in a chassis, cause
discontinuities in information? Does this make any difference in discontinuities in information? Does this make any difference in
evaluating the performance of a protocol? evaluating the performance of a protocol?
Consider whether multiple management applications will share a
counter; if so, then no one management application should be allowed
to reset the value to zero since this will impact other applications.
For performance monitoring, it is often important to report the time For performance monitoring, it is often important to report the time
spent in a state rather than the current state. Snapshots are of spent in a state rather than the current state. Snapshots are of
less value for performance monitoring. [DISCUSS: please elaborate] less value for performance monitoring.
The Benchmarking Methodology WG (bmwg) has defined recommendations The Benchmarking Methodology WG (bmwg) has defined recommendations
for the measurement of the performance characteristics of various for the measurement of the performance characteristics of various
internetworking technologies in a laboratory environment, including internetworking technologies in a laboratory environment, including
the systems or services that are built from these technologies. Each the systems or services that are built from these technologies. Each
recommendation describes the class of equipment, system, or service recommendation describes the class of equipment, system, or service
being addressed; discuss the performance characteristics that are being addressed; discuss the performance characteristics that are
pertinent to that class; clearly identify a set of metrics that aid pertinent to that class; clearly identify a set of metrics that aid
in the description of those characteristics; specify the in the description of those characteristics; specify the
methodologies required to collect said metrics; and lastly, present methodologies required to collect said metrics; and lastly, present
the requirements for the common, unambiguous reporting of the requirements for the common, unambiguous reporting of
benchmarking results. benchmarking results.
[DISCUSS: there are several parts to performance management. Device What are the principal performance factors that need to be looked at
monitoring (with the impact of the new protocol/service activation), when measuring the operational performance of the protocol
protocol monitoring, and services monitoring. This section might implementations? Is it important to measure setup times? throughput?
benefit from being broken into different pieces.] quality versus throughput? interruptions? end-to-end throughput? end-
to-end quality? hop-to-hop throughput? In many cases the performance
metrics are generic and already defined by work done in the IPPM WG,
or BMWG for example, but in some cases new metrics need to be
defined. It would be useful if the document would identify the need
for such new metrics.
4.7. Security Management 4.7. Security Management
Protocol designers should consider how to monitor and to manage Protocol designers should consider how to monitor and to manage
security aspects and vulnerabilities of the new protocol. security aspects and vulnerabilities of the new protocol.
There will be security considerations related to the new protocol. There will be security considerations related to the new protocol.
To make it possible for operators to be aware of security-related To make it possible for operators to be aware of security-related
events, it is recommended that system logs should record events, such events, it is recommended that system logs should record events, such
as failed logins, but the logs must be secured. as failed logins, but the logs must be secured.
skipping to change at page 21, line 14 skipping to change at page 21, line 17
with invalid timestamps? If such statistics are collected, is it with invalid timestamps? If such statistics are collected, is it
important to count them separately for each sender to help identify important to count them separately for each sender to help identify
the source of attacks? the source of attacks?
Manageability considerations that are security-oriented might include Manageability considerations that are security-oriented might include
discussion of the security implications when no monitoring is in discussion of the security implications when no monitoring is in
place, the regulatory implications of absence of audit-trail or logs place, the regulatory implications of absence of audit-trail or logs
in enterprises, exceeding the capacity of logs, and security in enterprises, exceeding the capacity of logs, and security
exposures present in chosen / recommended management mechanisms. exposures present in chosen / recommended management mechanisms.
Consider security threats that may be introduced by management
operations. For example CAPWAP breaks the structure of monolithic
Access Points (AP) into Access Controllers and Wireless Termination
Points (WTP). By using a management interface, internal information
that was previously not accessible is now exposed over the network
and to management applications and may become a source of potential
security threats.
The granularity of access control needed on management interfaces The granularity of access control needed on management interfaces
needs to match operational needs. Typical requirements are a role- needs to match operational needs. Typical requirements are a role-
based access control model and the principle of least privilege, based access control model and the principle of least privilege,
where a user can be given only the minimum access necessary to where a user can be given only the minimum access necessary to
perform a required task. perform a required task.
It must be possible to do consistency checks of access control lists It must be possible to do consistency checks of access control lists
across devices. Protocol designers should consider information across devices. Protocol designers should consider information
models to promote comparisons across devices and across vendors to models to promote comparisons across devices and across vendors to
permit checking the consistency of security configurations. permit checking the consistency of security configurations.
skipping to change at page 21, line 37 skipping to change at page 21, line 48
with existing key and credential management infrastructure. It is a with existing key and credential management infrastructure. It is a
good idea to start with defining the threat model for the protocol, good idea to start with defining the threat model for the protocol,
and from that deducing what is required. and from that deducing what is required.
Protocol designers should consider how access control lists are Protocol designers should consider how access control lists are
maintained and updated. maintained and updated.
Standard SNMP notifications or SYSLOG messages Standard SNMP notifications or SYSLOG messages
[I-D.ietf-syslog-protocol] might already exist, or can be defined, to [I-D.ietf-syslog-protocol] might already exist, or can be defined, to
alert operators to the conditions identified in the security alert operators to the conditions identified in the security
considerations for the new protocol. [DISCUSS: can somebody provide considerations for the new protocol. For example, you can log all
an example of an existing notifications or syslog messages related to the commands entered by the operator using syslog (giving you some
security, other than SNMPv3-specific notifications?] degree of audit trail), or you can see who has logged on/off using
SSH from where, failed SSH logins can be logged using syslog, etc.
An analysis of existing counters might help operators recognize the An analysis of existing counters might help operators recognize the
conditions identified in the security considerations for the new conditions identified in the security considerations for the new
protocol before they can impact the network. protocol before they can impact the network.
RADIUS and DIAMETER can provide authentication and authorization. A RADIUS and DIAMETER can provide authentication and authorization. A
protocol designer should consider which attributes would be protocol designer should consider which attributes would be
appropriate for their protocol. appropriate for their protocol.
Different protocols use different assumptions about message security Different protocols use different assumptions about message security
skipping to change at page 22, line 13 skipping to change at page 22, line 25
different protocols should consider how security will be applied in a different protocols should consider how security will be applied in a
balanced manner across multiple management interfaces. SNMP access balanced manner across multiple management interfaces. SNMP access
control is data-oriented, while CLI access control is usually command control is data-oriented, while CLI access control is usually command
(task) oriented. Depending on the management function, sometimes (task) oriented. Depending on the management function, sometimes
data-oriented or task-oriented access control makes more sense. data-oriented or task-oriented access control makes more sense.
Protocol designers should consider both data-oriented and task- Protocol designers should consider both data-oriented and task-
oriented access control. oriented access control.
5. Documentation Guidelines 5. Documentation Guidelines
The purpose of this document is to provide guidance about what to
consider when thinking about the management and deployment of a new
protocol, and to provide guidance about documenting the
considerations. The following guidelines are designed to help
writers provide a reasonably consistent format for such
documentation. Separate manageability and operational considerations
sections are desirable in many cases, but their structure and
location is a decision that can be made from case to case.
We want to avoid seeming to impose a solution by putting in place a
strict terminology - for example implying that a formal data model,
or even using a management protocol is mandatory. If protocol
designers conclude that its technology can be managed solely by using
proprietary CLIs, and no structured or standardized data model needs
to be in place, this might be fine, but it is a decision that should
be explicit in a manageability discussion, that this is how the
protocol will need to be operated and managed. Protocol designers
should avoid having manageability pushed for a later/never phase of
the development of the standard.
Making a Management Considerations section a mandatory publication
requirement for IETF documents is the responsibility of the IESG, or
specific area directors, or working groups, and this document avoids
recommending any mandatory publication requirements. For a complex
protocol, a completely separate draft on operations and management
might be appropriate, or even a completely separate WG effort.
This document is focused on what to think about, and how to document This document is focused on what to think about, and how to document
the considerations of the protocol designer. the considerations of the protocol designer.
5.1. Recommended Discussions 5.1. Recommended Discussions
A Manageability Considerations section should include discussion of A Manageability Considerations section should include discussion of
the management and operations topics raised in this document, and the management and operations topics raised in this document, and
when one or more of these topics is not relevant, it would be useful when one or more of these topics is not relevant, it would be useful
to contain a simple statement explaining why the topic is not to contain a simple statement explaining why the topic is not
relevant for the new protocol. Of course, additional relevant topics relevant for the new protocol. Of course, additional relevant topics
skipping to change at page 24, line 18 skipping to change at page 23, line 50
Farrel, which itself was based on work exploring the need for Farrel, which itself was based on work exploring the need for
Manageability Considerations sections in all Internet-Drafts produced Manageability Considerations sections in all Internet-Drafts produced
within the Routing Area of the IETF. That earlier work was produced within the Routing Area of the IETF. That earlier work was produced
by Avri Doria, Loa Andersson, and Adrian Farrel, with valuable by Avri Doria, Loa Andersson, and Adrian Farrel, with valuable
feedback provided by Pekka Savola and Bert Wijnen. feedback provided by Pekka Savola and Bert Wijnen.
Some of the discussion about designing for manageability came from Some of the discussion about designing for manageability came from
private discussions between Dan Romascanu, Bert Wijnen, Juergen private discussions between Dan Romascanu, Bert Wijnen, Juergen
Schoenwaelder, Andy Bierman, and David Harrington. Schoenwaelder, Andy Bierman, and David Harrington.
Thanks to reviewers who helped fashion this document, including David
Kessens, Dan Romascanu, Ron Bonica, Bert Wijnen, Lixia Zhang, Ralf
Wolter, Benoit Claise, Brian Carpenter, Harald Alvestrand, Juergen
Schoenwaelder, Pekka Savola
9. Informative References 9. Informative References
[I-D.ietf-psamp-protocol] Claise, B., "Packet Sampling (PSAMP)
Protocol Specifications",
draft-ietf-psamp-protocol-09 (work in
progress), December 2007.
[I-D.ietf-syslog-protocol] Gerhards, R., "The syslog Protocol", [I-D.ietf-syslog-protocol] Gerhards, R., "The syslog Protocol",
draft-ietf-syslog-protocol-23 (work in draft-ietf-syslog-protocol-23 (work
progress), September 2007. in progress), September 2007.
[RFC1034] Mockapetris, P., "Domain names - concepts [RFC1034] Mockapetris, P., "Domain names -
and facilities", STD 13, RFC 1034, concepts and facilities", STD 13,
November 1987. RFC 1034, November 1987.
[RFC1052] Cerf, V., "IAB recommendations for the [RFC1052] Cerf, V., "IAB recommendations for
development of Internet network the development of Internet network
management standards", RFC 1052, management standards", RFC 1052,
April 1988. April 1988.
[RFC1492] Finseth, C., "An Access Control Protocol, [RFC1492] Finseth, C., "An Access Control
Sometimes Called TACACS", RFC 1492, Protocol, Sometimes Called TACACS",
July 1993. RFC 1492, July 1993.
[RFC2119] Bradner, S., "Key words for use in RFCs [RFC2119] Bradner, S., "Key words for use in
to Indicate Requirement Levels", BCP 14, RFCs to Indicate Requirement Levels",
RFC 2119, March 1997. BCP 14, RFC 2119, March 1997.
[RFC2205] Braden, B., Zhang, L., Berson, S., [RFC2205] Braden, B., Zhang, L., Berson, S.,
Herzog, S., and S. Jamin, "Resource Herzog, S., and S. Jamin, "Resource
ReSerVation Protocol (RSVP) -- Version 1 ReSerVation Protocol (RSVP) --
Functional Specification", RFC 2205, Version 1 Functional Specification",
September 1997. RFC 2205, September 1997.
[RFC2439] Villamizar, C., Chandra, R., and R. [RFC2439] Villamizar, C., Chandra, R., and R.
Govindan, "BGP Route Flap Damping", Govindan, "BGP Route Flap Damping",
RFC 2439, November 1998. RFC 2439, November 1998.
[RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., [RFC2578] McCloghrie, K., Ed., Perkins, D.,
and J. Schoenwaelder, Ed., "Structure of Ed., and J. Schoenwaelder, Ed.,
Management Information Version 2 "Structure of Management Information
(SMIv2)", STD 58, RFC 2578, April 1999. Version 2 (SMIv2)", STD 58, RFC 2578,
April 1999.
[RFC2821] Klensin, J., "Simple Mail Transfer [RFC2821] Klensin, J., "Simple Mail Transfer
Protocol", RFC 2821, April 2001. Protocol", RFC 2821, April 2001.
[RFC2863] McCloghrie, K. and F. Kastenholz, "The [RFC2863] McCloghrie, K. and F. Kastenholz,
Interfaces Group MIB", RFC 2863, "The Interfaces Group MIB", RFC 2863,
June 2000. June 2000.
[RFC2865] Rigney, C., Willens, S., Rubens, A., and [RFC2865] Rigney, C., Willens, S., Rubens, A.,
W. Simpson, "Remote Authentication Dial and W. Simpson, "Remote
In User Service (RADIUS)", RFC 2865, Authentication Dial In User Service
June 2000. (RADIUS)", RFC 2865, June 2000.
[RFC2975] Aboba, B., Arkko, J., and D. Harrington, [RFC2975] Aboba, B., Arkko, J., and D.
"Introduction to Accounting Management", Harrington, "Introduction to
RFC 2975, October 2000. Accounting Management", RFC 2975,
October 2000.
[RFC3060] Moore, B., Ellesson, E., Strassner, J., [RFC3060] Moore, B., Ellesson, E., Strassner,
and A. Westerinen, "Policy Core J., and A. Westerinen, "Policy Core
Information Model -- Version 1 Information Model -- Version 1
Specification", RFC 3060, February 2001. Specification", RFC 3060,
February 2001.
[RFC3084] Chan, K., Seligson, J., Durham, D., Gai, [RFC3084] Chan, K., Seligson, J., Durham, D.,
S., McCloghrie, K., Herzog, S., Gai, S., McCloghrie, K., Herzog, S.,
Reichmeyer, F., Yavatkar, R., and A. Reichmeyer, F., Yavatkar, R., and A.
Smith, "COPS Usage for Policy Smith, "COPS Usage for Policy
Provisioning (COPS-PR)", RFC 3084, Provisioning (COPS-PR)", RFC 3084,
March 2001. March 2001.
[RFC3139] Sanchez, L., McCloghrie, K., and J. [RFC3139] Sanchez, L., McCloghrie, K., and J.
Saperia, "Requirements for Configuration Saperia, "Requirements for
Management of IP-based Networks", Configuration Management of IP-based
RFC 3139, June 2001. Networks", RFC 3139, June 2001.
[RFC3198] Westerinen, A., Schnizlein, J., [RFC3198] Westerinen, A., Schnizlein, J.,
Strassner, J., Scherling, M., Quinn, B., Strassner, J., Scherling, M., Quinn,
Herzog, S., Huynh, A., Carlson, M., B., Herzog, S., Huynh, A., Carlson,
Perry, J., and S. Waldbusser, M., Perry, J., and S. Waldbusser,
"Terminology for Policy-Based "Terminology for Policy-Based
Management", RFC 3198, November 2001. Management", RFC 3198, November 2001.
[RFC3290] Bernet, Y., Blake, S., Grossman, D., and [RFC3290] Bernet, Y., Blake, S., Grossman, D.,
A. Smith, "An Informal Management Model and A. Smith, "An Informal Management
for Diffserv Routers", RFC 3290, Model for Diffserv Routers",
May 2002. RFC 3290, May 2002.
[RFC3410] Case, J., Mundy, R., Partain, D., and B. [RFC3410] Case, J., Mundy, R., Partain, D., and
Stewart, "Introduction and Applicability B. Stewart, "Introduction and
Statements for Internet-Standard Applicability Statements for
Management Framework", RFC 3410, Internet-Standard Management
December 2002. Framework", RFC 3410, December 2002.
[RFC3444] Pras, A. and J. Schoenwaelder, "On the [RFC3444] Pras, A. and J. Schoenwaelder, "On
Difference between Information Models and the Difference between Information
Data Models", RFC 3444, January 2003. Models and Data Models", RFC 3444,
January 2003.
[RFC3460] Moore, B., "Policy Core Information Model [RFC3460] Moore, B., "Policy Core Information
(PCIM) Extensions", RFC 3460, Model (PCIM) Extensions", RFC 3460,
January 2003. January 2003.
[RFC3535] Schoenwaelder, J., "Overview of the 2002 [RFC3535] Schoenwaelder, J., "Overview of the
IAB Network Management Workshop", 2002 IAB Network Management
RFC 3535, May 2003. Workshop", RFC 3535, May 2003.
[RFC3585] Jason, J., Rafalow, L., and E. Vyncke, [RFC3585] Jason, J., Rafalow, L., and E.
"IPsec Configuration Policy Information Vyncke, "IPsec Configuration Policy
Model", RFC 3585, August 2003. Information Model", RFC 3585,
August 2003.
[RFC3644] Snir, Y., Ramberg, Y., Strassner, J., [RFC3644] Snir, Y., Ramberg, Y., Strassner, J.,
Cohen, R., and B. Moore, "Policy Quality Cohen, R., and B. Moore, "Policy
of Service (QoS) Information Model", Quality of Service (QoS) Information
RFC 3644, November 2003. Model", RFC 3644, November 2003.
[RFC3670] Moore, B., Durham, D., Strassner, J., [RFC3670] Moore, B., Durham, D., Strassner, J.,
Westerinen, A., and W. Weiss, Westerinen, A., and W. Weiss,
"Information Model for Describing Network "Information Model for Describing
Device QoS Datapath Mechanisms", Network Device QoS Datapath
RFC 3670, January 2004. Mechanisms", RFC 3670, January 2004.
[RFC3805] Bergman, R., Lewis, H., and I. McDonald, [RFC3805] Bergman, R., Lewis, H., and I.
"Printer MIB v2", RFC 3805, June 2004. McDonald, "Printer MIB v2", RFC 3805,
June 2004.
[RFC4741] Enns, R., "NETCONF Configuration [RFC4741] Enns, R., "NETCONF Configuration
Protocol", RFC 4741, December 2006. Protocol", RFC 4741, December 2006.
[RFC5105] Lendl, O., "ENUM Validation Token Format [RFC5101] Claise, B., "Specification of the IP
Definition", RFC 5105, December 2007. Flow Information Export (IPFIX)
Protocol for the Exchange of IP
Traffic Flow Information", RFC 5101,
January 2008.
Appendix A. Review Checklist [W3C.REC-xmlschema-0-20010502] Fallside, D., "XML Schema Part 0:
Primer", World Wide Web Consortium
FirstEdition REC-xmlschema-0-
20010502, May 2001, <http://
www.w3.org/TR/2001/
REC-xmlschema-0-20010502>.
This appendix provides a quick summary of issues to consider. Appendix A. Operations and Management Review Checklist
A.1. General Document Checklist This appendix provides a quick checklist of issues that protocol
designers should expect operations and management expert reviewers to
look for when reviewing a document being proposed for consideration
as a protocol standard.
Is the document readable? A.1. Operational Considerations
Does it contain nits? Has the operations model been discussed? see section 3.1.
Is the document class appropriate? Does the document include a description of the operational
model - how is this protocol or technology going to be deployed
and managed?
Is the problem well stated? Is the proposed specification deployable? If not, how could it
be improved?
Is the problem really a problem? Does the solution scale well? Does the proposed approach have
any scaling issues that could affect usability for large scale
operation?
Does the document consider existing solutions? Has installation and initial setup been discussed? see section 3.2
Does the solution break existing technology? Is the solution sufficiently configurable?
Does the solution preclude future activity? are configuration parameters clearly identified?
Is the specification complete? Can multiple interoperable are configuration parameters normalized?
implementations be built based on the specification?
A.2. Operations and Management Checklist does each configuration parameter have a reasonable default
value?
Is the proposed specification deployable? If not, how could it be Will configuration be pushed to a device by a configuration
improved? Does the document include a description of the manager, or pulled by a device from a configuration server?
operational model - how is this protocol or technology going to be
deployed and managed? will it use centralized or distributed
management? will it require remote and/or local management
applications?
Is the solution sufficiently configurable? are configuration How will the devices and managers find and authenticate each
parameters clearly identified? are configuration parameters other?
normalized? does each configuration parameter have a reasonable
default value? Will configuration be pushed to a device by a
configuration manager, or pulled by a device from a configuration
server? How will the devices and managers find and authenticate
each other?
Does the solution have failure modes that are difficult to Has the migration path been discussed? see section 3.3.
diagnose or correct? Are faults and alarms reported and logged?
is protocol state information exposed to the user? How? are Are there any backward compatibility issues?
significant state transitions logged? Have the Requirements on Other Protocols and Functional Components
been discussed? see section 3.4.
Does the protocol have an impact on network traffic and network What protocol operations are expected to be performed relative
devices? is protocol performance information exposed to the user? to the new protocol or technology, and what protocols and data
Can performance be measured? Does the solution scale well? Does models are expected to be in place or recommended to ensure for
the proposed approach have any scaling issues that could affect interoperable management?
usability for large scale operation?
Are there any backward compatibility issues? Has the Impact on Network Operation been discussed? see section
3.5.
Do you anticipate any manageability issues with the specification? Have suggestions for verifying correct operation been discussed?
see section 3.6.
Does the specification introduce new potential security risks or Have suggestions for verifying correct operation been discussed?
avenues for fraud? see section 4.1.
Does the proposed protocol have a significant operational impact A.2. Management Considerations
on the Internet. If it does, and the document under review
targets standards track, is their enough proof of implementation
and/or operational experience to grant Proposed Standard status?
Appendix B. Open Issues Do you anticipate any manageability issues with the specification?
Identify bullets for appendix checklist Is Management interoperability discussed? see section 4.1.
align checklist order and guidelines order will it use centralized or distributed management?
Is section 2 needed? it seems too management-centric. will it require remote and/or local management applications?
Need more reviews and suggested text, especially on operational Are textual or graphical user interfaces required?
considerations
[DISCUSS: How much of RFC 3535 and RFC 3139 should be repeated Is textual or binary format for management information
(and updated) in these guidelines? There are many best current preferred?
practices mentioned in those documents. Should we bring them
together into this document and expand on how they should
influence ops/mgmt considerations for a new protocol? Many of the
points relate to NM protocol design, but there are also many
points about operational and management considerations.]
Appendix C. DISCUSSES that have yet to be discussed Is Management Information discussed? see section 4.2.
All of these discusses have been copied from the text. They all need What is the minimal set of management (configuration, faults,
discussion and proposed text before the editor will know what needs performance monitoring) objects that need to be instrumented in
to be put into the document. order to manage the new protocol?
[DISCUSS: examples, list of current protocols characteristics and Is Fault Management discussed? see section 4.3.
their impact on the network. e.g., burst traffic impact on network
congestion.]
[DISCUSS: would the example of inconsistency between MIB counters Is Liveness Detection and Monitoring discussed?
that cannot be reset and CLI counters that can be rest be useful Does the solution have failure modes that are difficult to
here?] diagnose or correct? Are faults and alarms reported and
[DISCUSS: this could use a good example of when a protocol logged?
designer should consider future extensions to the management. Are
we talking about writing extensible data models? ]
[DISCUSS: is this paragraph really about protocol design for Is Configuration Management discussed? see section 4.4.
operability or about operational practice? If this stays, it
probably needs a bit more discussion on database driven
configurations, and how protocol design would be impacted by the
expectation of database-driven configuration. ]
[DISCUSS: this needs rewording to better describe consistency is protocol state information exposed to the user? How? are
checking 1) over time, and 2) between ends of a link. probably significant state transitions logged?
needs a bit more discussion on the need to be able to understand
and check what it is happening on the wire actually matches what
the Operator tried to configure. Basically, complexity is your
enemy here, and that cannot be stressed often enough (no idea how
you can verify whether for example a SIP application is actually
doing what it is supposed to do due to the complexity).]
[DISCUSS: Is a section on P2P vs. central management called for Is Accounting Management discussed? see section 4.5.
here?]
[DISCUSS: what is reliable?] Is Performance Management discussed? see section 4.6.
[DISCUSS: can somebody provide an example?] Does the protocol have an impact on network traffic and network
devices? Can performance be measured?
[DISCUSS: Ralf: While this sounds good, how do you distinguish Is protocol performance information exposed to the user?
between faulty messages and good messages? It might require
complex functions such as deviation from normal, are you sure you
want to implement those at the device level?]
[DISCUSS: Well, deviation from normal is certainly an NMS tasks, Is Security Management discussed? see section 4.7.
while two neighbor interfaces could exchange simple fault counters
in PERCENTAGES that would give the neighbor a hint about issues.
E.g. if CRC errors are greater than 1% of total traffic both the
neighbor and the NMS could be notified to setup an alternative
path/link, if possible.]
[DISCUSS: this should be expanded or eliminated. If parallel Does the specification discuss hwo to manage aspects of
paths exist between two neighbor devices they could be activated. security, such as access controls, managing key distribution,
Not sure how much further we can take the idea of automated etc.
correction actions.]
[DISCUSS: Somewhere in the fault management section, we should A.3. Documentation
have pinters to some threshold-based mechanisms, such as RMON
events/alarms or the EVENT-MIB, with the message that we don't
need to have SNMP notifications for all events if we have the
right counters that can be polled as needed.]
[DISCUSS: Ralf: Well, there are two parts to it: 1. An NMS system
could optimize ACLs for performance reasons 2. Unless the device/
NMS systems has correct rules/a lot of experience, reordering ACLs
can lead to a huge security issue, therefore I would rephrase this
paragraph.]
[DISCUSS: Also add: backup configurations, i.e. version n-1 and Is an operational considerations and/or manageability section part of
auto-fallback solutions that automatically return to the previous the document?
known good configuration or adding a backdoor for the operator.
One of the worst scenarios is remote device configuration where
the new running configuration does not work as expected and
unlocks the admin. Vendors may have ways to avoid unlocking the
operator but this does not have to be vendor specific.]
[DISCUSS: 1. Describe the concept of a "Gold config" and updating Does the proposed protocol have a significant operational impact on
it frequently 2. Describe a "backdoor" undo strategy ] the Internet. If it does, and the document under review targets
standards track, is their enough proof of implementation and/or
operational experience to grant Proposed Standard status?
[DISCUSS: Ralf: This might be a good place for adding the Appendix B. Change Log
description of configuration-templates.]
[DISCUSS: mention NTP?] Changes from opsawg-04 to opsawg-05
added bullets for appendix checklist
[DISCUSS: Before deploying? Before operating? How to achieve aligned checklist order and guidelines order
this?]
[DISCUSS: please elaborate] resolved all DISCUSS and TODO issues.
[DISCUSS: there are several parts to performance management. Changes from opsawg-03 to opsawg-04
Device monitoring (with the impact of the new protocol/service
activation), protocol monitoring, and services monitoring. This
section might benefit from being broken into different pieces.]
[DISCUSS: can somebody provide an example of an existing improved wording in Introduction
notifications or syslog messages related to security, other than
SNMPv3-specific notifications?]
[DISCUSS: How much of RFC 3535 and RFC 3139 should be repeated added a number of DISCUSS points raised during WG reviews
(and updated) in these guidelines? There are many best current
practices mentioned in those documents. Should we bring them
together into this document and expand on how they should
influence ops/mgmt considerations for a new protocol? Many of the
points relate to NM protocol design, but there are also many
points about operational and management considerations.]
Appendix D. Change Log added more wording on service management
updated references and copyrights
Changes from opsawg-02 to opsawg-03 Changes from opsawg-02 to opsawg-03
From reviews by Lixia Zhang and feedback from WG Chairs' Lunch. From reviews by Lixia Zhang and feedback from WG Chairs' Lunch.
added discussion of impact on the Internet to checklist added discussion of impact on the Internet to checklist
spell check spell check
added examples added examples
 End of changes. 152 change blocks. 
487 lines changed or deleted 440 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/