draft-ietf-opsawg-operations-and-management-05.txt   draft-ietf-opsawg-operations-and-management-06.txt 
Network Working Group D. Harrington Network Working Group D. Harrington
Internet-Draft Huawei Technologies USA Internet-Draft Huawei Technologies USA
Intended status: BCP October 27, 2008 Intended status: BCP March 9, 2009
Expires: April 30, 2009 Expires: September 10, 2009
Guidelines for Considering Operations and Management of New Protocols Guidelines for Considering Operations and Management of New Protocols
draft-ietf-opsawg-operations-and-management-05 and Protocol Extensions
draft-ietf-opsawg-operations-and-management-06
Status of This Memo Status of This Memo
By submitting this Internet-Draft, each author represents that any This Internet-Draft is submitted to IETF in full conformance with the
applicable patent or other IPR claims of which he or she is aware provisions of BCP 78 and BCP 79. This document may contain material
have been or will be disclosed, and any of which he or she becomes from IETF Documents or IETF Contributions published or made publicly
aware will be disclosed, in accordance with Section 6 of BCP 79. available before November 10, 2008. The person(s) controlling the
copyright in some of this material may not have granted the IETF
Trust the right to allow modifications of such material outside the
IETF Standards Process. Without obtaining an adequate license from
the person(s) controlling the copyright in such materials, this
document may not be modified outside the IETF Standards Process, and
derivative works of it may not be created outside the IETF Standards
Process, except to format it for publication as an RFC or to
translate it into languages other than English.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 30, 2009. This Internet-Draft will expire on September 10, 2009.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Abstract Abstract
New protocols or protocol extensions are best designed with due New protocols or protocol extensions are best designed with due
consideration of functionality needed to operate and manage the consideration of functionality needed to operate and manage the
protocol. Retrofitting operations and management is sub-optimal. protocols. Retrofitting operations and management is sub-optimal.
The purpose of this document is to provide guidance to authors and The purpose of this document is to provide guidance to authors and
reviewers of documents defining new protocols or protocol extensions, reviewers of documents defining new protocols or protocol extensions,
about covering aspects of operations and management that should be about covering aspects of operations and management that should be
considered. considered.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Designing for Operations and Management . . . . . . . . . 4
2. Design for Operations and Management . . . . . . . . . . . . . 4 1.2. This Document . . . . . . . . . . . . . . . . . . . . . . 4
2.1. IETF Management Framework . . . . . . . . . . . . . . . . 5 1.3. Motivation . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Operational Considerations . . . . . . . . . . . . . . . . . . 6 1.4. Background . . . . . . . . . . . . . . . . . . . . . . . . 6
3.1. Operations Model . . . . . . . . . . . . . . . . . . . . . 6 1.5. Available Management Technologies . . . . . . . . . . . . 7
3.2. Installation and Initial Setup . . . . . . . . . . . . . . 7 1.6. Terminology . . . . . . . . . . . . . . . . . . . . . . . 7
3.3. Migration Path . . . . . . . . . . . . . . . . . . . . . . 8 2. Operational Considerations - How Will the New Protocol Fit
3.4. Requirements on Other Protocols and Functional Into the Current Environment? . . . . . . . . . . . . . . . . 7
Components . . . . . . . . . . . . . . . . . . . . . . . . 8 2.1. Operations Model . . . . . . . . . . . . . . . . . . . . . 8
3.5. Impact on Network Operation . . . . . . . . . . . . . . . 9 2.2. Installation and Initial Setup . . . . . . . . . . . . . . 8
3.6. Verifying Correct Operation . . . . . . . . . . . . . . . 9 2.3. Migration Path . . . . . . . . . . . . . . . . . . . . . . 9
4. Management Considerations . . . . . . . . . . . . . . . . . . 10 2.4. Requirements on Other Protocols and Functional
4.1. Interoperability . . . . . . . . . . . . . . . . . . . . . 11 Components . . . . . . . . . . . . . . . . . . . . . . . . 10
4.2. Management Information . . . . . . . . . . . . . . . . . . 13 2.5. Impact on Network Operation . . . . . . . . . . . . . . . 10
4.3. Fault Management . . . . . . . . . . . . . . . . . . . . . 14 2.6. Verifying Correct Operation . . . . . . . . . . . . . . . 11
4.3.1. Liveness Detection and Monitoring . . . . . . . . . . 15 3. Management Considerations - How Will The Protocol be
4.3.2. Fault Determination . . . . . . . . . . . . . . . . . 15 Managed? . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
4.3.3. Fault Isolation . . . . . . . . . . . . . . . . . . . 16 3.1. Interoperability . . . . . . . . . . . . . . . . . . . . . 13
4.4. Configuration Management . . . . . . . . . . . . . . . . . 16 3.2. Management Information . . . . . . . . . . . . . . . . . . 16
4.4.1. Verifying Correct Operation . . . . . . . . . . . . . 18 3.2.1. Information Model Design . . . . . . . . . . . . . . . 17
4.4.2. Control of Function and Policy . . . . . . . . . . . . 18 3.3. Fault Management . . . . . . . . . . . . . . . . . . . . . 17
4.5. Accounting Management . . . . . . . . . . . . . . . . . . 18 3.3.1. Liveness Detection and Monitoring . . . . . . . . . . 18
4.6. Performance Management . . . . . . . . . . . . . . . . . . 19 3.3.2. Fault Determination . . . . . . . . . . . . . . . . . 18
4.7. Security Management . . . . . . . . . . . . . . . . . . . 20 3.3.3. Root Cause Analysis . . . . . . . . . . . . . . . . . 18
5. Documentation Guidelines . . . . . . . . . . . . . . . . . . . 22 3.3.4. Fault Isolation . . . . . . . . . . . . . . . . . . . 19
5.1. Recommended Discussions . . . . . . . . . . . . . . . . . 22 3.4. Configuration Management . . . . . . . . . . . . . . . . . 19
5.2. Null Manageability Considerations Sections . . . . . . . . 22 3.4.1. Verifying Correct Operation . . . . . . . . . . . . . 20
5.3. Placement of Operations and Manageability 3.4.2. Control of Function and Policy . . . . . . . . . . . . 21
Considerations Sections . . . . . . . . . . . . . . . . . 23 3.5. Accounting Management . . . . . . . . . . . . . . . . . . 21
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 3.6. Performance Management . . . . . . . . . . . . . . . . . . 21
7. Security Considerations . . . . . . . . . . . . . . . . . . . 23 3.6.1. Monitoring the Protocol . . . . . . . . . . . . . . . 22
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 23 3.6.2. Monitoring the Device . . . . . . . . . . . . . . . . 23
9. Informative References . . . . . . . . . . . . . . . . . . . . 24 3.6.3. Monitoring the Network . . . . . . . . . . . . . . . . 23
Appendix A. Operations and Management Review Checklist . . . . . 27 3.6.4. Monitoring the Service . . . . . . . . . . . . . . . . 23
A.1. Operational Considerations . . . . . . . . . . . . . . . . 27 3.7. Security Management . . . . . . . . . . . . . . . . . . . 23
A.2. Management Considerations . . . . . . . . . . . . . . . . 28 4. Documentation Guidelines . . . . . . . . . . . . . . . . . . . 25
A.3. Documentation . . . . . . . . . . . . . . . . . . . . . . 29 4.1. Recommended Discussions . . . . . . . . . . . . . . . . . 25
Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 29 4.2. Null Manageability Considerations Sections . . . . . . . . 25
4.3. Placement of Operations and Manageability
Considerations Sections . . . . . . . . . . . . . . . . . 26
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 26
6. Security Considerations . . . . . . . . . . . . . . . . . . . 26
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 27
8. Informative References . . . . . . . . . . . . . . . . . . . . 27
Appendix A. Operations and Management Review Checklist . . . . . 30
A.1. Operational Considerations . . . . . . . . . . . . . . . . 31
A.2. Management Considerations . . . . . . . . . . . . . . . . 33
A.3. Documentation . . . . . . . . . . . . . . . . . . . . . . 34
Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 34
1. Introduction 1. Introduction
Often when new protocols or protocol extensions are developed, not Often when new protocols or protocol extensions are developed, not
enough consideration is given to how the protocol will be deployed, enough consideration is given to how the protocol will be deployed,
operated and managed. Retrofitting operations and management operated and managed. Retrofitting operations and management
mechanisms is often hard and architecturally unpleasant, and certain mechanisms is often hard and architecturally unpleasant, and certain
protocol design choices may make deployment, operations, and protocol design choices may make deployment, operations, and
management particularly hard. Since the ease of operations and management particularly hard. Since the ease of operations and
management may impact the success of IETF protocols, this document management may impact the success of IETF protocols, this document
provides guidelines to help protocol designers and working groups provides guidelines to help protocol designers and working groups
consider the operations and management functionality needed by their consider the operations and management functionality needed by their
new IETF protocol or protocol extension at an earlier phase. new IETF protocol or protocol extension at an earlier phase.
This document suggests protocol designers consider operations and 1.1. Designing for Operations and Management
management needs and then recommend appropriate standard management
protocols and data models to address the relevant operations and The operational environment and manageability of the protocol should
management needs. This is similar to a WG considering which security be considered from the start when new protocols are designed.
threats are relevant to their protocol, and then recommending
appropriate standard security protocols to mitigate the relevant Protocol designers should consider which operations and management
threats. needs are relevant to their protocol, document how those needs could
be addressed, and suggest standard management protocols and data
models that could be used to address those needs. This is similar to
a working group (WG) that considers which security threats are
relevant to their protocol, documents how threats should be
mitigated, and then suggests appropriate standard protocols that
could mitigate the threats.
When a WG considers operation and management functionality for a
protocol, the document should contain enough information to
understand how the protocol will be deployed and managed, but the WG
should expect that considerations for operations and management may
need to be updated in the future, after further operational
experience has been gained.
1.2. This Document
This document makes a distinction between "Operational
Considerations" and "Management Considerations", although the two are
closely related. The section on manageability is focused on
management technology such as how to utilize management protocols and
how to design management data models. The operational considerations
apply to operating the protocol within a network, even if there were
no management protocol actively being used.
The purpose of this document is to provide guidance about what to The purpose of this document is to provide guidance about what to
consider when thinking about the management and deployment of a new consider when thinking about the management and deployment of a new
protocol, and to provide guidance about documenting the protocol, and to provide guidance about documenting the
considerations. The following guidelines are designed to help considerations. The following guidelines are designed to help
writers provide a reasonably consistent format for such writers provide a reasonably consistent format for such
documentation. Separate manageability and operational considerations documentation. Separate manageability and operational considerations
sections are desirable in many cases, but their structure and sections are desirable in many cases, but their structure and
location is a decision that can be made from case to case. location is a decision that can be made from case to case.
We want to avoid seeming to impose a solution by putting in place a This document does not impose a solution, or imply that a formal data
strict terminology - for example implying that a formal data model, model is needed, or imply that using a specific management protocol
or even using a management protocol is mandatory. If protocol is mandatory. If protocol designers conclude that the technology can
designers conclude that its technology can be managed solely by using be managed solely by using proprietary command line interfaces
proprietary CLIs, and no structured or standardized data model needs (CLIs), and no structured or standardized data model needs to be in
to be in place, this might be fine, but it is a decision that should place, this might be fine, but it is a decision that should be
be explicit in a manageability discussion, that this is how the explicit in a manageability discussion, that this is how the protocol
protocol will need to be operated and managed. Protocol designers will need to be operated and managed. Protocol designers should
should avoid having manageability pushed for a later/never phase of avoid having manageability pushed for a later phase of the
the development of the standard. development of the standard.
Making a Management Considerations section a mandatory publication Any decision to make a Management Considerations section a mandatory
requirement for IETF documents is the responsibility of the IESG, or publication requirement for IETF documents is the responsibility of
specific area directors, or working groups, and this document avoids the IESG, or specific area directors, or working groups, and this
recommending any mandatory publication requirements. For a complex document avoids recommending any mandatory publication requirements.
protocol, a completely separate draft on operations and management For a complex protocol, a completely separate draft on operations and
might be appropriate, or even a completely separate WG effort. management might be appropriate, or even a completely separate WG
effort.
This document discusses the importance of considering operations and This document discusses the importance of considering operations and
management. Section 1 introduces the subject and section 2 describes management by setting forth a list of guidelines and a checklist of
the IETF Management Framework. Section 3 discusses operational questions to consider, which a protocol designer or reviewer can use
functionality to consider. Section 4 discusses management to evaluate whether the protocol and documentation address common
functionality to consider.
This document sets forth a list of subjective guidelines and a list
of objective criteria by which a protocol designer can evaluate
whether the protocol that he/she has developed addresses common
operations and management needs. Operations and management are operations and management needs. Operations and management are
highly dependent on their environment, so most guidelines are highly dependent on their environment, so most guidelines are
subjective rather than objective. subjective rather than objective.
We provide some objective criteria to promote interoperability 1.3. Motivation
through the use of standard management interfaces, such as "did you
design counters in a MIB module for monitoring packets in/out of an
interface?" The Interfaces Group MIB [RFC2863], "did you write an
XML-based data model for configuring your protocol with Netconf?"
NETCONF Configuration Protocol [RFC4741], and "did you standardize
syslog message content and structured data elements for reporting
events that might occur when operating your protocol?"
[I-D.ietf-syslog-protocol] and "did you consider appropriate
notifications in case of failure situations??
1.1. Terminology
This document deliberately does not use the (capitalized) keywords
described in RFC 2119 [RFC2119]. RFC 2119 states the keywords must
only be used where it is actually required for interoperation or to
limit behavior which has potential for causing harm (e.g., limiting
retransmissions). For example, they must not be used to try to
impose a particular method on implementers where the method is not
required for interoperability. This document is a set of guidelines
based on current practices of protocol designers and operators. This
document does not describe requirements, so the key words from
RFC2119 have no place here.
o "new protocol" includes new protocols, protocol extensions, data
models, or other functionality being designed.
o "protocol designer" represents individuals and working groups
involved in the development of new protocols.
2. Design for Operations and Management For years the IETF community has used the IETF Standard Management
Framework, including the Simple Network Management Protocol
[RFC3410], the Structure of Management Informatiion [RFC2578], and
MIB data models for managing new protocols. As the Internet has
evolved, operators have found the reliance on one protocol and one
schema language for managing all aspects of the Internet inadequate.
The IESG policy to require working groups to write a MIB module to
provide manageability for new protocols is being replaced by a policy
that is more open to using a variety of management protocols and data
models designed to achieve different goals.
"Design for operations and management" means that the operational This document provides some initial guidelines for considering
environment and manageability of the protocol should be considered operations and management in an IETF Management Framework that
from the start when new protocols are designed. consists of multiple protocols and multiple data modeling languages,
with an eye toward being flexible while also striving for
interoperability.
When a WG considers operation and management functionality for a 1.4. Background
protocol, the document should contain enough information to
understand how the protocol will be deployed and managed, but the WG
should expect that considerations for operations and management may
need to be updated in the future, after further operational
experience has been gained.
2.1. IETF Management Framework There have been a significant number of efforts, meetings, and
documents that are related to Internet operations and management.
Some of them are mentioned here, to help protocol designers find
documentation of previous efforts. Hopefully, providing these
references will help the IETF avoid rehashing old discussions and
reinventing old solutions.
For years the IETF has stressed the use of the IETF Standard In 1988, the IAB published IAB Recommendations for the Development of
Management Framework and MIB modules [RFC2578] for managing new Internet Network Management Standards [RFC1052] which recommended a
protocols. The IETF designed these to permit multiple protocols to solution that, where possible, deliberately separates modeling
utilize the MIB data [RFC1052], but it became a common languages, data models, and the protocols that carry data. The goal
misunderstanding that a MIB module could only be used with the SNMP is to allow standardized information and data models to be used by
protocol (described in [RFC3410] and associated documents). different protocols.
In 2001, OPS Area design teams were created to document requirements In 2001, OPS Area design teams were created to document requirements
related to configuration of IP-based networks. One output was related to configuration of IP-based networks. One output was
"Requirements for Configuration Management of IP-based Networks" "Requirements for Configuration Management of IP-based Networks"
[RFC3139]. [RFC3139].
In 2003, the Internet Architecture Board (IAB) held a workshop on In 2003, the Internet Architecture Board (IAB) held a workshop on
Network Management [RFC3535] that discussed the strengths and Network Management [RFC3535] that discussed the strengths and
weaknesses of some IETF network management protocols, and compared weaknesses of some IETF network management protocols, and compared
them to operational needs, especially configuration. them to operational needs, especially configuration.
skipping to change at page 5, line 48 skipping to change at page 7, line 5
for root cause analysis and logging are not sufficient, and that for root cause analysis and logging are not sufficient, and that
there is a need to support a human interface and a programmatic there is a need to support a human interface and a programmatic
interface. The IETF decided to standardize aspects of the de facto interface. The IETF decided to standardize aspects of the de facto
standard for system logging security and programmatic support. standard for system logging security and programmatic support.
In 2006, the IETF discussed whether the Management Framework should In 2006, the IETF discussed whether the Management Framework should
be updated to accommodate multiple IETF schema languages for be updated to accommodate multiple IETF schema languages for
describing the structure of management information, and multiple IETF describing the structure of management information, and multiple IETF
standard protocols for doing network management. standard protocols for doing network management.
This document provides some initial guidelines for considering 1.5. Available Management Technologies
operations and management in an IETF Management Framework that
consists of multiple protocols and multiple data models, with an eye
toward being flexible while also striving for interoperability.
3. Operational Considerations The IETF has a number of standard management technologies available.
These include SNMP, SYSLOG, RADIUS, DIAMETER, NETCONF, IPFIX, and
others. These protocol standards, pointers to the documents that
define them, and standard information and data models for specific
functionality, are described in "Survey of IETF Network Management
Standards" [I-D.ietf-opsawg-survey-management]
1.6. Terminology
This document deliberately does not use the (capitalized) keywords
described in RFC 2119 [RFC2119]. RFC 2119 states the keywords must
only be used where it is actually required for interoperation or to
limit behavior which has potential for causing harm (e.g., limiting
retransmissions). For example, they must not be used to try to
impose a particular method on implementers where the method is not
required for interoperability. This document is a set of guidelines
based on current practices of protocol designers and operators. This
document does not describe requirements, so the key words from
RFC2119 have no place here.
o CLI: Command Line Interface
o Data model: A mapping of the contents of an information model into
a form that is specific to a particular type of data store or
repository.
o Information model: An abstraction and representation of the
entities in a managed environment, their properties, attributes
and operations, and the way that they relate to each other. It is
independent of any specific repository, software usage, protocol,
or platform.
o "new protocol" includes new protocols, protocol extensions, data
models, or other functionality being designed.
o "protocol designer" represents individuals and working groups
involved in the development of new protocols.
2. Operational Considerations - How Will the New Protocol Fit Into the
Current Environment?
Designers of a new protocol should carefully consider the operational Designers of a new protocol should carefully consider the operational
aspects. To ensure that a protocol will be practical to deploy in aspects. To ensure that a protocol will be practical to deploy in
the real world, it is not enough to merely define it very precisely the real world, it is not enough to merely define it very precisely
in a well-written document. Operational aspects will have a serious in a well-written document. Operational aspects will have a serious
impact on the actual success of a protocol. Such aspects include bad impact on the actual success of a protocol. Such aspects include bad
interactions with existing solutions, a difficult upgrade path, interactions with existing solutions, a difficult upgrade path,
difficulty of debugging problems, difficulty configuring from a difficulty of debugging problems, difficulty configuring from a
central database, or a complicated state diagram that operations central database, or a complicated state diagram that operations
staff will find difficult to understand. staff will find difficult to understand.
BGP flap damping [RFC2439] is an example. It was designed to block BGP flap damping [RFC2439] is an example. It was designed to block
high frequency route flaps, however the design did not consider the high frequency route flaps, however the design did not consider the
existence of BGP path exploration/slow convergence. In real existence of BGP path exploration/slow convergence. In real
operations, path exploration caused false flap damping, resulting in operations, path exploration caused false flap damping, resulting in
loss of reachability. As a result, most places turned flap damping loss of reachability. As a result, most places turned flap damping
off. Regional Internet Registries even issued an official off. Some Regional Internet Registries issued an official
recommendation for turning it off. recommendation for turning it off.
3.1. Operations Model 2.1. Operations Model
Protocol designers can analyze the operational environment and mode Protocol designers can analyze the operational environment and mode
of work in which the new protocol or extension will work. Such an of work in which the new protocol or extension will work. Such an
exercise need not be reflected directly by text in their document, exercise need not be reflected directly by text in their document,
but could help in visualizing the operational model related to the but could help in visualizing the operational model related to the
applicability of the protocol in the Internet environments where it applicability of the protocol in the Internet environments where it
will be deployed. The operational model should take into account will be deployed.
factors such as:
o what type of management entities will be involved (agents, network
management systems)?
o what is the possible architecture (client-server, manager-agent,
poll-driven or event-driven, autoconfiguration, two levels or
hierarchical)?
o what are the management operations - initial configuration,
dynamic configuration, alarm and exception reporting, logging,
performance monitoring, performance reporting, debugging?
o how are these operations performed - locally, remotely, atomic
operation, scripts? Are they performed immediately or time
scheduled or event triggered?
o what are the typical user interfaces - Command line (CLI) or A key question is how the protocol can operate "out of the box". If
graphical user interface (GUI)? implementers are free to select their own defaults, the protocol
Protocol designers should consider how the new protocol will be needs to operate well with any choice of values. If there are
managed in different deployment scales. It might be sensible to use sensible defaults, these need to be stated.
a local management interface to manage the new protocol on a single
device, but in a large network, remote management using a centralized
server and/or using distributed management functionality might make
more sense. Auto-configuration and default parameters might be
possible for some new protocols.
There may be a need to support a human interface, e.g., for There may be a need to support a human interface, e.g., for
troubleshooting, and a programmatic interface, e.g., for automated troubleshooting, and a programmatic interface, e.g., for automated
monitoring and root cause analysis. It might be important that the monitoring and root cause analysis. The application programming
internal method routines used by the application programming interfaces and the human interfaces might benefit from being similar
interfaces and the human interfaces should be the same to ensure that to ensure that the information exposed by these two interfaces is
data exchanged between these two interfaces is always consistent. consistent when presented to an operator. Identifying consistent
Mixing methods leads to inconsistency, so identifying consistent methods of determining information, such as what gets counted in a
methods of retrieving information is relevant. specific counter, is relevant.
Protocol designers should consider what management operations are Protocol designers should consider what management operations are
expected to be performed as a result of the deployment of the expected to be performed as a result of the deployment of the
protocol - such as whether write operations will be allowed on protocol - such as whether write operations will be allowed on
routers and on hosts, or whether notifications for alarms or other routers and on hosts, or whether notifications for alarms or other
events will be expected. events will be expected.
3.2. Installation and Initial Setup 2.2. Installation and Initial Setup
Anything that can be configured can be misconfigured. "Architectural
Principles of the Internet" [RFC1958] Section 3.8 states: "Avoid
options and parameters whenever possible. Any options and parameters
should be configured or negotiated dynamically rather than manually."
To simplify configuration, protocol designers should consider To simplify configuration, protocol designers should consider
specifying reasonable defaults, including default modes and specifying reasonable defaults, including default modes and
parameters. For example, it could be helpful or necessary to specify parameters. For example, it could be helpful or necessary to specify
default values for modes, timers, default state of logical control default values for modes, timers, default state of logical control
variables, default transports, and so on. Even if default values are variables, default transports, and so on. Even if default values are
used, it must be possible to retrieve all the actual values or at used, it must be possible to retrieve all the actual values or at
least an indication that known default values are being used. least an indication that known default values are being used.
Protocol designers should consider how to enable operators to Protocol designers should consider how to enable operators to
concentrate on the configuration of the network as a whole rather concentrate on the configuration of the network as a whole rather
than on individual devices. than on individual devices. Of course, how one accomplishes this is
the hard part.
It is desirable to discuss the background of chosen default values, It is desirable to discuss the background of chosen default values,
or perhaps why a range of values makes sense. In many cases, as or perhaps why a range of values makes sense. In many cases, as
technology changes, the values in an RFC might make less and less technology changes, the values in an RFC might make less and less
sense. It is very useful to understand whether defaults are based on sense. It is very useful to understand whether defaults are based on
best current practice and are expected to change as technologies best current practice and are expected to change as technologies
advance or whether they have a more universal value that should not advance or whether they have a more universal value that should not
be changed lightly. For example, the default interface speed might be changed lightly. For example, the default interface speed might
be expected to change over time due to increased speeds in the be expected to change over time due to increased speeds in the
network, and cryptographical algorithms might be expected to change network, and cryptographical algorithms might be expected to change
over time as older algoithms are "broken". over time as older algorithms are "broken".
it is extremely important to set a sensible default value for all it is extremely important to set a sensible default value for all
parameters parameters
the default value should stay on the conservative side rather than The default value should stay on the conservative side rather than on
on the "optimizing performance" side. (example: the initial RTT the "optimizing performance" side. (example: the initial RTT and
and RTTvar values of a TCP connection) RTTvar values of a TCP connection)
for those parameters that are speed-dependent, instead of using a For those parameters that are speed-dependent, instead of using a
constant, try to set the default value as a function of the link constant, try to set the default value as a function of the link
speed or some other relevant factors. This would help reduce the speed or some other relevant factors. This would help reduce the
chance of problems caused by technology advancement. chance of problems caused by technology advancement.
3.3. Migration Path 2.3. Migration Path
If the new protocol is a new version of an existing one, or if it is If the new protocol is a new version of an existing one, or if it is
replacing another technology, the protocol designer should consider replacing another technology, the protocol designer should consider
how deployments should transition to the new protocol. This should how deployments should transition to the new protocol. This should
include co-existence with previously deployed protocols and/or include co-existence with previously deployed protocols and/or
previous versions of the same protocol, incompatibilities between previous versions of the same protocol, incompatibilities between
versions, translation between versions, and side-effects that might versions, translation between versions, and side-effects that might
occur. Are older protocols or versions disabled or do they co-exist occur. Are older protocols or versions disabled or do they co-exist
in the network with the new protocol? in the network with the new protocol?
3.4. Requirements on Other Protocols and Functional Components Many protocols benefit from being incrementally deployable -
operators may deploy aspects of a protocol before deploying the
protocol fully.
2.4. Requirements on Other Protocols and Functional Components
Protocol designers should consider the requirements that the new Protocol designers should consider the requirements that the new
protocol might put on other protocols and functional components, and protocol might put on other protocols and functional components, and
should also document the requirements from other protocols and should also document the requirements from other protocols and
functional elements that have been considered in designing the new functional elements that have been considered in designing the new
protocol. protocol.
These considerations should generally remain illustrative to avoid These considerations should generally remain illustrative to avoid
creating restrictions or dependencies, or potentially impacting the creating restrictions or dependencies, or potentially impacting the
behavior of existing protocols, or restricting the extensibility of behavior of existing protocols, or restricting the extensibility of
other protocols, or assuming other protocols will not be extended in other protocols, or assuming other protocols will not be extended in
certain ways. certain ways. If restrictions or dependencies exist, they should be
stated.
For example, the design of Resource ReSerVation Protocol (RSVP) For example, the design of Resource ReSerVation Protocol (RSVP)
[RFC2205] required each router to look at the RSVP PATH message, and [RFC2205] required each router to look at the RSVP PATH message, and
if the router understood RSVP, to add its own address to the message if the router understood RSVP, to add its own address to the message
to enable automatically tunneling through non-RSVP routers. But in to enable automatically tunneling through non-RSVP routers. But in
reality routers cannot look at an otherwise normal IP packet, and reality routers cannot look at an otherwise normal IP packet, and
potentially take it off the fast path! The initial designers potentially take it off the fast path! The initial designers
overlooked that a new requirement was being put on the functional overlooked that a new "deep packet inspection" requirement was being
components of a router. The "router alert" option was finally put on the functional components of a router. The "router alert"
developed to solve this problem for RSVP and other protocols that option was finally developed to solve this problem for RSVP and other
require the router to take some packets off the fast forwarding path. protocols that require the router to take some packets off the fast
forwarding path.
3.5. Impact on Network Operation 2.5. Impact on Network Operation
The introduction of a new protocol or extensions to an existing The introduction of a new protocol or extensions to an existing
protocol may have an impact on the operation of existing networks. protocol may have an impact on the operation of existing networks.
Protocol designers should outline such impacts (which may be Protocol designers should outline such impacts (which may be
positive) including scaling concerns and interactions with other positive) including scaling concerns and interactions with other
protocols. For example, a new protocol that doubles the number of protocols. For example, a new protocol that doubles the number of
active, reachable addresses in use within a network might need to be active, reachable addresses in use within a network might need to be
considered in the light of the impact on the scalability of the IGPs considered in the light of the impact on the scalability of the
operating within the network. interior gateway protocols operating within the network.
A protocol could send active monitoring packets on the wire. If we A protocol could send active monitoring packets on the wire. If we
don't pay attention, we might get very good accuracy, but at the cost don't pay attention, we might get very good accuracy, but at the cost
of using all the available bandwidth. of using all the available bandwidth.
The protocol designer should consider the potential impact on the The protocol designer should consider the potential impact on the
behavior of other protocols in the network and on the traffic levels behavior of other protocols in the network and on the traffic levels
and traffic patterns that might change, including specific types of and traffic patterns that might change, including specific types of
traffic such as multicast. Also consider the need to install new traffic such as multicast. Also consider the need to install new
components that are added to the network as result of the changes in components that are added to the network as result of the changes in
the operational model, such as servers performing auto-configuration the operational model, such as servers performing auto-configuration
operations. operations.
The protocol designer should consider also the impact on The protocol designer should consider also the impact on
infrastructure applications like DNS [RFC1034], the registries, or infrastructure applications like DNS [RFC1034], the registries, or
the size of routing tables. For example, Simple Mail Transfer the size of routing tables. For example, Simple Mail Transfer
Protocol (SMTP) [RFC2821] servers use a reverse DNS lookup to filter Protocol (SMTP) [RFC5321] servers use a reverse DNS lookup to filter
out incoming connection requests. When Berkeley installed a new spam out incoming connection requests. When Berkeley installed a new spam
filter, their mail server stopped functioning because of the DNS filter, their mail server stopped functioning because of the DNS
cache resolver overload. cache resolver overload.
The impact on performance may also be noted - increased delay or The impact on performance may also be noted - increased delay or
jitter in real-time traffic applications, or response time in client- jitter in real-time traffic applications, or response time in client-
server applications when encryption or filtering are applied. server applications when encryption or filtering are applied.
It is important to minimize the impact caused by configuration It is important to minimize the impact caused by configuration
changes. Given configuration A and configuration B, it should be changes. Given configuration A and configuration B, it should be
possible to generate the operations necessary to get from A to B with possible to generate the operations necessary to get from A to B with
minimal state changes and effects on network and systems. minimal state changes and effects on network and systems.
3.6. Verifying Correct Operation 2.6. Verifying Correct Operation
The protocol designer should consider techniques for testing the The protocol designer should consider techniques for testing the
effect that the protocol has had on the network by sending data effect that the protocol has had on the network by sending data
through the network and observing its behavior (aka active through the network and observing its behavior (aka active
monitoring). Protocol designers should consider how the correct end- monitoring). Protocol designers should consider how the correct end-
to-end operation of the new protocol in the network can be tested to-end operation of the new protocol in the network can be tested
actively and passively, and how the correct data or forwarding plane actively and passively, and how the correct data or forwarding plane
function of each network element can be verified to be working function of each network element can be verified to be working
properly with the new protocol. Which metrics are of interest? properly with the new protocol. Which metrics are of interest?
Having simple protocol status and health indicators on network Having simple protocol status and health indicators on network
devices is a recommended means to check correct operation. devices is a recommended means to check correct operation.
4. Management Considerations 3. Management Considerations - How Will The Protocol be Managed?
The considerations of manageability should start from describing the The considerations of manageability should start from describing the
operational model, which includes identifying the entities to be operations model, which includes identifying the entities to be
managed, how the respective protocol is supposed to be installed, managed, how the managed protocol is supposed to be installed,
configured and monitored, who are the managers and what type of configured and monitored.
management interfaces and protocols they would use.
Considerations for management should include a discussion of what Considerations for management should include a discussion of what
needs to be managed, and how to achieve various management tasks. needs to be managed, and how to achieve various management tasks.
The "write a MIB module" approach to considering management often Where are the managers and what type of management interfaces and
focuses on monitoring a protocol endpoint on a single device. A MIB protocols will they need? The "write a MIB module" approach to
module document typically only considers monitoring properties considering management often focuses on monitoring a protocol
observable at one end, while the document does not really cover endpoint on a single device. A MIB module document typically only
managing the *protocol* (the coordination of multiple ends), and does considers monitoring properties observable at one end, while the
not even come near managing the *service* (which includes a lot of document does not really cover managing the *protocol* (the
stuff that is very far away from the box). This is exactly what coordination of multiple ends), and does not even come near managing
operators hate - you need to be able to manage both ends. As the *service* (which includes a lot of stuff that is very far away
[RFC3535] says, MIB modules can often be characterized as a list of from the box). This is exactly what operators hate - you need to be
ingredients without a recipe. able to manage both ends. As [RFC3535] says, MIB modules can often
be characterized as a list of ingredients without a recipe.
The management model should take into account factors such as:
o what type of management entities will be involved (agents, network
management systems)?
o what is the possible architecture (client-server, manager-agent,
poll-driven or event-driven, autoconfiguration, two levels or
hierarchical)?
o what are the management operations - initial configuration,
dynamic configuration, alarm and exception reporting, logging,
performance monitoring, performance reporting, debugging?
o how are these operations performed - locally, remotely, atomic
operation, scripts? Are they performed immediately or time
scheduled or event triggered?
Protocol designers should consider how the new protocol will be
managed in different deployment scales. It might be sensible to use
a local management interface to manage the new protocol on a single
device, but in a large network, remote management using a centralized
server and/or using distributed management functionality might make
more sense. Auto-configuration and default parameters might be
possible for some new protocols.
Management needs to be considered not only from the perspective of a Management needs to be considered not only from the perspective of a
device, but also from the perspective of network and service device, but also from the perspective of network and service
management perspectives. A service might be network and operational management perspectives. A service might be network and operational
functionality derived from the implementation and deployment of a new functionality derived from the implementation and deployment of a new
protocol. Often an individual network element is not aware of the protocol. Often an individual network element is not aware of the
service being delivered. service being delivered.
WGs should consider how to configure multiple related/co-operating WGs should consider how to configure multiple related/co-operating
devices and how to back off if one of those configurations fails or devices and how to back off if one of those configurations fails or
causes trouble. NETCONF addresses this in a generic manner by causes trouble. NETCONF [RFC4741] addresses this in a generic manner
allowing an operator to lock the configuration on multiple devices, by allowing an operator to lock the configuration on multiple
perform the configuration settings/changes, check that they are OK devices, perform the configuration settings/changes, check that they
(undo if not) and then unlock the devices. are OK (undo if not) and then unlock the devices.
Techniques for debugging protocol interactions in a network must be Techniques for debugging protocol interactions in a network must be
part of the network management discussion. Implementation source part of the network management discussion. Implementation source
code should be debugged before ever being added to a network, so code should be debugged before ever being added to a network, so
asserts and memory dumps do not normally belong in management data asserts and memory dumps do not normally belong in management data
models. However, debugging on-the-wire interactions is a protocol models. However, debugging on-the-wire interactions is a protocol
issue: it is enormously helpful if a protocol has hooks to make issue: while the messages can be seen by sniffing, it is enormously
debugging of network interactions easy, and/or is designed in such a helpful if a protocol specification supports features that make
way that debugging protocol behaviors is easy. Hand-waving this away debugging of network interactions and behaviors easier. There could
is not something that operators like ... be alerts issued when messages are received, or when there are state
transitions in the protocol state machine. However, the state
machine is often not part of the on-the-wire protocol; the state
machine explains how the protocol works so that an implementer can
decide, in an implementation-specific manner, how to react to a
received event.
In a client/server protocol, it may be more important to instrument In a client/server protocol, it may be more important to instrument
the server end of a protocol than the client end. the server end of a protocol than the client end, since the
performance of the server might impact more nodes than the
performance of a specific client.
4.1. Interoperability 3.1. Interoperability
Just as when deploying protocols that will inter-connect devices, our Just as when deploying protocols that will inter-connect devices, our
primary goal in considering management should be interoperability, primary goal in considering management should be interoperability,
whether across devices from different vendors, across models from the whether across devices from different vendors, across models from the
same vendor, or across different releases of the same product. same vendor, or across different releases of the same product.
Management interoperability refers to allowing information sharing Management interoperability refers to allowing information sharing
and operations between multiple devices and multiple management and operations between multiple devices and multiple management
applications, often from different vendors. Interoperability allows applications, often from different vendors. Interoperability allows
for the use of 3rd party applications and the outsourcing of for the use of 3rd party applications and the outsourcing of
management services. management services.
skipping to change at page 12, line 20 skipping to change at page 14, line 34
IP Flow Information Export (IPFIX) Protocol [RFC5101]) for usage IP Flow Information Export (IPFIX) Protocol [RFC5101]) for usage
accounting accounting
The syslog Protocol [I-D.ietf-syslog-protocol] for logging The syslog Protocol [I-D.ietf-syslog-protocol] for logging
and others and others
Interoperability needs to be considered on the syntactic level and Interoperability needs to be considered on the syntactic level and
the semantic level. While it can be irritating and time-consuming, the semantic level. While it can be irritating and time-consuming,
application designers including operators who write their own scripts application designers including operators who write their own scripts
can make their processing conditional to accommodate differences can make their processing conditional to accommodate syntactic
across vendors or models or releases of product. differences across vendors or models or releases of product.
Semantic differences are much harder to deal with on the manager side Semantic differences are much harder to deal with on the manager side
- once you have the data, its meaning is a function of the managed - once you have the data, its meaning is a function of the managed
entity. For example, if a single counter provided by vendor A counts entity. For example, if a single counter provided by vendor A counts
three types of error conditions, while the corresponding counter three types of error conditions, while the corresponding counter
provided by vendor B counts seven types of error conditions, these provided by vendor B counts seven types of error conditions, these
counters cannot be compared effectively - they are not interoperable counters cannot be compared effectively - they are not interoperable
counters. counters.
Information models are helpful to try to focus interoperability on Information models are helpful to try to focus interoperability on
the semantic level - they establish standards for what information the semantic level - they establish standards for what information
should be gathered, and how gathered information might be used should be gathered, and how gathered information might be used
regardless of which management interface carries the data or which regardless of which management interface carries the data or which
vendor produces the product. The use of an information model might vendor produces the product. The use of an information model might
help improve the ability of operators to correlate messages in help improve the ability of operators to correlate messages in
different protocols where the data overlaps, such as a SYSLOG message different protocols where the data overlaps, such as a SYSLOG message
and an SNMP notification about the same event. An information model and an SNMP notification about the same event. An information model
might identify which error conditions should be counted separately, might identify which error conditions should be counted separately,
and which error conditions can be counted together in a single and which error conditions can be counted together in a single
counter. Then, whether the counter is gathered via SNMP or a CLI counter. Then, whether the counter is gathered via SNMP or a CLI
command or a SYSLOG message, the counter will have similar meaning. command or a SYSLOG message, the counter will have the same meaning.
Protocol designers should consider which information might be useful Protocol designers should consider which information might be useful
for managing the new protocol or protocol extensions. for managing the new protocol or protocol extensions.
IM --> conceptual/abstract model IM --> conceptual/abstract model
| for designers and operators | for designers and operators
+----------+---------+ +----------+---------+
| | | | | |
DM DM DM --> concrete/detailed model DM DM DM --> concrete/detailed model
for implementers for implementers
skipping to change at page 13, line 38 skipping to change at page 15, line 46
o [RFC3460] - Policy Core Information Model Extensions o [RFC3460] - Policy Core Information Model Extensions
o [RFC3585] - IPsec Configuration Policy Information Model o [RFC3585] - IPsec Configuration Policy Information Model
o [RFC3644] - Policy Quality of Service Information Model o [RFC3644] - Policy Quality of Service Information Model
o [RFC3670] - Information Model for Describing Network Device QoS o [RFC3670] - Information Model for Describing Network Device QoS
Datapath Mechanisms Datapath Mechanisms
o [RFC3805] - Printer MIB v2 (contains both an IM and a DM o [RFC3805] - Printer MIB v2 contains both an IM and a DM
Management protocol standards and management data model standards Management protocol standards and management data model standards
often contain compliance clauses to ensure interoperability. often contain compliance clauses to ensure interoperability.
Manageability considerations should include discussion of which level Manageability considerations should include discussion of which level
of compliance is expected to be supported for interoperability. of compliance is expected to be supported for interoperability.
4.2. Management Information 3.2. Management Information
Languages used to describe an information model can influence the
nature of the model. Using a particular data modeling language, such
as the SMIv2, influence the model to use certain types of structures,
such as two-dimensional tables. This document recommends using
English text (the official language for IETF specifications) to
describe an information model. A sample data model could be
developed to demonstrate the information model.
A management information model should include a discussion of what is A management information model should include a discussion of what is
manageable, which aspects of the protocol need to be configured, what manageable, which aspects of the protocol need to be configured, what
types of operations are allowed, what protocol-specific events might types of operations are allowed, what protocol-specific events might
occur, which events can be counted, and for which events should an occur, which events can be counted, and for which events should an
operator be notified. operator be notified.
Operators find it important to be able to make a clear distinction Operators find it important to be able to make a clear distinction
between configuration data, operational state, and statistics. They between configuration data, operational state, and statistics. They
need to determine which parameters were administrative configured and need to determine which parameters were administratively configured
which parameters have changed since configuration as the result of and which parameters have changed since configuration as the result
mechanisms such as routing protocols. of mechanisms such as routing protocols or network management
protocols. It is important to be able to separately fetch current
It is important to be able to separately fetch configuration data, configuration information, initial configuration information,
operational state data, and statistics from devices, and to be able operational state information, and statistics from devices, and to be
to compare current state to initial state, and to compare data able to compare current state to initial state, and to compare
between devices. information between devices. So when deciding what information
should exist, do not conflate multiple information elements into a
single element.
What is typically difficult to work through are relationships between What is typically difficult to work through are relationships between
abstract objects. Ideally an information model would describe the abstract objects. Ideally an information model would describe the
relationships between the objects and concepts in the information relationships between the objects and concepts in the information
model. model.
Is there always just one instance of this object or can there be Is there always just one instance of this object or can there be
multiple instances? Does this object relate to exactly one other multiple instances? Does this object relate to exactly one other
object or may it relate to multiple? When is it possible to change a object or may it relate to multiple? When is it possible to change a
relationship? relationship?
Do objects (such as rows in tables) share fate? For example, if a Do objects (such as rows in tables) share fate? For example, if a
row in table A must exist before a related row in table B can be row in table A must exist before a related row in table B can be
created, what happens to the row in table B if the related row in created, what happens to the row in table B if the related row in
table A is deleted? Does the existence of relationships between table A is deleted? Does the existence of relationships between
objects have an impact on fate sharing? objects have an impact on fate sharing?
4.3. Fault Management 3.2.1. Information Model Design
This document recommends keeping the information model as simple as
possible by applying the following criteria:
1. Start with a small set of essential objects and add only as
further objects are needed.
2. Require that objects be essential for management.
3. Consider evidence of current use and/or utility.
4. Limit the total number of objects.
5. Exclude objects that are simply derivable from others in this or
other information models.
6. Avoid causing critical sections to be heavily instrumented. A
guideline is one counter per critical section per layer.
3.3. Fault Management
The protocol designer should document the basic faults and health The protocol designer should document the basic faults and health
indicators that need to be instrumented for the new protocol, and the indicators that need to be instrumented for the new protocol, and the
alarms and events that must be propagated to management applications alarms and events that must be propagated to management applications
or exposed through a data model. or exposed through a data model.
The protocol designer should consider how faults information will be The protocol designer should consider how fault information will be
propagated. Will it be done using asynchronous notifications or propagated. Will it be done using asynchronous notifications or
polling of health indicators? polling of health indicators?
If notifications are used to alert operators to certain conditions, If notifications are used to alert operators to certain conditions,
then the protocol designer should discuss mechanisms to throttle then the protocol designer should discuss mechanisms to throttle
notifications to prevent congestion and duplications of event notifications to prevent congestion and duplications of event
notifications. Will there be a hierarchy of faults, and will the notifications. Will there be a hierarchy of faults, and will the
fault reporting be done by each fault in the hierarchy, or will only fault reporting be done by each fault in the hierarchy, or will only
the lowest fault be reported and the higher levels be suppressed? the lowest fault be reported and the higher levels be suppressed?
should there be aggregated status indicators based on concatenation Should there be aggregated status indicators based on concatenation
of propagated faults from a given domain or device? of propagated faults from a given domain or device?
SNMP notifications and SYSLOG messages can alert an operator when an SNMP notifications and SYSLOG messages can alert an operator when an
aspect of the new protocol fails or encounters an error or failure aspect of the new protocol fails or encounters an error or failure
condition, and SNMP is frequently used as a heartbeat monitor. condition, and SNMP is frequently used as a heartbeat monitor.
Should the event reporting provide gyaranteed accurate delivery of Should the event reporting provide guaranteed accurate delivery of
the event information within a given (high) margin of confidence? the event information within a given (high) margin of confidence?
Can we poll the latest events in the box? Can we poll the latest events in the box?
4.3.1. Liveness Detection and Monitoring 3.3.1. Liveness Detection and Monitoring
Liveness detection and monitoring applies both to the control plane Liveness detection and monitoring applies both to the control plane
and the data plane. Mechanisms for detecting faults in the control and the data plane. Mechanisms for detecting faults in the control
plane or for monitoring its liveness are usually built into the plane or for monitoring its liveness are usually built into the
control plane protocols or inherited from underlying data plane or control plane protocols or inherited from underlying data plane or
forwarding plane protocols. These mechanisms do not typically forwarding plane protocols. These mechanisms do not typically
require additional management capabilities. However, when a system require additional management capabilities. However, when a system
detects a control plane fault, there is often a requirement to detects a control plane fault, there is often a requirement to
coordinate recovery action through management applications or at coordinate recovery action through management applications or at
least to record the fact in an event log. least to record the fact in an event log.
skipping to change at page 15, line 34 skipping to change at page 18, line 29
achieved through other mechanisms. In some cases, these mechanisms achieved through other mechanisms. In some cases, these mechanisms
already exist within other protocols responsible for maintaining already exist within other protocols responsible for maintaining
lower layer connectivity, but it will often be the case that new lower layer connectivity, but it will often be the case that new
procedures are required to detect failures in the data path and to procedures are required to detect failures in the data path and to
report rapidly, allowing remedial action to be taken. report rapidly, allowing remedial action to be taken.
Protocol designers should always build in basic testing features Protocol designers should always build in basic testing features
(e.g. ICMP echo, UDP/TCP echo service, NULL RPC calls) that can be (e.g. ICMP echo, UDP/TCP echo service, NULL RPC calls) that can be
used to test for liveness, with an option to enable and disable them. used to test for liveness, with an option to enable and disable them.
4.3.2. Fault Determination 3.3.2. Fault Determination
It can be helpful to describe how faults can be pinpointed using It can be helpful to describe how faults can be pinpointed using
management information. For example, counters might record instances management information. For example, counters might record instances
of error conditions. Some faults might be able to be pinpointed by of error conditions. Some faults might be able to be pinpointed by
comparing the outputs of one device and the inputs of another device comparing the outputs of one device and the inputs of another device
looking for anomalies. looking for anomalies.
How do you distinguish between faulty messages and good messages? How do you distinguish between faulty messages and good messages?
Would some threshold-based mechanisms, such as RMON events/alarms or Would some threshold-based mechanisms, such as RMON events/alarms or
the EVENT-MIB, be useable to help determine error conditions? Are the EVENT-MIB, be useable to help determine error conditions? Are
SNMP notifications for all events needed, or are there some SNMP notifications for all events needed, or are there some
"standard" notifications that could be used? or can the right "standard" notifications that could be used? or can relevant counters
counters that can be polled as needed? be polled as needed?
4.3.3. Fault Isolation 3.3.3. Root Cause Analysis
It might be useful to isolate faults, such as a system that emits Root cause analysis is about working out where in the network the
malformed messages necessary to coordinate connections properly. fault is. For example, if end-to-end data delivery is failing
Spanning tree comes to mind. This might be able to be done by (reported by a notification), root cause analysis can help find the
failed link or node in the end-to-end path.
3.3.4. Fault Isolation
It might be useful to isolate or quarantine faults, such as isolating
a device that emits malformed messages that are necessary to
coordinate connections properly. This might be able to be done by
configuring next-hop devices to drop the faulty messages to prevent configuring next-hop devices to drop the faulty messages to prevent
them from entering the rest of the network. them from entering the rest of the network.
4.4. Configuration Management 3.4. Configuration Management
A protocol desoigners should document what the basic configuration A protocol designer should document the basic configuration
parameters that need to be instrumented for a new protocol, as well parameters that need to be instrumented for a new protocol, as well
as default values and modes of operation. as default values and modes of operation.
What information should be maintained across reboots of the device, What information should be maintained across reboots of the device,
or restarts of the management system? or restarts of the management system?
"Requirements for Configuration Management of IP-based Networks" "Requirements for Configuration Management of IP-based Networks"
[RFC3139] discusses requirements for configuration management. This [RFC3139] discusses requirements for configuration management,
document includes discussion of different levels of management, including discussion of different levels of management, high-level-
including high-level-policies, network-wide configuration data, and policies, network-wide configuration data, and device-local
device-local configuration. configuration. Network configuration is not just multi-device push
or pull. It is knowing that the configurations being pushed are
semantically compatible. Is the circuit between them configured
compatibly on both ends? is the is-is metric the same? ... now do
that for 1,000 devices.
A number of efforts have existed in the IETF to develop policy-based A number of efforts have existed in the IETF to develop policy-based
management. "Terminology for Policy-Based Management" [RFC3198] was management. "Terminology for Policy-Based Management" [RFC3198] was
written to standardize the terminology across these efforts. Some of written to standardize the terminology across these efforts.
the efforts resulted in proposals that are NOT RECOMMENDED, so a
protocol designer should check the current recommendation status
before depending on a specific protocol suggestion.
It is highly desirable that text processing tools such as diff, and
version management tools such as RCS or CVS or SVN, can be used to
process configurations. This approach simplifies comparing the
current operational state to the initial configuration. It is
commonplace to compare configuration changes to e.g., last day, last
week, last month, etc. -- having configuration in a text, and human-
understandable format is very valuable for various reasons such as
change control (or verification), configuration consistency checks,
etc.
With structured text such as XML, simple text diffs may be found to
be inadequate and more sophisticated tools may be needed to make any
useful comparison of versions.
To simplify such configuration comparisons, devices should not Implementations should not arbitrarily modify configuration data. In
arbitrarily reorder data such as access control lists. If a protocol some cases (such as Access Control Lists) the order of data items is
significant and comprises part of the configured data. If a protocol
designer defines mechanisms for configuration, it would be desirable designer defines mechanisms for configuration, it would be desirable
to standardize the order of elements for consistency of configuration to standardize the order of elements for consistency of configuration
and of reporting across vendors, and across releases from vendors. and of reporting across vendors, and across releases from vendors.
There are two parts to this: 1. An NMS system could optimize ACLs There are two parts to this: 1. An NMS system could optimize access
for performance reasons 2. Unless the device/NMS systems has correct control lists (ACLs) for performance reasons 2. Unless the device/
rules/a lot of experience, reordering ACLs can lead to a huge NMS systems has correct rules/a lot of experience, reordering ACLs
security issue. can lead to a huge security issue.
Network wide configurations are ideally stored in central master Network wide configurations may be stored in central master databases
databases and transformed into formats that can be pushed to devices, and transformed into formats that can be pushed to devices, either by
either by generating sequences of CLI commands or complete generating sequences of CLI commands or complete configuration files
configuration files that are pushed to devices. There is no common that are pushed to devices. There is no common database schema for
database schema for network configuration, although the models used network configuration, although the models used by various operators
by various operators are probably very similar. It is desirable to are probably very similar. Many operators consider it desirable to
extract, document, and standardize the common parts of these network extract, document, and standardize the common parts of these network
wide configuration database schemas. A protocol designer should wide configuration database schemas. A protocol designer should
consider how to standardize the common parts of configuring the new consider how to standardize the common parts of configuring the new
protocol, while recognizing the vendors will likely have proprietary protocol, while recognizing that vendors may also have proprietary
aspects of their configurations. aspects of their configurations.
It is important to distinguish between the distribution of
configurations and the activation of a certain configuration.
Devices should be able to hold multiple configurations. NETCONF
[RFC4741], for example, differentiates between the "running"
configuration and "candidate" configurations.
It is important to enable operators to concentrate on the It is important to enable operators to concentrate on the
configuration of the network as a whole rather than individual configuration of the network as a whole rather than individual
devices. Support for configuration transactions across a number of devices. Support for configuration transactions across a number of
devices would significantly simplify network configuration devices could significantly simplify network configuration
management. The ability to distribute configurations to multiple management. The ability to distribute configurations to multiple
devices, or modify "candidate configurations on multiple devices, and devices, or modify candidate configurations on multiple devices, and
then activate them in a near-simultaneous manner might help. then activate them in a near-simultaneous manner might help.
Protocol designers can consider how it would make sense for their Protocol designers can consider how it would make sense for their
protocol to be configured across multiple devices. Configuration- protocol to be configured across multiple devices. Configuration-
templates might also be helpful. templates might also be helpful.
Consensus of the 2002 IAB Workshop was that textual configuration Consensus of the 2002 IAB Workshop [RFC3535] was that textual
files should be able to contain international characters. Human- configuration files should be able to contain international
readable strings should utilize UTF-8, and protocol elements should characters. Human-readable strings should utilize UTF-8, and
be in case insensitive ASCII. protocol elements should be in case insensitive ASCII.
A mechanism to dump and restore configurations is a primitive A mechanism to dump and restore configurations is a primitive
operation needed by operators. Standards for pulling and pushing operation needed by operators. Standards for pulling and pushing
configurations from/to devices are desirable. configurations from/to devices are desirable.
Given configuration A and configuration B, it should be possible to Given configuration A and configuration B, it should be possible to
generate the operations necessary to get from A to B with minimal generate the operations necessary to get from A to B with minimal
state changes and effects on network and systems. It is important to state changes and effects on network and systems. It is important to
minimize the impact caused by configuration changes. minimize the impact caused by configuration changes.
Many protocol specifications include timers that are used as part of Many protocol specifications include timers that are used as part of
operation of the protocol. These timers may need default values operation of the protocol. These timers should have default values
suggested in the protocol specification and do not need to be suggested in the protocol specification and may not need to be
otherwise configurable. otherwise configurable.
4.4.1. Verifying Correct Operation 3.4.1. Verifying Correct Operation
An important function that should be provided is guidance on how to An important function that should be provided is guidance on how to
verify the correct operation of a protocol. A protocol designer verify the correct operation of a protocol. A protocol designer
could suggest techniques for testing the impact of the protocol on could suggest techniques for testing the impact of the protocol on
the network before it is deployed, and techniques for testing the the network before it is deployed, and techniques for testing the
effect that the protocol has had on the network after being deployed. effect that the protocol has had on the network after being deployed.
Protocol designers should consider how to test the correct end-to-end Protocol designers should consider how to test the correct end-to-end
operation of the network, and how to verify the correct data or operation of the network, and how to verify the correct data or
forwarding plane function of each network element. This may be forwarding plane function of each network element. This may be
achieved through status and statistical information from network achieved through status and statistical information from network
devices. devices.
4.4.2. Control of Function and Policy 3.4.2. Control of Function and Policy
A protocol designer should consider the configurable items that exist A protocol designer should consider the configurable items that exist
for the control of function via the protocol elements described in for the control of function via the protocol elements described in
the protocol specification. For example, Sometimes the protocol the protocol specification. For example, sometimes the protocol
requires that timers can be configured by the operator to ensure requires that timers can be configured by the operator to ensure
specific policy-based behavior by the implementation. specific policy-based behavior by the implementation.
4.5. Accounting Management 3.5. Accounting Management
A protocol designer should consider whether it would be appropriate A protocol designer should consider whether it would be appropriate
to collect usage information related to this protocol, and if so, to collect usage information related to this protocol, and if so,
what usage information would be appropriate to collect? what usage information would be appropriate to collect.
"Introduction to Accounting Management" [RFC2975] discusses a number "Introduction to Accounting Management" [RFC2975] discusses a number
of factors relevant to monitoring usage of protocols for purposes of of factors relevant to monitoring usage of protocols for purposes of
capacity and trend analysis, cost allocation, auditing, and billing. capacity and trend analysis, cost allocation, auditing, and billing.
This document also discusses how Remote Authentication Dial In User The document also discusses how some existing protocols can be used
Service (RADIUS) [RFC2865], Terminal Access Controller Access Control for these purposes. These factors should be considered when
System (TACACS) [RFC1492], SNMP, IPFIX, and Packet Sampling (PSAMP) designing a protocol whose usage might need to be monitored, or when
Protocol [I-D.ietf-psamp-protocol] protocols can be used for these recommending a protocol to do usage accounting.
purposes. These factors should be considered when designing a
protocol whose usage might need to be monitored, or when recommending
a protocol to do usage accounting.
4.6. Performance Management
Consider information that would be useful when trying to determine
the performance characteristics of a deployed system using the target
protocol.
There are several parts to performance management to be considered: 3.6. Performance Management
protocol monitoring, services monitoring, and device monitoring (the
impact of the new protocol/service activation on the device).
From a manageability point of view it is important to determine how From a manageability point of view it is important to determine how
well a network deploying the protocol or technology defined in the well a network deploying the protocol or technology defined in the
document is doing. In order to do this the network operators need to document is doing. In order to do this the network operators need to
consider information that would be useful to determine the consider information that would be useful to determine the
performance characteristics of a deployed system using the target performance characteristics of a deployed system using the target
protocol. protocol.
Consider scalability, such as whether performance will be affected by The Benchmarking Methodology WG (BMWG) has defined recommendations
the number of protocol connections. If so, then it might be useful for the measurement of the performance characteristics of various
to provide information about the maximum number of table entries that internetworking technologies in a laboratory environment, including
should be expected to be modeled, how many entries an implementation the systems or services that are built from these technologies. Each
can support, the current number of instances, and the expected recommendation describes the class of equipment, system, or service
behavior when the current instances exceed the capacity of the being addressed; discuss the performance characteristics that are
implementation. This should be considered in a data-modeling pertinent to that class; clearly identify a set of metrics that aid
independent manner - what makes managed-protocol sense, not what in the description of those characteristics; specify the
makes management-protocol-sense. If it is not managed-protocol- methodologies required to collect said metrics; and lastly, present
dependent, then it should be left for the management-protocol data the requirements for the common, unambiguous reporting of
modelers to decide. For example, VLAN identifiers have a range of benchmarking results.
1..4095 because of the VLAN standards. A MIB implementing a VLAN
table should be able to support 4096 entries because the content
being modeled requires it.
Any recommendation in the document should be data-modeling language Performance metrics may be useful in multiple environments, and for
independent. The protocol document should make clear the limitations different protocols. The IP Performance Monitoring (IPPM) WG or
implicit within the protocol and the behavior when limits are Benchmarking (BMWG) WG may have already defined metrics that would be
exceeded. useful for the new protocol. In some cases, new metrics need to be
defined. It would be useful if the protocol documentation identified
the need for such new metrics. For performance monitoring, it is
often important to report the time spent in a state rather than the
current state. Snapshots are of less value for performance
monitoring.
Consider the capability of determining the operational activity, such There are several parts to performance management to be considered:
as the number of message in and the messages out, the number of protocol monitoring, device monitoring (the impact of the new
received messages rejected due to format problems, the expected protocol/service activation on the device), network monitoring, and
behaviors when a malformed message is received. service monitoring (the impact of service activation on the network).
3.6.1. Monitoring the Protocol
Certain properties of protocols are useful to monitor. The number of
protocol packets received, the number of packets sent, and the number
of packets dropped are usually very helpful to operators.
Packet drops should be reflected in counter variable(s) somewhere
that can be inspected - both from the security point of view and from
the troubleshooting point of view.
Counter definitions should be unambiguous about what is included in
the count, and what is not included in the count.
Consider the expected behaviors for counters - what is a reasonable Consider the expected behaviors for counters - what is a reasonable
maximum value for expected usage? should they stop counting at the maximum value for expected usage? Should they stop counting at the
maximum value and retain the maximum value, or should they rollover? maximum value and retain the maximum value, or should they rollover?
How can users determine if a rollover has occurred, and how can users How can users determine if a rollover has occurred, and how can users
determine if more than one rollover has occurred? determine if more than one rollover has occurred?
Consider whether multiple management applications will share a Consider whether multiple management applications will share a
counter; if so, then no one management application should be allowed counter; if so, then no one management application should be allowed
to reset the value to zero since this will impact other applications. to reset the value to zero since this will impact other applications.
Could events, such as hot-swapping a blade in a chassis, cause Could events, such as hot-swapping a blade in a chassis, cause
discontinuities in information? Does this make any difference in discontinuities in counter? Does this make any difference in
evaluating the performance of a protocol? evaluating the performance of a protocol?
For performance monitoring, it is often important to report the time The protocol document should make clear the limitations implicit
spent in a state rather than the current state. Snapshots are of within the protocol and the behavior when limits are exceeded. This
less value for performance monitoring. should be considered in a data-modeling independent manner - what
makes managed-protocol sense, not what makes management-protocol-
sense. If constraints are not managed-protocol-dependent, then it
should be left for the management-protocol data modelers to decide.
For example, VLAN identifiers have a range of 1..4095 because of the
VLAN standards. A MIB implementing a VLAN table should be able to
support 4096 entries because the content being modeled requires it.
The Benchmarking Methodology WG (bmwg) has defined recommendations 3.6.2. Monitoring the Device
for the measurement of the performance characteristics of various
internetworking technologies in a laboratory environment, including Consider whether device performance will be affected by the number of
the systems or services that are built from these technologies. Each protocol entities being instantiated on the device. Designers of an
recommendation describes the class of equipment, system, or service information model should include information, accessible at runtime,
being addressed; discuss the performance characteristics that are about the maximum number of instances an implementation can support,
pertinent to that class; clearly identify a set of metrics that aid the current number of instances, and the expected behavior when the
in the description of those characteristics; specify the current instances exceed the capacity of the implementation or the
methodologies required to collect said metrics; and lastly, present capacity of the device.
the requirements for the common, unambiguous reporting of
benchmarking results. Designers of an information model should model information,
accessible at runtime, about the maximum number of protocol entity
instances an implementation can support on a device, the current
number of instances, and the expected behavior when the current
instances exceed the capacity of the device.
3.6.3. Monitoring the Network
Consider whether network performance will be affected by the number
of protocol entities being deployed.
Consider the capability of determining the operational activity, such
as the number of messages in and the messages out, the number of
received messages rejected due to format problems, the expected
behaviors when a malformed message is received.
What are the principal performance factors that need to be looked at What are the principal performance factors that need to be looked at
when measuring the operational performance of the protocol when measuring the operational performance of the network built using
implementations? Is it important to measure setup times? throughput? the protocol? Is it important to measure setup times? end-to-end
quality versus throughput? interruptions? end-to-end throughput? end- connectivity? hop-to-hop connectivity? network throughput?
to-end quality? hop-to-hop throughput? In many cases the performance
metrics are generic and already defined by work done in the IPPM WG,
or BMWG for example, but in some cases new metrics need to be
defined. It would be useful if the document would identify the need
for such new metrics.
4.7. Security Management 3.6.4. Monitoring the Service
What are the principal performance factors that need to be looked at
when measuring the performance of a service using the protocol? Is
it important to measure application-specific throughput? client-
server associations? end-to-end application quality? service
interruptions? user experience?
3.7. Security Management
Protocol designers should consider how to monitor and to manage Protocol designers should consider how to monitor and to manage
security aspects and vulnerabilities of the new protocol. security aspects and vulnerabilities of the new protocol.
There will be security considerations related to the new protocol. There will be security considerations related to the new protocol.
To make it possible for operators to be aware of security-related To make it possible for operators to be aware of security-related
events, it is recommended that system logs should record events, such events, it is recommended that system logs should record events, such
as failed logins, but the logs must be secured. as failed logins, but the logs must be secured.
Should a system automatically notify operators of every event Should a system automatically notify operators of every event
skipping to change at page 21, line 31 skipping to change at page 24, line 38
that was previously not accessible is now exposed over the network that was previously not accessible is now exposed over the network
and to management applications and may become a source of potential and to management applications and may become a source of potential
security threats. security threats.
The granularity of access control needed on management interfaces The granularity of access control needed on management interfaces
needs to match operational needs. Typical requirements are a role- needs to match operational needs. Typical requirements are a role-
based access control model and the principle of least privilege, based access control model and the principle of least privilege,
where a user can be given only the minimum access necessary to where a user can be given only the minimum access necessary to
perform a required task. perform a required task.
It must be possible to do consistency checks of access control lists Some operators wish to do consistency checks of access control lists
across devices. Protocol designers should consider information across devices. Protocol designers should consider information
models to promote comparisons across devices and across vendors to models to promote comparisons across devices and across vendors to
permit checking the consistency of security configurations. permit checking the consistency of security configurations.
Protocol designers should consider how to provide a secure transport, Protocol designers should consider how to provide a secure transport,
authentication, identity, and access control which integrates well authentication, identity, and access control which integrates well
with existing key and credential management infrastructure. It is a with existing key and credential management infrastructure. It is a
good idea to start with defining the threat model for the protocol, good idea to start with defining the threat model for the protocol,
and from that deducing what is required. and from that deducing what is required.
skipping to change at page 22, line 9 skipping to change at page 25, line 17
alert operators to the conditions identified in the security alert operators to the conditions identified in the security
considerations for the new protocol. For example, you can log all considerations for the new protocol. For example, you can log all
the commands entered by the operator using syslog (giving you some the commands entered by the operator using syslog (giving you some
degree of audit trail), or you can see who has logged on/off using degree of audit trail), or you can see who has logged on/off using
SSH from where, failed SSH logins can be logged using syslog, etc. SSH from where, failed SSH logins can be logged using syslog, etc.
An analysis of existing counters might help operators recognize the An analysis of existing counters might help operators recognize the
conditions identified in the security considerations for the new conditions identified in the security considerations for the new
protocol before they can impact the network. protocol before they can impact the network.
RADIUS and DIAMETER can provide authentication and authorization. A Different management protocols use different assumptions about
protocol designer should consider which attributes would be message security and data access controls. A protocol designer that
appropriate for their protocol. recommends using different protocols should consider how security
will be applied in a balanced manner across multiple management
Different protocols use different assumptions about message security interfaces. SNMP authority levels and policy are data-oriented,
and data access controls. A protocol designer that recommends using while CLI authority levels and policy are usually command (task)
different protocols should consider how security will be applied in a oriented. Depending on the management function, sometimes data-
balanced manner across multiple management interfaces. SNMP access oriented or task-oriented approaches make more sense. Protocol
control is data-oriented, while CLI access control is usually command designers should consider both data-oriented and task-oriented
(task) oriented. Depending on the management function, sometimes authority levels and policy.
data-oriented or task-oriented access control makes more sense.
Protocol designers should consider both data-oriented and task-
oriented access control.
5. Documentation Guidelines 4. Documentation Guidelines
This document is focused on what to think about, and how to document This document is focused on what to think about, and how to document
the considerations of the protocol designer. the considerations of the protocol designer.
5.1. Recommended Discussions 4.1. Recommended Discussions
A Manageability Considerations section should include discussion of A Manageability Considerations section should include discussion of
the management and operations topics raised in this document, and the management and operations topics raised in this document, and
when one or more of these topics is not relevant, it would be useful when one or more of these topics is not relevant, it would be useful
to contain a simple statement explaining why the topic is not to contain a simple statement explaining why the topic is not
relevant for the new protocol. Of course, additional relevant topics relevant for the new protocol. Of course, additional relevant topics
should be included as well. should be included as well.
Existing protocols and data models can provide the management Existing protocols and data models can provide the management
functions identified in the previous section. Protocol designers functions identified in the previous section. Protocol designers
should consider how using existing protocols and data models might should consider how using existing protocols and data models might
impact network operations. impact network operations.
5.2. Null Manageability Considerations Sections 4.2. Null Manageability Considerations Sections
A protocol designer may seriously consider the manageability A protocol designer may seriously consider the manageability
requirements of a new protocol, and determine that no management requirements of a new protocol, and determine that no management
functionality is needed by the new protocol. It would be helpful to functionality is needed by the new protocol. It would be helpful to
those who may update or write extensions to the protocol in the those who may update or write extensions to the protocol in the
future or to those deploying the new protocol to know the thinking of future or to those deploying the new protocol to know the thinking of
the working regarding the manageability of the protocol at the time the working regarding the manageability of the protocol at the time
of its design. of its design.
If there are no new manageability or deployment considerations, it is If there are no new manageability or deployment considerations, it is
skipping to change at page 23, line 16 skipping to change at page 26, line 21
introduced by this document," and a brief explanation of why that is introduced by this document," and a brief explanation of why that is
the case. The presence of such a Manageability Considerations the case. The presence of such a Manageability Considerations
section would indicate to the reader that due consideration has been section would indicate to the reader that due consideration has been
given to manageability and operations. given to manageability and operations.
In the case where the new protocol is an extension, and the base In the case where the new protocol is an extension, and the base
protocol discusses all the relevant operational and manageability protocol discusses all the relevant operational and manageability
considerations, it would be helpful to point out the considerations considerations, it would be helpful to point out the considerations
section in the base document. section in the base document.
5.3. Placement of Operations and Manageability Considerations Sections 4.3. Placement of Operations and Manageability Considerations Sections
If a protocol designer develops a Manageability Considerations If a protocol designer develops a Manageability Considerations
section for a new protocol, it is recommended that the section be section for a new protocol, it is recommended that the section be
placed immediately before the Security Considerations section. placed immediately before the Security Considerations section.
Reviewers interested in such sections could find it easily, and this Reviewers interested in such sections could find it easily, and this
placement could simplify the development of tools to detect the placement could simplify the development of tools to detect the
presence of such a section. presence of such a section.
6. IANA Considerations 5. IANA Considerations
This document does not introduce any new codepoints or name spaces This document does not introduce any new codepoints or name spaces
for registration with IANA. Note to RFC Editor: this section may be for registration with IANA.
removed on publication as an RFC.
7. Security Considerations Note to RFC Editor: this section may be removed on publication as an
RFC.
6. Security Considerations
This document is informational and provides guidelines for This document is informational and provides guidelines for
considering manageability and operations. It introduces no new considering manageability and operations. It introduces no new
security concerns. security concerns.
8. Acknowledgements The provision of a management portal to a network device provides a
doorway through which an attack on the device may be launched.
Making the protocol under development be manageable through a
management protocol creates a vulnerability to a new source of
attacks. Only management protocols with adequate security apparatus,
such as authentication, message integrity checking, and authorization
should be used.
A standard description of the manageable knobs and whistles on a
protocol makes it easier for an attacker to understand what they may
try to control and how to tweak it.
A well-designed protocol is usually more stable and secure. A
protocol that can be managed and inspected offers the operator a
better chance of spotting and quarantining any attacks. Conversely
making a protocol easy to inspect is a risk if the wrong person
inspects it.
If security events cause logs and or notifications/alerts, a
concerted attack might be able to be mounted by causing an excess of
these events. In other words, the security management mechanisms
could constitute a security vulnerability. The management of
security aspects is important (see Section 3.7).
7. Acknowledgements
This document started from an earlier document edited by Adrian This document started from an earlier document edited by Adrian
Farrel, which itself was based on work exploring the need for Farrel, which itself was based on work exploring the need for
Manageability Considerations sections in all Internet-Drafts produced Manageability Considerations sections in all Internet-Drafts produced
within the Routing Area of the IETF. That earlier work was produced within the Routing Area of the IETF. That earlier work was produced
by Avri Doria, Loa Andersson, and Adrian Farrel, with valuable by Avri Doria, Loa Andersson, and Adrian Farrel, with valuable
feedback provided by Pekka Savola and Bert Wijnen. feedback provided by Pekka Savola and Bert Wijnen.
Some of the discussion about designing for manageability came from Some of the discussion about designing for manageability came from
private discussions between Dan Romascanu, Bert Wijnen, Juergen private discussions between Dan Romascanu, Bert Wijnen, Juergen
Schoenwaelder, Andy Bierman, and David Harrington. Schoenwaelder, Andy Bierman, and David Harrington.
Thanks to reviewers who helped fashion this document, including David Thanks to reviewers who helped fashion this document, including
Kessens, Dan Romascanu, Ron Bonica, Bert Wijnen, Lixia Zhang, Ralf Adrian Farrell, David Kessens, Dan Romascanu, Ron Bonica, Bert
Wolter, Benoit Claise, Brian Carpenter, Harald Alvestrand, Juergen Wijnen, Lixia Zhang, Ralf Wolter, Benoit Claise, Brian Carpenter,
Schoenwaelder, Pekka Savola Harald Alvestrand, Juergen Schoenwaelder, and Pekka Savola.
9. Informative References 8. Informative References
[I-D.ietf-psamp-protocol] Claise, B., "Packet Sampling (PSAMP) [I-D.ietf-opsawg-survey-management] Harrington, D., "Survey of IETF
Protocol Specifications", Network Management Standards", d
draft-ietf-psamp-protocol-09 (work in raft-ietf-opsawg-survey-
progress), December 2007. management-00 (work in
progress), March 2009.
[I-D.ietf-syslog-protocol] Gerhards, R., "The syslog Protocol", [I-D.ietf-syslog-protocol] Gerhards, R., "The syslog
draft-ietf-syslog-protocol-23 (work Protocol",
in progress), September 2007. draft-ietf-syslog-protocol-23
(work in progress),
September 2007.
[RFC1034] Mockapetris, P., "Domain names - [RFC1034] Mockapetris, P., "Domain names -
concepts and facilities", STD 13, concepts and facilities",
RFC 1034, November 1987. STD 13, RFC 1034, November 1987.
[RFC1052] Cerf, V., "IAB recommendations for
the development of Internet network
management standards", RFC 1052,
April 1988.
[RFC1492] Finseth, C., "An Access Control
Protocol, Sometimes Called TACACS",
RFC 1492, July 1993.
[RFC2119] Bradner, S., "Key words for use in
RFCs to Indicate Requirement Levels",
BCP 14, RFC 2119, March 1997.
[RFC2205] Braden, B., Zhang, L., Berson, S., [RFC1052] Cerf, V., "IAB recommendations
Herzog, S., and S. Jamin, "Resource for the development of Internet
ReSerVation Protocol (RSVP) -- network management standards",
Version 1 Functional Specification", RFC 1052, April 1988.
RFC 2205, September 1997.
[RFC2439] Villamizar, C., Chandra, R., and R. [RFC1958] Carpenter, B., "Architectural
Govindan, "BGP Route Flap Damping", Principles of the Internet",
RFC 2439, November 1998. RFC 1958, June 1996.
[RFC2578] McCloghrie, K., Ed., Perkins, D., [RFC2119] Bradner, S., "Key words for use
Ed., and J. Schoenwaelder, Ed., in RFCs to Indicate Requirement
"Structure of Management Information Levels", BCP 14, RFC 2119,
Version 2 (SMIv2)", STD 58, RFC 2578, March 1997.
April 1999.
[RFC2821] Klensin, J., "Simple Mail Transfer [RFC2205] Braden, B., Zhang, L., Berson,
Protocol", RFC 2821, April 2001. S., Herzog, S., and S. Jamin,
"Resource ReSerVation Protocol
(RSVP) -- Version 1 Functional
Specification", RFC 2205,
September 1997.
[RFC2863] McCloghrie, K. and F. Kastenholz, [RFC2439] Villamizar, C., Chandra, R., and
"The Interfaces Group MIB", RFC 2863, R. Govindan, "BGP Route Flap
June 2000. Damping", RFC 2439,
November 1998.
[RFC2865] Rigney, C., Willens, S., Rubens, A., [RFC2578] McCloghrie, K., Ed., Perkins,
and W. Simpson, "Remote D., Ed., and J. Schoenwaelder,
Authentication Dial In User Service Ed., "Structure of Management
(RADIUS)", RFC 2865, June 2000. Information Version 2 (SMIv2)",
STD 58, RFC 2578, April 1999.
[RFC2975] Aboba, B., Arkko, J., and D. [RFC2975] Aboba, B., Arkko, J., and D.
Harrington, "Introduction to Harrington, "Introduction to
Accounting Management", RFC 2975, Accounting Management",
October 2000. RFC 2975, October 2000.
[RFC3060] Moore, B., Ellesson, E., Strassner, [RFC3060] Moore, B., Ellesson, E.,
J., and A. Westerinen, "Policy Core Strassner, J., and A.
Westerinen, "Policy Core
Information Model -- Version 1 Information Model -- Version 1
Specification", RFC 3060, Specification", RFC 3060,
February 2001. February 2001.
[RFC3084] Chan, K., Seligson, J., Durham, D., [RFC3084] Chan, K., Seligson, J., Durham,
Gai, S., McCloghrie, K., Herzog, S., D., Gai, S., McCloghrie, K.,
Reichmeyer, F., Yavatkar, R., and A. Herzog, S., Reichmeyer, F.,
Smith, "COPS Usage for Policy Yavatkar, R., and A. Smith,
Provisioning (COPS-PR)", RFC 3084, "COPS Usage for Policy
March 2001. Provisioning (COPS-PR)",
RFC 3084, March 2001.
[RFC3139] Sanchez, L., McCloghrie, K., and J. [RFC3139] Sanchez, L., McCloghrie, K., and
Saperia, "Requirements for J. Saperia, "Requirements for
Configuration Management of IP-based Configuration Management of IP-
Networks", RFC 3139, June 2001. based Networks", RFC 3139,
June 2001.
[RFC3198] Westerinen, A., Schnizlein, J., [RFC3198] Westerinen, A., Schnizlein, J.,
Strassner, J., Scherling, M., Quinn, Strassner, J., Scherling, M.,
B., Herzog, S., Huynh, A., Carlson, Quinn, B., Herzog, S., Huynh,
M., Perry, J., and S. Waldbusser, A., Carlson, M., Perry, J., and
"Terminology for Policy-Based S. Waldbusser, "Terminology for
Management", RFC 3198, November 2001. Policy-Based Management",
RFC 3198, November 2001.
[RFC3290] Bernet, Y., Blake, S., Grossman, D., [RFC3290] Bernet, Y., Blake, S., Grossman,
and A. Smith, "An Informal Management D., and A. Smith, "An Informal
Model for Diffserv Routers", Management Model for Diffserv
RFC 3290, May 2002. Routers", RFC 3290, May 2002.
[RFC3410] Case, J., Mundy, R., Partain, D., and [RFC3410] Case, J., Mundy, R., Partain,
B. Stewart, "Introduction and D., and B. Stewart,
Applicability Statements for "Introduction and Applicability
Internet-Standard Management Statements for Internet-Standard
Framework", RFC 3410, December 2002. Management Framework", RFC 3410,
December 2002.
[RFC3444] Pras, A. and J. Schoenwaelder, "On [RFC3444] Pras, A. and J. Schoenwaelder,
the Difference between Information "On the Difference between
Models and Data Models", RFC 3444, Information Models and Data
January 2003. Models", RFC 3444, January 2003.
[RFC3460] Moore, B., "Policy Core Information [RFC3460] Moore, B., "Policy Core
Model (PCIM) Extensions", RFC 3460, Information Model (PCIM)
Extensions", RFC 3460,
January 2003. January 2003.
[RFC3535] Schoenwaelder, J., "Overview of the [RFC3535] Schoenwaelder, J., "Overview of
2002 IAB Network Management the 2002 IAB Network Management
Workshop", RFC 3535, May 2003. Workshop", RFC 3535, May 2003.
[RFC3585] Jason, J., Rafalow, L., and E. [RFC3585] Jason, J., Rafalow, L., and E.
Vyncke, "IPsec Configuration Policy Vyncke, "IPsec Configuration
Information Model", RFC 3585, Policy Information Model",
August 2003. RFC 3585, August 2003.
[RFC3644] Snir, Y., Ramberg, Y., Strassner, J., [RFC3644] Snir, Y., Ramberg, Y.,
Cohen, R., and B. Moore, "Policy Strassner, J., Cohen, R., and B.
Quality of Service (QoS) Information Moore, "Policy Quality of
Service (QoS) Information
Model", RFC 3644, November 2003. Model", RFC 3644, November 2003.
[RFC3670] Moore, B., Durham, D., Strassner, J., [RFC3670] Moore, B., Durham, D.,
Westerinen, A., and W. Weiss, Strassner, J., Westerinen, A.,
"Information Model for Describing and W. Weiss, "Information Model
Network Device QoS Datapath for Describing Network Device
Mechanisms", RFC 3670, January 2004. QoS Datapath Mechanisms",
RFC 3670, January 2004.
[RFC3805] Bergman, R., Lewis, H., and I. [RFC3805] Bergman, R., Lewis, H., and I.
McDonald, "Printer MIB v2", RFC 3805, McDonald, "Printer MIB v2",
June 2004. RFC 3805, June 2004.
[RFC4741] Enns, R., "NETCONF Configuration [RFC4741] Enns, R., "NETCONF Configuration
Protocol", RFC 4741, December 2006. Protocol", RFC 4741,
December 2006.
[RFC5101] Claise, B., "Specification of the IP [RFC5101] Claise, B., "Specification of
Flow Information Export (IPFIX) the IP Flow Information Export
Protocol for the Exchange of IP (IPFIX) Protocol for the
Traffic Flow Information", RFC 5101, Exchange of IP Traffic Flow
Information", RFC 5101,
January 2008. January 2008.
[W3C.REC-xmlschema-0-20010502] Fallside, D., "XML Schema Part 0: [RFC5321] Klensin, J., "Simple Mail
Primer", World Wide Web Consortium Transfer Protocol", RFC 5321,
FirstEdition REC-xmlschema-0- October 2008.
20010502, May 2001, <http://
www.w3.org/TR/2001/ [W3C.REC-xmlschema-0-20010502] Fallside, D., "XML Schema Part
0: Primer", World Wide Web
Consortium FirstEdition REC-
xmlschema-0-20010502, May 2001,
<http://www.w3.org/TR/2001/
REC-xmlschema-0-20010502>. REC-xmlschema-0-20010502>.
Appendix A. Operations and Management Review Checklist Appendix A. Operations and Management Review Checklist
This appendix provides a quick checklist of issues that protocol This appendix provides a quick checklist of issues that protocol
designers should expect operations and management expert reviewers to designers should expect operations and management expert reviewers to
look for when reviewing a document being proposed for consideration look for when reviewing a document being proposed for consideration
as a protocol standard. as a protocol standard.
A.1. Operational Considerations A.1. Operational Considerations
Has the operations model been discussed? see section 3.1. Has the operations model been discussed? see Section 2.1
Does the document include a description of the operational Does the document include a description of the operational model -
model - how is this protocol or technology going to be deployed how is this protocol or technology going to be deployed and
and managed? managed?
Is the proposed specification deployable? If not, how could it Is the proposed specification deployable? If not, how could it be
be improved? improved?
Does the solution scale well? Does the proposed approach have Does the solution scale well from the operational and management
any scaling issues that could affect usability for large scale perspective? Does the proposed approach have any scaling issues
operation? that could affect usability for large scale operation?
Has installation and initial setup been discussed? see section 3.2 Are there any coexistence issues?
Has installation and initial setup been discussed? see Section 2.2
Is the solution sufficiently configurable? Is the solution sufficiently configurable?
are configuration parameters clearly identified? Are configuration parameters clearly identified?
are configuration parameters normalized? Are configuration parameters normalized?
does each configuration parameter have a reasonable default Does each configuration parameter have a reasonable default value?
value?
Will configuration be pushed to a device by a configuration Will configuration be pushed to a device by a configuration
manager, or pulled by a device from a configuration server? manager, or pulled by a device from a configuration server?
How will the devices and managers find and authenticate each How will the devices and managers find and authenticate each
other? other?
Has the migration path been discussed? see section 3.3. Has the migration path been discussed? see Section 2.3
Are there any backward compatibility issues? Are there any backward compatibility issues?
Have the Requirements on Other Protocols and Functional Components Have the Requirements on Other Protocols and Functional Components
been discussed? see section 3.4. been discussed? see Section 2.4.
What protocol operations are expected to be performed relative What protocol operations are expected to be performed relative to
to the new protocol or technology, and what protocols and data the new protocol or technology, and what protocols and data models
models are expected to be in place or recommended to ensure for are expected to be in place or recommended to ensure for
interoperable management? interoperable management?
Has the Impact on Network Operation been discussed? see Section 2.5
Has the Impact on Network Operation been discussed? see section Will the new protocol significantly increase traffic load on
3.5. existing networks?
Have suggestions for verifying correct operation been discussed? Will the proposed management for the new protocol significantly
see section 3.6. increase traffic load on existing networks?
Have suggestions for verifying correct operation been discussed? How will the new protocol impact the behavior of other protocols
see section 4.1. in the network? Will it impact performance (e.g. jitter) of
certain types of applications running in the same network?
Does the new protocol need supporting services (e.g. DNS or AAA)
added to an existing network?
Have suggestions for verifying correct operation been discussed? see
Section 2.6
How can one test end-to-end connectivity and throughput?
Which metrics are of interest?
Will testing have an impact on the protocol or the network?
Has management interoperability been discussed? see Section 3.1
Is a standard protocol needed for interoperable management?
Is a standard information or data model needed to make properties
comparable across devices from different vendors?
Are there fault or threshold conditions that should be reported? see
Section 3.3
Does specific management information have time utility?
Should the information be reported by notifications? polling?
event-driven polling?
Is notification throttling discussed?
Is there support for saving state that could be used for root-
cause analysis?
Is configuration discussed? see Section 3.4
Are configuration defaults, and default modes of operation
considered?
Is there discussion of what information should be preserved across
reboots of the device or the management system? Can devices
realistically preserve this information through hard reboots where
physical configuration might change (e.g. cards might be swapped
while a chassis is powered down)?
A.2. Management Considerations A.2. Management Considerations
Do you anticipate any manageability issues with the specification? Do you anticipate any manageability issues with the specification?
Is Management interoperability discussed? see section 4.1. Is Management interoperability discussed? see Section 3.1
will it use centralized or distributed management? Will it use centralized or distributed management?
will it require remote and/or local management applications? Will it require remote and/or local management applications?
Are textual or graphical user interfaces required? Are textual or graphical user interfaces required?
Is textual or binary format for management information Is textual or binary format for management information
preferred? preferred?
Is Management Information discussed? see section 4.2. Is Management Information discussed? see Section 3.2
What is the minimal set of management (configuration, faults, What is the minimal set of management (configuration, faults,
performance monitoring) objects that need to be instrumented in performance monitoring) objects that need to be instrumented in
order to manage the new protocol? order to manage the new protocol?
Is Fault Management discussed? see section 4.3. Is Fault Management discussed? see Section 3.3
Is Liveness Detection and Monitoring discussed? Is Liveness Detection and Monitoring discussed?
Does the solution have failure modes that are difficult to Does the solution have failure modes that are difficult to
diagnose or correct? Are faults and alarms reported and diagnose or correct? Are faults and alarms reported and
logged? logged?
Is Configuration Management discussed? see section 4.4. Is Configuration Management discussed? see Section 3.4
is protocol state information exposed to the user? How? are Is protocol state information exposed to the user? How? are
significant state transitions logged? significant state transitions logged?
Is Accounting Management discussed? see Section 3.5
Is Accounting Management discussed? see section 4.5. Is Performance Management discussed? see Section 3.6
Is Performance Management discussed? see section 4.6.
Does the protocol have an impact on network traffic and network Does the protocol have an impact on network traffic and network
devices? Can performance be measured? devices? Can performance be measured?
Is protocol performance information exposed to the user? Is protocol performance information exposed to the user?
Is Security Management discussed? see section 4.7. Is Security Management discussed? see Section 3.7
Does the specification discuss hwo to manage aspects of Does the specification discuss how to manage aspects of
security, such as access controls, managing key distribution, security, such as access controls, managing key distribution,
etc. etc.
A.3. Documentation A.3. Documentation
Is an operational considerations and/or manageability section part of Is an operational considerations and/or manageability section part of
the document? the document?
Does the proposed protocol have a significant operational impact on Does the proposed protocol have a significant operational impact on
the Internet. If it does, and the document under review targets the Internet?
standards track, is their enough proof of implementation and/or
operational experience to grant Proposed Standard status? Is there proof of implementation and/or operational experience?
Appendix B. Change Log Appendix B. Change Log
-- Note to RFC Editor: Please remove this section upon publication as
an RFC
Changes from opsawg-05 to opsawg-06
Spelling and grammar corrections
Addressed comments from WGLC.
Editorial comments
Addressed most comments from Randy Bush, Bert Wijnen, Adrian
Farrel,
Removed IETF Management Framework section.
Added discussion of standard protocols.
Changes from opsawg-04 to opsawg-05 Changes from opsawg-04 to opsawg-05
added bullets for appendix checklist added bullets for appendix checklist
aligned checklist order and guidelines order aligned checklist order and guidelines order
resolved all DISCUSS and TODO issues. resolved all DISCUSS and TODO issues.
Changes from opsawg-03 to opsawg-04 Changes from opsawg-03 to opsawg-04
improved wording in Introduction improved wording in Introduction
skipping to change at page 33, line 4 skipping to change at line 1686
David Harrington David Harrington
Huawei Technologies USA Huawei Technologies USA
1700 Alma Dr, Suite 100 1700 Alma Dr, Suite 100
Plano, TX 75075 Plano, TX 75075
USA USA
Phone: +1 603 436 8634 Phone: +1 603 436 8634
Fax: Fax:
EMail: dharrington@huawei.com EMail: dharrington@huawei.com
URI: URI:
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
 End of changes. 158 change blocks. 
523 lines changed or deleted 757 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/