One document matched: draft-ietf-opsawg-operations-and-management-00.txt
Network Working Group D. Harrington
Internet-Draft Huawei Technologies USA
Intended status: Best Current September 12, 2007
Practice
Expires: March 15, 2008
Guidelines for Considering Operations and Management of New Protocols
draft-ietf-opsawg-operations-and-management-00
Status of This Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on March 15, 2008.
Copyright Notice
Copyright (C) The IETF Trust (2007).
Abstract
New protocols or protocol extensions are best designed with due
consideration of operations and management issues related to the
protocol. Retrofitting operations and management recommendations to
protocols is sub-optimal. The purpose of this document is to provide
guidance to authors of protocol documents about aspects to consider
related to the operations and management that should be considered
for inclusion in documents defining requirements or functionality of
Harrington Expires March 15, 2008 [Page 1]
Internet-Draft Ops and Mgmt Guidelines September 2007
new protocols or protocol extensions.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
2. Design for Operations and Management . . . . . . . . . . . . . 5
2.1. Motivation . . . . . . . . . . . . . . . . . . . . . . . . 6
3. Operational Considerations . . . . . . . . . . . . . . . . . . 7
3.1. Operations Model . . . . . . . . . . . . . . . . . . . . . 7
3.2. Installation and Initial Setup . . . . . . . . . . . . . . 8
3.3. Migration Path . . . . . . . . . . . . . . . . . . . . . . 8
3.4. Requirements on Other Protocols and Functional
Components . . . . . . . . . . . . . . . . . . . . . . . . 8
3.5. Impact on Network Operation . . . . . . . . . . . . . . . 8
3.6. Verifying Correct Operation . . . . . . . . . . . . . . . 9
4. Management Considerations . . . . . . . . . . . . . . . . . . 9
4.1. Interoperability . . . . . . . . . . . . . . . . . . . . . 10
4.2. Management Information . . . . . . . . . . . . . . . . . . 12
4.3. Fault Management . . . . . . . . . . . . . . . . . . . . . 13
4.3.1. Liveness Detection and Monitoring . . . . . . . . . . 13
4.3.2. Fault Determination . . . . . . . . . . . . . . . . . 13
4.3.3. Fault Isolation . . . . . . . . . . . . . . . . . . . 13
4.3.4. Corrective Action . . . . . . . . . . . . . . . . . . 14
4.4. Configuration Management . . . . . . . . . . . . . . . . . 14
4.4.1. Verifying Correct Operation . . . . . . . . . . . . . 15
4.4.2. Control of Function and Policy . . . . . . . . . . . . 15
4.5. Accounting Management . . . . . . . . . . . . . . . . . . 16
4.6. Performance Management . . . . . . . . . . . . . . . . . . 16
4.7. Security Management . . . . . . . . . . . . . . . . . . . 17
5. Existing Protocols . . . . . . . . . . . . . . . . . . . . . . 18
5.1. SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
5.2. SYSLOG . . . . . . . . . . . . . . . . . . . . . . . . . . 19
5.3. IPFIX . . . . . . . . . . . . . . . . . . . . . . . . . . 20
5.4. NETCONF . . . . . . . . . . . . . . . . . . . . . . . . . 20
5.5. COPS-PR . . . . . . . . . . . . . . . . . . . . . . . . . 20
5.6. RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5.7. Diameter . . . . . . . . . . . . . . . . . . . . . . . . . 21
5.8. EPP . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.9. XCAP . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.10. Other Protocols . . . . . . . . . . . . . . . . . . . . . 22
6. Existing IETF Data Models . . . . . . . . . . . . . . . . . . 22
6.1. Fault Management . . . . . . . . . . . . . . . . . . . . . 23
6.2. Configuration Management . . . . . . . . . . . . . . . . . 24
6.3. Accounting Management . . . . . . . . . . . . . . . . . . 25
6.4. Performance Management . . . . . . . . . . . . . . . . . . 26
6.5. Security Management . . . . . . . . . . . . . . . . . . . 28
7. Documentation Guidelines . . . . . . . . . . . . . . . . . . . 29
Harrington Expires March 15, 2008 [Page 2]
Internet-Draft Ops and Mgmt Guidelines September 2007
7.1. Recommended Discussions . . . . . . . . . . . . . . . . . 29
7.2. Null Manageability Considerations Sections . . . . . . . . 29
7.3. Placement of Operations and Manageability
Considerations Sections . . . . . . . . . . . . . . . . . 30
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30
9. Security Considerations . . . . . . . . . . . . . . . . . . . 30
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 30
11. Informative References . . . . . . . . . . . . . . . . . . . . 30
Appendix A. Operations and Management Checklist . . . . . . . . . 35
Appendix B. Additional MIB Modules on the Standards Track . . . . 35
Appendix C. Change Log . . . . . . . . . . . . . . . . . . . . . 35
Harrington Expires March 15, 2008 [Page 3]
Internet-Draft Ops and Mgmt Guidelines September 2007
1. Introduction
When new protocols or protocol extensions are developed, it is often
the case that not enough consideration is given to the way in which
new protocols will be deployed in the network and operated and
managed once deployed. The result is that operations and management
issues are only taken into consideration after the protocols have
been implemented and sometimes not until after they have been
deployed. Attempts to retrofit operations and management mechanisms
are not always easy or architecturally pleasant, and certain protocol
design choices may make deployment, operations, and management
particularly hard to achieve later. Since operations and management
issues may be fundamental to the utility and success of protocols
designed within the IETF, this document provides guidelines to help
protocol designers and working groups consider the operations and
management issues of their new protocol at an earlier phase.
[DISCUSS - This document seems to be just as concerned with the
protocol designer's "mind-set" and the protocol development process
as it is with the protocol as a finished product. While we all agree
that it would be a good thing to imprint operational sensitivities
into the consciousness of the protocol developer, I do not think that
this is a practical goal. The best that we can do is to set forth a
list of objective criteria by which a protocol designer can evaluate
whether the protocol that he/she has developed is manageable.]
[DISCUSS: - the document may attempt to cover too much ground. Maybe
it will develop into a framework document, supported by documents of
the following sort: . what makes a MIB usable? . how much protocol
state information needs to be exposed and how? . how much performance
information needs to be exposed and how?]
1.1. Terminology
This document deliberately does not use the (capitalized) key words
described in RFC 2119 [RFC2119]. RFC 2119 states the keywords must
only be used where it is actually required for interoperation or to
limit behavior which has potential for causing harm (e.g., limiting
retransmissions). For example, they must not be used to try to
impose a particular method on implementers where the method is not
required for interoperability. This document is a set of guidelines
based on current practices of protocol designers and operators. This
document does not describe requirements, so the key words from
RFC2119 have no place here.
o "new protocol" includes new protocols, protocol extensions, data
models, or other functionality being designed.
Harrington Expires March 15, 2008 [Page 4]
Internet-Draft Ops and Mgmt Guidelines September 2007
o "working group" represents individuals and working groups involved
in the development of new protocols.
o [DISCUSS] markers indicate a lack of consensus on what should be
written.
o [TODO] markers indicate the editor has a reasonable understanding
of what needs to be (re-)written. Contributions of text would be
welcome.
2. Design for Operations and Management
"Design for operations and management" means that the operational
environment and manageability of the protocol should be considered
from the start when new protocols are designed. This requires a
change in mind-set. Protocol designers typically do not like to look
at the management aspects of their new protocol. They are busy
working out the details of their new protocol, and do not take time
to consider what would be necessary to make the protocol manageable
and easy to deploy. Because many of the working groups developing
protocols have no background in management or operations, they also
feel uncomfortable working on aspects of a protocol design that is
unfamiliar to them. This document provides guidelines to working
groups about what to consider.
This document seeks to educate working groups about some common
aspects of operations and management so they can design better
protocol solutions.
It is easier for a WG editor to write a document for associated
management functionality if the WG has already researched and weighed
the management options, and reached consensus on the management
requirements.
It is a noble goal to consider management from the very early start
of new protocol work, but we also have to accept that sometimes
management requirements will only be understood once a technology has
been deployed and some experience has been gained. It should be
expected that initial considerations for operations and management
may need to be updated in the future.
This document is not about requiring all internet-drafts to include a
new "Operations and Management Considerations" section. Experiments
to require such sections have had a mixed reaction from protocol
developers. The IESG has also expressed hesitation about requiring
new Considerations sections.
We should also be careful and point out that this document really
Harrington Expires March 15, 2008 [Page 5]
Internet-Draft Ops and Mgmt Guidelines September 2007
just provides guidelines and should not be misused to slow down
protocol development since sometimes it is better to get a protocol
out in a timely fashion without management considerations instead of
being delayed some years when it is too late to be successful.
Releasing IETF documents including protocol definition without any
consideration about how the protocol and networks running the
protocol will be managed and what are the operational implications of
deployment also seems wrong A balance is needed. This document tries
to find the right balance - what is the minimal information that
needs to be included in a protocol definition document that shows how
the protocol will be deployed and managed. Minimal but not less than
this.
2.1. Motivation
The IETF has indicated a desire to have operations and manageability
considered during the development of new protocols, using a proactive
"design for operability and manageability" approach that documents
how a new protocol is expected to be operated and managed.
For years the IETF has stressed the use of the Standard Management
Framework and SMI MIB modules [RFC2578] for managing new protocols.
The IETF designed the Standard Management Framework and SMI MIB
modules to permit multiple protocols to utilize the MIB data
[RFC1052], but it became a common misunderstanding that a MIB module
could only be used with the SNMP protocol.(defined in [RFC3410] and
associated documents).
In 2001, OPS Area design teams were created to document issues and
requirements related to configuration of IP-based networks. One
output was "Requirements for Configuration Management of IP-based
Networks" [RFC3139]
In 2003, the Internet Architecture Board (IAB) held a workshop on
Network Management [RFC3535] that discussed the strengths and
weaknesses of some IETF network management protocols, and compared
them to operational needs. Most of those needs are discussed further
in this document.
This document recommends working groups consider operations and
management needs, and then select appropriate standard management
protocols and data models to address the relevant operations and
management needs, just as they consider which security threats are
relevant to their protocol, and then select appropriate standard
security protocols to mitigate the relevant threats.
For example, a working group could decide whether a MIB module,
SYSLOG messages, an LDAP structure, an XML schema, or another
Harrington Expires March 15, 2008 [Page 6]
Internet-Draft Ops and Mgmt Guidelines September 2007
solution is the best way to monitor and manage the functionality of a
new protocol. The protocol to use for management will follow from
this analysis rather than being SNMP by fiat.
One good method that can be considered by protocol designers is to
make an analysis of the operational environment and mode of work the
future protocol or extension will work in. Such an exercise needs
not be reflected directly by text in their document, but could help
in visualizing the operational model related to the applicability of
the protocol in the Internet environments where it will be deployed.
The operational model should take into account issues like: - what
type of management entities will be involved (agents, network
management systems)? what is the possible architecture (client-
server, manager-agent, polling-driven or event-driven,
autoconfiguration, two levels or hierarchical)? what are the basic
management operations - initial configuration, dynamic configuration,
alarms and exceptions reporting, logging, performance monitoring,
performance reporting? how are these operations performed - locally,
remotely, atomic operation, scripts? what are the typical user
interfaces - Command line (CLI) or graphical user interface (GUI)?
3. Operational Considerations
When a new protocol is deployed in a network, it may affect the
network negatively. A working group should consider deployment of a
new protocol or protocol extension in a network, impact on the
network operations, traffic levels and operation of other protocols
or previous versions of the protocol, how the new protocol will be
operated, and how its presence might affect the existing deployment.
Operations and manageability considerations should focus on
interoperability of externally observable behaviors.
3.1. Operations Model
Working groups should consider how the new protocol will be managed
in different deployment sizes. It might be sensible to use a local
management interface to manage the new protocol on a single device,
but in a large network, remote management using a centralized server
and/or using distributed management functionality might make more
sense. Auto-configuration might be possible for some new protocols.
There may be a need to support a human interface, e.g., for
troubleshooting, and a programmatic interface, e.g., for automated
monitoring and root cause analysis. It might be important that the
internal method routines for both interfaces should be the same to
ensure that data exchanged between these two interfaces is always
consistent.
Harrington Expires March 15, 2008 [Page 7]
Internet-Draft Ops and Mgmt Guidelines September 2007
Working groups should consider what management operations are
expected to be performed as result of the deployment of the protocol
- such as whether write operations will be allowed on routers and on
hosts, or if notifications for alarms or other events will be
expected.
3.2. Installation and Initial Setup
Working groups should consider default values that make protocol
sense, to simplify configuration, including default modes and
parameters. For example, it could be helpful or necessary to specify
default values for modes, timers, default state of logical control
variables, default transports, and so on. Even if default values are
used, it must be possible to retrieve all the actual values or at
least an indication that known default values are being used.
Working groups should consider how to enable operators to concentrate
on the configuration of the network as a whole rather than individual
devices.
3.3. Migration Path
If the new protocol is a new version of the protocol, or is replacing
another technology, the working group should consider how deployments
should transition to the new protocol. This should include co-
existence with previously deployed protocols and/or previous versions
of the same protocol, incompatibilities between versions, translation
between versions, and side effects that might occur. Are older
protocols or versions disabled or do they co-exist in the network
with the new protocol?
3.4. Requirements on Other Protocols and Functional Components
Working groups should consider the requirements that the new protocol
might put on other protocols and functional components, and should
also document the requirements from other protocols that have been
considered in designing the new protocol.
These considerations should generally remain illustrative to avoid
creating restrictions or dependencies, or potentially impacting the
behavior of existing protocols, or restricting the extensibility of
other protocols, or assuming other protocols will not be extended in
certain ways.
3.5. Impact on Network Operation
The introduction of a new protocol or extensions to an existing
protocol may have an impact on the operation of existing networks.
Harrington Expires March 15, 2008 [Page 8]
Internet-Draft Ops and Mgmt Guidelines September 2007
Protocol designers should outline such impacts (which may be
positive) including scaling concerns and interactions with other
protocols. For example, a new protocol that doubles the number of
active, reachable addresses in use within a network might need to be
considered in the light of the impact on the scalability of the IGPs
operating within the network.
The working group should consider the potential impact on the
behavior of other protocols in the network and on the traffic levels
and traffic patterns that might change, including specific types of
traffic such as multicast. Also consider the need to install new
components that are added to the network as result of the changes in
the operational model, such as servers performing auto-configuration
operations.
It is important to minimize the impact caused by configuration
changes. Given configuration A and configuration B, it should be
possible to generate the operations necessary to get from A to B with
minimal state changes and effects on network and systems.
3.6. Verifying Correct Operation
The working group should consider techniques for testing the effect
that the protocol has had on the network by sending data through the
network and observing its behavior. Working groups should consider
how the correct end-to-end operation of the new protocol in the
network can be tested, and how the correct data or forwarding plane
function of each network element can be verified to be working
properly with the new protocol.
It must be easy to do consistency checks of configurations over time
and between the ends of a link in order to determine the changes
between two configurations and whether those configurations are
consistent.
4. Management Considerations
The considerations of manageability should start from describing the
operational model, which includes identifying the entities to be
managed, how the respective protocol is supposed to be installed,
configured and monitored, who are the managers and what type of
management interfaces and protocols they would use.
Considerations for management should include a discussion of what
needs to be managed. This document, for better or worse, talks
mainly about management of a protocol endpoint on a single device.
It doesn't talk about managing the *protocol* (it manages one end at
a time), and doesn't even come near managing the *service* (which
Harrington Expires March 15, 2008 [Page 9]
Internet-Draft Ops and Mgmt Guidelines September 2007
includes a lot of stuff that's very far away from the box). In a
client/server protocol, it may be more important to instrument the
server end of a protocol than the client end.
One issue that the IETF has always struggled with (and for which we
still have no good guidance) is the problem of how to configure
multiple related/co-operating devices and how to back off if one of
those configurations fails or causes trouble. NETCONF addresses this
somewhat by allowing an operator to lock the configuration on
multiple devices, perform the configuration settings/changes, check
that they are OK (undo if not) and then unlock the devices.
Protocol debugging is not part (and should not be part) of the
Network Management tools/hooks in a system. Debugging is an
implementation-dependent issue, not a protocol standardization issue.
4.1. Interoperability
Just as when deploying protocols that will inter-connect devices, our
primary goal in considering management should be interoperability,
whether across devices from different vendors, across models from the
same vendor, or across different releases of the same product.
Some product designers and protocol designers assume that if a device
can be managed individually using a command line interface or a web
page interface, that such a solution is enough. But when equipment
from multiple vendors is combined into a large network, scalability
of management becomes a problem. It is important to have consistency
in the management interfaces so network-wide operational processes
can be automated.
Getting everybody to agree on a certain syntax and the protocol
associated with that has proven to be difficult. So management
systems tend to speak whatever the boxes support, whether the IETF
likes this or not. The IETF is moving from support for a single
management data modeling language and a single management protocol
towards support for multiple management protocols and multiple data
models suited to different purposes, such as logging (syslog),
configuration (netconf), and usage accounting (ipfix). Other
Standard Development Organizations (e.g. DMTF, TMF) also define
management mechanisms and these mechanisms may be more suitable than
IETF mechanisms in some cases.
Interoperability needs to be considered on the syntactic level and
the semantic level. While it can be irritating and time-consuming,
application designers including operators who write their own scripts
can make their processing conditional to accommodate differences
across vendors or models or releases of product.
Harrington Expires March 15, 2008 [Page 10]
Internet-Draft Ops and Mgmt Guidelines September 2007
Semantic differences are much harder to deal with on the manager side
- once you have the data, its meaning is a function of the managed
entity. For example, if a single counter provided by vendor A counts
three types of error conditions, while the corresponding counter
provided by vendor B counts seven types of error conditions, these
counters cannot be compared effectively - they are not interoperable
counters.
Information models are helpful to try to focus interoperability on
the semantic level - they establish standards for what information
should be gathered, and how gathered information might be used
regardless of which management interface carries the data or which
vendor produces the product. The use of an information model might
help improve the ability of operators to correlate messages in
different protocols where the data overlaps, such as a SYSLOG message
and an SNMP notification about the same event. An information model
might identify which error conditions should be counted separately,
and which error conditions can be counted together in a single
counter. Then, whether the counter is gathered via SNMP or a CLI
command or a SYSLOG message, the counter will have similar meaning.
Protocol designers should consider which information might be useful
for managing the new protocol or protocol extensions.
IM --> conceptual/abstract model
| for designers and operators
+----------+---------+
| | |
DM DM DM --> concrete/detailed model
for implementers
Information Models and Data Models
Figure 1
On the Difference between Information Models and Data Models
[RFC3444] may be useful in determining what information to consider
regarding information models, as compared to data models.
Information models should come from the protocol WGs and include
lists of events, counters and configuration parameters that are
relevant. There are a number of information models contained in
protocol WG RFCs. Some examples:
o [RFC3060] - Policy Core Information Model version 1
o [RFC3290] - An Informal Management Model for DiffServ Routers
Harrington Expires March 15, 2008 [Page 11]
Internet-Draft Ops and Mgmt Guidelines September 2007
o [RFC3460] - Policy Core Information Model Extensions
o [RFC3585] - IPsec Configuration Policy Information Model
o [RFC3644] - Policy Quality of Service Information Model
o [RFC3670] - Information Model for Describing Network Device QoS
Datapath Mechanisms
o [RFC3805] - Printer MIB v2 (contains both an IM and a DM
Management protocol standards and management data model standards
often contain compliance clauses to ensure interoperability.
Manageability considerations should include discussion of which level
of compliance is expected to be supported for interoperability.
4.2. Management Information
Operators find it important to be able to make a clear distinction
between configuration data, operational state, and statistics. They
need to determine which parameters were administrative configured and
which parameters have changed since configuration as the result of
mechanisms such as routing protocols.
It is important to be able to separately fetch configuration data,
operational state data, and statistics from devices, and to be able
to compare current state to initial state, and to compare data
between devices.
A management information model should include a discussion of what is
manageable, which aspects of the protocol need to be configured, what
types of operations are allowed, what protocol-specific events might
occur, which events can be counted, and for which events should an
operator be notified.
What is typically difficult to work through are relationships between
abstract objects. Ideally an information model would describe the
relationships between the objects and concepts in the information
model.
Is there always just one instance of this object or can there be
multiple instances? Does this object relate to exactly one other
object or may it relate to multiple? When is it possible to change a
relationship?
Do objects (such as rows in tables) share fate? For example, if a
row in table A must exist before a related row in table B can be
created, what happens to the row in table B if the related row in
Harrington Expires March 15, 2008 [Page 12]
Internet-Draft Ops and Mgmt Guidelines September 2007
table A is deleted? Does the existence of relationships between
objects have an impact on fate sharing?
4.3. Fault Management
If notifications are used to alert operators to certain conditions,
then the working group should discuss mechanisms to throttle
notifications to prevent congestion.
4.3.1. Liveness Detection and Monitoring
Liveness detection and monitoring applies both to the control plane
and the data plane. Mechanisms for detecting faults in the control
plane or for monitoring its liveness are usually built into the
control plane protocols or inherited from underlying data plane or
forwarding plane protocols. These mechanisms do not typically
require additional management capabilities. However, when a system
detects a control plane fault, there is often a requirement to
coordinate recovery action through management applications or at
least to record the fact in an event log.
Where the protocol is responsible for establishing data or user plane
connectivity, liveness detection and monitoring usually need to be
achieved through other mechanisms. In some cases, these mechanisms
already exist within other protocols responsible for maintaining
lower layer connectivity, but it will often be the case that new
procedures are required to detect failures in the data path and to
report rapidly, allowing remedial action to be taken.
[DISCUSS:: 'control plane' and 'data plane' are such slippery terms
that I think they need to be defined.]
4.3.2. Fault Determination
It can be helpful to describe how faults can be pinpointed using
management information. For example, counters might record instances
of error conditions. Some faults might be able to be pinpointed by
comparing the outputs of one device and the inputs of another device
looking for anomalies.
4.3.3. Fault Isolation
It might be useful to isolate faults, such as a system that emits
malformed messages necessary to coordinate connections properly.
Spanning tree comes to mind. This might be able to be done by
configuring next-hop devices to drop the faulty messages to prevent
them from entering the rest of the network.
Harrington Expires March 15, 2008 [Page 13]
Internet-Draft Ops and Mgmt Guidelines September 2007
4.3.4. Corrective Action
What sort of corrective action can be taken by an operator for each
of the fault conditions that are being identified?
4.4. Configuration Management
RFC3139 [RFC3139] discusses requirements for configuration
management. This document includes discussion of different levels of
management, including high-level-policies, network-wide configuration
data, and device-local configuration.
A number of efforts have existed in the IETF to develop policy-based
management. RFC3198 was written to standardize the terminology for
policy-based management across these efforts.
It is highly desirable that text processing tools such as diff, and
version management tools such as RCS or CVS or SVN, can be used to
process configurations. This approach simplifies comparing the
current operational state to the initial configuration.
With structured text such as XML, simple text diffs may be found to
be inadequate and more sophisticated tools may be needed to make any
useful comparison of versions.
To simplify such configuration comparisons, devices should not
arbitrarily reorder data such as access control lists. If a working
group defines mechanisms for configuration, it would be desirable to
standardize the order of elements for consistency of configuration
and of reporting across vendors, and across releases from vendors.
Network wide configurations are ideally stored in central master
databases and transformed into formats that can be pushed to devices,
either by generating sequences of CLI commands or complete
configuration files that are pushed to devices. There is no common
database schema for network configuration, although the models used
by various operators are probably very similar. It is desirable to
extract, document, and standardize the common parts of these network
wide configuration database schemas. A working group should consider
how to standardize the common parts of configuring the new protocol,
while recognizing the vendors will likely have proprietary aspects of
their configurations.
It is important to distinguish between the distribution of
configurations and the activation of a certain configuration.
Devices should be able to hold multiple configurations. NETCONF
[RFC4741], for example, differentiates between the "running"
configuration and "candidate" configurations.
Harrington Expires March 15, 2008 [Page 14]
Internet-Draft Ops and Mgmt Guidelines September 2007
It is important to enable operators to concentrate on the
configuration of the network as a whole rather than individual
devices. Support for configuration transactions across a number of
devices would significantly simplify network configuration
management. The ability to distribute configurations to multiple
devices, or modify "candidate configurations on multiple devices, and
then activate them in a near-simultaneous manner might help.
Consensus of the 2002 IAB Workshop was that textual configuration
files should be able to contain international characters. Human-
readable strings should utilize UTF-8, and protocol elements should
be in case insensitive ASCII.
A mechanism to dump and restore configurations is a primitive
operation needed by operators. Standards for pulling and pushing
configurations from/to devices are desirable.
Given configuration A and configuration B, it should be possible to
generate the operations necessary to get from A to B with minimal
state changes and effects on network and systems. It is important to
minimize the impact caused by configuration changes.
Many protocol specifications include timers that are used as part of
operation of the protocol. These timers may need default values
suggested in the protocol specification and do not need to be
otherwise configurable.
4.4.1. Verifying Correct Operation
An important function that might be provided is a tool set for
verifying the correct operation of a protocol. This may be achieved
to some extent through access to information and data models that
report the status of the protocol and the state installed on network
devices. It may also be valuable to provide techniques for testing
the effect that the protocol has had on the network by sending data
through the network and observing its behavior.
Protocol designers should consider how to test the correct end-to-end
operation of the network, and how to verify the correct data or
forwarding plane function of each network element.
4.4.2. Control of Function and Policy
A working group should consider the configurable items that exist for
the control of function via the protocol elements described in the
protocol specification. For example, Sometimes the protocol requires
that timers can be configured by the operator to ensure specific
policy-based behavior by the implementation.
Harrington Expires March 15, 2008 [Page 15]
Internet-Draft Ops and Mgmt Guidelines September 2007
4.5. Accounting Management
A working group should consider whether it would be appropriate to
collect usage information related to this protocol, and if so, what
usage information would be appropriate to collect?
RFC2975 [RFC2975] Introduction to Accounting Management discusses a
number of issues that arise when monitoring usage of protocols for
purposes of capacity and trend analysis, cost allocation, auditing,
and billing. This document also discusses how some commonly used
protocols are used for these purposes. These issues should be
considered when designing a protocol whose usage might need to be
monitored, or when recommending a protocol to do usage accounting.
4.6. Performance Management
Consider information that would be useful when trying to determine
the performance characteristics of a deployed system using the target
protocol.
Consider scaling issues, such as providing information about the
maximum number of table entries that an implementation supports, the
current number of instances, and the expected behavior when the
current instances exceed the capacity of the implementation.
Consider operational activity, such as the number of message in and
the messages out, the number of received messages rejected due to
format problems, the expected behaviors when a malformed message is
received.
Consider the expected behaviors for counters - what is a reasonable
maximum value for expected usage? should they stop counting at the
maximum value and retain the maximum value, or should they rollover?
How can users determine if a rollover has occurred, and how can users
determine if more than one rollover has occurred?
Consider whether counters should be persistent across reboots of the
device, or restarts of the management system.
Consider what events might cause discontinuities in a counter,
especially those that cause delta calculations to become meaningless.
How can a user determine that there has been one or more
discontinuities in the counting?
Consider whether multiple management applications will share a
counter; if so, then no one management application should be allowed
to reset the value to zero since this will impact other applications.
Harrington Expires March 15, 2008 [Page 16]
Internet-Draft Ops and Mgmt Guidelines September 2007
For performance monitoring, it is important to report counters and
not gauges as it is important to report the time spent in a state
rather than the actual state. In other words, objects that report
snapshots are of less value for performance monitoring.
4.7. Security Management
Protocol designers should consider how to monitor and to manage
security aspects and vulnerabilities of the new protocol.
There will be security considerations related to the new protocol.
To make it possible for operators to be aware of security-related
events, is it recommended that system logs should record events, such
as failed logins? Should a system automatically notify operators of
every event occurrence, or should an operator-defined threshold
control when a notification is sent to an operator?
Should certain statistics be collected about the operation of the new
protocol that might be useful for detecting attacks, such as the
receipt of malformed messages, or messages out of order, or messages
with invalid timestamps? If such statistics are collected, is it
important to count them separately for each sender to help identify
the source of attacks?
Manageability considerations that are security-oriented might include
discussion of the security implications when no monitoring is in
place, the regulatory implications of absence of audit-trail or logs
in enterprises, exceeding the capacity of logs, and security
exposures present in chosen / recommended management mechanisms.
The granularity of access control needed on management interfaces
needs to match operational needs. Typical requirements are a role-
based access control model and the principle of least privilege,
where a user can be given only the minimum access necessary to
perform a required task.
It must be possible to do consistency checks of access control lists
across devices. Working groups should consider information models to
promote comparisons across devices and across vendors to permit
checking the consistency of security configurations.
Working groups should consider how to provide a secure transport,
authentication, identity, and access control which integrates well
with existing key and credential management infrastructure.
Working groups should consider how ACLs (access control lists) are
maintained and updated.
Harrington Expires March 15, 2008 [Page 17]
Internet-Draft Ops and Mgmt Guidelines September 2007
5. Existing Protocols
[DISCUSS: Section 5 reviews which protocols the IETF has to offer for
management and, what I really like, the text discusses for which
applications they were designed or already successfully deployed. I
like to perhaps see even stronger guidelines;]
Working groups should consider existing protocols and data models
that could be used to provide the management functions identified in
the previous section, and should consider how using these existing
protocols and data models might impact network operations.
In choosing existing protocol solutions to meet the information model
requirements, it is recommended that the strengths and weaknesses of
IETF protocols, as document in [RFC3535] be considered, and working
groups should consider asking for help from the IETF directorates
knowledgeable in available existing solutions. This is especially
true since some of the recommendations from the 2002 IAB workshop
have become outdated, some have been implemented, and some are being
realized.
We want to avoid seeming to impose a solution by putting in place a
strict terminology - for example implying that a formal data model,
or even using a management protocol is mandatory. If a WG considers
that its technology can be managed solely by using proprietary CLIs,
and no structured or standardized data model needs to be in place,
this should be fine, but this is a requirement that needs to be
explicit in their manageability discussion, so that the WG reaches
consensus in full awareness that this is how the protocol will need
to be operated and managed. Working groups should avoid having
manageability pushed for a later/never phase of the development of
the standard.
Listed here are a number of protocols that have reached Proposed
Standard status or higher within the IETF.
5.1. SNMP
SNMP [RFC3410] is a Full Standard, and is widely used for monitoring
networks. Some operators use SNMP for configuration in various
environments/technologies while others find SNMP an inappropriate
choice for configuration in their environments.
SNMP relies on the MIB. MIB module support is uneven across vendors,
and even within devices. The lack of MIB module support for all
functionality in a device forces operators to use other protocols
such as a CLI to do configuration of some aspects of their managed
devices, and it is easier to use one protocol for all configuration
Harrington Expires March 15, 2008 [Page 18]
Internet-Draft Ops and Mgmt Guidelines September 2007
than to split the task across multiple protocols.
SNMP is good at determining operational state of specific
functionality, but not necessarily for the complete operational state
of a managed device.
SNMP is good for statistics gathering for specific functionality.
The wide-spread use of counters in standard MIB modules permits the
interoperable comparison of statistics across devices from different
vendors. SNMP is often used to poll a device for sysUpTime, which
serves to check for operational liveness and discontinuity in
counters.
SNMP notifications can alert an operator or an application when an
aspect of the new protocol fails or encounters an error condition,
and the contents of a notification can be used to guide subsequent
SNMP polling to gather additional information about an event.
SNMPv1 and SNMPv2c lack strong security, and are not recommended by
the IETF. SNMPv3 does offer strong security and is recommended by
the IETF.
5.2. SYSLOG
The SYSLOG protocol [I-D.ietf-syslog-protocol] provides a transport
to allow a machine to send event notification messages across IP
networks to event message collectors. Since each process,
application and operating system was written somewhat independently,
there has been little uniformity to the content of SYSLOG messages.
The protocol is simply designed to transport these event messages.
No acknowledgement of the receipt is made. One of the fundamental
tenets of the SYSLOG protocol and process is its simplicity. No
stringent coordination is required between the transmitters and the
receivers. Indeed, the transmission of SYSLOG messages may be
started on a device without a receiver being configured, or even
actually physically present. Conversely, many devices will most
likely be able to receive messages without explicit configuration or
definitions. This simplicity has greatly aided the acceptance and
deployment of SYSLOG.
The IETF has developed a new Proposed Standard version of the message
format and protocol that allows the use of any number of transport
protocols for transmission of SYSLOG messages, including secure
transports, and allows vendor-specific extensions to be provided in a
structured way. The IETF has standardized the new format for SYSLOG
messages to improve interoperability between compliant
implementations, and standardized the application of message security
to SYSLOG messages.
Harrington Expires March 15, 2008 [Page 19]
Internet-Draft Ops and Mgmt Guidelines September 2007
5.3. IPFIX
There are several applications e.g., usage-based accounting, traffic
profiling, traffic engineering, attack/intrusion detection, QoS
monitoring, that require flow-based IP traffic measurements.
IPFIX [I-D.ietf-ipfix-protocol] is a Proposed Standard approach for
transmitting IP traffic flow information over the network from an
exporting process to an information collecting process. IPFIX
defines a common representation of flow data and a standard means of
communicating the data over a number of transport protocols. IPFIX
is still in process and some aspects have not yet become Proposed
Standards.
[TODO: update as needed]
5.4. NETCONF
The NETCONF protocol [RFC4741] is a Proposed Standard that defines a
simple mechanism through which a network device can be managed,
configuration data information can be retrieved, and new
configuration data can be uploaded and manipulated. The protocol
allows the device to expose a full, formal application programming
interface (API). Applications can use this straightforward API to
send and receive full and partial configuration data sets.
The NETCONF protocol uses a remote procedure call (RPC) paradigm. A
client encodes an RPC in XML and sends it to a server using a secure,
connection-oriented session. The server responds with a reply
encoded in XML.
A key aspect of NETCONF is that it allows the functionality of the
management protocol to closely mirror the native command line
interface of the device. This reduces implementation costs and
allows timely access to new features. In addition, applications can
access both the syntactic and semantic content of the device's native
user interface.
The contents of both the request and the response can be fully
described in XML DTDs or XML schemas, or both, allowing both parties
to recognize the syntax constraints imposed on the exchange. As of
this writing, no standard has been developed for data content
specification.
5.5. COPS-PR
COPS-PR and the Structure of Policy Provisioning Information (SPPI)
have been approved as Proposed Standards. COPS-PR [RFC3084] uses the
Harrington Expires March 15, 2008 [Page 20]
Internet-Draft Ops and Mgmt Guidelines September 2007
Common Open Policy Service (COPS) protocol for support of policy
provisioning. The COPS-PR specification is independent of the type
of policy being provisioned (QoS, Security, etc.) but focuses on the
mechanisms and conventions used to communicate provisioned
information between policy-decision-points (PDPs) and policy
enforcement points (PEPs). COPS-PR does not make any assumptions
about the policy data model being communicated, but describes the
message formats and objects that carry the modeled policy data.
Policy data is modeled using Policy Information Base modules (PIB
modules).
COPS-PR has not had wide deployment, and operators have stated that
its use of binary encoding (BER) for management data makes it
difficult to develop automated scripts for simple configuration
management tasks in most text-based scripting languages. In an IAB
Workshop on Network Management [RFC3535], the consensus of operators
and protocol developers indicated a lack of interest in PIB modules
for use with COPS-PR. As a result, the IESG has not approved any
policy models (PIB modules) as an IETF standard.
5.6. RADIUS
RADIUS [RFC2865], the remote Authentication Dial In User Service, is
a Draft Standard that describes a protocol for carrying
authentication, authorization, and configuration information between
a Network Access Server which desires to authenticate its links and a
shared Authentication Server. This protocol is widely implemented
and used.
5.7. Diameter
DIAMETER [RFC3588] is a Proposed Standard that provides an
Authentication, Authorization and Accounting (AAA) framework for
applications such as network access or IP mobility. DIAMETER is also
intended to work in both local Authentication, Authorization &
Accounting and roaming situations.
Diameter is designed to resolve a number of known problems with
RADIUS. Diameter supports server failover, transmission-level
security, reliable transport over TCP, agents for proxy and redirect
and relay, server-initiated messages, auditability, capability
negotiation, peer discovery and configuration, and roaming support.
Diameter also provides a larger attribute space than RADIUS.
RADIUS is widely used within single administrative domains. Diameter
features make it especially appropriate for environments where the
providers of services are in different administrative domains than
the maintainer (protector) of confidential user information.
Harrington Expires March 15, 2008 [Page 21]
Internet-Draft Ops and Mgmt Guidelines September 2007
5.8. EPP
The Extensible Provision Protocol [RFC4930] is a Draft Standard that
describes an application layer client-server protocol for the
provisioning and management of objects stored in a shared central
repository. EPP permits multiple service providers to perform object
provisioning operations using a shared central object repository, and
addresses the requirements for a generic registry registrar protocol.
5.9. XCAP
XCAP [RFC4825] is a Proposed Standard protocol that allows a client
to read, write, and modify application configuration data stored in
XML format on a server.
5.10. Other Protocols
A command line interface (CLI) might be used to provide initial
configuration of the target functionality. Command line interfaces
are usually proprietary, but working groups could suggest specific
commands and command parameters that would be useful in configuring
the new protocol, so implementers could have similarities in their
proprietary CLI implementations.
[DISCUSS: Routing and control plane people may prefer NETCONF since
it is close to CLIs which seem to rule in this space. ]
[DISCUSS] Other PS-level NM protocols? SIP NM?
6. Existing IETF Data Models
[DISCUSS: JS: The weakest part of the document is IMHO section 6. It
is not clear to me what David's intention were here; sometimes he
gives general advise while at other places he kind of surveys data
models and such things. I am also not sure all the stuff listed
there is actually useful to list; for example, has anybody ever
deployed the technology which came out of the snmpconf working group?
So we need to be more selective and probably also organize our
pointers based on the protocol layer people are working on
(transmission specific MIB modules are kind of widely used, people
managing application servers usually do not use much of SNMP; the
IETF application management MIBs we have produced have not gained
large deployments as far as I can tell). ]
[DISCUSS: David: Some MIB modules may not be deployed because few
people know about them and has never tried them. Others may have
been tried and been found to be inadequate. We have very little
feedback concerning which ones are useful and which are widely
Harrington Expires March 15, 2008 [Page 22]
Internet-Draft Ops and Mgmt Guidelines September 2007
deployed, which have been found useful by operators, and which have
been found to be junk. ;-) I hesitate to make recommendations that
people should avoid a MIB unless there is real evidence that is is
unsuitable for its designed task. Even then, I hesitate because
maybe the MIB would be found useful in a different environment that
is just emerging. Maybe we need to perform a de-crufting operation
for data models, similar to that done for protocols a few years ago.
But I think that would require feedback from LOTS of operators and
application developers - and these tend to be scarce in the IETF. ]
The purpose of this section is to inform protocol designers about
solutions for which components have already been standardized in the
IETF, so they can reuse existing solutions or use those solutions to
extract information models that could be applied to new solutions.
This section discusses management data models that have reached at
least Proposed Standard status in the IETF. Because making
management information available through the MIB has long been the
IETF-preferred approach for managing the Internet, there are a large
number of MIB modules available. Rather than attempt to discuss each
here, with a discussion of the tables they contain, this section will
focus on those MIB modules that have reached at least Draft status,
and some commonly deployed MIB modules. This is supplemented by an
appendix that lists additional MIB modules that have reached Proposed
Standard status.
[TODO] discuss specific MIB modules, SDEs, XML schemas that are
designed to solve generic problems. This might cover things like
Textual Conventions, RFC3415 Target tables, SYSLOG SDEs defined in
-protocol-, SYSLOG -sign-, IPFIX IEs, etc.
6.1. Fault Management
SNMP notifications and SYSLOG messages can alert an operator when an
aspect of the new protocol fails or encounters an error condition,
and SNMP is frequently used as a heartbeat monitor.
The IETF standards-track version of the SYSLOG protocol
[I-D.ietf-syslog-protocol] includes a mechanism for defining
structured data elements (SDEs). The SYSLOG protocol document
defines an initial set of SDEs that relate to content time quality,
content origin, and meta-information about the message, such as
language. Proprietary SDEs can be used to supplement the IETF-
defined SDEs.
RFC 3418 [RFC3418], part of STD 62 SNMP, contains objects in the
system group that are often polled to determine if a device is still
operating, and sysUpTime can be used to detect if a system has
Harrington Expires March 15, 2008 [Page 23]
Internet-Draft Ops and Mgmt Guidelines September 2007
rebooted, and counters have been reinitialized.
RFC3413 [RFC3413], part of STD 62 SNMP, includes objects designed for
managing notifications, including tables for addressing, retry
parameters, security, lists of targets for notifications, and user
customization filters.
An RMON monitor [RFC2819] can be configured to recognize conditions,
most notably error conditions, and continuously to check for them.
When one of these conditions occurs, the event may be logged, and
management stations may be notified in a number of ways. See further
discussion of RMON under Performance Management.
Protocol designers should always build in basic testing features
(e.g. ICMP echo, UDP/TCP echo service, NULL RPC calls) that can be
used to test for liveness, with an option to enable and disable them.
The ALARM MIB in RFC 3877 and the Alarm Reporting Control MIB in RFC
3878 specify mechanisms for expressing state transition models for
persistent problem states. There is also a mechanism specified to
correlate a notification with subsequent state transition
notifications about the same entity/object.
Other MIB modules that may be applied to Fault Management include:
NOTIFICATION-LOG-MIB in RFC 3014
ENTITY-STATE-MIB in RFC 4268
ENTITY-SENSOR-MIB in RFC 4268
6.2. Configuration Management
It is expected that standard XML-based data models will be developed
for use with NETCONF, and working groups might identify specific
NETCONF data models that would be applicable to the new protocol. At
the time of this writing, no such standard data models exist.
RFC3159 [RFC3159] discusses the Structure of Policy Provisioning
Information, an extension to the SMI standard for purposes of policy-
based provisioning, for use with the COPS-PR protocol defined in
RFC3084 [RFC3084]. RFC3317 [RFC3317] defines a DiffServ QoS PIB. At
the time of this writing, there are no standards-track PIBs. During
the IAB Workshop on Network Management, the workshop had rough
consensus from the protocol developers that the IETF should not spend
resources on SPPI PIB definitions, and the operators had rough
consensus that they do not care about SPPI PIBs.
Harrington Expires March 15, 2008 [Page 24]
Internet-Draft Ops and Mgmt Guidelines September 2007
For monitoring network configuration, such as physical and logical
network topologies, existing MIB modules already exist that provide
some of the desired capabilities. New MIB modules might be developed
for the target functionality to allow operators to monitor and modify
the operational parameters, such as timer granularity, event
reporting thresholds, target addresses, and so on.
RFC 3418 [RFC3418], part of STD 62 SNMPv3, contains objects in the
system group that are often polled to determine if a device is still
operating, and sysUpTime can be used to detect if a system has
rebooted and caused potential discontinuity in counters. Other
objects in the system MIB are useful for identifying the type of
device, the location of the device, the person responsible for the
device, etc.
RFC3413 [RFC3413], part of STD 62 SNMPv3, includes objects designed
for configuring notification destinations, and for configuring proxy-
forwarding SNMP agents, which can be used to forward messages through
firewalls and NAT devices.
Draft Standard RFC2863 [RFC2863], the Interfaces MIB is used for
managing Network Interfaces. This includes the 'interfaces' group of
MIB-II and discusses the experience gained from the definition of
numerous media-specific MIB modules for use in conjunction with the
'interfaces' group for managing various sub-layers beneath the
internetwork-layer.
Proposed Standard RFC4133 [RFC4133] the Entity MIB is used for
managing multiple logical and physical entities managed by a single
SNMP agent. This module provides a useful mechanism for identifying
the entities comprising a system. There are also event notifications
defined for configuration changes that may be useful to management
applications.
Informational RFC3512 [RFC3512] discusses using SNMP to do
configuration management, including policy-based configuration
management.
Proposed Standard RFC4011 [RFC4011] defines objects that enable
policy-based monitoring and management of SNMP infrastructures, a
scripting language, and a script execution environment.
6.3. Accounting Management
RFC2975 discusses how RADIUS, TACACS+, and SNMP might be used for
these purposes. While this discussion is now dated, many of the
issues remain relevant, and new protocols might be better to address
those issues.
Harrington Expires March 15, 2008 [Page 25]
Internet-Draft Ops and Mgmt Guidelines September 2007
RADIUS [RFC2865] or DIAMETER [RFC3588] accounting might be collected
for services, and working groups might document some of the RADIUS/
DIAMETER attributes that could be used.
The IPFIX protocol [I-D.ietf-ipfix-protocol] can collect information
related to IP flows, and existing Information Elements (IEs) may be
appropriate to report flows of the new protocol. New IPFIX
Information Elements might be useful for collecting flow information
useful only in consideration of the new protocol. As of this
writing, no IEs have reached Proposed Standard status yet, but a base
set of IEs has been submitted to IESG for advancement. These include
IEs for Identifying the scope of reporting, Metering and Export
Process configuration, IP and Transport and Sub-IP header fields,
Packet and Flow properties, timestamps, and counters.
RFC3159 discusses the Proposed Standard Structure of Policy
Provisioning Information (SPPI), an extension to the SMI standard for
purposes of policy-based provisioning, for use with the COPS-PR
protocol defined in RFC3084. Informational RFC3317 defines a
DiffServ QoS PIB, and Informational RFC3571 defines policy classes
for monitoring and reporting policy usage feedback, as well as policy
classes for controlling reporting intervals, suspension, resumption
and solicitation. At the time of this writing, there are no
standards-track PIBs During the IAB Workshop on Network Management,
the workshop had rough consensus from the protocol developers that
the IETF should not spend resources on SPPI PIB definitions, and the
operators had rough consensus that they do not care about SPPI PIBs.
6.4. Performance Management
Working groups should consider how performance can be monitored for
the new protocol.
MIB modules typically contain counters to determine the frequency and
rate of an occurrence.
RFC2819, STD 59 RMON, defines objects for managing remote network
monitoring devices. An organization may employ many remote
management probes, one per network segment, to manage its internet.
These devices may be used for a network management service provider
to access a client network, often geographically remote. Most of the
objects in the RMON MIB module are suitable for the management of any
type of network, and there are some which are specific to managing
Ethernet networks.
RMON allows a probe to be configured to perform diagnostics and to
collect statistics continuously, even when communication with the
management station may not be possible or efficient. The alarm group
Harrington Expires March 15, 2008 [Page 26]
Internet-Draft Ops and Mgmt Guidelines September 2007
periodically takes statistical samples from variables in the probe
and compares them to previously configured thresholds. If the
monitored variable crosses a threshold, an event is generated.
The RMON host group discovers hosts on the network by keeping a list
of source and destination MAC Addresses seen in good packets
promiscuously received from the network, and contains statistics
associated with each host. The hostTopN group is used to prepare
reports that describe the hosts that top a list ordered by one of
their statistics. The available statistics are samples of one of
their base statistics over an interval specified by the management
station. Thus, these statistics are rate based. The management
station also selects how many such hosts are reported.
The RMON matrix group stores statistics for conversations between
sets of two addresses. The filter group allows packets to be matched
by a filter equation. These matched packets form a data stream that
may be captured or may generate events. The Packet Capture group
allows packets to be captured after they flow through a channel. The
event group controls the generation and notification of events from
this device.
The RMON-2 MIB [RFC4502] extends RMON by providing RMON analysis up
to the application layer. The SMON MIB [RFC2613] extends RMON by
providing RMON analysis for switched networks. RAQMON [RFC4710]
describes Real-Time Application Quality of Service Monitoring.
DISMAN-EVENT-MIB in RFC 2981 and DISMAN-EXPRESSION-MIB in RFC 2982
provide a superset of the capabilities of the RMON alarm and event
groups. These modules provide mechanisms for thresholding and
reporting anomalous events to management applications.
SIP Package for Voice Quality Reporting
[I-D.ietf-sipping-rtcp-summary] defines a SIP event package that
enables the collection and reporting of metrics that measure the
quality for Voice over Internet Protocol (VoIP) sessions.
The IPPM WG has defined metrics for accurately measuring and
reporting the quality, performance, and reliability of Internet data
delivery services. The metrics include connectivity, one-way delay
and loss, round-trip delay and loss, delay variation, loss patterns,
packet reordering, bulk transport capacity, and link bandwidth
capacity
The Benchmarking Methodology WG (bmwg) has defined recommendations
for the measurement of the performance characteristics of various
internetworking technologies in a laboratory environment, including
the systems or services that are built from these technologies. Each
Harrington Expires March 15, 2008 [Page 27]
Internet-Draft Ops and Mgmt Guidelines September 2007
recommendation describes the class of equipment, system, or service
being addressed; discuss the performance characteristics that are
pertinent to that class; clearly identify a set of metrics that aid
in the description of those characteristics; specify the
methodologies required to collect said metrics; and lastly, present
the requirements for the common, unambiguous reporting of
benchmarking results.
6.5. Security Management
Working groups should consider existing data models that would be
relevant to monitoring and managing the security of the new protocol.
IPsec Security Policy IPsec Action MIB
[I-D.ietf-ipsp-ipsecaction-mib] defines a MIB module for
configuration of an IPsec action within the IPsec security policy
database (SPD). [TODO: this is not yet a PS, and has dependencies on
a dead document?]
IPsec Security Policy IKE Action MIB [I-D.ietf-ipsp-ikeaction-mib]
defines a MIB module for configuration of an Internet Key Exchange
(IKE) [RFC4306] action within the IPsec security policy database
(SPD). [TODO: this is not yet a PS, and has dependencies on a dead
document?]
[DISCUSS: why are security protocols like TLS and SSH not required to
be manageable? e.g., no MIB modules exist for these protocols.]
Standard SNMP notifications or SYSLOG messages
[I-D.ietf-syslog-protocol] might already exist, or can be defined, to
alert operators to the conditions identified in the security
considerations for the new protocol.
An analysis of existing counters might help operators recognize the
conditions identified in the security considerations for the new
protocol before they can impact the network.
RADIUS and DIAMETER can provide authentication and authorization. A
working group should consider which attributes would be appropriate
for their protocol.
Different protocols use different assumptions about message security
and data access controls. A working group that recommends using
different protocols should consider how security will be applied in a
balanced manner across multiple management interfaces. SNMP access
control is data-oriented, while CLI access control is usually command
(task) oriented. Depending on the management function, sometimes
data-oriented or task-oriented access control makes more sense.
Harrington Expires March 15, 2008 [Page 28]
Internet-Draft Ops and Mgmt Guidelines September 2007
Working groups should consider both data-oriented and task-oriented
access control.
7. Documentation Guidelines
The purpose of this document is to provide guidance about what to
consider when thinking about the management and deployment of a new
protocol, and to provide guidance about documenting the
considerations should a working group choose to do so. The following
guidelines are designed to help writers provide a reasonably
consistent format to such documentation. Separate manageability and
operational considerations sections are desirable in many cases, but
their structure and location is a decision that can be made from case
to case.
Making a Management Considerations section a mandatory publication
requirement is the responsibility of the IESG, or specific area
directors, or working groups, and this document avoids recommending
any mandatory publication requirements. For a complex protocol, a
completely separate draft on operations and management might be
appropriate, or even a completely separate WG.
This document is focused on what to think about, and how to document
the considerations of the working group.
7.1. Recommended Discussions
A Manageability Considerations section should include discussion of
the management and operations topics raised in this document, and
when one or more of these topics is not relevant, it would be useful
to contain a simple statement explaining why the topic is not
relevant for the new protocol. Of course, additional relevant topics
should be included as well.
7.2. Null Manageability Considerations Sections
A working group may seriously consider the manageability requirements
of a new protocol, and determine that there are no manageability
issues related to the new protocol. It would be helpful to those who
may update or write extensions to the protocol in the future or to
those deploying the new protocol to know the thinking of the working
regarding the manageability of the protocol at the time of its
design.
If there are no new manageability or deployment considerations, it is
recommended that a Manageability Considerations section contain a
simple statement such as "There are no new manageability requirements
introduced by this document," and a brief explanation of why that is
Harrington Expires March 15, 2008 [Page 29]
Internet-Draft Ops and Mgmt Guidelines September 2007
the case. The presence of such a Manageability Considerations
section would indicate to the reader that due consideration has been
given to manageability and operations.
In the case where the new protocol is an extension, and the base
protocol discusses all the relevant operational and manageability
considerations, it would be helpful to point out the considerations
section in the base document.
7.3. Placement of Operations and Manageability Considerations Sections
If a working group develops a Manageability Considerations section
for a new protocol, it is recommended that the section be placed
immediately before the Security Considerations section. Reviewers
interested in such sections could find it easily, and this placement
could simplify the development of tools to detect the presence of
such a section.
8. IANA Considerations
This document does not introduce any new codepoints or name spaces
for registration with IANA. Note to RFC Editor: this section may be
removed on publication as an RFC.
9. Security Considerations
This document is informational and provides guidelines for
considering manageability and operations. It introduces no new
security concerns.
10. Acknowledgements
This document started from an earlier document edited by Adrian
Farrel, which itself was based on work exploring the need for
Manageability Considerations sections in all Internet-Drafts produced
within the Routing Area of the IETF. That earlier work was produced
by Avri Doria, Loa Andersson, and Adrian Farrel, with valuable
feedback provided by Pekka Savola and Bert Wijnen.
Some of the discussion about designing for manageability came from
private discussions between Dan Romascanu, Bert Wijnen, Juergen
Schoenwaelder, Andy Bierman, and David Harrington.
11. Informative References
[I-D.ietf-ipfix-protocol] Claise, B., "Specification of the
IPFIX Protocol for the Exchange of
IP Traffic Flow Information",
Harrington Expires March 15, 2008 [Page 30]
Internet-Draft Ops and Mgmt Guidelines September 2007
draft-ietf-ipfix-protocol-26 (work
in progress), September 2007.
[I-D.ietf-ipsp-ikeaction-mib] Hardaker, W., "IPsec Security Policy
IKE Action MIB",
draft-ietf-ipsp-ikeaction-mib-02
(work in progress), November 2006.
[I-D.ietf-ipsp-ipsecaction-mib] Hardaker, W., "IPsec Security Policy
IPsec Action MIB",
draft-ietf-ipsp-ipsecaction-mib-02
(work in progress), November 2006.
[I-D.ietf-sipping-rtcp-summary] Pendleton, A., "Session Initiation
Protocol Package for Voice Quality
Reporting Event",
draft-ietf-sipping-rtcp-summary-02
(work in progress), May 2007.
[I-D.ietf-syslog-protocol] Gerhards, R., "The syslog Protocol",
draft-ietf-syslog-protocol-23 (work
in progress), September 2007.
[RFC1052] Cerf, V., "IAB recommendations for
the development of Internet network
management standards", RFC 1052,
April 1988.
[RFC2119] Bradner, S., "Key words for use in
RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119,
March 1997.
[RFC2578] McCloghrie, K., Ed., Perkins, D.,
Ed., and J. Schoenwaelder, Ed.,
"Structure of Management Information
Version 2 (SMIv2)", STD 58,
RFC 2578, April 1999.
[RFC2613] Waterman, R., Lahaye, B., Romascanu,
D., and S. Waldbusser, "Remote
Network Monitoring MIB Extensions
for Switched Networks Version 1.0",
RFC 2613, June 1999.
[RFC2819] Waldbusser, S., "Remote Network
Monitoring Management Information
Base", STD 59, RFC 2819, May 2000.
Harrington Expires March 15, 2008 [Page 31]
Internet-Draft Ops and Mgmt Guidelines September 2007
[RFC2863] McCloghrie, K. and F. Kastenholz,
"The Interfaces Group MIB",
RFC 2863, June 2000.
[RFC2865] Rigney, C., Willens, S., Rubens, A.,
and W. Simpson, "Remote
Authentication Dial In User Service
(RADIUS)", RFC 2865, June 2000.
[RFC2975] Aboba, B., Arkko, J., and D.
Harrington, "Introduction to
Accounting Management", RFC 2975,
October 2000.
[RFC3060] Moore, B., Ellesson, E., Strassner,
J., and A. Westerinen, "Policy Core
Information Model -- Version 1
Specification", RFC 3060,
February 2001.
[RFC3084] Chan, K., Seligson, J., Durham, D.,
Gai, S., McCloghrie, K., Herzog, S.,
Reichmeyer, F., Yavatkar, R., and A.
Smith, "COPS Usage for Policy
Provisioning (COPS-PR)", RFC 3084,
March 2001.
[RFC3139] Sanchez, L., McCloghrie, K., and J.
Saperia, "Requirements for
Configuration Management of IP-based
Networks", RFC 3139, June 2001.
[RFC3159] McCloghrie, K., Fine, M., Seligson,
J., Chan, K., Hahn, S., Sahita, R.,
Smith, A., and F. Reichmeyer,
"Structure of Policy Provisioning
Information (SPPI)", RFC 3159,
August 2001.
[RFC3290] Bernet, Y., Blake, S., Grossman, D.,
and A. Smith, "An Informal
Management Model for Diffserv
Routers", RFC 3290, May 2002.
[RFC3317] Chan, K., Sahita, R., Hahn, S., and
K. McCloghrie, "Differentiated
Services Quality of Service Policy
Information Base", RFC 3317,
Harrington Expires March 15, 2008 [Page 32]
Internet-Draft Ops and Mgmt Guidelines September 2007
March 2003.
[RFC3410] Case, J., Mundy, R., Partain, D.,
and B. Stewart, "Introduction and
Applicability Statements for
Internet-Standard Management
Framework", RFC 3410, December 2002.
[RFC3413] Levi, D., Meyer, P., and B. Stewart,
"Simple Network Management Protocol
(SNMP) Applications", STD 62,
RFC 3413, December 2002.
[RFC3418] Presuhn, R., "Management Information
Base (MIB) for the Simple Network
Management Protocol (SNMP)", STD 62,
RFC 3418, December 2002.
[RFC3444] Pras, A. and J. Schoenwaelder, "On
the Difference between Information
Models and Data Models", RFC 3444,
January 2003.
[RFC3460] Moore, B., "Policy Core Information
Model (PCIM) Extensions", RFC 3460,
January 2003.
[RFC3512] MacFaden, M., Partain, D., Saperia,
J., and W. Tackabury, "Configuring
Networks and Devices with Simple
Network Management Protocol (SNMP)",
RFC 3512, April 2003.
[RFC3535] Schoenwaelder, J., "Overview of the
2002 IAB Network Management
Workshop", RFC 3535, May 2003.
[RFC3585] Jason, J., Rafalow, L., and E.
Vyncke, "IPsec Configuration Policy
Information Model", RFC 3585,
August 2003.
[RFC3588] Calhoun, P., Loughney, J., Guttman,
E., Zorn, G., and J. Arkko,
"Diameter Base Protocol", RFC 3588,
September 2003.
[RFC3644] Snir, Y., Ramberg, Y., Strassner,
Harrington Expires March 15, 2008 [Page 33]
Internet-Draft Ops and Mgmt Guidelines September 2007
J., Cohen, R., and B. Moore, "Policy
Quality of Service (QoS) Information
Model", RFC 3644, November 2003.
[RFC3670] Moore, B., Durham, D., Strassner,
J., Westerinen, A., and W. Weiss,
"Information Model for Describing
Network Device QoS Datapath
Mechanisms", RFC 3670, January 2004.
[RFC3805] Bergman, R., Lewis, H., and I.
McDonald, "Printer MIB v2",
RFC 3805, June 2004.
[RFC4011] Waldbusser, S., Saperia, J., and T.
Hongal, "Policy Based Management
MIB", RFC 4011, March 2005.
[RFC4133] Bierman, A. and K. McCloghrie,
"Entity MIB (Version 3)", RFC 4133,
August 2005.
[RFC4306] Kaufman, C., "Internet Key Exchange
(IKEv2) Protocol", RFC 4306,
December 2005.
[RFC4502] Waldbusser, S., "Remote Network
Monitoring Management Information
Base Version 2", RFC 4502, May 2006.
[RFC4710] Siddiqui, A., Romascanu, D., and E.
Golovinsky, "Real-time Application
Quality-of-Service Monitoring
(RAQMON) Framework", RFC 4710,
October 2006.
[RFC4741] Enns, R., "NETCONF Configuration
Protocol", RFC 4741, December 2006.
[RFC4825] Rosenberg, J., "The Extensible
Markup Language (XML) Configuration
Access Protocol (XCAP)", RFC 4825,
May 2007.
[RFC4930] Hollenbeck, S., "Extensible
Provisioning Protocol (EPP)",
RFC 4930, May 2007.
Harrington Expires March 15, 2008 [Page 34]
Internet-Draft Ops and Mgmt Guidelines September 2007
Appendix A. Operations and Management Checklist
This appendix provides a quick summary of issues to consider.
are configuration parameters clearly identified?
are configuration parameters normalized?
does each configuration parameter have a reasonable default value?
is protocol state information exposed to the user? How?
is protocol performance information exposed to the user? How?
are significant state transitions logged?
Appendix B. Additional MIB Modules on the Standards Track
Appendix C. Change Log
Changes from harrington-01 to opsawg-00
added text regarding operational models to be managed.
Added checklist appendix (to be filled in after consensus is
reached on main text )
Changes from harrington-00 to harrington-01
modified unclear text in "Design for Operations and Management"
Expanded discussion of counters
Removed some redundant text
Added ACLs to Security Management
Expanded discussion of the status of COPS-PR, SPPI, and PIBs.
Expanded comparison of RADIUS and Diameter.
Added placeholders for EPP and XCAP protocols.
Added Change Log and Open Issues
Harrington Expires March 15, 2008 [Page 35]
Internet-Draft Ops and Mgmt Guidelines September 2007
Author's Address
David Harrington
Huawei Technologies USA
1700 Alma Dr, Suite 100
Plano, TX 75075
USA
Phone: +1 603 436 8634
Fax:
EMail: dharrington@huawei.com
URI:
Harrington Expires March 15, 2008 [Page 36]
Internet-Draft Ops and Mgmt Guidelines September 2007
Full Copyright Statement
Copyright (C) The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Acknowledgement
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
Harrington Expires March 15, 2008 [Page 37]
| PAFTECH AB 2003-2026 | 2026-04-23 05:52:19 |