introduc)on*to*the*operaons*and* …introduc)on*to*the*operaons*and* managementareain*the*ietf*...
TRANSCRIPT
Overview
• Scope of the area • Rela)on to other areas and external groups • Current WGs • Introduc)on to management protocols • Hot topics this week
1
2
Opera)ons and Management Area
• Opera)ng a network – Opera)onal feedback, best prac)ces – Network protocol deployment guidelines
• Managing a network – MIBs – Flows – Measurement – Configura)on
3
How Do You Work This Thing?
4
GROW
IDR
SIDR
(NOGs)
RPSEC
Spec Opera)onal Experience
How-‐To
Fix Needed
Current WGs Managing stuff • eman Energy Management • ipfix IP Flow Informa)on Export • netconf Network Configura)on • netmod NETCONF Data Modeling Language • dime Diameter Maintenance and Extensions • radext RADIUS EXTensions • bmwg Benchmarking Methodology • lmap Large-‐Scale Measurement of Broadband Performance • ucan BoF Use Cases for Autonomic Networking
Opera)ng stuff (and providing operator feedback on specifica)ons) • dnsop Domain Name System Opera)ons • grow Global Rou)ng Opera)ons • mboned MBONE Deployment • opsawg Opera)ons and Management Area Working Group • opsec Opera)onal Security Capabili)es for IP Network Infrastructure • v6ops IPv6 Opera)ons • wpkops Web PKI OPS 5
eman Energy Management
• Chairs: Nevil Brownlee, Tom Nadeau • Develop communica)on for a device to be aware of its power needs and consump)on, and respond appropriately
• Requirements (RFC) and architecture doc (RFC editor queue) complete
• 3 MIB modules on the IESG table • Only one document led: the applicability statement
• May be winding down
6
Exploring Further
• Want to know more about a WG? – heps://datatracker.ieg.org/wg/eman/ – hep://tools.ieg.org/wg/eman
• Ac)ve WG documents, interes)ng documents • Links to: – Charter – WG chairs – Mailing list subscrip)on, archives
7
8
9
. . .
10
ipfix IP Flow eXport
• Chairs: Nevil Brownlee, Juergen Quieek • Improve the IPFIX protocol, used for providing data about flows in a network.
• Protocol is deployed, many RFCs • Only one document led: expor)ng MIB variable in IPFIX
• May be winding down
11
netconf NETwork CONFigura)on
• Chairs: Mehmet Ersue, Bert Wijnen • Provide standard mechanisms to configure network devices.
• Basic protocol complete, addi)onal work con)nues.
12
netmod NETconf data MODeling language
• Chairs: Tom Nadeau, Jürgen Schönwälder • Data modeling language for NETCONF. • Ac)ve work in progress on NETMOD 1.1, YANG update, models for rou)ng, system management.
• YANG tutorial going on right now, un)l 1800 in Salon B
13
dime DIameter Maintenance and Extensions • Chairs: Jouni Korhonen, Lionel Morand • Update Diameter based on experience and new use cases.
• AAA (Authen)ca)on, Authoriza)on, and Accoun)ng) tutorial at IETF89 – hep://www.ieg.org/proceedings/89/train-‐6.html
• Work well under way.
14
radext RADius EXTensions
• Chairs: Jouni Korhonen, Stefan Winter • Extend RADIUS with greater aeributes, improve security.
• AAA (Authen)ca)on, Authoriza)on, and Accoun)ng) tutorial at IETF89 – hep://www.ieg.org/proceedings/89/train-‐6.html
• Work well under way.
15
bmwg Benchmarking Methodology
• Chairs: Sarah Banks, Al Morton • Recommenda)ons on performance of networking technologies and devices.
• Long-‐lived group with ongoing work in benchmarking BGP convergence, SIP, traffic management, neighbor discovery, virtual network func)ons, . . .
16
lmap Large-‐Scale Measurement of Broadband Performance
• Chairs: Dan Romascanu, Jason Weil • Define an architecture to measure broadband networks, work with IPPM to define a performance metric registry
• Framework and use cases well under way
17
dnsop DNS Opera)ons
• Chairs: Tim Wicinski, Suzanne Woolf • Opera)ng DNS sodware, administering zones • Always ac)ve.
18
grow Global Rou)ng Opera)ons
• Chairs: Chris Morrow, Peter Schoenmaker • Document issues and opera)onal prac)ces with BGP, rou)ng table size, IGP/EGP interac)on, security, and VPN.
• Always ac)ve.
19
mboned MBONE Deployment
• Chairs: Leonard Giuliano, Greg Shepherd • Deployment and opera)on of mul)cast rou)ng protocols.
• Work is well under way.
20
opsawg Opera)ons and Management Area WG • Chairs: Scoe Bradner, Warren Kumari • Catch-‐all for work that doesn’t fit into an exis)ng WG, but isn’t big enough to jus)fy crea)ng a new WG.
• Current topics include management of constrained devices, CAPWAP updates, VM MIB.
21
opsec Opera)onal Security Capabili)es for IP
Network Infrastructure • Chairs: KK Chivmaneni, Gunter Van de Velde • Best prac)ces for network security. • Several ac)ve topics.
22
ucan Use Cases for Autonomic Networking • BoF chairs: Brian Carpenter and Michael Behringer
• Non-‐WG forming BoF • Self-‐management, including self-‐configura)on, self-‐op)miza)on, self-‐healing and self-‐protec)on
23
v6ops IPv6 Opera)ons
• Chairs: Fred Baker, Lee Howard • Deploying and running a dual-‐stack network. • Guidelines for operators, DHCPv6 v. SLAAC, ULA considera)ons, power, etc.
24
wpkops Web PKI OPS
• Chairs: Tim Moses, Jeremy Rowley • Running a PKI, making web security more predictable.
• Work on trust model, cer)fica)on revoca)on in progress.
25
OPS Area Directorate Team of experienced operators who help the ADs improve their efficiency, par)cularly when preparing for IESG telechats, allowing them to focus on (poten)ally) troublesome documents and spend less )me on the trouble-‐free ones. Improving the documents is an important, but clearly not the primary, purpose. An addi)onal goal is to expose the OPS Directorate reviewers to work going on in other parts of the IETF. Reviews from OPS Directorate members do not, in and of themselves, cause the IESG to block a document. The reviews may, however, provide advice to the OPS ADs or convince other IESG members to challenge or block a document. The reviews, par)cularly those conducted in IETF last call and earlier, may also help the document editors improve their documents. heps://svn.tools.ieg.org/area/ops/trac/wiki/Directorates
26
Other Ops Area Directorates
• YANG Doctors hep://www.ieg.org/iesg/directorate/yang-‐doctors.html
• MIB Doctors hep://www.ieg.org/iesg/directorate/mib-‐doctors.html
• AAA-‐doctors (mailing list) hep://www.ieg.org/mail-‐archive/web/aaa-‐doctors/current/maillist.html
• Performance Metrics Directorate hep://www.ieg.org/iesg/directorate/performance-‐metrics.html
27
AN INTRODUCTION TO NETWORK MANAGEMENT PROTOCOLS
28
FCAPS
• Fault Management • Configura)on Management • Accoun)ng Management • Performance Management • Security Management
29
CF
APS
Fault Configura=on Accoun=ng Performance Security
SNMP Trap SNMP Set SNMP Get SNMP Get
IPFIX IPFIX IPFIX
CAPWAP
PSAMP NETCONF PSAMP PSAMP
syslog ANCP RADIUS Accoun)ng
RADIUS Auth/Auth
AUTOCONF Diameter Accoun)ng
Diameter Auth/Auth
ACAP
XCAP
DHCP 30 Credit: rfc6632
Other Considera)ons in Selec)ng Your Management Protocol
• Push vs. Pull • Passive vs. Ac)ve Monitoring
31
Push Pull Passive SNMP No)fica)ons
NETCONF No)fica)ons Syslog RADIUS Diameter
SNMP (exc. No)fica)ons) NETCONF (exc. No)fica)ons) CAPWAP
Ac)ve OWAMP TWAMP
SLIGHTLY DEEPER INVESTIGATION
32
SNMP
• Simple Network Management Protocol • Very common – Typically for monitoring resources on network elements • E.g., router port byte counters, CPU u)liza)on, error counters, traps
• Uses MIBs (Management Informa)on Base) • Each MIB defined by an RFC • Custom enterprise-‐specific MIBs possible
33
FC
AP
syslog
• Very common – Typically used to send errors and no)fica)ons to a syslog server
• Messages have a severity level, )mestamp, hostname, content
34
F
<34>1 2014-07-20T21:12:27.123Z server.example.com My hair is on fire.!!
IPFIX
• Internet Protocol Flow Informa)on eXport – Typically used to send flow data to a collector – Also used for usage billing, traffic profiling, traffic engineering, intrusion detec)on, and QoS monitoring
• Uses IPFIX Informa)on Elements (IEs) • New IEs can be created • Custom enterprise-‐specific IEs possible
35
F
AP
PSAMP
• Packet SAMPling • Extends IPFIX by sending (instead of flow counters) details about a sampled set of packets within the flow
• Specifies sampling and filtering techniques • Uses IEs, can be extended
36
F
AP
NETCONF
• Network Configura)on • Uses YANG modules in XML • New YANG modules created via RFC • Custom enterprise-‐specific YANG modules possible
37
C
OWAMP/TWAMP
• One-‐Way/Two-‐Way Ac)ve Measurement Protocol – Typically used to probe connec)vity, delay, loss, jieer, bulk transport capacity, and link bandwidth capacity.
• New metrics can be added via RFC
38
P
RADIUS
• Remote Authen)ca)on Dial-‐In User Service • Very common – Typically used to authen)cate and authorize logins to network elements
• Uses TLVs (Type/Length/Value) data elements • Addi)onal TLVs can be defined via RFC • Vendor specific aeributes possible
39
S
A
Diameter
• 2r – Typically used to authen)cate and authorize logins to network elements, especially 3GPP
• Updates RADIUS to include secure transport, greater extensibility, flexibility, mobility, accoun)ng
• Uses AVPs (Aeribute-‐Value Pairs) • Addi)onal aeributes can be defined via RFC • Vendor Specific Aeributes (VSA) possible
40
S
A
CAPWAP
• Control and Provisioning of Wireless Access Points – Typically used for Controllers to manage WAPs
• Includes configura)on, debugging, sta)s)cs, logging, and firmware updates (FCAP)
• Uses TLVs (Type/Length/Value) data elements • Addi)onal TLVs can be defined via RFC • Vendor specific aeributes possible
41
FC
AP
Transports
• Transports – IPFIX Spec requires SCTP, supports TCP, UDP – Syslog uses UDP, though TCP and SCTP versions are available
– NETCONF requires SSH, may use TLS
• Security – IPFIX prefers SCTP – SNMPv3
42
Other References
• hep://tools.ieg.org/html/rfc6632 An Overview of the IETF Network Management Standards
• See also hep://tools.ieg.org/html/rfc6669 An Overview of the Opera=ons, Administra=on, and Maintenance (OAM)
• hep://www.ieg.org/proceedings/89/train-‐6.html AAA Training
43
HOT TOPICS
44
Hot topics / open issues
The IESG is aware of discussions in the OPS area and in a number of working groups about the current prac)ce for standards-‐based approaches to configura)on. The OPS area has shown strong support for the use of NETCONF/YANG while many working groups con)nue to specify MIB modules for this purpose. The IESG wishes to clarify this situa)on with this statement: IETF working groups are therefore encouraged to use the NETCONF/YANG standards for configura)on, especially in new charters. SNMP MIB modules crea)ng and modifying configura)on state should only be produced by working groups in cases of clear u)lity and consensus to use SNMP write opera)ons for configura)on, and in consulta)on with the OPS ADs/MIB doctors. heps://www.ieg.org/iesg/statement/writable-‐mib-‐module.html
45
WRITABLE MIBS
Hot topics / open issues
46
Working groups with especially lively discussion expected this week LMAP • Framework for measuring broadband performance DIME • Diameter Overload Control (drad-‐ieg-‐dime-‐ovli) DNSOP • Privacy, security • Wider distribu)on of the root zone GROW • Security V6OPS • ULAs • Effects of many prefixes on a network link
Hot topics / open issues
• UCAN BoF – Use cases for Autonomic Networking
• OPSAREA (joint with OPSAWG this week) • Ops Area Office Hours – Monday 1520-‐1650 EDT – Loca)on TBD. It would be nice to email ops-‐[email protected] saying you’re coming.
47
DISCUSS
48