Internet DRAFT - draft-farrel-rtg-manageability-requirements

draft-farrel-rtg-manageability-requirements





Network Working Group                                      Adrian Farrel
IETF Internet Draft                                   Old Dog Consulting
Proposed Status: Informational
Expires: April 2006                                        Loa Andersson
                                                                Acreo AB

                                                              Avri Doria
                                                                    ETRI

                                                            October 2005

           draft-farrel-rtg-manageability-requirements-01.txt

      Requirements for Manageability Sections in Routing Area Drafts

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that other
   groups may also distribute working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be
   accessed at http://www.ietf.org/shadow.html.

Abstract

   It has often been the case that manageability considerations have
   been retrofitted to protocols. This is sub-optimal.

   Similarly, new protocols or protocol extensions are frequently
   designed without due consideration of manageability requirements.

   This document specifies the requirement for all new Routing Area
   Internet-Drafts to include an "Manageability Considerations" section,
   and gives guidance on what that section should contain.


Farrel, Andersson and Doria                                       Page 1

draft-farrel-rtg-manageability-requirements-01.txt          October 2005

1. Introduction

   When new protocols or protocol extensions are developed within the
   Routing Area, it is often the case that not enough consideration is
   given to the manageability of the protocols or to the way in which
   they will be operated in the network. The result is that manageablity
   considerations are only understood once the protocols have been
   implemented and sometimes not until after they have been deployed.

   The resultant attempts to retrofit manageablity mechanisms are not
   always easy or architecturally pleasant. Further, it is possible that
   certain protocol designs make manageablity particularly hard to
   achieve.

   Recognising that manageablity is fundamental to the utility and
   success of protocols designed within the IETF, and that simply
   defining a MIB module does not necessarily provide adequate
   manageablity, this document defines requirements for the inclusion of
   Manageablity Considerations sections in all Internet-Drafts produced
   within the Routing Area. Meeting these requirements will ensure that
   proper consideration is given to the support of manageability at all
   stages of the protocol development process from Requirements and
   Architecture, through Specification and Applicability.

   It is clear that the presence of such a section in an Internet-Draft
   does not guarantee that the protocol will be well-designed or
   manageable. However, mandating the inclusion of this section will
   ensure that the authors have the opportunity to consider the issues
   and by reading the material in this document they will gain some
   guidance.

   This document is developed within the Routing Area of the IETF and
   applies only to Internet-Drafts developed within the Routing Area.
   Expanding the scope to cover all protocols developed within the IETF
   is an issue for the IESG.

   The remainder of this document describes what subsections are needed
   within a Manageablity Considerations section, and gives advice and
   guidance about what information should be contained in those
   subsections.

   An appendix contains two example Manageablity Considerations
   sections: one from an informational architecture document that was
   developed to include a Manageability Considerations section, and one
   that has been written for an existing protocol specification RFC that
   did not orriginally have such a section.




Farrel, Andersson and Doria                                       Page 2

draft-farrel-rtg-manageability-requirements-01.txt          October 2005

2. Presence and Placement of Manageablity Considerations Sections

2.1. Null Manageablity Considerations Sections

   In the event that there are no manageablity requirements for the
   protocol specified in an Internet-Draft, the draft must still contain
   a Manageablity Considerations section. The presences of this section
   indicates to the reader and to the reviewer that due consideration
   has been given to manageablity, and that there are no (or no new)
   requirements.

   In this case, the section must contain a simple statement such as
   "There are no new manageablity requirements introduced by this
   document," and must briefly explain why that is the case with a
   summary of manageablity mechanisms that already exist.

   Note that a Null Manageability Considerations section may take some
   effort to compose. It is important to demonstrate to the reviewer
   that no additional manageability mechanisms are required, and it is
   often hard to prove that sometihng is not needed.

2.2. Mandatory Subsections

   If the Manageablity Considerations section is not null, it must
   contain at least the following subsections. Guidance on the content
   of these subsections can be found in section 3 of this document.

   - Control of Function and Policy
   - Information and Data Models, e.g. MIB module
   - Liveness Detection and Monitoring
   - Verifying Correct Operation
   - Requirements on Other Protocols and Functional Components
   - Impact on Network Operation

   In the event that one or more of these subsections is not relevant,
   it must still be present, and should contain a simple statement
   explaining why the subsection is not relevant.

2.3. Optional Subsections

   The list of subsections above is not intended to be prescriptively
   limiting. Other subsections can and should be added according to
   the requirements of each individual Internet-Draft.

2.4. Placement of Manageability Considerations Sections

   The Manageability Considerations Section should be placed immediately
   before the Security Considerations section.


Farrel, Andersson and Doria                                       Page 3

draft-farrel-rtg-manageability-requirements-01.txt          October 2005

3. Guidance on the Content of Subsections

   This section gives guidance on the information to be included in each
   of the mandatory subsections listed above. Note that just as other
   sub-sections may be included, so additional information may also be
   included in these subsections.

3.1 Control of Function and Policy

   This sub-section is intended to describe the configurable items that
   exist for the control of function or policy.

   For example, many protocol specifications include timers that are
   used as part of operation of the protocol. These timers often have
   default values suggested in the protocol specification and do not
   need to be configurable. But it is often the case that the protocol
   requires that the timers can be configured by the operator to ensure
   specific behavior by the implementation.

   Even if all configurable items have been described within the body of
   the document, they should be identified in this sub-section, but a
   reference to another section of the document is sufficient if there
   is a full description elsewhere.

3.2 Information and Data Models

   This sub-section should describe the information and data models
   necessary for the protocol or the protocol extensions. This includes,
   but is not necessarily limited to the MIB modules developed
   specificially for the protocol functions specified in the document.

   The description can be by reference where other documents already
   exist.

3.3 Liveness Detection and Monitoring

   Liveness detection and monitoring applies both to the control plane
   and the data plane.

   Mechanisms for detecting faults in the control plane or for
   monitoring its liveness are usually built into the control plane
   protocols or inherited from underlying data plane or forwarding plane
   protocols. These mechanisms do not typically require additional
   management capabilities. However, when a control plane fault is
   detected, there is often a requirement to coordinate recovery action
   through management applications or at least to record the fact in an
   event log.



Farrel, Andersson and Doria                                       Page 4

draft-farrel-rtg-manageability-requirements-01.txt          October 2005

   Where the protocol is responsible for establishing data or user plane
   connectivity, liveness detection and monitoring usually need to be
   acchieved through other mechanisms. In some cases, these mechanisms
   already exist within other protocols responsible for maintaining
   lower layer connectivity, but it will often be the case that new
   procedures are required so that failures in the data path can be
   detected and reported rapidly allowing remedial action to be taken.

3.4 Verifying Correct Operation

   An important function that OAM can provide is a toolset for verifying
   the correct operation of a protocol. This may be achieved to some
   extent through access to information and data models that report the
   status of the protocol and the state installed on network devices.
   But it may also be valuable to provide techniques for testing the
   effect that the protocol has had on the network by sending data
   through the network and observing its behavior.

   Thus, this section should include a discussion about how the correct
   end-to-end operation of the network can be tested, and how the
   correct data or forwarding plane function of each network element can
   be verified.

3.5 Requirements on Other Protocols and Functional Components

   Here the text should describe the requirements that the new protocol
   puts on other protocols and functional components, as well as
   requirements from other protocols that has been considered in
   desinging the new protocol

3.6 Impact on Network Operation

   The introduction of a new protocol or extensions to an existing
   protocol may have an impact on the operation of existing networks.
   This section should outline such impacts (which may be positive)
   including scaling concerns and interactions with other protocols.

   For example, a new protocol that doubles the number of acitve,
   reachable addresses in use within a network might need to be
   considered in the light of the impact on the scalability of the IGPs
   operating within the network.

3.7 Other Considerations

   Anything that is not covered in one of the mandatory subsections
   described above, but which is needed to understand the manageability
   situation should be covered in an additional section.



Farrel, Andersson and Doria                                       Page 5

draft-farrel-rtg-manageability-requirements-01.txt          October 2005

4. Manageability Considerations

   This document defines the Manageability Considerations sections for
   inclusion in all Routing Area Internet-Drafts. As such, the whole
   document is relevant to manageability.

5. IANA Considerations

   This document does not introduce any new codepoints or name spaces
   for registration with IANA.

   Routing Area Internet-Drafts should not introduce new codepoints or
   name spaces for IANA registration within the Manageability
   Considerations section.

6. Security Considerations

   This document is informational and describes the format and content
   of future Internet-Drafts. As such it introduces no new security
   concerns.

   However, there is a clear overlap between security, operations and
   management. The manageability aspects of security should be covered
   within the mandatory Security Considerations of each Routing Area
   Internet-Draft. New security consideration introduced by the
   Manageability Considerations section should also be covered in the
   Security Considerations section.

7. Acknowledgements

   The authors would like to extend their warmest thanks to Alex Zinin
   for inviting them to write this document.

   Peka Savola provided valuable feedback on an early version of this
   document.

8. Intellectual Property Considerations

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights. Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.




Farrel, Andersson and Doria                                       Page 6

draft-farrel-rtg-manageability-requirements-01.txt          October 2005

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard. Please address the information to the IETF at
   ietf-ipr@ietf.org.

9. Normative References

   [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
             Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC3667] Bradner, S., "IETF Rights in Contributions", BCP 78,
             RFC 3667, February 2004.

   [RFC3668] Bradner, S., Ed., "Intellectual Property Rights in IETF
             Technology", BCP 79, RFC 3668, February 2004.

10. Informational References

   [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an
             IANA Considerations Section in RFCs", BCP: 26, RFC 2434,
             October 1998.

   [RFC3552] Rescorla E. and B. Korver, "Guidelines for Writing RFC
             Text on Security Considerations", BCP: 72, RFC 3552,
             July 2003.

11. Authors' Addresses

   Adrian Farrel
   Old Dog Consulting
   EMail: adrian@olddog.co.uk

   Loa Andersson
   Acreo AB
   Email: Loa.Andersson@acreo.se

   Avri Doria
   ETRI
   Email: avri@acm.org



Farrel, Andersson and Doria                                       Page 7

draft-farrel-rtg-manageability-requirements-01.txt          October 2005

12. Full Copyright Statement

   Copyright (C) The Internet Society (2005). This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.





































Farrel, Andersson and Doria                                       Page 8

draft-farrel-rtg-manageability-requirements-01.txt          October 2005

Appendix A.  Example Manageabilty Considerations Sections

A.1 Informational / Architecture Document

   This section contains a copy of the Manageability Considerations
   section included in the Path Computation Element (PCE) Architecture
   document published as draft-ietf-pce-architecture [to be updated with
   RFC number when known].

x. Manageability Considerations

   The PCE architecture introduces several elements that are subject to
   manageability. The PCE itself must be managed as must its
   communications with PCCs and other PCEs. The mechanism by which PCEs
   and PCCs discover each other are also subject to manageability.

   Many of the issues of manageability are already covered in other
   sections of this document.

x.1 Control of Function and Policy

   It must be possible to enable and disable the PCE function at a PCE,
   and this will lead to the PCE accepting, rejecting, or simply not
   receiving requests from PCCs. Graceful shutdown of the PCE function
   should also be considered so that in controlled circumstances (such
   as software upgrade) a PCE does not just 'disappear' but warns its
   PCCs and gracefully handles any queued computation requests (perhaps
   by completing them, forwarding them to another PCE, or rejecting
   them).

   Similarly it must be possible to control the application of Policy at
   the PCE through configuration. This control may include the
   restriction of certain functions or algorithms, the configuration of
   access rights and priorities for PCCs, and the relationships with
   other PCEs both inside and outside the domain.

x.2 Information and Data Models

   It is expected that the operations of PCEs and PCCs will be modeled
   and controlled through appropriate MIB modules. The tables in the new
   MIB modules will need to reflect the relationships between entities
   and to control and report on configurable options.

   Statistics gathering will form an important part of the operation of
   PCEs. The operator must be able to determine the historical
   interactions of a PCC with its PCEs, the performance that it has
   seen, and success rate of its requests. Similarly, it is important
   for an operator to be able to inspect a PCE and determine its load
   and whether an individual PCC is responsible for a disproportionate

Farrel, Andersson and Doria                                       Page 9

draft-farrel-rtg-manageability-requirements-01.txt          October 2005

   amount of the load. It will also be important to be able to record
   and inspect statistics about the communications between the PCC and

   PCE, including issues such as malformed messages, unauthorized
   messages and messages discarded owing to congestion. In this respect
   there is clearly an overlap between manageability and security.

   Statistics for the PCE architecture can be made available through
   appropriate tables in the new MIB modules.

   The new MIB modules should also be used to provide notifications
   (formerly known as traps) when key thresholds are crossed or when
   important events occur. Great care must be exercised to ensure that
   the network is not flooded with SNMP notifications. Thus it might be
   inappropriate to issue a notification every time that a PCE receives
   a request to compute a path. In any case, full control must be
   provided through the MIB modules to allow notifications to be
   disabled.

x.3 Liveness Detection and Monitoring

   Section 6.5 [of the PCE architecture document] discusses the
   importance of a PCC being able to detect the liveness of a PCE.
   PCE-PCC communications techniques must enable a PCC to determine the
   liveness of a PCE both before it sends a request and in the period
   between sending a request and receiving a response.

   It is less important for a PCE to know about the liveness of PCCs,
   and within the simple request/response model, this is only helpful:

   - to gain a predictive view of the likely loading of a PCE in the
     future

   - to allow a PCE to abandon processing of a received request.

x.4 Verifying Correct Operation

   Correct operation for the PCE architecture can be classified as
   determining the correct point-to-point connectivity between PCCs and
   PCEs, and assessing the validity of the computed paths. The former is
   a security issue that may be enhanced by authentication and monitored
   through event logging and records as described in Section x.1. It may
   also be a routing issue to ensure that PCC-PCE connectivity is
   possible.

   Verifying computed paths is more complex. The information to perform
   this function can, however, be made available to the operator through
   MIB tables provided full records are kept of the constraints passed
   on the request, the path computed and provided on the response, and

Farrel, Andersson and Doria                                      Page 10

draft-farrel-rtg-manageability-requirements-01.txt          October 2005

   any additional information supplied by the PCE such as the constraint
   relaxation policies applied.

x.5 Requirements on Other Protocols and Functional Components

   At the architectural stage it is impossible to make definitive
   statements about the impact on other protocols and functional
   components since the solutions work has not been completed. However,
   it is possible to make some observations.

   - Dependence on underlying transport protocols

     PCE-PCC communications may choose to utilize underlying protocols
     to provide transport mechanisms. In this case some of the
     manageability considerations described in the previous sections may
     be devolved to those protocols.

   - Re-use of existing protocols for discovery

     Without prejudicing the requirements and solutions work for PCE
     discovery (see Section 6.4 [of the PCE Architecture document) it is
     possible that use will be made of existing protocols to facilitate
     this function. In this case some of the manageability
     considerations described in the previous sections may be devolved
     to those protocols.

   - Impact on LSRs and TE LSP signaling

     The primary example of a PCC identified in this architecture is an
     MPLS or GMPLS LSR. Consideration must therefore be given to the
     manageability of the LSRs and the additional manageability
     constraints applicable to the TE LSP signaling protocols.

     As well as allowing the PCC management described in the previous
     sections, an LSR must be configurable to determine whether it will
     use a remote PCE at all - the options being to use hop-by-hop
     routing or to supply the PCE function itself. It is likely to be
     important to be able to distinguish within an LSR whether the route
     used for a TE LSP was supplied in a signaling message from another
     LSR, by an operator, or by a PCE, and in the case where it was
     supplied in a signaling message whether it was enhanced or expanded
     by a PCE.

x.6 Impact on Network Operation

   This architecture may have two impacts on the operation of a network.
   It increases TE LSP setup times while requests are sent to and
   processed by a remote PCE, and it may cause congestion within the
   network if a significant number of computation requests are issued in

Farrel, Andersson and Doria                                      Page 11

draft-farrel-rtg-manageability-requirements-01.txt          October 2005

   a small period of time. These issues are most severe in busy networks
   and after network failures, although the effect may be mitigated if
   the protection paths are precomputed or if the path computation load
   is distributed among a set of PCEs.

   Issues of potential congestion during recovery from failures may be
   mitigated through the use of pre-established protection schemes such
   as fast reroute.

   It is important that network congestion be managed proactively
   because it may be impossible to manage it reactively once the network
   is congested. It should be possible for an operator to rate limit the
   requests that a PCC sends to a PCE, and a PCE should be able to
   report impending congestion (according to a configured threshold)
   both to the operator and to its PCCs.

x.7 Other Considerations

   No other management considerations arise.

A.2 Protocol Definition Document

   This section provides an example Manageability Considerations
   section that might have been included in RFCxxxx had this document
   been in force at the time that the RFC was initially drafted.

   There is no implied criticism of the authors of RFCxxxx or of the
   yyyy working group that produced it. The RFC has been chosen simply
   because it is familiar to the authors.

y. Manageability Considerations

y.1. Control of Function and Policy

y.2 Information and Data Models

y.3 Liveness Detection and Monitoring

y.4 Verifying Correct Operation

y.5 Requirements on Other Protocols and Functional Components

y.6 Impact on Network Operation







Farrel, Andersson and Doria                                      Page 12