Network Working Group Adrian Farrel IETF Internet Draft Old Dog Consulting Proposed Status: Informational Expires: April 2006 Loa Andersson Acreo AB Avri Doria ETRI October 2005 draft-farrel-rtg-manageability-requirements-01.txt Requirements for Manageability Sections in Routing Area Drafts Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract It has often been the case that manageability considerations have been retrofitted to protocols. This is sub-optimal. Similarly, new protocols or protocol extensions are frequently designed without due consideration of manageability requirements. This document specifies the requirement for all new Routing Area Internet-Drafts to include an "Manageability Considerations" section, and gives guidance on what that section should contain. Farrel, Andersson and Doria Page 1 draft-farrel-rtg-manageability-requirements-01.txt October 2005 1. Introduction When new protocols or protocol extensions are developed within the Routing Area, it is often the case that not enough consideration is given to the manageability of the protocols or to the way in which they will be operated in the network. The result is that manageablity considerations are only understood once the protocols have been implemented and sometimes not until after they have been deployed. The resultant attempts to retrofit manageablity mechanisms are not always easy or architecturally pleasant. Further, it is possible that certain protocol designs make manageablity particularly hard to achieve. Recognising that manageablity is fundamental to the utility and success of protocols designed within the IETF, and that simply defining a MIB module does not necessarily provide adequate manageablity, this document defines requirements for the inclusion of Manageablity Considerations sections in all Internet-Drafts produced within the Routing Area. Meeting these requirements will ensure that proper consideration is given to the support of manageability at all stages of the protocol development process from Requirements and Architecture, through Specification and Applicability. It is clear that the presence of such a section in an Internet-Draft does not guarantee that the protocol will be well-designed or manageable. However, mandating the inclusion of this section will ensure that the authors have the opportunity to consider the issues and by reading the material in this document they will gain some guidance. This document is developed within the Routing Area of the IETF and applies only to Internet-Drafts developed within the Routing Area. Expanding the scope to cover all protocols developed within the IETF is an issue for the IESG. The remainder of this document describes what subsections are needed within a Manageablity Considerations section, and gives advice and guidance about what information should be contained in those subsections. An appendix contains two example Manageablity Considerations sections: one from an informational architecture document that was developed to include a Manageability Considerations section, and one that has been written for an existing protocol specification RFC that did not orriginally have such a section. Farrel, Andersson and Doria Page 2 draft-farrel-rtg-manageability-requirements-01.txt October 2005 2. Presence and Placement of Manageablity Considerations Sections 2.1. Null Manageablity Considerations Sections In the event that there are no manageablity requirements for the protocol specified in an Internet-Draft, the draft must still contain a Manageablity Considerations section. The presences of this section indicates to the reader and to the reviewer that due consideration has been given to manageablity, and that there are no (or no new) requirements. In this case, the section must contain a simple statement such as "There are no new manageablity requirements introduced by this document," and must briefly explain why that is the case with a summary of manageablity mechanisms that already exist. Note that a Null Manageability Considerations section may take some effort to compose. It is important to demonstrate to the reviewer that no additional manageability mechanisms are required, and it is often hard to prove that sometihng is not needed. 2.2. Mandatory Subsections If the Manageablity Considerations section is not null, it must contain at least the following subsections. Guidance on the content of these subsections can be found in section 3 of this document. - Control of Function and Policy - Information and Data Models, e.g. MIB module - Liveness Detection and Monitoring - Verifying Correct Operation - Requirements on Other Protocols and Functional Components - Impact on Network Operation In the event that one or more of these subsections is not relevant, it must still be present, and should contain a simple statement explaining why the subsection is not relevant. 2.3. Optional Subsections The list of subsections above is not intended to be prescriptively limiting. Other subsections can and should be added according to the requirements of each individual Internet-Draft. 2.4. Placement of Manageability Considerations Sections The Manageability Considerations Section should be placed immediately before the Security Considerations section. Farrel, Andersson and Doria Page 3 draft-farrel-rtg-manageability-requirements-01.txt October 2005 3. Guidance on the Content of Subsections This section gives guidance on the information to be included in each of the mandatory subsections listed above. Note that just as other sub-sections may be included, so additional information may also be included in these subsections. 3.1 Control of Function and Policy This sub-section is intended to describe the configurable items that exist for the control of function or policy. For example, many protocol specifications include timers that are used as part of operation of the protocol. These timers often have default values suggested in the protocol specification and do not need to be configurable. But it is often the case that the protocol requires that the timers can be configured by the operator to ensure specific behavior by the implementation. Even if all configurable items have been described within the body of the document, they should be identified in this sub-section, but a reference to another section of the document is sufficient if there is a full description elsewhere. 3.2 Information and Data Models This sub-section should describe the information and data models necessary for the protocol or the protocol extensions. This includes, but is not necessarily limited to the MIB modules developed specificially for the protocol functions specified in the document. The description can be by reference where other documents already exist. 3.3 Liveness Detection and Monitoring Liveness detection and monitoring applies both to the control plane and the data plane. Mechanisms for detecting faults in the control plane or for monitoring its liveness are usually built into the control plane protocols or inherited from underlying data plane or forwarding plane protocols. These mechanisms do not typically require additional management capabilities. However, when a control plane fault is detected, there is often a requirement to coordinate recovery action through management applications or at least to record the fact in an event log. Farrel, Andersson and Doria Page 4 draft-farrel-rtg-manageability-requirements-01.txt October 2005 Where the protocol is responsible for establishing data or user plane connectivity, liveness detection and monitoring usually need to be acchieved through other mechanisms. In some cases, these mechanisms already exist within other protocols responsible for maintaining lower layer connectivity, but it will often be the case that new procedures are required so that failures in the data path can be detected and reported rapidly allowing remedial action to be taken. 3.4 Verifying Correct Operation An important function that OAM can provide is a toolset for verifying the correct operation of a protocol. This may be achieved to some extent through access to information and data models that report the status of the protocol and the state installed on network devices. But it may also be valuable to provide techniques for testing the effect that the protocol has had on the network by sending data through the network and observing its behavior. Thus, this section should include a discussion about how the correct end-to-end operation of the network can be tested, and how the correct data or forwarding plane function of each network element can be verified. 3.5 Requirements on Other Protocols and Functional Components Here the text should describe the requirements that the new protocol puts on other protocols and functional components, as well as requirements from other protocols that has been considered in desinging the new protocol 3.6 Impact on Network Operation The introduction of a new protocol or extensions to an existing protocol may have an impact on the operation of existing networks. This section should outline such impacts (which may be positive) including scaling concerns and interactions with other protocols. For example, a new protocol that doubles the number of acitve, reachable addresses in use within a network might need to be considered in the light of the impact on the scalability of the IGPs operating within the network. 3.7 Other Considerations Anything that is not covered in one of the mandatory subsections described above, but which is needed to understand the manageability situation should be covered in an additional section. Farrel, Andersson and Doria Page 5 draft-farrel-rtg-manageability-requirements-01.txt October 2005 4. Manageability Considerations This document defines the Manageability Considerations sections for inclusion in all Routing Area Internet-Drafts. As such, the whole document is relevant to manageability. 5. IANA Considerations This document does not introduce any new codepoints or name spaces for registration with IANA. Routing Area Internet-Drafts should not introduce new codepoints or name spaces for IANA registration within the Manageability Considerations section. 6. Security Considerations This document is informational and describes the format and content of future Internet-Drafts. As such it introduces no new security concerns. However, there is a clear overlap between security, operations and management. The manageability aspects of security should be covered within the mandatory Security Considerations of each Routing Area Internet-Draft. New security consideration introduced by the Manageability Considerations section should also be covered in the Security Considerations section. 7. Acknowledgements The authors would like to extend their warmest thanks to Alex Zinin for inviting them to write this document. Peka Savola provided valuable feedback on an early version of this document. 8. Intellectual Property Considerations The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Farrel, Andersson and Doria Page 6 draft-farrel-rtg-manageability-requirements-01.txt October 2005 Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. 9. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3667] Bradner, S., "IETF Rights in Contributions", BCP 78, RFC 3667, February 2004. [RFC3668] Bradner, S., Ed., "Intellectual Property Rights in IETF Technology", BCP 79, RFC 3668, February 2004. 10. Informational References [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP: 26, RFC 2434, October 1998. [RFC3552] Rescorla E. and B. Korver, "Guidelines for Writing RFC Text on Security Considerations", BCP: 72, RFC 3552, July 2003. 11. Authors' Addresses Adrian Farrel Old Dog Consulting EMail: adrian@olddog.co.uk Loa Andersson Acreo AB Email: Loa.Andersson@acreo.se Avri Doria ETRI Email: avri@acm.org Farrel, Andersson and Doria Page 7 draft-farrel-rtg-manageability-requirements-01.txt October 2005 12. Full Copyright Statement Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Farrel, Andersson and Doria Page 8 draft-farrel-rtg-manageability-requirements-01.txt October 2005 Appendix A. Example Manageabilty Considerations Sections A.1 Informational / Architecture Document This section contains a copy of the Manageability Considerations section included in the Path Computation Element (PCE) Architecture document published as draft-ietf-pce-architecture [to be updated with RFC number when known]. x. Manageability Considerations The PCE architecture introduces several elements that are subject to manageability. The PCE itself must be managed as must its communications with PCCs and other PCEs. The mechanism by which PCEs and PCCs discover each other are also subject to manageability. Many of the issues of manageability are already covered in other sections of this document. x.1 Control of Function and Policy It must be possible to enable and disable the PCE function at a PCE, and this will lead to the PCE accepting, rejecting, or simply not receiving requests from PCCs. Graceful shutdown of the PCE function should also be considered so that in controlled circumstances (such as software upgrade) a PCE does not just 'disappear' but warns its PCCs and gracefully handles any queued computation requests (perhaps by completing them, forwarding them to another PCE, or rejecting them). Similarly it must be possible to control the application of Policy at the PCE through configuration. This control may include the restriction of certain functions or algorithms, the configuration of access rights and priorities for PCCs, and the relationships with other PCEs both inside and outside the domain. x.2 Information and Data Models It is expected that the operations of PCEs and PCCs will be modeled and controlled through appropriate MIB modules. The tables in the new MIB modules will need to reflect the relationships between entities and to control and report on configurable options. Statistics gathering will form an important part of the operation of PCEs. The operator must be able to determine the historical interactions of a PCC with its PCEs, the performance that it has seen, and success rate of its requests. Similarly, it is important for an operator to be able to inspect a PCE and determine its load and whether an individual PCC is responsible for a disproportionate Farrel, Andersson and Doria Page 9 draft-farrel-rtg-manageability-requirements-01.txt October 2005 amount of the load. It will also be important to be able to record and inspect statistics about the communications between the PCC and PCE, including issues such as malformed messages, unauthorized messages and messages discarded owing to congestion. In this respect there is clearly an overlap between manageability and security. Statistics for the PCE architecture can be made available through appropriate tables in the new MIB modules. The new MIB modules should also be used to provide notifications (formerly known as traps) when key thresholds are crossed or when important events occur. Great care must be exercised to ensure that the network is not flooded with SNMP notifications. Thus it might be inappropriate to issue a notification every time that a PCE receives a request to compute a path. In any case, full control must be provided through the MIB modules to allow notifications to be disabled. x.3 Liveness Detection and Monitoring Section 6.5 [of the PCE architecture document] discusses the importance of a PCC being able to detect the liveness of a PCE. PCE-PCC communications techniques must enable a PCC to determine the liveness of a PCE both before it sends a request and in the period between sending a request and receiving a response. It is less important for a PCE to know about the liveness of PCCs, and within the simple request/response model, this is only helpful: - to gain a predictive view of the likely loading of a PCE in the future - to allow a PCE to abandon processing of a received request. x.4 Verifying Correct Operation Correct operation for the PCE architecture can be classified as determining the correct point-to-point connectivity between PCCs and PCEs, and assessing the validity of the computed paths. The former is a security issue that may be enhanced by authentication and monitored through event logging and records as described in Section x.1. It may also be a routing issue to ensure that PCC-PCE connectivity is possible. Verifying computed paths is more complex. The information to perform this function can, however, be made available to the operator through MIB tables provided full records are kept of the constraints passed on the request, the path computed and provided on the response, and Farrel, Andersson and Doria Page 10 draft-farrel-rtg-manageability-requirements-01.txt October 2005 any additional information supplied by the PCE such as the constraint relaxation policies applied. x.5 Requirements on Other Protocols and Functional Components At the architectural stage it is impossible to make definitive statements about the impact on other protocols and functional components since the solutions work has not been completed. However, it is possible to make some observations. - Dependence on underlying transport protocols PCE-PCC communications may choose to utilize underlying protocols to provide transport mechanisms. In this case some of the manageability considerations described in the previous sections may be devolved to those protocols. - Re-use of existing protocols for discovery Without prejudicing the requirements and solutions work for PCE discovery (see Section 6.4 [of the PCE Architecture document) it is possible that use will be made of existing protocols to facilitate this function. In this case some of the manageability considerations described in the previous sections may be devolved to those protocols. - Impact on LSRs and TE LSP signaling The primary example of a PCC identified in this architecture is an MPLS or GMPLS LSR. Consideration must therefore be given to the manageability of the LSRs and the additional manageability constraints applicable to the TE LSP signaling protocols. As well as allowing the PCC management described in the previous sections, an LSR must be configurable to determine whether it will use a remote PCE at all - the options being to use hop-by-hop routing or to supply the PCE function itself. It is likely to be important to be able to distinguish within an LSR whether the route used for a TE LSP was supplied in a signaling message from another LSR, by an operator, or by a PCE, and in the case where it was supplied in a signaling message whether it was enhanced or expanded by a PCE. x.6 Impact on Network Operation This architecture may have two impacts on the operation of a network. It increases TE LSP setup times while requests are sent to and processed by a remote PCE, and it may cause congestion within the network if a significant number of computation requests are issued in Farrel, Andersson and Doria Page 11 draft-farrel-rtg-manageability-requirements-01.txt October 2005 a small period of time. These issues are most severe in busy networks and after network failures, although the effect may be mitigated if the protection paths are precomputed or if the path computation load is distributed among a set of PCEs. Issues of potential congestion during recovery from failures may be mitigated through the use of pre-established protection schemes such as fast reroute. It is important that network congestion be managed proactively because it may be impossible to manage it reactively once the network is congested. It should be possible for an operator to rate limit the requests that a PCC sends to a PCE, and a PCE should be able to report impending congestion (according to a configured threshold) both to the operator and to its PCCs. x.7 Other Considerations No other management considerations arise. A.2 Protocol Definition Document This section provides an example Manageability Considerations section that might have been included in RFCxxxx had this document been in force at the time that the RFC was initially drafted. There is no implied criticism of the authors of RFCxxxx or of the yyyy working group that produced it. The RFC has been chosen simply because it is familiar to the authors. y. Manageability Considerations y.1. Control of Function and Policy y.2 Information and Data Models y.3 Liveness Detection and Monitoring y.4 Verifying Correct Operation y.5 Requirements on Other Protocols and Functional Components y.6 Impact on Network Operation Farrel, Andersson and Doria Page 12