Network Working Group N. Vadrevu
Internet Draft VN Telecom Consultancy
Intended status: Informational D. Zhang
Expires: February 2016 S. Zhu
Alibaba Group
August 31, 2015
Applicability of SUPA
draft-vadrevu-supa-applicability-03
Abstract
SUPA will define a generic policy model, an imperative (Event-
Condition-Action, ECA) policy information model and a declarative
(intent-based) policy information model which is the extension of
the generic model, and a set of policy data models which will make
use of the common concepts defined in the generic model. This memo
will explore some typical use cases and demonstrate the
applicability of SUPA policy models.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
xxx Expires February 31, 2016 [Page 1]
Internet-Draft SUPA Model Applicability August 2015
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
This Internet-Draft will expire on February 31, 2009.
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License.
Table of Contents
1. Introduction ................................................ 3
2. Conventions ................................................. 3
3. Termilogy ................................................... 4
4. Framework ................................................... 4
4.1. Network Manager/Controller ............................. 6
5. SUPA Examples ............................................... 9
5.1. SES Use Case ........................................... 9
5.1.1. Scenario .......................................... 9
5.1.2. Generic Policy Models ............................ 10
5.1.3. Programmatic approach - SUPA modeling ............ 11
5.1.4. SUPA Data Model for SES Use Case ................. 12
5.2. VPC Use Case .......................................... 14
5.2.1. Generic .......................................... 14
5.2.2. Example1 ......................................... 15
5.2.3. Example2 ......................................... 17
5.3. DC Link Use Case ...................................... 18
5.4. Virtual SP Use Case ................................... 20
5.5. Instant VPN Use Case .................................. 22
Vadrevu et al. Expires February 31, 2016 [Page 2]
Internet-Draft SUPA Model Applicability August 2015
6. Security Considerations .................................... 24
7. IANA Considerations ........................................ 24
8. Acknowledgments ............................................ 24
9. References ................................................. 24
9.1. Normative References .................................. 24
9.2. Informative References ................................ 24
Authors' Addresses ............................................ 25
1. Introduction
One of the ways for network service automation is using network
management and operation software applications. The applications
should not directly communicate with each network element; a
hierarchical and extensible framework should be considered to hide
the protocol specific and/or vendor specific details, high level
network and service abstraction, and standardized programming API
will be necessary.
SUPA will define policy generic models and data models, for service
management and operation applications. [I-D.strassner-supa-generic-
policy-info-model] defines a common set of concepts for various data
models which may use different languages, protocols, and
repositories.
Three generic models are defined in [I-D.strassner-supa-generic-
policy-info-model]: Generic Policy Model, Eca Policy Rule Model,
Logic Statement Model. The ECA information model is intended for
dynamic service automation; while the Logic Statement Model is
intended for expressing high requirements without being involved in
network details.
Data models can be defined by developers / operators or by any third
party, as long as they follow the common concepts defined in SUPA
generic model. [I-D.chen-supa-eca-data-model] defines a policy data
model of Event-Condition-Action (ECA), which is an example.
The generic data models will be used for domain or service specific
data model. And there is no interoperability requirement for domain
specific data models. The interoperability is guaranteed at the
generic data model level via the common concepts.
2. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC-2119 [RFC2119].
Vadrevu et al. Expires February 31, 2016 [Page 3]
Internet-Draft SUPA Model Applicability August 2015
3. Termilogy
DC Data Center
PCE Path Computation Element
SES Switched Ethernet services
SP Service Provider
SUPA Simplified Use of Policy Abstractions
VM Virtual Machine
VPC Virtual Private Cloud
4. Framework
+-----------------------------------------------------------------+
| Service Management |
| |
| +----------------------------------+ |
| | Generic Policy Model | |
| +----+------------------------+----+ |
| D R |
| D R |
| \ / \ / |
| +---------------------------+ +-------------------------------+ |
| | Generic Policy Data Model | | Service Management Data Model | |
| +---------------------------+ +---------------+---------------+ |
| / \ / \ |
| | | |
| | | |
+--------------+--------------------------------+-----------------+
| |
| NETCONF/RESTCONF |
+----+----------------------+----+
C C
C C
\ / \ /
Vadrevu et al. Expires February 31, 2016 [Page 4]
Internet-Draft SUPA Model Applicability August 2015
+----------------+-----------+ +-------+--------------------+
| Network Manager/Controller | | Network Manager/Controller |
| +--------------------+ | | +---------------------+ |
| | Network Resource | | | | Network Resource | |
| | Data Model | | | | Data Model | |
| +--------------------+ | | +---------------------+ |
+---+---+---+----------------+ +-----+---+---+--------------+
/ \ / \ / \ / \ / \ / \
C C C C C C
C C C C C C
C C C C C C
\ / \ / \ / \ / \ / \ /
NE1 NE2 NEn NE1 NE2 NEn
Figure 1 Use of SUPA Models
C: Communications
D: Derived from
R: References (i.e., the generic model is used by the system to
instantiate the data model).
As shown in Figure 1, SUPA will define generic policy models, which
are independent of services and use cases. Policy data models can be
derived from the generic models. The data model will define high
level, maybe network-wide policies. Policy data model will be used
in conjunction with service data models to generate configurations
for network elements. The service data model is use case specific
and will be developed by operators or third parties, which is out
the scope of SUPA.
The service management applications will send SUPA data models to
the service management system, where policy making and automated
policy enforcement will be performed, and the data models will be
mapped to configuration of network elements. Configuration of
network elements is vendor specific, using various protocols, such
Netconf, Restconf, etc.
SUPA also make use of information collected from network elements.
The information may include warning or fault event, load status,
traffic statistics, etc, which can be used to adjust network
Vadrevu et al. Expires February 31, 2016 [Page 5]
Internet-Draft SUPA Model Applicability August 2015
configurations. This kind of automation is done through ECA data
models.
4.1. Network Manager/Controller
+------------------------+ +---------------+
| SUPA Generic Model | | Administrator |
+------------------------+ +---------------+
| |
| | Policy Update
V V
+---------------------------------------------------------------+
| +-------------------+ +-------------------+ |
| | SUPA Data Model A | ... | SUPA Data Model N | |
| +-------------------+ +-------------------+ |
| |
| Network Management / Controller |
| |
| +----------------------------+ +-------------------------+ |
| | Network Resources | | Information Collecting | |
| | (Topology, inventory, etc) | | (Event, Statistic, etc) | |
| +----------------------------+ +---------^---------------+ |
+--------------------------------------------|------------------+
| | SNMP TRAP
| NETCONF | Syslog
| RESTCONF | Netconf Notification
V |
+--------------------------------+
| Network Infrastructure |
+--------------------------------+
Figure 2 Network Manager / Controller
The internal details of the network manager / controller may be out
of the scope of SUPA, but explaining how it works may help people to
understand and implement SUPA.
Network administrator can send service deployment and management
request to network manager / controller via SUPA data models. The
data models will be converted into network elements configuration
Vadrevu et al. Expires February 31, 2016 [Page 6]
Internet-Draft SUPA Model Applicability August 2015
snippets. The configuration change may be performed instantly, or
later triggered by events. The network manager / controller has the
intelligence to decide which network devices should be configured,
and what the configuration will be, which is derived from the
actions specific in the data models explicitly or implicitly.
Network management related resources and information are stored in
the network manager/controller, which contains the network topology
(physical and virtual interconnection of network elements, etc),
inventory (database of network elements, ports, device type,
capabilities, etc.), protocol specific information, etc.
SUPA will make use of the existing work of other IETF WGs and other
SDOs, such as if the topology data model is already defined in
another IETF WG, SUAP will reference it rather than trying to define
it again.
The network manager / controller will find out the list of network
devices which should be configured for a specific demand or service.
For example, there is a configuration request:
All edge routers shall have SSH disabled.
An edge router is a router with connection to network(s) outside of
the current network domain. The controller will query the topology
database and find out all the routers with the attribute of "device-
role == edge", or the controller may use more complicated algorithms
to find out if a router is an edge route, which is implementation
specific.
Similarly, another example is, the controller can make use of PCE
engine to plan the links between DCs, and make sure the links are
disjoint for better availability in case of failure. The PCE engine
will be used in conjunction with the topology database to find out
possible disjoint links.
The network manager / controller will also have other information,
such as protocol specific information, traffic with TCP destination
port 22 is SNMP traffic.
Vadrevu et al. Expires February 31, 2016 [Page 7]
Internet-Draft SUPA Model Applicability August 2015
The network manager / controller also collect information from the
network device, such events, logs, statistics, etc. The information
may come from SNMP TRAP, Syslog, NETCONF notification, and other
sources such as vendor specific protocols or extensions. The
collected information may be used in conjunction with SUPA ECA data
models for dynamic configuration change. An example use of the
information is, if the load on a link between two DC exceeds a
threshold, and there are multiple disjoint links between the two DCs,
traffic steering will be triggered.
Event: link_load > threshold
Condition: there are disjoint links
Action: perform traffic steering
Some of the events are already standardized, such SNMP TRAP and
NETCONF notification; some are implementation specific.
SUPA data models explicitly or implicitly specify network actions,
and the actions may be expanded into more detail actions if
necessary, and finally converted into protocol specific, vendor
specific network element configuration snippets.
In the previous example shown below again:
All edge routers shall have SSH disabled.
The action in this case is "disable SSH traffic", the network
manager / controller should converted this action into configuration
"disable traffic on TCP port 22" in the IP stack, or an ACL rule
which will drop traffic with TCP destination port 22.
The network manager / controller can support various types of
southbound interface, such as NETCONF, RESTCONF, SNMP, OpenFLow, etc,
which make it possible to support devices from different vendors.
This is implementation specific and out of the scope of SUPA.
Vadrevu et al. Expires February 31, 2016 [Page 8]
Internet-Draft SUPA Model Applicability August 2015
5. SUPA Examples
5.1. SES Use Case
5.1.1. Scenario
+-----------------------------------------------------------------+
| Service Management |
| +----------------------------------+ |
| | Generic Policy Model | |
| +----+------------------------+----+ |
| |
| +---------------------------+ +-------------------------------+ |
| | Generic Policy Data Model | | Service Management Data Model | |
| +---------------------------+ +---------------+---------------+ |
+-----------------------------------------------------------------+
|
|
+------------------------------+
| Network Manager / Controller |
+------------------------------+
|
|
+------------------+
+-------------+ | Traffic Analysis | +--------+
| Headquarter |----------| |-------| Site 1 |
+-------------+ | WAN Optimization | +--------+
+------------------+
|
|
+----------+
| Site 2 |
+----------+
Figure 3 Switched Ethernet Service
Switched Ethernet services (SES) to Small and Medium Businesses
business is a growing business segment of the service provider. As
the Enterprise's applications grow in demands in terms of the
bandwidth and richness of applications, WAN optimization is needed
to improve the service quality. SUPA policy data models can be used
for maximizing the WAN performance by analyzing the traffic and
performing application management and acceleration tools for the
network.
Vadrevu et al. Expires February 31, 2016 [Page 9]
Internet-Draft SUPA Model Applicability August 2015
In the use case below, Service Manager (SM) is used for service and
policy definition and Network Manager (Controller) is used for
network topology maintenance and mapping data models to detail
network configurations.
While speed and bandwidth are at the forefront of the WAN
Optimization there need to be tools in place to detect, diagnose,
remedy and report application performance to ensure the SLAs for a
customer are enforced.
The service is modeled in terms of what kind of service (Ethernet,
VLAN), bandwidth (10Mbps- 10 Gbps), service package (platinum, gold,
silver) etc.
Policy models are based on an Event condition action like:
1. Bandwidth usage alarm triggers data caching
2. Latency alarm triggers reduction of re transmission
3. WAN outage at a specific site can trigger geographic redundancy
(provided the service is setup for GR)
The above are 3 of the primitives (Event condition action - ECA) on
which the run time operations could be based on. When the service
model is comprehensively designed with more possibilities
(variables), more policy models could be implemented
5.1.2. Generic Policy Models
Requirements and configurations derived from above application
scenarios can be described by service data model and policy data
models as below:
Service data model can be used to describe attributes for the SES,
including service package type (Platinum, gold etc), bandwidth
bought by the subscriber (100Mbps, 10Gbps), connection name -copper/
GigE, latency, etc.
Policy data model describes a condition when the link capacity
reaches 90%, Service prioritization and WAN optimization need to be
enforced based on the customers service package. Event is the link
utilization and condition is the usage and action is the WAN
optimization. The actions could trigger multiple actions like data
compression, protocol acceleration (like streaming gets priority)
which are beyond the scope of SUPA.
Vadrevu et al. Expires February 31, 2016 [Page 10]
Internet-Draft SUPA Model Applicability August 2015
ECA Policy:
Event: link_load > 90%
Condition: acceleration for service available
Action: data compression; protocol acceleration
It is assumed that the network management/controller module has the
network topology and monitors the load on links in the topology.
When translating and processing the SUPA data model, the link
information, including link attributes and load, will be provided by
the network management/controller. If the load on a specific link
exceeds a threshold, the network manager/controller will trigger
actions specified in the model.
The actual actions may be vendor specific, network
management/controller specific or device specific. The actions will
be mapped into configuration for network devices. The network
management/controller also need to figure out the set of network
devices which need to be configured based on network topology
together with some other information, such as service specific
information. This is the internal functions of network
management/controller, which is out of the scope of SUPA.
5.1.3. Programmatic approach - SUPA modeling
The advantage of the programmatic approach can be maximized by
defining as many SUPA ECA models as possible in a top down approach
In this use case, since this is a switched service, point to point
traffic can be identified (by IP Address and port number) and
segmented and whole bandwidth can be utilized by many applications
simultaneously. Examples are: Print jobs, backups etc..
The benefit of the SUPA is in creating many policies upfront. As the
operations grow in complexity SUPA can expand an existing policy by
adding more variables. This is how reusable policies can be
developed upfront and configuration and maintenance operations can
be dealt by modeling and programmatic approach.
Vadrevu et al. Expires February 31, 2016 [Page 11]
Internet-Draft SUPA Model Applicability August 2015
Logic Statement Model can also be called as declarative or intent
model. This type of model will describe the service intention
without specifying low level details, such protocol level or network
device level detail, but just the service requirements itself.
5.1.4. SUPA Data Model for SES Use Case
The following model segment is based on [I-D.chen-supa-eca-data-
model].
In the model, the event can be expressed using some standardized
names, such as the SNMP TRAP (linkDown, linkup, authentication
Failure, etc), or "link-load > 90%".
The condition(s) can be expressed using script, such as Python
script hasAcceleration("ses") or Python script hasDisjointLinks(DC1,
DC2). The script is supposed to be interpreted by a script tool and
there are various script tools, the implementer can use any one as
they like, either an existing one like Python or a new one. The
script itself is out the scope of SUPA; a simple value will be
return by the script tool. Some complex combination of conditions
can be expressed using script which will give more flexibility.
When handling the condition script, the script tool will be called
to process the script. In this case, the script will communicate
with service management system and/or the tenant database to find
out if any optimization is available for this service or tenant.
Script can also be used for actions.