Network Working Group D. Harrington Internet-Draft Huawei Technologies USA Intended status: Best Current
September 12,November 14, 2007 Practice Expires: March 15,May 17, 2008 Guidelines for Considering Operations and Management of New Protocols draft-ietf-opsawg-operations-and-management-00draft-ietf-opsawg-operations-and-management-01 Status of This Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on March 15,May 17, 2008. Copyright Notice Copyright (C) The IETF Trust (2007). Abstract New protocols or protocol extensions are best designed with due consideration of operations and management issues related to the protocol. Retrofitting operations and management recommendations to protocols is sub-optimal. The purpose of this document is to provide guidance to authors and reviewers of protocoldocuments aboutdefining new protocols or protocol extensions, covering aspects to consider related to theof operations and management that should be considered for inclusion in documents defining requirements or functionality of new protocols or protocol extensions.considered. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 45 2. Design for Operations and Management . . . . . . . . . . . . . 5 2.1. Motivation . . . . . . . .IETF Management Framework . . . . . . . . . . . . . . . . 65 3. Operational Considerations . . . . . . . . . . . . . . . . . . 76 3.1. Operations Model . . . . . . . . . . . . . . . . . . . . . 7 3.2. Installation and Initial Setup . . . . . . . . . . . . . . 8 3.3. Migration Path . . . . . . . . . . . . . . . . . . . . . . 8 3.4. Requirements on Other Protocols and Functional Components . . . . . . . . . . . . . . . . . . . . . . . . 8 3.5. Impact on Network Operation . . . . . . . . . . . . . . . 8 3.6. Verifying Correct Operation . . . . . . . . . . . . . . . 9 4. Management Considerations . . . . . . . . . . . . . . . . . . 9 4.1. Interoperability . . . . . . . . . . . . . . . . . . . . . 10 4.2. Management Information . . . . . . . . . . . . . . . . . . 12 4.3. Fault Management . . . . . . . . . . . . . . . . . . . . . 13 4.3.1. Liveness Detection and Monitoring . . . . . . . . . . 13 4.3.2. Fault Determination . . . . . . . . . . . . . . . . . 1314 4.3.3. Fault Isolation . . . . . . . . . . . . . . . . . . . 1314 4.3.4. Corrective Action . . . . . . . . . . . . . . . . . . 14 4.4. Configuration Management . . . . . . . . . . . . . . . . . 14 4.4.1. Verifying Correct Operation . . . . . . . . . . . . . 1516 4.4.2. Control of Function and Policy . . . . . . . . . . . . 1516 4.5. Accounting Management . . . . . . . . . . . . . . . . . . 16 4.6. Performance Management . . . . . . . . . . . . . . . . . . 16 4.7. Security Management . . . . . . . . . . . . . . . . . . . 1718 5. Existing Protocols . . . . . . . . . . . . . . . . . . . . . . 1819 5.1. SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . 1820 5.2. SYSLOG . . . . . . . . . . . . . . . . . . . . . . . . . . 1921 5.3. IPFIX . . . . . . . . . . . . . . . . . . . . . . . . . . 2022 5.4. NETCONFPSAMP . . . . . . . . . . . . . . . . . . . . . . . . . 20. 22 5.5. COPS-PRNETCONF . . . . . . . . . . . . . . . . . . . . . . . . . 2022 5.6. COPS-PR . . . . . . . . . . . . . . . . . . . . . . . . . 23 5.7. RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . 21 5.7.23 5.8. Diameter . . . . . . . . . . . . . . . . . . . . . . . . . 21 5.8.24 5.9. EPP . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 5.9.24 5.10. VCCV . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 5.11. XCAP . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 5.10.25 5.12. Other Protocols . . . . . . . . . . . . . . . . . . . . . 2225 6. Existing IETF Data Models . . . . . . . . . . . . . . . . . . 2225 6.1. Fault Management . . . . . . . . . . . . . . . . . . . . . 2326 6.2. Configuration Management . . . . . . . . . . . . . . . . . 2426 6.3. Accounting Management . . . . . . . . . . . . . . . . . . 2527 6.4. Performance Management . . . . . . . . . . . . . . . . . . 2627 6.5. Security Management . . . . . . . . . . . . . . . . . . . 28 7. Documentation Guidelines . . . . . . . . . . . . . . . . . . . 29 7.1. Recommended Discussions . . . . . . . . . . . . . . . . . 29 7.2. Null Manageability Considerations Sections . . . . . . . . 29 7.3. Placement of Operations and Manageability Considerations Sections . . . . . . . . . . . . . . . . . 30 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 9. Security Considerations . . . . . . . . . . . . . . . . . . . 30 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 30 11. Informative References . . . . . . . . . . . . . . . . . . . . 30 Appendix A. Operations and Management Checklist . . . . . . . . . 3534 Appendix B. Additional MIB ModulesData Models on the Standards Track . . . . 35 Appendix C. Open Issues . . . . . . . . . . . . . . . . . . . . . 37 Appendix D. Change Log . . . . . . . . . . . . . . . . . . . . . 3537 1. Introduction WhenOften when new protocols or protocol extensions are developed, it is often the case thatnot enough consideration is given to how the way in which new protocolsprotocol will be deployed in the network anddeployed, operated and managed once deployed. The result is that operations and management issues are only taken into consideration after the protocols have been implemented and sometimes not until after they have been deployed. Attempts to retrofitmanaged. Retrofitting operations and management mechanisms are not always easy oris often hard and architecturally pleasant,unpleasant, and certain protocol design choices may make deployment, operations, and management particularly hard to achieve later.hard. Since operations and management issues may be fundamental toimpact the utility andsuccess of protocols designed within the IETF,IETF protocols, this document provides guidelines to help protocol designers and working groups consider the operations and management issues of their new IETF protocol or protocol extension at an earlier phase. [DISCUSS -This document seemsrecommends working groups consider operations and management needs, and then select appropriate standard management protocols and data models to beaddress the relevant operations and management needs, just as concerned withthe protocol designer's "mind-set"WG might consider which security threats are relevant to their protocol, and then select appropriate standard security protocols to mitigate the protocol development process as itrelevant threats. This document is with the protocol as a finished product. While we all agree that it would be a good thingorganized to imprint operational sensitivities intosupport such a progressive approach. Section 2 discusses the consciousnessimportance of the protocol developer, I do not think that this is a practical goal. The bestconsidering operations and management. Section 3 discusses operational issues to consider. Section 4 discusses management issues to consider. Section 5 discusses IETF standards-track management protocols and their uses. Section 6 discusses specific data models, such as MIB modules, that we can do ishave been designed to setaddress specific sets of issues. This document sets forth a list of subjective guidelines and a list of objective criteria by which a protocol designer can evaluate whether the protocol that he/she has developed addresses common operations and management needs. Operations and management is manageable.] [DISCUSS: -highly dependent on the document may attempt to cover too much ground. Maybeenvironment in which it will develop into a framework document, supported by documents ofis used, so most guidelines are subjective rather than objective. We provide objective criteria to promote interoperability through the following sort: . what makesuse of standard management interfaces, such as "did you design counters in a MIB usable? . how muchmodule for monitoring packets in/out of an interface?", "did you write an XML- based data model for configuring your protocol state information needs to be exposedwith Netconf?", and how? . how much performance information needs to be exposed"did you standardize syslog message content and structured data elements for reporting events that might occur when operating your protocol?" A balance is needed between ensuring operations and management have been considered, and getting a protocol specification published in a timely fashion. IETF standards-track protocol documents should contain enough information to understand how the protocol will be deployed and managed. It should be expected that initial considerations for operations and how?]management may need to be updated in the future, after further operational experience has been gained. This document only provides guidelines; the (ever-changing membership of the) IESG can make a decision about how the guidelines should be used by the IETF over time. 1.1. Terminology This document deliberately does not use the (capitalized) key words described in RFC 2119 [RFC2119]. RFC 2119 states the keywords must only be used where it is actually required for interoperation or to limit behavior which has potential for causing harm (e.g., limiting retransmissions). For example, they must not be used to try to impose a particular method on implementers where the method is not required for interoperability. This document is a set of guidelines based on current practices of protocol designers and operators. This document does not describe requirements, so the key words from RFC2119 have no place here. o "new protocol" includes new protocols, protocol extensions, data models, or other functionality being designed. o "working group" represents individuals and working groups involved in the development of new protocols. o [DISCUSS] markers indicate a lack of consensus on what should be written. o [TODO] markers indicate the editor has a reasonable understanding of what needs to be (re-)written. Contributions of text would be welcome. o Note to RFC Editor - All [DISCUSS] or [TODO] marks should be resolved before RFC publication. If any still exist, including in the Terminology section, then please return the document to the editor for resolution. 2. Design for Operations and Management "Design for operations and management" means that the operational environment and manageability of the protocol should be considered from the start when new protocols are designed. This requires a change in mind-set. Protocol designers typically do not like to look at2.1. IETF Management Framework For years the management aspects of their new protocol. They are busy working outIETF has stressed the detailsuse of their new protocol,the IETF Standard Management Framework and do not take time to consider what would be necessary to makeSMI MIB modules [RFC2578] for managing new protocols. The IETF designed the protocol manageableStandard Management Framework and easySMI MIB modules to deploy. Because many of the working groups developingpermit multiple protocols have no background in management or operations, they also feel uncomfortable working on aspects ofto utilize the MIB data [RFC1052], but it became a common misunderstanding that a MIB module could only be used with the SNMP protocol (described in [RFC3410] and associated documents). In 2001, OPS Area design that is unfamiliarteams were created to them. This document provides guidelines to working groups about what to consider. Thisdocument seeksissues and requirements related to educate working groups about some common aspectsconfiguration of operations and management so they can design better protocol solutions. It is easierIP-based networks. One output was "Requirements for a WG editorConfiguration Management of IP-based Networks" [RFC3139]. The COPS-PR protocol was developed to writeaddress configuration. In 2003, the Internet Architecture Board (IAB) held a document for associated management functionality ifworkshop on Network Management [RFC3535] that discussed the WG has already researchedstrengths and weighed theweaknesses of some IETF network management options,protocols, and reached consensus on the management requirements. It is a noble goalcompared them to consider management fromoperational needs, especially configuration. One issue raised was the very early startuser-unfriendliness of new protocol work, but we also have to accept that sometimes management requirements will only be understood once a technology has been deployedthe binary format of SNMP and some experience has been gained. It should be expectedCOPS-PR, so it was recommended that initial considerations for operations and management may need to be updated inthe future. This document is not about requiring all internet-drafts to include a new "OperationsIETF explore and XML-based Structure of Management Considerations" section. Experiments to require such sections have had a mixed reaction from protocol developers. The IESG has also expressed hesitation about requiring new Considerations sections. We should also be carefulInformation, and point outan XML-based protocol for configuration. Another issue was that this document really just provides guidelinesdeployed tools for event/alarm correlation, root cause analysis and shouldlogging are not be misused to slow down protocol development since sometimes itsufficient, and there is bettera need to getsupport a protocol out inhuman interface and a timely fashion without management considerations instead of being delayed some years when it is too late to be successful. Releasingprogrammatic interface. The IETF documents including protocol definition without any consideration about howdecided to standardize aspects of the protocoldefacto standard for system logging, especially security and networks runningthe protocol willneed for better programmatic support. In 2006, the IETF discussed how the Management Framework should be managedupdated to accommodate multiple IETF standard SMI languages, and what are the operational implications of deployment also seems wrong A balance is needed.multiple IETF standard protocols for doing network management. This document tries to find the right balance - what is the minimal information that needs to be includedprovides some initial guidelines for considering operations and management in this environment of multiple protocols and multiple data models, with an eye toward being flexible while also striving for interoperability. 3. Operational Considerations When a new protocol definition document that shows how the protocol will beis deployed and managed. Minimal but not less than this. 2.1. Motivation The IETF has indicatedin a desire to have operations and manageability considered duringnetwork, it may affect the developmentnetwork negatively. A working group should consider deployment of a new protocols, usingprotocol or protocol extension in a proactive "design for operabilitynetwork, impact on the network operations, traffic levels and manageability" approach that documentsoperation of other protocols or previous versions of the protocol, how athe new protocol is expected towill be operatedoperated, and managed. For years the IETF has stressedhow its presence might affect the useexisting deployment. Operations and manageability considerations should focus on interoperability of externally observable behaviors. 3.1. Operations Model Protocol designers can analyze the Standard Management Frameworkoperational environment and SMI MIB modules [RFC2578] for managing new protocols. The IETF designedmode of work in which the Standard Management Framework and SMI MIB modules to permit multiple protocols to utilize the MIB data [RFC1052], but it became a common misunderstanding that a MIB module could only be used with the SNMP protocol.(defined in [RFC3410] and associated documents). In 2001, OPS Area design teams were created to document issues and requirements related to configuration of IP-based networks. One output was "Requirements for Configuration Management of IP-based Networks" [RFC3139] In 2003, the Internet Architecture Board (IAB) held a workshop on Network Management [RFC3535] that discussed the strengths and weaknesses of some IETF network management protocols, and compared them to operational needs. Most of those needs are discussed further in this document. This document recommends working groups consider operations and management needs, and then select appropriate standard management protocols and data models to address the relevant operations and management needs, just as they consider which security threats are relevant to their protocol, and then select appropriate standard security protocols to mitigate the relevant threats. For example, a working group could decide whether a MIB module, SYSLOG messages, an LDAP structure, an XML schema, or another solution is the best way to monitor and manage the functionality of anew protocol. The protocol to use for management will follow from this analysis rather than being SNMP by fiat. One good method that can be considered by protocol designers is to make an analysis of the operational environment and mode of work the futureprotocol or extension will work in.work. Such an exercise needs not be reflected directly by text in their document, but could help in visualizing the operational model related to the applicability of the protocol in the Internet environments where it will be deployed. The operational model should take into account issues like: -o what type of management entities will be involved (agents, network management systems)? o what is the possible architecture (client- server,(client-server, manager-agent, polling-driven or event-driven, autoconfiguration, two levels or hierarchical)? o what are the basic management operations - initial configuration, dynamic configuration, alarms and exceptions reporting, logging, performance monitoring, performance reporting? o how are these operations performed - locally, remotely, atomic operation, scripts? o what are the typical user interfaces - Command line (CLI) or graphical user interface (GUI)? 3. Operational Considerations When aWorking groups should consider how the new protocol is deployedwill be managed in a network, it may affect the network negatively. A working group should consider deployment of a new protocol or protocol extension in a network, impact on the network operations, traffic levels and operation of other protocols or previous versions of the protocol, how the new protocol will be operated, and how its presence might affect the existing deployment. Operations and manageability considerations should focus on interoperability of externally observable behaviors. 3.1. Operations Model Working groups should consider how the new protocol will be managed in different deployment sizes. It might be sensible to usedifferent deployment scales. It might be sensible to use a local management interface to manage the new protocol on a single device, but in a large network, remote management using a centralized server and/or using distributed management functionality might make more sense. Auto-configuration might be possible for some new protocols. There may be a need to support a human interface, e.g., for troubleshooting, and a programmatic interface, e.g., for automated monitoring and root cause analysis. It might be important that the internal method routines for both interfaces should be the same to ensure that data exchanged between these two interfaces is always consistent. Working groups should consider what management operations are expected to be performed as a result of the deployment of the protocol - such as whether write operations will be allowed on routers and on hosts, or if notifications for alarms or other events will be expected. 3.2. Installation and Initial Setup Working groups should consider default values that make protocol sense, to simplify configuration, including default modes and parameters. For example, it could be helpful or necessary to specify default values for modes, timers, default state of logical control variables, default transports, and so on. Even if default values are used, it must be possible to retrieve all the actual values or at least an indication that known default values are being used. Working groups should consider how to enable operators to concentrate on the configuration of the network as a whole rather than individual devices. 3.3. Migration Path If the new protocol is a new version of the protocol, or is replacing another technology, the working group should consider how deployments should transition to the new protocol. This should include co- existence with previously deployed protocols and/or previous versions of the same protocol, incompatibilities between versions, translation between versions, and side effects that might occur. Are older protocols or versions disabled or do they co-exist in the network with the new protocol? Another point to consider is extensibility of the management approach - How open to future protocol extensions are the management techniques you are defining? 3.4. Requirements on Other Protocols and Functional Components Working groups should consider the requirements that the new protocol might put on other protocols and functional components, and should also document the requirements from other protocols that have been considered in designing the new protocol. These considerations should generally remain illustrative to avoid creating restrictions or dependencies, or potentially impacting the behavior of existing protocols, or restricting the extensibility of other protocols, or assuming other protocols will not be extended in certain ways. 3.5. Impact on Network Operation The introduction of a new protocol or extensions to an existing protocol may have an impact on the operation of existing networks. Protocol designers should outline such impacts (which may be positive) including scaling concerns and interactions with other protocols. For example, a new protocol that doubles the number of active, reachable addresses in use within a network might need to be considered in the light of the impact on the scalability of the IGPs operating within the network. The working group should consider the potential impact on the behavior of other protocols in the network and on the traffic levels and traffic patterns that might change, including specific types of traffic such as multicast. Also consider the need to install new components that are added to the network as result of the changes in the operational model, such as servers performing auto-configuration operations. The working group should consider also the impact on applications and registries, for example DNS entries, or the size of routing tables. The impact on performance may also be noted - increased delay or jitter in real-time traffic applications, or response time in client- server applications when encryption or filtering are applied. It is important to minimize the impact caused by configuration changes. Given configuration A and configuration B, it should be possible to generate the operations necessary to get from A to B with minimal state changes and effects on network and systems. 3.6. Verifying Correct Operation The working group should consider techniques for testing the effect that the protocol has had on the network by sending data through the network and observing its behavior. Working groups should consider how the correct end-to-end operation of the new protocol in the network can be tested, and how the correct data or forwarding plane function of each network element can be verified to be working properly with the new protocol. It must be easy to do consistency checks of configurations over time and between the ends of a link in order to determine the changes between two configurations and whether those configurations are consistent. 4. Management Considerations The considerations of manageability should start from describing the operational model, which includes identifying the entities to be managed, how the respective protocol is supposed to be installed, configured and monitored, who are the managers and what type of management interfaces and protocols they would use. Considerations for management should include a discussion of what needs to be managed. This document, for better or worse, talks mainly about management of a protocol endpoint on a single device. It doesn't talk about managing the *protocol* (it manages one end at a time), and doesn't even come near managing the *service* (which includes a lot of stuff that's very far away from the box). In a client/server protocol, it may be more important to instrument the server end of a protocol than the client end. One issue that the IETF has always struggled with (and for which we still have no good guidance) is the problem of how to configure multiple related/co-operating devices and how to back off if one of those configurations fails or causes trouble. NETCONF addresses this somewhat by allowing an operator to lock the configuration on multiple devices, perform the configuration settings/changes, check that they are OK (undo if not) and then unlock the devices. Protocol debugging is not part (and should not be part) of the Network Management tools/hooks in a system. Debugging is an implementation-dependent issue, not a protocol standardization issue. 4.1. Interoperability Just as when deploying protocols that will inter-connect devices, our primary goal in considering management should be interoperability, whether across devices from different vendors, across models from the same vendor, or across different releases of the same product. Some product designers and protocol designers assume that if a device can be managed individually using a command line interface or a web page interface, that such a solution is enough. But when equipment from multiple vendors is combined into a large network, scalability of management becomes a problem. It is important to have consistency in the management interfaces so network-wide operational processes can be automated. Getting everybody to agree on a certain syntax and the protocol associated with that has proven to be difficult. So management systems tend to speak whatever the boxes support, whether the IETF likes this or not. The IETF is moving from support for a single management data modeling language and a single management protocol towards support for multiple management protocols and multiple data models suited to different purposes, such as logging (syslog), configuration (netconf), and usage accounting (ipfix). Other Standard Development Organizations (e.g. DMTF, TMF) also define management mechanisms and these mechanisms may be more suitable than IETF mechanisms in some cases. Interoperability needs to be considered on the syntactic level and the semantic level. While it can be irritating and time-consuming, application designers including operators who write their own scripts can make their processing conditional to accommodate differences across vendors or models or releases of product. Semantic differences are much harder to deal with on the manager side - once you have the data, its meaning is a function of the managed entity. For example, if a single counter provided by vendor A counts three types of error conditions, while the corresponding counter provided by vendor B counts seven types of error conditions, these counters cannot be compared effectively - they are not interoperable counters. Information models are helpful to try to focus interoperability on the semantic level - they establish standards for what information should be gathered, and how gathered information might be used regardless of which management interface carries the data or which vendor produces the product. The use of an information model might help improve the ability of operators to correlate messages in different protocols where the data overlaps, such as a SYSLOG message and an SNMP notification about the same event. An information model might identify which error conditions should be counted separately, and which error conditions can be counted together in a single counter. Then, whether the counter is gathered via SNMP or a CLI command or a SYSLOG message, the counter will have similar meaning. Protocol designers should consider which information might be useful for managing the new protocol or protocol extensions. IM --> conceptual/abstract model | for designers and operators +----------+---------+ | | | DM DM DM --> concrete/detailed model for implementers Information Models and Data Models Figure 1 On the Difference between Information Models and Data Models [RFC3444] may be useful in determining what information to consider regarding information models, as compared to data models. Information models should come from the protocol WGs and include lists of events, counters and configuration parameters that are relevant. There are a number of information models contained in protocol WG RFCs. Some examples: o [RFC3060] - Policy Core Information Model version 1 o [RFC3290] - An Informal Management Model for DiffServ Routers o [RFC3460] - Policy Core Information Model Extensions o [RFC3585] - IPsec Configuration Policy Information Model o [RFC3644] - Policy Quality of Service Information Model o [RFC3670] - Information Model for Describing Network Device QoS Datapath Mechanisms o [RFC3805] - Printer MIB v2 (contains both an IM and a DM Management protocol standards and management data model standards often contain compliance clauses to ensure interoperability. Manageability considerations should include discussion of which level of compliance is expected to be supported for interoperability. 4.2. Management Information Operators find it important to be able to make a clear distinction between configuration data, operational state, and statistics. They need to determine which parameters were administrative configured and which parameters have changed since configuration as the result of mechanisms such as routing protocols. It is important to be able to separately fetch configuration data, operational state data, and statistics from devices, and to be able to compare current state to initial state, and to compare data between devices. A management information model should include a discussion of what is manageable, which aspects of the protocol need to be configured, what types of operations are allowed, what protocol-specific events might occur, which events can be counted, and for which events should an operator be notified. What is typically difficult to work through are relationships between abstract objects. Ideally an information model would describe the relationships between the objects and concepts in the information model. Is there always just one instance of this object or can there be multiple instances? Does this object relate to exactly one other object or may it relate to multiple? When is it possible to change a relationship? Do objects (such as rows in tables) share fate? For example, if a row in table A must exist before a related row in table B can be created, what happens to the row in table B if the related row in table A is deleted? Does the existence of relationships between objects have an impact on fate sharing? 4.3. Fault Management The working group should consider how faults information will be propagated. Will it be done using asynchronous notifications or polling of health indicators? If notifications are used to alert operators to certain conditions, then the working group should discuss mechanisms to throttle notifications to prevent congestion. Will there be a hierarchy of faults, and will the fault reporting be done by each fault in the hierarchy, or will only the lowest fault be reported and the higher levels be suppressed? should there be aggregated status indicators based on concatenation of propagated faults from a given domain or device? SNMP notifications and SYSLOG messages can alert an operator when an aspect of the new protocol fails or encounters an error condition, and SNMP is frequently used as a heartbeat monitor. 4.3.1. Liveness Detection and Monitoring Liveness detection and monitoring applies both to the control plane and the data plane. Mechanisms for detecting faults in the control plane or for monitoring its liveness are usually built into the control plane protocols or inherited from underlying data plane or forwarding plane protocols. These mechanisms do not typically require additional management capabilities. However, when a system detects a control plane fault, there is often a requirement to coordinate recovery action through management applications or at least to record the fact in an event log. Where the protocol is responsible for establishing data or user plane connectivity, liveness detection and monitoring usually need to be achieved through other mechanisms. In some cases, these mechanisms already exist within other protocols responsible for maintaining lower layer connectivity, but it will often be the case that new procedures are required to detect failures in the data path and to report rapidly, allowing remedial action to be taken. [DISCUSS:: 'control plane' and 'data plane' are such slippery terms that I think they need to be defined.] 4.3.2. Fault Determination It canProtocol designers should always build in basic testing features (e.g. ICMP echo, UDP/TCP echo service, NULL RPC calls) that can be used to test for liveness, with an option to enable and disable them. 4.3.2. Fault Determination It can be helpful to describe how faults can be pinpointed using management information. For example, counters might record instances of error conditions. Some faults might be able to be pinpointed by comparing the outputs of one device and the inputs of another device looking for anomalies. 4.3.3. Fault Isolation It might be useful to isolate faults, such as a system that emits malformed messages necessary to coordinate connections properly. Spanning tree comes to mind. This might be able to be done by configuring next-hop devices to drop the faulty messages to prevent them from entering the rest of the network. 4.3.4. Corrective Action What sort of corrective action can be taken by an operator for each of the fault conditions that are being identified? [DISCUSS: this should be expanded or eliminated. 4.4. Configuration Management RFC3139 [RFC3139] discusses requirements for configuration management. This document includes discussion of different levels of management, including high-level-policies, network-wide configuration data, and device-local configuration. A number of efforts have existed in the IETF to develop policy-based management. RFC3198 was written to standardize the terminology for policy-based management across these efforts. It is highly desirable that text processing tools such as diff, and version management tools such as RCS or CVS or SVN, can be used to process configurations. This approach simplifies comparing the current operational state to the initial configuration. With structured text such as XML, simple text diffs may be found to be inadequate and more sophisticated tools may be needed to make any useful comparison of versions. To simplify such configuration comparisons, devices should not arbitrarily reorder data such as access control lists. If a working group defines mechanisms for configuration, it would be desirable to standardize the order of elements for consistency of configuration and of reporting across vendors, and across releases from vendors. Network wide configurations are ideally stored in central master databases and transformed into formats that can be pushed to devices, either by generating sequences of CLI commands or complete configuration files that are pushed to devices. There is no common database schema for network configuration, although the models used by various operators are probably very similar. It is desirable to extract, document, and standardize the common parts of these network wide configuration database schemas. A working group should consider how to standardize the common parts of configuring the new protocol, while recognizing the vendors will likely have proprietary aspects of their configurations. It is important to distinguish between the distribution of configurations and the activation of a certain configuration. Devices should be able to hold multiple configurations. NETCONF [RFC4741], for example, differentiates between the "running" configuration and "candidate" configurations. It is important to enable operators to concentrate on the configuration of the network as a whole rather than individual devices. Support for configuration transactions across a number of devices would significantly simplify network configuration management. The ability to distribute configurations to multiple devices, or modify "candidate configurations on multiple devices, and then activate them in a near-simultaneous manner might help. Consensus of the 2002 IAB Workshop was that textual configuration files should be able to contain international characters. Human- readable strings should utilize UTF-8, and protocol elements should be in case insensitive ASCII. A mechanism to dump and restore configurations is a primitive operation needed by operators. Standards for pulling and pushing configurations from/to devices are desirable. Given configuration A and configuration B, it should be possible to generate the operations necessary to get from A to B with minimal state changes and effects on network and systems. It is important to minimize the impact caused by configuration changes. Many protocol specifications include timers that are used as part of operation of the protocol. These timers may need default values suggested in the protocol specification and do not need to be otherwise configurable. 4.4.1. Verifying Correct Operation An important function that might be provided is a tool set for verifying the correct operation of a protocol. This may be achieved to some extent through access to information and data models that report the status of the protocol and the state installed on network devices. It may also be valuable to provide techniques for testing the effect that the protocol has had on the network by sending data through the network and observing its behavior. Protocol designers should consider how to test the correct end-to-end operation of the network, and how to verify the correct data or forwarding plane function of each network element. 4.4.2. Control of Function and Policy A working group should consider the configurable items that exist for the control of function via the protocol elements described in the protocol specification. For example, Sometimes the protocol requires that timers can be configured by the operator to ensure specific policy-based behavior by the implementation. 4.5. Accounting Management A working group should consider whether it would be appropriate to collect usage information related to this protocol, and if so, what usage information would be appropriate to collect? RFC2975 [RFC2975] Introduction to Accounting Management discusses a number of issues that arise when monitoring usage of protocols for purposes of capacity and trend analysis, cost allocation, auditing, and billing. This document also discusses how some commonly usedRADIUS, TACACS+, and SNMP protocols are used for these purposes. These issues should be considered when designing a protocol whose usage might need to be monitored, or when recommending a protocol to do usage accounting. While this discussion is now dated, many of the issues remain relevant, and new protocols might be better to address those issues. 4.6. Performance Management Consider information that would be useful when trying to determine the performance characteristics of a deployed system using the target protocol. What are the principal performance factors that need to be looked at when measuring the efficiency of the protocol implementations? Is it important to measure setup times? throughput? quality versus throughput? interruptions? end-to-end throughput? end-to-end quality? hop-to-hop throughput? Consider scaling issues, such as providingwhether performance will be affected by the number of protocol connections. If so, then it might be useful to provide information about the maximum number of table entries that should be expected to be modeled, how many entries an implementation supports,can support, the current number of instances, and the expected behavior when the current instances exceed the capacity of the implementation. This should be considered in a data-modeling independent manner - what makes managed-protocol sense, not what makes management-protocol-sense. If it is not managed-protocol- dependent, then it should be left for the management-protocol data modelers to decide. For example, VLAN identifiers have a range of 1..4095 because of the VLAN standards. Consider operational activity, such as the number of message in and the messages out, the number of received messages rejected due to format problems, the expected behaviors when a malformed message is received. Consider the expected behaviors for counters - what is a reasonable maximum value for expected usage? should they stop counting at the maximum value and retain the maximum value, or should they rollover? How can users determine if a rollover has occurred, and how can users determine if more than one rollover has occurred? Consider whether countersWhat information should be persistentmaintained across reboots of the device, or restarts of the management system. Consider what events might cause discontinuitiessystem? Could events, such as hot-swapping a blade in a counter, especially those thatchassis, cause delta calculations to become meaningless. How can a user determine that there has been one or morediscontinuities in information? Does this make any difference in evaluating the counting?performance of a protocol? Consider whether multiple management applications will share a counter; if so, then no one management application should be allowed to reset the value to zero since this will impact other applications. For performance monitoring, it is important to report counters and not gauges as it isoften important to report the time spent in a state rather than the actualcurrent state. In other words, objects that report snapshotsSnapshots are of less value for performance monitoring. 4.7. Security Management Protocol designers should consider how to monitor and to manage security aspects and vulnerabilitiesThe Benchmarking Methodology WG (bmwg) has defined recommendations for the measurement of the new protocol. There will be security considerationsperformance characteristics of various internetworking technologies in a laboratory environment, including the systems or services that are built from these technologies. Each recommendation describes the class of equipment, system, or service being addressed; discuss the performance characteristics that are pertinent to that class; clearly identify a set of metrics that aid in the description of those characteristics; specify the methodologies required to collect said metrics; and lastly, present the requirements for the common, unambiguous reporting of benchmarking results. 4.7. Security Management Protocol designers should consider how to monitor and to manage security aspects and vulnerabilities of the new protocol. There will be security considerations related to the new protocol. To make it possible for operators to be aware of security-related events, isit is recommended that system logs should record events, such as failed logins?logins, but the logs must be secured. Should a system automatically notify operators of every event occurrence, or should an operator-defined threshold control when a notification is sent to an operator? Should certain statistics be collected about the operation of the new protocol that might be useful for detecting attacks, such as the receipt of malformed messages, or messages out of order, or messages with invalid timestamps? If such statistics are collected, is it important to count them separately for each sender to help identify the source of attacks? Manageability considerations that are security-oriented might include discussion of the security implications when no monitoring is in place, the regulatory implications of absence of audit-trail or logs in enterprises, exceeding the capacity of logs, and security exposures present in chosen / recommended management mechanisms. The granularity of access control needed on management interfaces needs to match operational needs. Typical requirements are a role- based access control model and the principle of least privilege, where a user can be given only the minimum access necessary to perform a required task. It must be possible to do consistency checks of access control lists across devices. Working groups should consider information models to promote comparisons across devices and across vendors to permit checking the consistency of security configurations. Working groups should consider how to provide a secure transport, authentication, identity, and access control which integrates well with existing key and credential management infrastructure. Working groups should consider how ACLs (access control lists) are maintained and updated. 5. Existing Protocols [DISCUSS: Section 5 reviews which protocols the IETF hasStandard SNMP notifications or SYSLOG messages [I-D.ietf-syslog-protocol] might already exist, or can be defined, to alert operators to offer for management and, what I really like,the text discussesconditions identified in the security considerations for which applications they were designedthe new protocol. [TODO: find existing notificiations or already successfully deployed. I likesyslog messages related to perhaps see even stronger guidelines;] Working groups should considersecurity] An analysis of existing protocols and data models that could be used to providecounters might help operators recognize the management functionsconditions identified in the previous section,security considerations for the new protocol before they can impact the network. RADIUS and DIAMETER can provide authentication and authorization. A working group should consider how using these existingwhich attributes would be appropriate for their protocol. Different protocols use different assumptions about message security and data models might impact network operations. In choosing existingaccess controls. A working group that recommends using different protocols should consider how security will be applied in a balanced manner across multiple management interfaces. SNMP access control is data-oriented, while CLI access control is usually command (task) oriented. Depending on the management function, sometimes data-oriented or task-oriented access control makes more sense. Working groups should consider both data-oriented and task-oriented access control. 5. Existing Protocols [DISCUSS: Section 5 reviews which protocols the IETF has to offer for management and, what I really like, the text discusses for which applications they were designed or already successfully deployed. I like to perhaps see even stronger guidelines;] Existing protocols and data models can provide the management functions identified in the previous section. WGs should consider how using these existing protocols and data models might impact network operations. In choosing existing protocol solutions to meet the information model requirements, it is recommended that the strengths and weaknesses of IETF protocols, as documentdocumented in [RFC3535] be considered, and working groups should consider asking for help from the IETF directorates knowledgeable in available existing solutions. This is especially true since some of the recommendations from the 2002 IAB workshop have become outdated, some have been implemented, and some are being realized. We want to avoid seeming to impose a solution by putting in place a strict terminology - for example implying that a formal data model, or even using a management protocol is mandatory. If a WG considers that its technology can be managed solely by using proprietary CLIs, and no structured or standardized data model needs to be in place, this should be fine, but this is a requirement that needs to be explicit in theirthe manageability discussion, so that the WG reaches consensus in full awareness that this is how the protocol will need to be operated and managed. Working groups should avoid having manageability pushed for a later/never phase of the development of the standard. Listed here are a number of protocols that have reached Proposed Standard status or higher within the IETF. 5.1. SNMP SNMP [RFC3410] is a Full Standard, andis widely used for monitoring networks.fault and performance data. Some operators use SNMP for configuration in various environments/technologiesenvironments/ technologies while others find SNMP an inappropriate choice for configuration in their environments. SNMPv1 is a Full Standard, but is not recommended due to its lack of security features. SNMPv3 is a Full Standard that includes security features. An overview of the SNMPv3 document set is in [RFC3410]. SNMP relies on the MIB. MIB module support is uneven across vendors, and even within devices. The lack of standard MIB module support for all functionality in a device forces operators to use other protocols such as a CLI to do configuration of some aspects of their managed devices, and it is easier to use one protocol for all configuration than to split the task across multiple protocols. SNMP is good at determining operational state of specific functionality, but not necessarily for the complete operational state of a managed device. SNMP is good for statistics gathering for specific functionality. The wide-spread use of counters in standard MIB modules permits the interoperable comparison of statistics across devices from different vendors. SNMP is often used to poll a device for sysUpTime, which serves to check for operational liveness and discontinuity in counters. SNMP notificationstraps and informs can alert an operator or an application when an aspect of the new protocol fails or encounters an error condition, and the contents of a notification can be used to guide subsequent SNMP polling to gather additional information about an event. SNMPv1 and SNMPv2c lack strong security, and are not recommended by the IETF. SNMPv3 does offer strong security and is recommended by the IETF. Stardards exist to run SNMP over multiple network protocols, including UDP, Ethernet, Appletalk, OSI, and others.. 5.2. SYSLOG The SYSLOG protocol [I-D.ietf-syslog-protocol] provides a transport to allowallows a machine to send event notification messages across IPnetworks to event message collectors. Since each process, application and operating system was written somewhat independently, there has been little uniformity to the content of SYSLOG messages.The protocol is simply designed to transport these event messages. No acknowledgement of the receipt is made. One of the fundamental tenets of the SYSLOG protocol and process is its simplicity. No stringent coordination is required between the transmitters and the receivers. Indeed, the transmission of SYSLOG messages may be started on a device without a receiver being configured, or even actually physically present. Conversely, many devices will most likely be able to receive messages without explicit configuration or definitions. This simplicity has greatly aided the acceptance and deployment of SYSLOG. Since each process, application and operating system was written somewhat independently, there has been little uniformity to the message format or content of SYSLOG messages. The IETF has developed a new Proposed Standard version of the message format andprotocol that allows the use of any number of transport protocols for transmission of SYSLOG messages,including reliable transports and secure transports, and allows vendor-specific extensionsstandardized the application of message security to be provided in a structured way.SYSLOG messages. The IETF hasstandardized thea new format for SYSLOG messagesmessage header format, including timestamp, hostname, application, and message ID, to improve filtering, and interoperability and correlation between compliant implementations,implementations. SYSLOG message content has traditionally been unstructured natural language text. This content is human-friendly, but difficult for applications to parse and correlate across vendors, or correlate with other event reporting such as SNMP traps. The IETF standard syslog protocol includes structured data elements to aid application- parsing. The structured data element design allows vendors to define their own structured data elements to supplement standardized the application of message securityelements. Working groups are encouraged to standardize structured data elements, extensible human-friendly text, and consistent facility/ severity values for SYSLOG messages.to report events specific to their protocol. 5.3. IPFIX There are several applications e.g., usage-based accounting, traffic profiling, traffic engineering, attack/intrusionintrusion detection, QoS monitoring, that require flow-based IPtraffic measurements. IPFIX [I-D.ietf-ipfix-protocol] is a Proposed Standard approach for transmitting IP traffic flow information over the network from an exporting process to an information collecting process. IPFIX defines a common representation of flow data and a standard means of communicating the data over a number of transport protocols. Some extensions to IPFIX is stillare in processdevelopment and some aspectshave not yet become Proposed Standards. [TODO: update as needed] 5.4. PSAMP Several applications require sampling packets from specific data flows, or across multiple data flows, and reporting information about the packets. Measurement-based network management is a prime example. The PSAMP standard includes support for packet sampling in IPv4, IPv6, and MPLS-based networks. PSAMP standardizes sampling, selection, metering, and reporting strategies for different purposes. To simplify the solution, the IPFIX protocol is used for exporting the reports to collector applications. [TODO: this is in IESG review to become a PS. update as needed] 5.5. NETCONF The NETCONF protocol [RFC4741] is a Proposed Standard that defines a simple mechanism through which a network device can be managed, configuration data information can be retrieved, and new configuration data can be uploaded and manipulated. The protocol allows the device to expose a full, formal application programming interface (API). Applications can use this straightforward API to send and receive full and partial configuration data sets. The NETCONF protocol uses a remote procedure call (RPC) paradigm. A client encodes an RPC in XML and sends it to a server using a secure, connection-oriented session. The server responds with a reply encoded in XML. A key aspect of NETCONF is that it allows the functionality of the management protocol to closely mirror the native command line interface of the device. This reduces implementation costs and allows timely access to new features. In addition, applications can access both the syntactic and semantic content of the device's native user interface. The contents of both the request and the response can be fully described in XML DTDs or XML schemas, or both, allowing both parties to recognize the syntax constraints imposed on the exchange. As of this writing, no standard has been developed for data content specification. 220.127.116.11. COPS-PR COPS-PR and the Structure of Policy Provisioning Information (SPPI) have been approved as Proposed Standards. COPS-PR [RFC3084] uses the Common Open Policy Service (COPS) protocol for support of policy provisioning. The COPS-PR specification is independent of the type of policy being provisioned (QoS, Security, etc.) but focuses on the mechanisms and conventions used to communicate provisioned information between policy-decision-points (PDPs) and policy enforcement points (PEPs). COPS-PR does not make any assumptions about the policy data model being communicated, but describes the message formats and objects that carry the modeled policy data. Policy data is modeled using Policy Information Base modules (PIB modules). COPS-PR has not had wide deployment, and operators have stated that its use of binary encoding (BER) for management data makes it difficult to develop automated scripts for simple configuration management tasks in most text-based scripting languages. In an IAB Workshop on Network Management [RFC3535], the consensus of operators and protocol developers indicated a lack of interest in PIB modules for use with COPS-PR. As a result, the IESG has not approved any policy models (PIB modules) as an IETF standard. 5.6.standard, and the use of COPS-PR is not recommended. 5.7. RADIUS RADIUS [RFC2865], the remote Authentication Dial In User Service, is a Draft Standard that describes a protocol for carrying authentication, authorization, and configuration information between a Network Access Server which desires to authenticate its links and a shared Authentication Server. This protocol is widely implemented and used. 5.7.RADIUS is widely used in environments, such as enterprise networks, where a single administrative authority manages the network, and protects the privacy of user information. 5.8. Diameter DIAMETER [RFC3588] is a Proposed Standard that provides an Authentication, Authorization and Accounting (AAA) framework for applications such as network access or IP mobility. DIAMETER is also intended to work in both local Authentication, Authorization & Accounting and roaming situations. Diameter is designed to resolve a number of known problems with RADIUS. Diameter supports server failover, transmission-level security, reliable transport over TCP, agents for proxy and redirect and relay, server-initiated messages, auditability, capability negotiation, peer discovery and configuration, and roaming support. Diameter also provides a larger attribute space than RADIUS. RADIUS is widely used within single administrative domains.Diameter features make it especially appropriate for environments where the providers of services are in different administrative domains than the maintainer (protector) of confidential user information. 18.104.22.168. EPP The Extensible Provision Protocol [RFC4930] is a Draft Standard that describes an application layer client-server protocol for the provisioning and management of objects stored in a shared central repository. EPP permits multiple service providers to perform object provisioning operations using a shared central object repository, and addresses the requirements for a generic registry registrar protocol. 5.9. XCAP XCAP [RFC4825]5.10. VCCV VCCV is a Proposed Standard protocol that allowsprovides a client to read, write, and modify application configuration data stored in XML format oncontrol channel associated with a server. 5.10. Other Protocols A commandPseudowire. It is used for operations and management functions such as connectivity verification over the control channel. VCCV applies to all supported access circuit and transport types currently defined for PWs. 5.11. XCAP XCAP [RFC4825] is a Proposed Standard protocol that allows a client to read, write, and modify application configuration data stored in XML format on a server. 5.12. Other Protocols A command line interface (CLI) might be used to provide initial configuration of the target functionality. Command line interfaces are usually proprietary, but working groups could suggest specific commands and command parameters that would be useful in configuring the new protocol, so implementers could have similarities in their proprietary CLI implementations. [DISCUSS: Routing and control plane people may prefer NETCONF since it is close to CLIs which seem to rule in this space. ] [DISCUSS] Other PS-level NM protocols? SIP NM? 6. Existing IETF Data Models [DISCUSS: JS: The weakest part of the document is IMHO section 6. It is not clear to me what David's intention were here; sometimes he gives general advise while at other places he kind of surveys data models and such things. I am also not sure all the stuff listed there is actually useful to list; for example, has anybody ever deployed the technology which came out of the snmpconf working group? So we need to be more selective and probably also organize our pointers based on the protocol layer people are working on (transmission specific MIB modules are kind of widely used, people managing application servers usually do not use much of SNMP; the IETF application management MIBs we have produced have not gained large deployments as far as I can tell). ] [DISCUSS: David: Some MIB modules may not be deployed because few people know about them and has never tried them. Others may have been tried and been found to be inadequate. We have very little feedback concerning which ones are useful and which are widely deployed, which have been found useful by operators, and which have been found to be junk. ;-) I hesitate to make recommendations that people should avoid a MIB unless there is real evidence that is is unsuitable for its designed task. Even then, I hesitate because maybe the MIB would be found useful in a different environment that is just emerging. Maybe we need to perform a de-crufting operation for data models, similar to that done for protocols a few years ago. But I think that would require feedback from LOTS of operators and application developers - and these tend to be scarce in the IETF. ] The purpose of this section is to inform protocol designers about solutions for which components have already been standardized in the IETF, so they can reuse existing solutions or use those solutions to extract information models that could be applied to new solutions. This section discusses management data models that have reached at least Proposed Standard status in the IETF. Because making management information available through the MIB has long been the IETF-preferred approach for managing the Internet, there are a large number of MIB modules available. Rather than attempt to discuss each here, with a discussion of the tables they contain, this section will focus on those MIB modules that have reached at least Draft status, and some commonly deployed MIB modules. This is supplemented by an appendix that lists additional MIB modules that have reached Proposed Standard status. [TODO] discuss specific MIB modules, SDEs, XML schemas that are designed to solve generic problems. This might cover things like Textual Conventions, RFC3415 Target tables, SYSLOG SDEs defined in -protocol-, SYSLOG -sign-, IPFIX IEs, etc. 6.1. Fault Management SNMP notifications and SYSLOG messages can alert an operator when an aspect of the new protocol fails or encounters an error condition, and SNMP is frequently used as a heartbeat monitor. The IETF standards-track version of the SYSLOG protocol [I-D.ietf-syslog-protocol] includes a mechanism for defining structured data elements (SDEs). The SYSLOG protocol document defines an initial set of SDEs that relate to content time quality, content origin, and meta-information about the message, such as language. Proprietary SDEs can be used to supplement the IETF- defined SDEs.RFC 3418 [RFC3418], part of STD 62 SNMP, contains objects in the system group that are often polled to determine if a device is still operating, and sysUpTime can be used to detect if a system has rebooted, and counters have been reinitialized. RFC3413 [RFC3413], part of STD 62 SNMP, includes objects designed for managing notifications, including tables for addressing, retry parameters, security, lists of targets for notifications, and user customization filters. An RMON monitor [RFC2819] can be configured to recognize conditions, most notably error conditions, and continuously to check for them. When one of these conditions occurs, the event may be logged, and management stations may be notified in a number of ways. See further discussion of RMON under Performance Management. Protocol designers should always build in basic testing features (e.g. ICMP echo, UDP/TCP echo service, NULL RPC calls) that can be used to test for liveness, with an option to enable and disable them. The ALARM MIB in RFC 3877 and the Alarm Reporting Control MIB in RFC 3878 specify mechanisms for expressing state transition models for persistent problem states. There is also a mechanism specified to correlate a notification with subsequent state transition notifications about the same entity/object. Other MIB modules that may be applied to Fault Management include: NOTIFICATION-LOG-MIB in RFC 3014 ENTITY-STATE-MIB in RFC 4268 ENTITY-SENSOR-MIB in RFC 42686.2. Configuration Management It is expected that standard XML-based data models will be developed for use with NETCONF, and working groups might identify specific NETCONF data models that would be applicable to the new protocol. At the time of this writing, no such standard data models exist. RFC3159 [RFC3159] discusses the Structure of Policy Provisioning Information, an extension to the SMI standard for purposes of policy- based provisioning, for use with the COPS-PR protocol defined in RFC3084 [RFC3084]. RFC3317 [RFC3317] defines a DiffServ QoS PIB. At the time of this writing, there are no standards-track PIBs. During the IAB Workshop on Network Management, the workshop had rough consensus from the protocol developers that the IETF should not spend resources on SPPI PIB definitions, and the operators had rough consensus that they do not care about SPPI PIBs.For monitoring network configuration, such as physical and logical network topologies, existing MIB modules already exist that provide some of the desired capabilities. New MIB modules might be developed for the target functionality to allow operators to monitor and modify the operational parameters, such as timer granularity, event reporting thresholds, target addresses, and so on. RFC 3418 [RFC3418], part of STD 62 SNMPv3, contains objects in the system group that are often polled to determine if a device is still operating, and sysUpTime can be used to detect if a system has rebooted and caused potential discontinuity in counters. Other objects in the system MIB are useful for identifying the type of device, the location of the device, the person responsible for the device, etc. RFC3413 [RFC3413], part of STD 62 SNMPv3, includes objects designed for configuring notification destinations, and for configuring proxy- forwarding SNMP agents, which can be used to forward messages through firewalls and NAT devices. Draft Standard RFC2863 [RFC2863], the Interfaces MIB is used for managing Network Interfaces. This includes the 'interfaces' group of MIB-II and discusses the experience gained from the definition of numerous media-specific MIB modules for use in conjunction with the 'interfaces' group for managing various sub-layers beneath the internetwork-layer. Proposed Standard RFC4133 [RFC4133] the Entity MIB is used for managing multiple logical and physical entities managed by a single SNMP agent. This module provides a useful mechanism for identifyingRFC3165 [RFC3165] supports the entities comprising a system. There are also event notifications defined for configuration changes that may be usefuluse of user-written scripts to delegate management applications. Informational RFC3512 [RFC3512] discusses using SNMP to do configuration management, including policy-based configuration management.functionality. Proposed Standard RFC4011 [RFC4011] defines objects that enable policy-based monitoring and management of SNMP infrastructures,using SNMP, using a scripting language, and a script execution environment. Few vendors have not implemented MIB modules that support scripting. Some vendors consider running user-developed scripts within the managed device as a violation of support agreements. 6.3. Accounting Management RFC2975 discussesTODO: RADIUS Accounting MIBs are PS; are there any DS data models for accounting? ] 6.4. Performance Management Working groups should consider how RADIUS, TACACS+, and SNMP mightperformance can be usedmonitored for these purposes. While this discussion is now dated, many ofthe issues remain relevant, andnew protocols might be betterprotocol. MIB modules typically contain counters to address those issues. RADIUS [RFC2865] or DIAMETER [RFC3588] accounting might be collected for services,determine the frequency and working groups might document some of the RADIUS/ DIAMETER attributes that could be used. The IPFIX protocol [I-D.ietf-ipfix-protocol] can collect information related to IP flows, and existing Information Elements (IEs) may be appropriate to report flows of the new protocol. New IPFIX Information Elements might be useful for collecting flow information useful only in consideration of the new protocol. As of this writing, no IEs have reached Proposed Standard status yet, but a base set of IEs has been submitted to IESG for advancement. These include IEs for Identifying the scope of reporting, Metering and Export Process configuration, IP and Transport and Sub-IP header fields, Packet and Flow properties, timestamps, and counters. RFC3159 discusses the Proposed Standard Structure of Policy Provisioning Information (SPPI), an extension to the SMI standard for purposes of policy-based provisioning, for use with the COPS-PR protocol defined in RFC3084. Informational RFC3317 defines a DiffServ QoS PIB, and Informational RFC3571 defines policy classes for monitoring and reporting policy usage feedback, as well as policy classes for controlling reporting intervals, suspension, resumption and solicitation. At the time of this writing, there are no standards-track PIBs During the IAB Workshop on Network Management, the workshop had rough consensus from the protocol developers that the IETF should not spend resources on SPPI PIB definitions, and the operators had rough consensus that they do not care about SPPI PIBs. 6.4. Performance Management Working groups should consider how performance can be monitored for the new protocol. MIB modules typically contain counters to determine the frequency and raterate of an occurrence. RFC2819, STD 59 RMON, defines objects for managing remote network monitoring devices. An organization may employ many remote management probes, one per network segment, to manage its internet. These devices may be used for a network management service provider to access a client network, often geographically remote. Most of the objects in the RMON MIB module are suitable for the management of any type of network, and there are some which are specific to managing Ethernet networks. RMON allows a probe to be configured to perform diagnostics and to collect statistics continuously, even when communication with the management station may not be possible or efficient. The alarm group periodically takes statistical samples from variables in the probe and compares them to previously configured thresholds. If the monitored variable crosses a threshold, an event is generated. The RMON host group discovers hosts on the network by keeping a list of source and destination MAC Addresses seen in good packets promiscuously received from the network, and contains statistics associated with each host. The hostTopN group is used to prepare reports that describe the hosts that top a list ordered by one of their statistics. The available statistics are samples of one of their base statistics over an interval specified by the management station. Thus, these statistics are rate based. The management station also selects how many such hosts are reported. The RMON matrix group stores statistics for conversations between sets of two addresses. The filter group allows packets to be matched by a filter equation. These matched packets form a data stream that may be captured or may generate events. The Packet Capture group allows packets to be captured after they flow through a channel. The event group controls the generation and notification of events from this device. The RMON-2 MIB [RFC4502] extends RMON by providing RMON analysis up to the application layer. The SMON MIB [RFC2613] extends RMON by providing RMON analysis for switched networks. RAQMON [RFC4710] describes Real-Time Application Quality of Service Monitoring. DISMAN-EVENT-MIB in RFC 2981 and DISMAN-EXPRESSION-MIB in RFC 2982 provide a superset of the capabilities of the RMON alarm and event groups. These modules provide mechanisms for thresholding and reporting anomalous events to management applications. SIP Package for Voice Quality Reporting [I-D.ietf-sipping-rtcp-summary] defines a SIP event package that enables the collection and reporting of metrics that measure the quality for Voice over Internet Protocol (VoIP) sessions. The IPPM WG has defined metrics for accurately measuring and reporting the quality, performance, and reliability of Internet data delivery services. The metrics include connectivity, one-way delay and loss, round-trip delay and loss, delay variation, loss patterns, packet reordering, bulk transport capacity, and link bandwidth capacity The Benchmarking Methodology WG (bmwg) has defined recommendations for the measurement of the performance characteristics of various internetworking technologies in a laboratory environment, including the systems or services that are built from these technologies. Each recommendation describes the class of equipment, system, or service being addressed; discuss the performance characteristics that are pertinent to that class; clearly identify a set of metrics that aid in the description of those characteristics; specify the methodologies required to collect said metrics; and lastly, present the requirements for the common, unambiguous reporting of benchmarking results.6.5. Security Management Working groups should consider existing data models that would be relevant to monitoring and managing the security of the new protocol. IPsec Security Policy IPsec Action MIB [I-D.ietf-ipsp-ipsecaction-mib] defines a MIB moduleThe IETF has no standard data models for configuration of an IPsec action within the IPsecmanaging security policy database (SPD). [TODO:protocols such as TLS and SSH. 7. Documentation Guidelines The purpose of this document is not yet a PS,to provide guidance about what to consider when thinking about the management and has dependencies on a dead document?] IPsec Security Policy IKE Action MIB [I-D.ietf-ipsp-ikeaction-mib] defines a MIB module for configuration of an Internet Key Exchange (IKE) [RFC4306] action within the IPsec security policy database (SPD). [TODO: this is not yet a PS, and has dependencies on a dead document?] [DISCUSS: why are security protocols like TLS and SSH not required to be manageable? e.g., no MIB modules exist for these protocols.] Standard SNMP notifications or SYSLOG messages [I-D.ietf-syslog-protocol] might already exist, or can be defined, to alert operators to the conditions identified in the security considerations for the new protocol. An analysis of existing counters might help operators recognize the conditions identified in the security considerations for the new protocol before they can impact the network. RADIUS and DIAMETER can provide authentication and authorization. A working group should consider which attributes would be appropriate for their protocol. Different protocols use different assumptions about message security and data access controls. A working group that recommends using different protocols should consider how security will be applied in a balanced manner across multiple management interfaces. SNMP access control is data-oriented, while CLI access control is usually command (task) oriented. Depending on the management function, sometimes data-oriented or task-oriented access control makes more sense. Working groups should consider both data-oriented and task-oriented access control. 7. Documentation Guidelines The purpose of this document is to provide guidance about what to consider when thinking about the management and deployment ofdeployment of a new protocol, and to provide guidance about documenting the considerations should a working group choose to do so. The following guidelines are designed to help writers provide a reasonably consistent format to such documentation. Separate manageability and operational considerations sections are desirable in many cases, but their structure and location is a decision that can be made from case to case. Making a Management Considerations section a mandatory publication requirement is the responsibility of the IESG, or specific area directors, or working groups, and this document avoids recommending any mandatory publication requirements. For a complex protocol, a completely separate draft on operations and management might be appropriate, or even a completely separate WG. This document is focused on what to think about, and how to document the considerations of the working group. 7.1. Recommended Discussions A Manageability Considerations section should include discussion of the management and operations topics raised in this document, and when one or more of these topics is not relevant, it would be useful to contain a simple statement explaining why the topic is not relevant for the new protocol. Of course, additional relevant topics should be included as well. 7.2. Null Manageability Considerations Sections A working group may seriously consider the manageability requirements of a new protocol, and determine that there are no manageability issues related to the new protocol. It would be helpful to those who may update or write extensions to the protocol in the future or to those deploying the new protocol to know the thinking of the working regarding the manageability of the protocol at the time of its design. If there are no new manageability or deployment considerations, it is recommended that a Manageability Considerations section contain a simple statement such as "There are no new manageability requirements introduced by this document," and a brief explanation of why that is the case. The presence of such a Manageability Considerations section would indicate to the reader that due consideration has been given to manageability and operations. In the case where the new protocol is an extension, and the base protocol discusses all the relevant operational and manageability considerations, it would be helpful to point out the considerations section in the base document. 7.3. Placement of Operations and Manageability Considerations Sections If a working group develops a Manageability Considerations section for a new protocol, it is recommended that the section be placed immediately before the Security Considerations section. Reviewers interested in such sections could find it easily, and this placement could simplify the development of tools to detect the presence of such a section. 8. IANA Considerations This document does not introduce any new codepoints or name spaces for registration with IANA. Note to RFC Editor: this section may be removed on publication as an RFC. 9. Security Considerations This document is informational and provides guidelines for considering manageability and operations. It introduces no new security concerns. 10. Acknowledgements This document started from an earlier document edited by Adrian Farrel, which itself was based on work exploring the need for Manageability Considerations sections in all Internet-Drafts produced within the Routing Area of the IETF. That earlier work was produced by Avri Doria, Loa Andersson, and Adrian Farrel, with valuable feedback provided by Pekka Savola and Bert Wijnen. Some of the discussion about designing for manageability came from private discussions between Dan Romascanu, Bert Wijnen, Juergen Schoenwaelder, Andy Bierman, and David Harrington. 11. Informative References [I-D.ietf-ipfix-protocol] Claise, B., "Specification of the IPFIX Protocol for the Exchange of IP Traffic Flow Information", draft-ietf-ipfix-protocol-26 (work in progress), September 2007. [I-D.ietf-ipsp-ikeaction-mib] Hardaker, W., "IPsec Security Policy IKE Action MIB", draft-ietf-ipsp-ikeaction-mib-02 (work in progress), November 2006. [I-D.ietf-ipsp-ipsecaction-mib] Hardaker, W., "IPsec Security Policy IPsec Action MIB", draft-ietf-ipsp-ipsecaction-mib-02 (work in progress), November 2006.[I-D.ietf-sipping-rtcp-summary] Pendleton, A., "Session Initiation Protocol Package for Voice Quality Reporting Event", draft-ietf-sipping-rtcp-summary-02 (work in progress), May 2007. [I-D.ietf-syslog-protocol] Gerhards, R., "The syslog Protocol", draft-ietf-syslog-protocol-23 (work in progress), September 2007. [RFC1052] Cerf, V., "IAB recommendations for the development of Internet network management standards", RFC 1052, April 1988. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2613] Waterman, R., Lahaye, B., Romascanu, D., and S. Waldbusser, "Remote Network Monitoring MIB Extensions for Switched Networks Version 1.0", RFC 2613, June 1999. [RFC2819] Waldbusser, S., "Remote Network Monitoring Management Information Base", STD 59, RFC 2819, May 2000. [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, June 2000. [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000. [RFC2975] Aboba, B., Arkko, J., and D. Harrington, "Introduction to Accounting Management", RFC 2975, October 2000. [RFC3060] Moore, B., Ellesson, E., Strassner, J., and A. Westerinen, "Policy Core Information Model -- Version 1 Specification", RFC 3060, February 2001. [RFC3084] Chan, K., Seligson, J., Durham, D., Gai, S., McCloghrie, K., Herzog, S., Reichmeyer, F., Yavatkar, R., and A. Smith, "COPS Usage for Policy Provisioning (COPS-PR)", RFC 3084, March 2001. [RFC3139] Sanchez, L., McCloghrie, K., and J. Saperia, "Requirements for Configuration Management of IP-based Networks", RFC 3139, June 2001. [RFC3159] McCloghrie, K., Fine, M., Seligson, J., Chan, K., Hahn, S., Sahita, R., Smith, A., and F. Reichmeyer, "Structure of Policy Provisioning Information (SPPI)", RFC 3159, August 2001. [RFC3165] Levi, D. and J. Schoenwaelder, "Definitions of Managed Objects for the Delegation of Management Scripts", RFC 3165, August 2001. [RFC3290] Bernet, Y., Blake, S., Grossman, D., and A. Smith, "An Informal Management Model for Diffserv Routers", RFC 3290, May 2002. [RFC3317] Chan, K., Sahita, R., Hahn, S., and K. McCloghrie, "Differentiated Services Quality of Service Policy Information Base", RFC 3317, March 2003. [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet-Standard Management Framework", RFC 3410, December 2002. [RFC3413] Levi, D., Meyer, P., and B. Stewart, "Simple Network Management Protocol (SNMP) Applications", STD 62, RFC 3413, December 2002. [RFC3418] Presuhn, R., "Management Information Base (MIB) for the Simple Network Management Protocol (SNMP)", STD 62, RFC 3418, December 2002. [RFC3444] Pras, A. and J. Schoenwaelder, "On the Difference between Information Models and Data Models", RFC 3444, January 2003. [RFC3460] Moore, B., "Policy Core Information Model (PCIM) Extensions", RFC 3460, January 2003. [RFC3512] MacFaden, M., Partain, D., Saperia, J., and W. Tackabury, "Configuring Networks and Devices with Simple Network Management Protocol (SNMP)", RFC 3512, April 2003.[RFC3535] Schoenwaelder, J., "Overview of the 2002 IAB Network Management Workshop", RFC 3535, May 2003. [RFC3585] Jason, J., Rafalow, L., and E. Vyncke, "IPsec Configuration Policy Information Model", RFC 3585, August 2003. [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko, "Diameter Base Protocol", RFC 3588, September 2003. [RFC3644] Snir, Y., Ramberg, Y., Strassner, J., Cohen, R., and B. Moore, "Policy Quality of Service (QoS) Information Model", RFC 3644, November 2003. [RFC3670] Moore, B., Durham, D., Strassner, J., Westerinen, A., and W. Weiss, "Information Model for Describing Network Device QoS Datapath Mechanisms", RFC 3670, January 2004. [RFC3805] Bergman, R., Lewis, H., and I. McDonald, "Printer MIB v2", RFC 3805, June 2004. [RFC4011] Waldbusser, S., Saperia, J., and T. Hongal, "Policy Based Management MIB", RFC 4011, March 2005. [RFC4133] Bierman, A. and K. McCloghrie, "Entity MIB (Version 3)", RFC 4133, August 2005. [RFC4306] Kaufman, C., "Internet Key Exchange (IKEv2) Protocol", RFC 4306, December 2005.[RFC4502] Waldbusser, S., "Remote Network Monitoring Management Information Base Version 2", RFC 4502, May 2006. [RFC4668] Nelson, D., "RADIUS Authentication Client MIB for IPv6", RFC 4668, August 2006. [RFC4669] Nelson, D., "RADIUS Authentication Server MIB for IPv6", RFC 4669, August 2006. [RFC4710] Siddiqui, A., Romascanu, D., and E. Golovinsky, "Real-time Application Quality-of-Service Monitoring (RAQMON) Framework", RFC 4710, October 2006. [RFC4741] Enns, R., "NETCONF Configuration Protocol", RFC 4741, December 2006. [RFC4825] Rosenberg, J., "The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)", RFC 4825, May 2007. [RFC4930] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)", RFC 4930, May 2007. Appendix A. Operations and Management Checklist This appendix provides a quick summary of issues to consider. are configuration parameters clearly identified? are configuration parameters normalized? does each configuration parameter have a reasonable default value? is protocol state information exposed to the user? How? is protocol performance information exposed to the user? How? are significant state transitions logged? Appendix B. Additional MIB ModulesData Models on the Standards Track Appendix C. Change LogThe IETF SYSLOG protocol [I-D.ietf-syslog-protocol] is a Proposed Standard that includes a mechanism for defining structured data elements (SDEs). The SYSLOG protocol document defines an initial set of SDEs that relate to content time quality, content origin, and meta-information about the message, such as language. Proprietary SDEs can be used to supplement the IETF-defined SDEs. SIP Package for Voice Quality Reporting [I-D.ietf-sipping-rtcp-summary] defines a SIP event package that enables the collection and reporting of metrics that measure the quality for Voice over Internet Protocol (VoIP) sessions. DISMAN-EVENT-MIB in RFC 2981 and DISMAN-EXPRESSION-MIB in RFC 2982 provide a superset of the capabilities of the RMON alarm and event groups. These modules provide mechanisms for thresholding and reporting anomalous events to management applications. RAQMON [RFC4710] describes Real-Time Application Quality of Service Monitoring. The IPPM WG has defined metrics for accurately measuring and reporting the quality, performance, and reliability of Internet data delivery services. The metrics include connectivity, one-way delay and loss, round-trip delay and loss, delay variation, loss patterns, packet reordering, bulk transport capacity, and link bandwidth capacity. [TODO: detail the RFCs - 4737, 3393, 2681, 2680, 2679, 2678 The IPFIX protocol [I-D.ietf-ipfix-protocol] can collect information related to IP flows, and existing Information Elements (IEs) may be appropriate to report flows of the new protocol. New IPFIX Information Elements might be useful for collecting flow information useful only in consideration of the new protocol. As of this writing, no IEs have reached Proposed Standard status yet, but a base set of IEs has been submitted to IESG for advancement. These include IEs for Identifying the scope of reporting, Metering and Export Process configuration, IP and Transport and Sub-IP header fields, Packet and Flow properties, timestamps, and counters. RFC3159 discusses the Proposed Standard Structure of Policy Provisioning Information (SPPI), an extension to the SMI standard for purposes of policy-based provisioning, for use with the COPS-PR protocol defined in RFC3084. Informational RFC3317 defines a DiffServ QoS PIB, and Informational RFC3571 defines policy classes for monitoring and reporting policy usage feedback, as well as policy classes for controlling reporting intervals, suspension, resumption and solicitation. At the time of this writing, there are no standards-track PIBs During the IAB Workshop on Network Management, the workshop had rough consensus from the protocol developers that the IETF should not spend resources on SPPI PIB definitions, and the operators had rough consensus that they do not care about SPPI PIBs. Proposed Standard RFC4011 [RFC4011] defines objects that enable policy-based monitoring and management of SNMP infrastructures, a scripting language, and a script execution environment. DIAMETER [RFC3588] accounting might be collected for services, and working groups might document some of the RADIUS/DIAMETER attributes that could be used. [TODO: what data models?] RADIUS Authentication Client MIB [RFC4668] and RADIUS Authentication Server MIB [RFC4669] allow the gathering of accounting data. Proposed Standard RFC4133 [RFC4133] the Entity MIB is used for managing multiple logical and physical entities managed by a single SNMP agent. This module provides a useful mechanism for identifying the entities comprising a system. There are also event notifications defined for configuration changes that may be useful to management applications. RFC3159 [RFC3159] discusses the Structure of Policy Provisioning Information, an extension to the SMI standard for purposes of policy- based provisioning, for use with the COPS-PR protocol defined in RFC3084 [RFC3084]. RFC3317 [RFC3317] defines a DiffServ QoS PIB. At the time of this writing, there are no standards-track PIBs. During the IAB Workshop on Network Management, the workshop had rough consensus from the protocol developers that the IETF should not spend resources on SPPI PIB definitions, and the operators had rough consensus that they do not care about SPPI PIBs. The ALARM MIB in RFC 3877 and the Alarm Reporting Control MIB in RFC 3878 specify mechanisms for expressing state transition models for persistent problem states. There is also a mechanism specified to correlate a notification with subsequent state transition notifications about the same entity/object. Other MIB modules that may be applied to Fault Management include: NOTIFICATION-LOG-MIB in RFC 3014 ENTITY-STATE-MIB in RFC 4268 ENTITY-SENSOR-MIB in RFC 4268 Appendix C. Open Issues [TODO: need to verify all citations have references (in xref format)] Organize data models by layer? both section 6 and appendix. start to identify bullets for appendix checklist Is section 2 needed? Appendix D. Change Log Changes from opsawg-00 to opsawg-01 moved Proposed Standard data models to appendix moved advice out of data model survey and into considerations section addressed comments from Adrian and Dan modified the Introduction and Section 2 in response to many comments. expanded radius and syslog discussion, added psamp and VCCV, modified ipfix, Changes from harrington-01 to opsawg-00 added text regarding operational models to be managed. Added checklist appendix (to be filled in after consensus is reached on main text ) Changes from harrington-00 to harrington-01 modified unclear text in "Design for Operations and Management" Expanded discussion of counters Removed some redundant text Added ACLs to Security Management Expanded discussion of the status of COPS-PR, SPPI, and PIBs. Expanded comparison of RADIUS and Diameter. Added placeholders for EPP and XCAP protocols. Added Change Log and Open Issues Author's Address David Harrington Huawei Technologies USA 1700 Alma Dr, Suite 100 Plano, TX 75075 USA Phone: +1 603 436 8634 Fax: EMail: email@example.com URI: Full Copyright Statement Copyright (C) The IETF Trust (2007). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at firstname.lastname@example.org. Acknowledgement Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA).