A Reference Model for Autonomic Networking draft-behringer-anima-reference-model-03.txt

Similar documents
A Reference Model for Autonomic Networking draft-behringer-anima-reference-model-00.txt

ANIMA WG (Autonomic Networking Integrated Model and Approach) Rechartering Consideration

Autonomic Control Plane A Virtual Out Of Band Channel

Autonomic Networking BRKGEN Michael Behringer

An Autonomic Control Plane

draft-eckert-anima-grasp-dnssd-00

An Autonomic Control Plane draft-ietf-anima-autonomic-control-plane- 05 (ietf98:06 - ietf99:08)

BRSKI document status. Authors: Max Pritikin, Michael Richardson and Kent Watsen

Autonomic Network Intent and Format draft-du-anima-an-intent-04

Considerations for using short-term certificates

Internet Research Task Force (IRTF) Request for Comments: 7575

Improving IoT Security: the role of the manufacturer. Eliot Lear

IPv6 Standards Update. Steve Deering June 5, 2002

Event Service in Autonomic Networking

Control as LCD for future networking

Draft-richardson-anima-smartpledge BRSKI enrollment for Smart Pledges. Or: How do I bootstrap operator-less Registrars

DON XML Achieving Enterprise Interoperability

ETSI GS NGP 002 V1.1.1 ( )

Configuring Autonomic Networking

Internet Engineering Task Force (IETF) Request for Comments: 8191 Category: Standards Track. X. Lee CNNIC. August 2017

IETF IPv6 Update. Thomas Narten April 19, 2005

BMC Remedyforce Discovery and Client Management. Frequently asked questions

Internet Engineering Task Force (IETF) Category: Informational ISSN: February 2012

Internet Engineering Task Force (IETF) Request for Comments: ISSN: May 2018

Internet Engineering Task Force (IETF) Category: Informational. Cisco Systems, Inc. July 2017

Multihoming. Copy Rights

ESET Remote Administrator 6. Version 6.0 Product Details

Problem Statement and Considerations for ROA Mergence. 96 SIDR meeting

24 June 2016 Webex. IPv6 over the TSCH mode of IEEE e

The RPKI and BGP Origin Validation

NETCONF Access Control

Security Architecture for the Internet of Things (IoT) in Commercial Buildings

ARIN VII April 1 4, 2001 San Francisco, CA

P2PSIP Draft Charter. Dean Willis March 2006

Identifier and Locator separation in IP network

Experiences in Setting Up Automatic Home Networking. Jari Arkko Ericsson Research

10/4/2016. Advanced Windows Services. IPv6. IPv6 header. IPv6. IPv6 Address. Optimizing 0 s

Copyright

BANANA BOF Charter Review. IETF 99: Prague, Czech Republic Margaret Cullen Brian Trammell

P2PSIP, ICE, and RTCWeb

Guidelines and Registration Procedures for New URI Schemes

Internet Engineering Task Force (IETF) Category: Standards Track. J. Halpern Ericsson E. Levy-Abegnoli, Ed. Cisco February 2017

Third public workshop of the Amsterdam Group and CODECS C-ITS Deployment in Europe: Common Security and Certificate Policy

IEEE YANG Data Model(s) Study Group Closing Report

SECURE HOME GATEWAY PROJECT

IPv6, IPv4 and Coexistence Updates for IPPM's Active Metric Framework (Title updated formerly referred to as IPv6 update) draft-ietf-ippm-2330-ipv6-02

I2NSF IETF 93, Prague, Czech Republic. Dan Romascanu Joe Salowey

Technical Overview. Version March 2018 Author: Vittorio Bertola

INTRODUCTION TO SELF-ORGANIZING MANAGEMENT & CONTROL PLANE, ETSI NGP ISG

NCP Secure Enterprise Management for Linux Release Notes

DNS Security. Wolfgang Nagele DNS Services Manager

Panel 1 Service Platform and Network Infrastructure for Ubiquitous Services

Internet Engineering Task Force (IETF) Request for Comments: 6612 Category: Informational May 2012 ISSN:

mdns/dnssd Threat Model

APNIC & Internet Address Policy in the Asia Pacific

Narten Thomas ARIN

Considerations and Actions of Content Providers in Adopting IPv6

Discovery in the WBEM Architecture (Infrastructure Discovery)

Update on Resource Certification. Geoff Huston, APNIC Mark Kosters, ARIN IEPG, March 2008

OSPFv3-Based Home Networking draft-arkko-homenet-prefix-assignment-02.txt. Jari Arkko, Ericsson Acee Lindem, Ericsson Benjamin Paterson, Cisco

IETF YANG models for VLAN interface classification. draft-wilton-netmod-intf-vlan-yang Robert Wilton (Cisco)

DHCP and DDNS Services for Threat Defense

IETF Activities Update

IPv6 at takeoff speed. Brian Carpenter Distinguished Engineer, IBM Chair, IETF June 2005

IETF97 Seoul. IPv6 over the TSCH. mode of IEEE e. Chairs: Pascal Thubert Thomas Watteyne. Mailing list:

NFS Version 4 Security Update

DNS Security. Wolfgang Nagele DNS Group Manager

Cisco 440X Series Wireless LAN Controllers Deployment Guide

Comodo Offline Updater Utility Software Version

Proxy Mobile IPv6 draft-ietf-netlmm-proxymip6-01.txt

THE EMERGING CONTROL HIERARCHY

Autonomic Functions Life-cycle and Management draft-peloso-anima-autonomic-function-01d raft-ciavaglia-anima-coordination-01

VDP extension to support NVO3 CSD. Qcn-csd-0715-v01 July2015

NETCONF Protocol. Restrictions for the NETCONF Protocol. Information About the NETCONF Protocol

SECURE HOME GATEWAY PROJECT

Overview of the Resource PKI (RPKI) Dr. Stephen Kent VP & Chief Scientist BBN Technologies

Secure SDN Authentication (DNS based PKI model)

Internet Engineering Task Force (IETF) Request for Comments: 5736 Category: Informational. ICANN January 2010

Internet Engineering Task Force (IETF) Request for Comments: Obsoletes: 3177 Category: Best Current Practice. March 2011

IETF 93 ROLL. Routing over Low-Power And Lossy Networks. Chairs: Michael Richardson Ines Robles

Internet Engineering Task Force (IETF) May 2011

Charles Perkins Nokia Research Center 2 July Mobility Support in IPv6 <draft-ietf-mobileip-ipv6-14.txt> Status of This Memo

SA46T-AT SA46T Address Translator draft-matsuhira-sa46t-at-01.txt

Outlook on IEEE ZigBee Implications IP Requirements IPv6 over Low Power WPAN (IEEE ) Conclusions. KRnet /21

Implementing Security in Windows 2003 Network (70-299)

Cisco - ASA Lab Camp v9.0

Exam Identity with Windows Server 2016

ISO INTERNATIONAL STANDARD. Intelligent transport systems Communications access for land mobiles (CALM) IPv6 Networking

Diameter Overload Control Application (DOCA) draft-korhonen-dime-ovl-00 Jouni Korhonen DIME WG IETF #85

Cisco TelePresence Conductor with Cisco Unified Communications Manager

Agenda. 1. The LoU between EC-CEF and OpenPEPPOL about transition and migration to AS4 - Niels

Draft ICAO IPv6 Addressing Plan

Iosif Legrand. California Institute of Technology

Cisco ISE Ports Reference

Creating User Manageable Security Zones

Microsoft Planning and Deploying System Center 2012 Configuration Manager

Comodo Certificate Manager Software Version 5.0

Operators and the Internet Engineering Task Force (IETF)

IETF96 Berlin. IPv6 over the TSCH. mode of IEEE e. Chairs: Pascal Thubert Thomas Watteyne. Mailing list:

Internet Engineering Task Force (IETF) February Local Mobility Anchor (LMA) Discovery for Proxy Mobile IPv6

Transcription:

A Reference Model for Autonomic Networking 93 rd IETF, 20 July 2015 Michael Behringer Brian Carpenter Toerless Eckert 1

Reference Model High Level View Autonomic Function B ASA ASA Registrar ASA ASAs deployed as needed Base infra: Every node must support Autonomic Function A ASA ASA ASA ASA ASA Autonomic Networking Infrastructure: GDNP, Bootstrap, ACP, Naming, addressing, Discovery Domain Domain Domain Domain Domain Pre-set Pre-set Pre-set Pre-set Pre-set Node 1 Node 2 Node 3 Node 4 Node 5 Network with autonomic functions 2

1. Introduction................... Moved... MASA.. 3 to trust 2. The Network View................. infrastructure,..... 4 and registrar to 3. The Autonomic Network Element................ 5 ASA section. 3.1. Architecture...................... 5 Introduced constrained node 3.2. Full AN Nodes...................... 6 3.3. Constrained AN Nodes (*)................ 6 Naming: New section, needs 4. The Autonomic Networking Infrastructure........... 6 4.1. Naming.................... discussion..... and 6 review 4.1.1. Naming requirements................. 6 Addressing: Merged the 4.1.2. Proposed Mechanisms................. 7 4.2. Addressing.................. addressing..... draft 8 here, with 4.2.1. Requirements and Fundamental Concepts... some... changes... 9 Needs more 4.2.2. The Base Addressing Scheme........ discussion..... and 10 review. 4.2.3. Possible Sub-Schemes................ 11 4.2.4. Address Hierarchy............. Discovery,..... signalling 12 and intent 4.3. Discovery................... distribution..... have 13 new text, 4.4. Signaling Between Autonomic Nodes....... needs... review... 13 4.5. Intent Distribution................... 14 4.6. Routing.................... Points... to. ACP. 14 draft. Should 4.7. The Autonomic Control Plane............... 14 probably have more 5. Security and Trust Infrastructure.............. 15 5.1. Public Key Infrastructure........... explanation..... here. 15 5.2. Domain Certificate................... 15 5.3. The MASA................... Ordered.... several. 15 loose bits 5.4. Sub-Domains (*)................ into.. this.. section.. 15 5.5. Cross-Domain Functionality (*)............. 15 3

6. Autonomic Service Agents (ASA)............... 16 6.1. General Description of an ASA......... Clearly.... separate. 16 ASA from 6.2. Specific ASAs for the Enrolment Process.... infrastructure..... 16 now. 6.2.1. The Enrolment ASA............. New.. section... on 16 ASAs 6.2.2. The Enrolment Proxy ASA.......... The.. registrar... 16 is now covered 6.2.3. The Registrar ASA............. here,... since.. it 16 is an ASA 7. Management and Programmability............... 16 7.1. How an AN Network Is Managed......... New.. section,... 16 collecting some 7.2. Intent (*).................. previously..... loose 17 bits, and 7.3. Aggregated Reporting (*)................ 18 some new content. Needs 7.4. Feedback Loops to NOC(*)................ 19 7.5. Control Loops (*)............... reviews..... how 19 much detail do 7.5.1. Types of Control (*)........... we.. want.. to. put 20 in here? 7.5.2. Types of Control Loops (*)............. 20 7.5.3. Management of an Autonomic Control Loop (*)..... 21 7.5.4. Elements of an Autonomic Control Loop (*)...... 22 7.6. APIs (*)........................ 22 7.6.1. Dynamic APIs (*).................. 22 7.6.2. APIs and Semantics(*)........... New.. section... about 23 interactions 7.6.3. API Considerations (*).......... of. autonomic.... 23 functions. More 7.7. Data Model (*)................ long.. term,... but 23 highly relevant. 8. Coordination Between Autonomic Functions (*)........ 24 8.1. The Coordination Problem (*).............. 24 8.2. A Coordination Functional Block (*)...... Needs... more.. work. 25 9. Security Considerations................... 26 9.1. Threat Analysis..................... 26 4

Document Structure Structure of the document becoming stable No major issues with the structure itself Autonomic Function B ASA ASA Registr ar ASA Autonomic Function A ASA ASA ASA ASA ASA Autonomic Networking Infrastructure: GDNP, Bootstrap, ACP, Naming, addressing, Discovery Domain Pre-set Domain Pre-set Domain Pre-set Domain Pre-set Domain Pre-set Node 1 Node 2 Node 3 Node 4 Node 5 Network with autonomic functions 5

Naming Why names? As an identity As a subject name in the autonomic certificate Structured names: Ex: Location-DeviceType-FunctionalRole- DistinguisherNumber@NameofDomain Use self-knowledge for part of the name (e.g., device type) Use other mechanisms (intent) for other parts (e.g., domain) Open questions: Should we support assigned names, automatically created names, or both? If automatic, how do we assign the names? 6

Addressing Where to Cover? Used to be a separate draft (draft-behringerautonomic-addressing) But, this draft is not a standalone chartered item Request from WG chair was to integrate with an existing document Currently put the entire addressing doc into the reference draft. Is this the right place? (for addressing schemes?) Possible way forward: Leave requirements and concepts in reference draft Put the addressing schemes into? ACP draft? 7

Addressing - Scope In scope: Addressing used by the Autonomic Networking Infrastructure (and indirectly by Autonomic Service Agents) inside an autonomic domain. Not in scope: Addressing of the data plane, i.e. anything that is used for services to customers. An autonomic function could negotiate address space for the data plane, for example draft-jiangauto-addr-management. The function uses autonomic address space But it assigns and manages data plane address space Is that sufficiently clear? 8

Addressing Various points An Autonomic Node gets an address. ASAs do NOT get addresses. Autonomic nodes multiplex ASAs. Non-autonomic nodes do not get autonomic address 9

Addressing - Requirements Zero-touch for simple networks Low-touch for complex networks Flexibility (allow for growth, splits, merges, etc) Robustness (admin can t mess up) Support for virtualization Simplicity Scale Upgradability We do NOT want to require an admin to maintain an address scheme. At worst: Assign a prefix to network or a zone. 10

Addressing - Concepts IPv6 only (for the autonomic mechanisms) Usage: For autonomic functions exclusively Separation (from user address space) Overlay network Use ULA, on virtual interfaces No link addressing, only link local No external connectivity No consensus here yet: request was to allow IPv4 as well. All other points seem to have consensus? 11

Addressing Base Scheme Base Scheme: 8 40 3 77 +--+--------------+------+------------------------------------------+ FD hash(domain) Type (sub-scheme) +--+--------------+------+------------------------------------------+ Hash(domain) provides pseudo-random prefix, as required by RFC4193 (ULA) We suggest a type field, to allow different address schemes in the future. Idea: Standardize only one type initially. Do we agree so far? Comments? Concerns? 12

Sub-Scheme 1: Addressing Sub-Scheme 1 Needs discussion 51 13 64 +------------------------+---------+--------------------------------+ (base scheme) Zone Device +------------------------+---------+--------------------------------+ Registrar assigns device It is unique for a device in a domain It does NOT specify a locator, but an identifier Device does not change in the lifetime of a device Zone- initially zero. When aggregation is required, use a zone- <> 0 13

Sub-Scheme 2: Addressing Sub-Scheme 2 51 13 64-V? +------------------------+---------+----------------------------+---+ (base scheme) Zone Device V +------------------------+---------+----------------------------+---+ Add Virtualisation bits at the end Allow addressing various virtual machines on a single node Keep routing simpler: Node announces not a /128, but for example /127 Needs discussion 14

Discovery, Signaling, Intent Distribution Overall goal: Minimise northbound interfaces. Thus: Discovery needed for discovering: Nodes Services Signalling needed to negotiate between nodes, synchronise, etc. Intent distribution should also be horizontal All these could be covered with a single protocol Candidate protocol: draft-carpenter-anima-gdn-protocol Needs discussion 15

Routing and ACP (covered in the ACP discussion) 16

Security and Trust Infrastructure Premise: Self-protection Autonomic functions do not require configuration to be secure. They are designed and negotiated securely. Use a domain based PKI Domain has a CA The registrar(s) are RAs MASA server allows for vendor certification. Section needs work, but I believe the fundamental concepts are mostly agreed. 17

Management Section Generally self-management. Admin guidance through Intent Coexistence with existing methods (NETCONF, SNMP, SSH, etc) Conflict resolution Aggregated reporting Feedback loops to NOC Control loops APIs Mostly new content. Needs discussion 18

Coordination between Autonomic Functions Autonomic functions may interact: Dependency, conflict, cooperation Various ways to deal with interactions, at various times: Build time Deploy time Run time Require a coordination function 19

Summary Structure getting solid Content still needs work Open, high level question: How much detail, how much forward looking items (to be seen over time) Adoption as WG document? 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback