Hi, Toerless
Thanks for the review and suggestions.
Some personal opinions to share. Please correct me if any
misunderstanding.
1. The description about the relationship between DHCP PD and ANIMA
prefix-management mechanism is ambiguous.
I agree with Brian's suggestion about deleting the PD issue from this
document.
It is a realization problem and deleting it will not cause too much
misunderstanding.
IMO, to talk too much about the details is not the document's purpose,
i.e., validation of the designation of autonomic networking infrastructure.
2. A node model containing "requested_prefix_length" and
"assigned_prefix_length" is propsoed, while in current document we only have a
prefix_length for the node.
I think the problem is shortage of description of the whole structure,
or a clear example. It causes the reader hard to image the mechanism.
We need make it clear about the main mechanism, for example, adding
some topology pictures and TLA descriptions as suggested.
3. It is suggested to add more abbreviation explanations and a picture
about 6.1 (the IPRAN example section)
Agree.
4. It is suggested that we should not go through all that detail work
because that is easier done by first building prototypes. Also, you have
proposed a paragraph of introduction:
This document is not a functional specification of the proposed
autonomic function
"prefix management" or all detail all the aspects of GRASP objective
parameters and ASA procedures
necessary to achieve all the different options of building a complete system.
Instead it
describes the ***architectural framework*** utilizing the components of the
ANI and outlines the
different deployment options and aspects and defines simple type of
objectives in GRASP to
start building the system as well as some basic parameter examples.
Agree. But as suggested by Brian, ***architectural framework*** perhaps
is not very proper here.
I suggest some other word here, such as "initial realization" or
"prototype system". Is it OK?
5. You suggest that add some texts about the abstract deployment
pictures / solution overview
Including:
5.1. Address & Prefix management with DHCP
5.2 Prefix management with ANI/GRASP
I agree that we need to add some mechanism descriptions to make the
reader more easily catch the main point about the mechanism.
However, although it may be helpful, I do not suggest describing too
much about the DHCP mechanism in this document.
I suggest focusing on the main mechanism about ANIMA prefix-management
and adding more details about it.
If it can solve the problem of ambiguity, we do not need to add too
much contents about other detailed descriptions in this document.
On the other side, I agree with the proposed solution architecture, and
I think it should be able to work.
If it is agreed that to add all the texts is necessary, i.e., it is
worthwhile to explain the multiple solutions in the document, I am ok with it.
Best Regards
Zongpeng Du
-----Original Message-----
From: Toerless Eckert [mailto:[email protected]]
Sent: Wednesday, June 07, 2017 8:11 AM
To: [email protected]; [email protected]
Subject: [draft-ietf-anima-prefix-management-03] review
[darn, second mail header typo on my side. sorry.]
Dear authors
Some feedback for the PD draft:
1. Relationship to DHCPv6 PD:
The note in 4.3 makes it sound as if there is a concern by the authors that
this proposal could potentially be seen as being in conflict with DHCPv6.
I am not sure about a practical case where this case would ever be a concern.
If the authors can think of such a case, then it would be good to add sentences
explaining that case. Otherwise maybe revisit this concern. IMHO ANIMA-PD could
nicely integrate/expand DHCP-PD:
RFC3633 (DHCPv6 PD) abstract says: "..delegating a long- lived prefix from a
delegating router to a requesting router, across an administrative boundary.."
^^^^^^^^^^^^^^^^^^^^^^^ To validate
the ANI, IMHO we just need to show how to use GRASP within a domain, eg: not
across an administrative boundary. == no overlap with the declared intended use
of DHCPv6 PD. Instead i could rather see ANI/GRASP used inside the domain and
then DHCP/DHCPv6-PD be used on the edge of the domain to client (non-ANI
devices).
2. Prefix Management Parameters
I do not understand from the text what prefix length is described in 6.1. Maybe
i am misunderstanding how the proposed PD mechanism should work, but in my
understanding, a device has at least TWO type of prefixes:
GRASP/(+DHCP-PD) +---------+
requested | router | ------ Interfaces with assigned
prefixes
<-----------------> | with | ... "Assigned prefix-length 'APL'"
prefix-length | PM-ASA | ------ or
'RPL' +---------+ GRASP/DHCP-PD requests via
downstream PM-ASA
If RPL == APL, then there is no prefix aggregation. This may be acceptable
(==scale well enough) at GRASP/DHCP-PD signaling level. If thats what the
authors have in mind then that should be written explicitly.
Note that if RPL == APL, then this will result in more prefixes at the routing
level because all APLs can be from different prefixes and may not be
aggregateable. IMHO, achieving aggregation and managing that via PM-ASA would
be a big benefit of PM-ASA.
Aka: If the document intends to support RPL < APL, then that should be better
described. For example, section 6.1 could for each role have simply those two
parameters (requested_prefix_length,
assigned_prefix_length):
[
[["role", "RSG"],["requested_prefix_length", 34],
["assigned_prefix_length", 56] ],
[["role", "ASG"],["requested_prefix_length", 44],
["assigned_prefix_length", 64] ],
[["role", "CSG"],["requested_prefix_length", 56],
["assigned_prefix_length", 64] ] ]
Thre assigned_prefix_length is of course most important if the downstream is an
interface where the router with PM-ASA needs to configure the prefix and the
addresses are assigned by SLAAC or DHCP from the router itself. If the
downstream is not a local interface but requests from PM-ASA, then the prefix
can be determined by the downstream PM-ASA.
3. Mobile network roles
section 6.1: Please expand (in parenthesis) the abbreviations you use on first
use, eg:
IPRAN, RNC in section 6.1. Please check any other unexplained TLAs in the
document.
A good picture with RSG, ASG, CSG would be great and help. Especially if you
want to take the prior suggestion into account of what prefix length would be
required in which role device.
4. If you read the point 5 below, i think there are a lot of options how PDs
with ASAs can be done.
All of these options would require further details such as more GRASP objective
parameters, more description of the ASA state machinery, the individual GRASP
negotiation steps etc.
I do not think we want to go through all that detail work because that is IMHO
easier done by first building prototypes, and instead having the document
rather be a "framework" or "architecture document instead of an ASA functional
specification. To that end, it would IMHO be prudent to say so, for example
before the last two paragraphs of the introduction:
proposed text, as 3rd last paragraph of introduction:
This document is not a functional specification of the proposed autonomic
function
"prefix management" or all detail all the aspects of GRASP objective
parameters and ASA procedures
necessary to achieve all the different options of building a complete system.
Instead it
describes the architectural framework utilizing the components of the ANI and
outlines the
different deployment options and aspects and defines simple type of
objectives in GRASP to
start building the system as well as some basic parameter examples.
5. Abstract deployment pictures / solution overview:
I think it would help in understanding the document if it would include a
logical deployment model pictures with explanations of the target deployment
models. Ideally comparing to how this is done with DHCP.
For example: In the introduction, there are some high level, very suggestive
statements about limitations of DHCP (non-autonomicity). Its really hard to
detail why/how the PD solution improves over this without a more explicit
comparison of some DHCP deployment model example and a PD deployment model
example.
So, i have appended two proposed texts: 5.1 for what i understand to be the two
most common DHCP deployment models, and 5.2 for what i understand to be the
proposed PD deployment model.
I would strongly suggest to consider using 5.2 in the document - or something
equivalent.
Otherwise its IMHO hard to follow / understand how PD is meant to work.
Brian Carpenter already proved the feedback that a section like 5.1 might be
contentuous and also incomplete because centralized address management has a
wide range of options not only limited to DHCP but also involving Radius and
other protocols - and there is even a whole working group in the making (CASM -
coordinated address space management).
So maybe my proposed 5.1 would better go into an appended with sufficient
preface stating exactly that these are just examples, and that there are many
more deployment models, and that there are no current IETF recommendations or
documents laying out such complete deployment pictures. (which IMHO is exactly
one of the may problems). If folks feel that any more explicit description of
even exemplary DHCP deployment models is inappropriate because it would get too
contentuous, then its almost impossible to make statements about the
limitations about DHCP in the introduction. But without trying to give an
example and getting backpressure from reviewers, its IMHO a dead end:wq
5.1. Address & Prefix management with DHCP
edge
dynamic, "netconf/YANG" interfaces
<-----------------> +-------------+
+-------------+ <- telemetry | edge router/|+ ------ +--------+
|config server| ..... Domain .... | DHCP server || ... | CPE
|-+ LANs
+-------------+ +-------------+| ------
+--------+ | (----| )
+-------------+ DHCP/
+---------+
DHCPv6 / PD
Edge DHCP server deployment requires every edge router connecting to CPE to be
a DHCP server assigning IPv4/IPv6 addresses to CPE - and optionally IPv6
prefixes via DHCPv6-PD (RF3633) for IPv6 capable CPE that are router and have
LANs behind them.
This requires various coordination functions via some backend system depicted
as "config server": The address prefixes on the edge interfaces should be
slightly larger than required for the number of CPE connected so that the
overall address space is best used.
The config server needs to provision edge interface address prefixes and DHCP
parameters for every edge router. If too fine grained prefixes are used, this
will result in large routing tables across the "Domain". If too coase grained
prefixes are used, address space is wasted.
There is no standard describing algorithms for how config servers would best
perform this ongoing dynamic provisioning to optimize routing table size and
address space utilization.
There are currently no complete YANG models that a config server could use to
perform these actions (including telemetry of assigned adddresses from such
distributed DHCP servers).
For example, a YANG model for controlling DHCP server operations is still in
draft (draft-liu-dhc-dhcp-yang-model-06).
Due to these and other problems of the above model, the more common DHCP
deployment model is as
follows:
edge
+-------------+ initial, "CLI" interfaces
|config server| -----------------> +-------------+
+-------------+ | edge router/|-+ ------
+--------+
| ..... Domain .... | DHCP relay | | ... | CPE
|-+ LANs
+-------------+ +-------------+ | ------
+--------+ | (----| )
|DHCP server | +--------------+ DHCP/
+---------+
+-------------+ DHCPv6 / PD
Dynamic provisioning changes to edge routers are avoided by using a central
DHCP server and reducing the edge router from DHCP server to DHCP relay. The
"configuration" on the edge routers is static, the DHCP relay function inserts
"edge interface" and/or subscriber identifying options into DHCP requests from
CPE (eg: rfc3046, rfc6221), the DHCP server has complete policies for address
assignments and prefixes useable on every
edge-router/interface/subscriber-group. When the DHCP relay sees the DHCP
reply, it inserts static routes for the assigned address/address-prefix into
the routing table of the edge router which are then to be distributed by the
IGP (or BGP) inside the domain to make the CPE and LANs reachable across the
Domain (the same.
There is no comprehensive standardization of these solutions. RFC3633 section
14. for example simply refers to "a [non-defined] protocol or other out-of-band
communication to add routing information for delegated prefixes into the
provider edge router".
5.2 Prefix management with ANI/GRASP
With the proposed use of ANI and Prefix-management ASAs using GRASP, the
deployment model is intended to look as follows:
|<................... ANI Domain / ACP...................>| (...)
............->
Roles
|
v "Edge routers"
GRASP parameter +----------------+
Network wide parameters/policy | PM-ASA | downstream
interfaces
| |(DHCP-functions)| ------
v "central device" +----------------+
+-------+ ^
+--------+
|PM-ASA | <................... GRASP .... .... | CPE
|-+ ( LANs )
+-------+ . v
|(PM-ASA)| | ----|
. +........+ +----------------+
+--------+ |
+...........+ . PM-ASA . | PM-ASA | ------
+---------+
.DHCP server. +........+ |(DHCP-functions)| SLAAC /
+...........+ "intermediate router"+----------------+ DHCP / DHCP-pd
The network runs an ANI domain with ACP between some central device (eg: router
or ANI enabled management device) and the edge routers. ANI/ACP provides a
secure, zero-touch communication channel between the devices and enables the
use of GRASP not only for p2p communication, but also for distribution/flooding.
The central devices and edge-routers run software to support this documents
autonomic
IPv6 edge prefix management (PM). In the autonomic networking terminology, such
software are called "Autonomic Service Agents" (ASA). The ASA for Prefix
Management are called PM-ASA in this document and form together the Autonomic
Prefix Management Function.
Edge-routers can have different roles based on the type and number of CPE
attaching to them.
Consider edge routers could be RSG, ASG CSG in mobile aggregation networks (see
Section 6.1).
Mechanisms outside the scope of this document make routers aware of their role.
1. In a minimum Prefix Managmeent solution, the central device uses the
"PrefixManager.Params"
GRASP Objective introduced in this document to disseminate network wide,
per-role parameters to edge routers. The PM-ASA use the parameters applying to
its role to locallly "configuring"
pre-existing addressing functions. Because PM-ASA do not manage the dynamic
assignment of actual
IPv6 address prefixes in this case, the following options can be considered:
1.a The edge router connects via downstream interfaces to (host) CPE that each
require an address.
The PM-ASA sets up for each such interface a DHCP requesting router (according
to RFC3633) to request an IPv6 prefix for the interface. The routers address on
the downstream interface can be another parameter from the GRASP Objective. The
CPEs assign addresses in the prefix via RAs from the router or the PM-ASA
manages a local DHCPv6 server to assign addresses to the CPEs. A central DHCP
server acting as the DHCP delegating router (according to RFC3633) is required.
Its address can be another parameter from the GRASP Objective.
1.b The edge router also connects via downstream interfaces to (customer
managed) CPEs that are routers and act as DHCPv6 requesting routers. The need
to support this could be derived from role and/or GRASP parameters and the
PM-ASA sets up a DHCP relay function to pass on requests to the central DHCP
server as in 1.a.
2. In a solution without a central DHCP server, the PM-ASA on the edge routers
do not only learn parameters from "PrefixManager.Params" but also utilize GRASP
to request/negotiate actual IPv6 prefix delegation via the GRASP
"PrefixManager" objective described in more detail below.
In the most simple case, these prefixes are delegated via this GRASP objective
from the PM-ASA in the central device. These addresses are then used by the
PM-ASA on the edge routers to edge routers to configure prefixes on their
downstream interfaces to assign addresses via RA/SLAAC to host CPEs. The PM-ASA
may also start local DHCP servers (as in 1.a) to assign addresses via DHCP to
CPE from the prefixes it received. This includes both host CPEs requesting
IPv6 addresses as well as router CPEs that request IPv6 prefixes. The PM-ASA
needs to manage the address pool(s) it has requested via GRASP and allocate
sub-address pools to interfaces and the local DHCP servers it starts. It need
to monitor the address utilization and accordingly request more address
prefixes if its existing prefixes are exhausted, or return address prefixes
when they are unneeded.
This solution is quite similar to the initial described IPv6 DHCP deployment
model without central DHCP server, and ANI/ACP/GRASP and the PM-ASA do provides
the automation to make this approach work more easily than it is possible today.
3. The address pool(s) from which prefixes are allocated do not need to be
taken all from one central location. Edge router PM-ASA that received a big
(short) prefix from a central PM-ASA could offer smaller sub-prefixes to
neighboring edge-router PM-ASA. GRASP could be used in such a way that the
PM-ASA would find and select the objective from the closest neighboring PM-ASA,
therefore allowing to maximize aggregation: A PM-ASA would only request further
(smaller/shorter) prefixes when it exhausts its own poll (from the central
location) and can not get further large prefixes from that central location
anymore. Because the overflow prefixes taken from a topological nearby PM-ASA,
the number of longer prefixes that have to be injected into the routing tables
is limited and the topological proximity increases the chances that aggregation
of prefixes in the IGP can most likely limit the geography in which the longer
prefixes need to be routed.
4. Instead of peer-to-peer optimization of prefix delegation, a hierarchy of
PM-ASA can be built (indicated in he picture via a dotted intermediate router).
This would require additional parameters to the "PrefixManager" objective to
allow creating a hierarchy of PM-ASA across which the prefixes can be
delegated. This is not detailed further below.
5. In cases where CPEs are also part of the ANI Domain (eg: "Managed CPE"),
then GRASP will extend into the actual customer sites and can equally run a
PM-ASA. All the options described in points
1..4 above would then apply to the CPE as the edge router with the mayor
changes being that
a) a CPE router will most likley not need to run DHCPv6 PD itself, but only
DHCP address assignment,
b) The edge routers to which the CPE connect would most likely become ideal
places to run a hierarchical instance of PD-ASAs on as outlined in point 1.
_______________________________________________
Anima mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/anima
