On 10/22/18 05:09, Wubo (lana) wrote: > Dear all, > > We would like to define a CE-based VPN service model to differentiate from > PE-based L3&L2 service model. The link is at > https://tools.ietf.org/html/draft-sun-opsawg-sdwan-service-model-01 > > Since we feel the SD-WAN related work in IETF, like > https://tools.ietf.org/html/draft-dukes-spring-sr-for-sdwan-00, > https://tools.ietf.org/html/draft-rosen-bess-secure-l3vpn-01, > https://tools.ietf.org/html/draft-ietf-i2nsf-sdn-ipsec-flow-protection-02, > are all enhanced CE-based VPN. But there is no consistent SD-WAN or CE-based > VPN service definition. > In the drafts, each assumes a different SD-WAN functionality of CE, like > hybrid WAN and L3-L7 flow classification in SR for sdwan draft, and L3 > virtual network separation inside IPSEC VPN > In secure L3VPN draft. > > So, in this draft, based on our understanding of SD-WAN service and together > with other SD-WAN draft, we define the SD-WAN main service components and > hope that this will help > clarifying the main service feature of SD-WAN and helping to automate the > service management. > > We'd like to solicit more comments on whether this service model meets your > thought of the SD-WAN service.
Bo, I read through your draft as well as solicited some feedback from colleagues. I have a few questions as to scope and overall intent of your service model. First, you mention that the service model is intended for a management system. I'm confused as to what that means in the SD-WAN space. It is my understanding that a controller or orchestrator is a main focus in an SD-WAN architecture. So I was trying to rationalize your model as something one might instantiate on a controller. Then the controller would handle configuring (or programming) the CEs. Can you provide more clarity here? The draft assumes that "MOST" of the capabilities will be enabled by configuration on the CE devices using this SM. This may not be true. In Cisco's implementation of SD-WAN, one of the objectives is simplicity where we want to push minimal amount of config to the CE. These things include interface IPs, organization name, dynamic routing config, etc. But most of the functions tied to SD-WAN are applied as policies on the controllers and are sent to devices as a policy update rather than configuration on the CE devices. Some gaps in this model that would be needed for other SD-WAN implementations are: * Security: The keys are automatically generated and propagated through the centralized controller using different protocols. Hence not much configuration is required on the CE. I don't see how that would fit exactly into your model * Policy templates: Some of the basic things are done utilizing the configuration on the device. Most of the classification/application group/profile(SLA)/ Path selection/etc are again done at the controller level and being sent to devices as policy/control update and not as configuration. It comes back to where the model is instantiated. Overall, I think this may be difficult to be broadly adopted as being able to describe all SD-WAN implementations as it is now. Joe > > Thanks, > > Bo, on behalf of the co-authors > >> -----邮件原件----- >> 发件人: internet-dra...@ietf.org [mailto:internet- >> dra...@ietf.org] >> 发送时间: 2018年10月22日 15:53 >> 收件人: Qin Wu <bill...@huawei.com>; Honglei Xu >> <sunqiong....@chinatelecom.cn>; Wubo (lana) >> <lana.w...@huawei.com>; Qiong Sun >> <sunqiong....@chinatelecom.cn>; Wubo (lana) >> <lana.w...@huawei.com> >> 主题: New Version Notification for draft-sun-opsawg- >> sdwan-service-model-01.txt >> >> >> A new version of I-D, draft-sun-opsawg-sdwan-service- >> model-01.txt >> has been successfully submitted by Bo Wu and posted to >> the IETF repository. >> >> Name: draft-sun-opsawg-sdwan-service-model >> Revision: 01 >> Title: A YANG Data Model for SD-WAN VPN >> Service Delivery >> Document date: 2018-10-21 >> Group: Individual Submission >> Pages: 40 >> URL: https://www.ietf.org/internet-drafts/draft-sun- >> opsawg-sdwan-service-model-01.txt >> Status: https://datatracker.ietf.org/doc/draft-sun- >> opsawg-sdwan-service-model/ >> Htmlized: https://tools.ietf.org/html/draft-sun-opsawg- >> sdwan-service-model-01 >> Htmlized: https://datatracker.ietf.org/doc/html/draft- >> sun-opsawg-sdwan-service-model >> Diff: https://www.ietf.org/rfcdiff?url2=draft-sun- >> opsawg-sdwan-service-model-01 >> >> Abstract: >> This document defines a SD-WAN VPN service model to >> enable a Service >> Provider to deliver SD-WAN VPN services to its customers >> by >> provisioning the CE devices on behalf of the customer. >> This document >> is based on provider-provisioned CE-based VPNs as >> described in >> [RFC4110]. >> >> This model provides an abstracted view of the SD-WAN >> VPN service >> configuration components, and is intended to be >> instantiated at the >> management system to deliver the overall service. >> >> >> >> >> Please note that it may take a couple of minutes from the >> time of submission until the htmlized version and diff are >> available at tools.ietf.org. >> >> The IETF Secretariat > > _______________________________________________ > OPSAWG mailing list > OPSAWG@ietf.org > https://www.ietf.org/mailman/listinfo/opsawg > _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg