v-04 is posted (https://datatracker.ietf.org/doc/draft-feng-opsawg-incident-management/), the main changes focuses on addressing comments raised in last IETF meeting and side meeting and include:
· Update incident definition based on TMF incident API profile specification.¶<https://datatracker.ietf.org/doc/html/draft-feng-opsawg-incident-management#appendix-A-3.1.1> · Update use case on Multi-layer Fault Demarcation based on side meeting discussion and IETF 119 session discussion.¶<https://datatracker.ietf.org/doc/html/draft-feng-opsawg-incident-management#appendix-A-3.2.1> · Update section 5.1 to explain how network incident is generated based on other factors.¶<https://datatracker.ietf.org/doc/html/draft-feng-opsawg-incident-management#appendix-A-3.3.1> · Add one new use cases on Security Events noise reduction based on Situation Awareness.¶<https://datatracker.ietf.org/doc/html/draft-feng-opsawg-incident-management#appendix-A-3.4.1> -Qin 发件人: OPSAWG [mailto:[email protected]] 代表 Qin Wu 发送时间: 2023年11月10日 15:46 收件人: [email protected] 抄送: [email protected]; [email protected]; [email protected] 主题: [OPSAWG] Network Incident Management Side Meeting Summary Hi, All: Thanks all folks who participated in network incident management discussion on Tuesday afternoon. The side meeting was spent one hour exploring network incident concepts and use cases; three related drafts were discussed. We received a lot of great contributions for the following drafts being discussed: https://datatracker.ietf.org/doc/draft-feng-opsawg-incident-management/ (Service Level Incident) https://datatracker.ietf.org/doc/draft-opsawg-evans-discardmodel/ (Anomaly Detection, Correlation and Mitigation for Packet Discard) https://datatracker.ietf.org/doc/draft-netana-opsawg-nmrg-network-anomaly-semantics/ (Network anomaly semantics) It was identified that multi-layer Fault Demarcation is related to POI, however the network incident model can be defined as generic model used for many other use cases. A few issues were raised in the meeting: 1. Network Incident definitions needs more clarity even though it origins from TMF specification, e.g., how it is related to symptom, anomaly, etc. 2. Besides SLO violation, how network incident is generated based on other factors, more usage examples are needed for these. 3. Incident terminology is well-defined and should be consistent across the drafts and, where possible, synced with other SDO meanings (although the language may vary) Follow up actions include: 1. Nigel and Adrian volunteered to help define key terminology uses and define terms; 2. Dan to check with MEF and TMF documentation to check for SLO handling, including incident and problem coordination and definitions; 3. Open the network incident draft GitHub to the public and use it for draft development and tracking issues. -Qin (on behalf of Team)
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
