Hi, Joe Thanks for the review. Please see in line. Bo -----邮件原件----- 发件人: Joe Clarke [mailto:[email protected]] 发送时间: 2018年11月8日 9:38 收件人: Wubo (lana) <[email protected]>; [email protected]; [email protected] 主题: Re: [OPSAWG] Fwd: New Version Notification for draft-sun-opsawg-sdwan-service-model-01.txt
On 10/22/18 05:09, Wubo (lana) wrote: > Dear all, > > We would like to define a CE-based VPN service model to differentiate > from PE-based L3&L2 service model. The link is at > https://tools.ietf.org/html/draft-sun-opsawg-sdwan-service-model-01 > > Since we feel the SD-WAN related work in IETF, like > https://tools.ietf.org/html/draft-dukes-spring-sr-for-sdwan-00, > https://tools.ietf.org/html/draft-rosen-bess-secure-l3vpn-01, > https://tools.ietf.org/html/draft-ietf-i2nsf-sdn-ipsec-flow-protection-02, > are all enhanced CE-based VPN. But there is no consistent SD-WAN or CE-based > VPN service definition. > In the drafts, each assumes a different SD-WAN functionality of CE, > like hybrid WAN and L3-L7 flow classification in SR for sdwan draft, and L3 > virtual network separation inside IPSEC VPN In secure L3VPN draft. > > So, in this draft, based on our understanding of SD-WAN service and > together with other SD-WAN draft, we define the SD-WAN main service > components and hope that this will help clarifying the main service feature > of SD-WAN and helping to automate the service management. > > We'd like to solicit more comments on whether this service model meets your > thought of the SD-WAN service. Bo, I read through your draft as well as solicited some feedback from colleagues. I have a few questions as to scope and overall intent of your service model. First, you mention that the service model is intended for a management system. I'm confused as to what that means in the SD-WAN space. It is my understanding that a controller or orchestrator is a main focus in an SD-WAN architecture. So I was trying to rationalize your model as something one might instantiate on a controller. Then the controller would handle configuring (or programming) the CEs. Can you provide more clarity here? [Bo] The model is to define a customer service model which is used for the northbound interface of SD-WAN service orchestrator, and a SD-WAN controller is instructed by the orchestrator to initiate the specific setting or controlling. I will add more text to explain this. Thanks. The draft assumes that "MOST" of the capabilities will be enabled by configuration on the CE devices using this SM. This may not be true. In Cisco's implementation of SD-WAN, one of the objectives is simplicity where we want to push minimal amount of config to the CE. These things include interface IPs, organization name, dynamic routing config, etc. But most of the functions tied to SD-WAN are applied as policies on the controllers and are sent to devices as a policy update rather than configuration on the CE devices. Some gaps in this model that would be needed for other SD-WAN implementations are: * Security: The keys are automatically generated and propagated through the centralized controller using different protocols. Hence not much configuration is required on the CE. I don't see how that would fit exactly into your model * Policy templates: Some of the basic things are done utilizing the configuration on the device. Most of the classification/application group/profile(SLA)/ Path selection/etc are again done at the controller level and being sent to devices as policy/control update and not as configuration. It comes back to where the model is instantiated. Overall, I think this may be difficult to be broadly adopted as being able to describe all SD-WAN implementations as it is now. [Bo] This model is not intended for CE configuration. I understand your concerns, as I also saw some SD-WAN drafts, https://tools.ietf.org/id/draft-rosen-bess-secure-l3vpn-01.txt and https://tools.ietf.org/id/draft-sajassi-bess-secure-evpn-00.txt are working to simplify the configuration of CEs, such as security parameters. The security and policy related model definition are all input template for controller. Again, the idea is to define an abstract service model to describe common SD-WAN service functionality, such as virtual network separation and multiple WAN access choices within a customer network. Thanks, Bo Joe > > Thanks, > > Bo, on behalf of the co-authors > >> -----邮件原件----- >> 发件人: [email protected] [mailto:internet- [email protected]] >> 发送时间: 2018年10月22日 15:53 >> 收件人: Qin Wu <[email protected]>; Honglei Xu >> <[email protected]>; Wubo (lana) <[email protected]>; >> Qiong Sun <[email protected]>; Wubo (lana) >> <[email protected]> >> 主题: New Version Notification for draft-sun-opsawg- >> sdwan-service-model-01.txt >> >> >> A new version of I-D, draft-sun-opsawg-sdwan-service- model-01.txt >> has been successfully submitted by Bo Wu and posted to the IETF >> repository. >> >> Name: draft-sun-opsawg-sdwan-service-model >> Revision: 01 >> Title: A YANG Data Model for SD-WAN VPN >> Service Delivery >> Document date: 2018-10-21 >> Group: Individual Submission >> Pages: 40 >> URL: https://www.ietf.org/internet-drafts/draft-sun- >> opsawg-sdwan-service-model-01.txt >> Status: https://datatracker.ietf.org/doc/draft-sun- >> opsawg-sdwan-service-model/ >> Htmlized: https://tools.ietf.org/html/draft-sun-opsawg- >> sdwan-service-model-01 >> Htmlized: https://datatracker.ietf.org/doc/html/draft- >> sun-opsawg-sdwan-service-model >> Diff: https://www.ietf.org/rfcdiff?url2=draft-sun- >> opsawg-sdwan-service-model-01 >> >> Abstract: >> This document defines a SD-WAN VPN service model to enable a >> Service >> Provider to deliver SD-WAN VPN services to its customers by >> provisioning the CE devices on behalf of the customer. >> This document >> is based on provider-provisioned CE-based VPNs as described in >> [RFC4110]. >> >> This model provides an abstracted view of the SD-WAN VPN service >> configuration components, and is intended to be instantiated at >> the >> management system to deliver the overall service. >> >> >> >> >> Please note that it may take a couple of minutes from the time of >> submission until the htmlized version and diff are available at >> tools.ietf.org. >> >> The IETF Secretariat > > _______________________________________________ > OPSAWG mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/opsawg > _______________________________________________ rtgwg mailing list [email protected] https://www.ietf.org/mailman/listinfo/rtgwg
