[15:34:31] --- sharonchisholm has joined
[15:36:23] * sharonchisholm has changed the subject to: Netconf Extensions and Evolution
[15:37:12] --- sharonchisholm has left
[16:13:53] --- sharonchisholm has joined
[16:16:13] --- bert has joined
[16:16:28] <bert> Bert will be jabber scribe.
[16:16:40] <bert> I am going to assume everyone hears the audio though.
[16:22:27] <bert> meeting materials are online at https://datatracker.ietf.org/meeting/69/materials.html
[16:22:39] <bert> look for the NEE BOF under Operations and Management.
[16:23:12] <bert> agenda: http://www3.ietf.org/proceedings/07jul/slides/nee-0.ppt
[16:24:01] --- weshardaker has joined
[16:25:09] --- ray has joined
[16:26:31] <bert> ray are you in meeting room or on audio?
[16:27:10] --- dbh2 has joined
[16:27:20] <bert> malling list for now is still the NGO mailing list
[16:27:39] <bert> agenda item 2.1 2.1 Partial Lock RPC for Netconf (Balazs Lengyel - 15 minutes) Proposes a capability based extension to the NETCONF protocol to lock only a part of a configuration datastore. http://www.ietf.org/internet-drafts/draft-lengyel-ngo-partial-lock-00.txt
[16:28:21] <bert> problem is that we currently only have global locking
[16:28:41] <bert> some operators need/want to lock part of config
[16:28:46] --- Simon Leinen has joined
[16:29:08] <bert> use cases listd on slide 3
[16:30:40] --- atarashi has joined
[16:30:55] <bert> from slideset: http://www3.ietf.org/proceedings/07jul/slides/nee-1.ppt
[16:31:11] <bert> now on slide 4
[16:32:21] --- fp has joined
[16:32:33] <bert> now on slide 5 (not numbered)
[16:33:01] <bert> now slide 6
[16:33:30] <bert> slide 7 - unlock
[16:33:53] <bert> slide 8
[16:34:43] --- irino has joined
[16:34:46] <bert> slide 9
[16:35:07] <bert> for new participants, i (THE SCRIBE) AM ASSUMING YOU JEAR THE AUDIOCAST
[16:35:21] <bert> slide 10
[16:35:26] <bert> opsn issues
[16:35:39] <bert> slide 11 (more open issues)
[16:36:02] <bert> slide 12 (Next Steps)
[16:37:34] <dbh2> andy bierman says concernring DoS attack; does the DoS attack go away with a partial lock? I don't think it does.
[16:37:56] <dbh2> balacz: it does go away completely,
[16:38:21] <dbh2> AB: If I take out a full lock, I can only release a full lock, right?
[16:38:37] <dbh2> DavePartain: please make sure comments are on mailing list
[16:38:50] --- Leslie has joined
[16:38:59] <dbh2> Bert: we need to make sure we don't go into too overdesigning.
[16:39:12] <dbh2> Wes: partial locks definitnelyalleviate some o fth eproblem.
[16:39:13] <bert> Thanks Dave, I am back now
[16:41:42] <bert> agenda item 2.2: 2.2 Netconf XML Schema Query (Sharon Chisholm - 10 minutes ) Defines a mechanism to retrieve a list of XML Schemas supported by a NETCONF server. http://www.ietf.org/internet-drafts/draft-scott-netconf-schema-query-00.txt
[16:41:48] <dbh2> Wes: The document doesn’t discuss ramifications of two people with overlapping locks or even non-overlapping locks that could impact running config. What happens if one person commits a partially locked changed config
[16:42:00] --- m_ersue has joined
[16:42:10] --- Bill has joined
[16:42:42] --- becarpenter has joined
[16:43:16] <bert> http://www3.ietf.org/proceedings/07jul/slides/nee-2.ppt
[16:43:28] <bert> slide 1: Goal
[16:43:32] <bert> slide 2: Overview
[16:44:47] <bert> slide 3: Proposed Edits
[16:46:49] <bert> ABierman: Too many decisions done in an ad-hoc mode that I am not comfortable with
[16:47:09] <bert> There is no problem with GET. You can always get the whoile tree
[16:47:31] <bert> an app neds to know more than where the data is rooted
[16:47:46] --- miah.ness@gmail.com has joined
[16:47:50] --- mjo has joined
[16:48:57] <bert> BL: a simple get would be good enough
[16:49:47] <bert> this is defined in XSD, but we have npo yet decided what standard langauge we will use for this
[16:50:27] <bert> EStephan: What was the main need: We need a kind of bootstrap
[16:51:09] <bert> Sharon: we want to move away from "what device are we managing" to "what schema are we managing"
[16:51:26] --- fp has left
[16:52:48] <bert> agenda item: 2.3 Access Control 2.3.1 ACL data model for NETCONF (Iijima Tomoyuki - 15 minutes) http://www.ietf.org/internet-drafts/draft-iijima-ngo-acldatamodel-00.txt
[16:53:32] <bert> http://www3.ietf.org/proceedings/07jul/slides/nee-3.ppt
[16:53:45] <bert> slide: Our motives
[16:54:18] <bert> slide: config application utilizing ACL data model
[16:55:59] <bert> slide: GUI of the ACL config app
[16:56:35] <bert> slide: Network Functions to be modeled
[16:58:26] <bert> slide: config data required to be incorporated
[16:58:44] <bert> slide: ACLSs UML class diagram
[16:59:40] <bert> slide: Some of the ACLS APIs generated from data model
[17:00:34] <bert> slide: Our Netconf related drafts
[17:01:19] <bert> slide: conclusion
[17:02:03] <bert> KS cisco: what is the intended scope,
[17:02:10] <bert> given that there is other work in the IETF
[17:02:44] <bert> ID by David Nelson
[17:02:49] <bert> to radext WG
[17:03:06] <bert> maybe I got that wrong
[17:03:44] <bert> Sharon: if we get chartered it would probably scoped to Netconf, and we would be required to look at other related work in IETF
[17:03:58] <bert> rfc4849 seems the draft that is related
[17:04:41] <bert> 90% of functionality is laready defined in another drfat. so need to co-ordinate
[17:04:59] <bert> DR: pls do check with other ongoing work
[17:05:33] <bert> DR: these drafts are answeres to "calls for contribution"; so they are very valuable input
[17:06:05] <bert> Has any code been writeen already?
[17:06:32] <bert> Answer, prototypes have indeed been developed
[17:06:50] <bert> ??: order of ACLs is important
[17:06:57] <bert> Do you control the order
[17:07:28] <bert> Needs to be discussed
[17:07:47] <bert> This was Malhasha (hope I spelled it correct)
[17:08:15] <bert> ABierman: echo's Sharons concern that there has not been a standard in ACL in the past
[17:08:35] <bert> So we need to agree on the knobs here
[17:09:25] <bert> Emile Stephan: 80% of one router config is ACL related
[17:10:34] <bert> BL: would like to see an updated draft that shows more of the models
[17:12:44] <bert> Sharon presents on: XACML
[17:12:55] <bert> no presentation available yet
[17:13:19] <bert> but see draft-seitz-netconf-xacml-01.txt
[17:13:39] <bert> So that is agenda item: 2.3.2 NETCONF access control profile for XACML (TBD -5 minutes) Proposes a profile that defines how to use XACML (eXtended Access Control Markup Language) to provide fine-grain access control for NETCONF commands. http://www.ietf.org/internet-drafts/draft-seitz-netconf-xacml-01.txt
[17:14:14] <bert> ??: XAMCML has multiple parts
[17:14:45] <bert> we need to specify what is relevant to netconf
[17:15:02] <bert> DP: pls send feeback on this on the mlist
[17:15:20] <bert> ABierman worries that we are traiding of massive complexity for flexibility
[17:15:34] <bert> like to keep it simple
[17:16:10] <bert> agenda item: 2.4 NETCONF over TLS (Dan Romascanu - 10 minutes) Describes how to use TLS to secure NETCONF exchanges. http://www.ietf.org/internet-drafts/draft-badra-tls-netconf-03.txt
[17:16:23] <bert> Dan Romascanu presenting (on behalf of the author)
[17:16:48] <bert> slide 1: TLS
[17:17:32] <bert> http://www3.ietf.org/proceedings/07jul/slides/nee-4.ppt
[17:18:05] <bert> sorry, this is the current slide-set: http://www3.ietf.org/proceedings/07jul/slides/nee-8.ppt
[17:18:39] <bert> slide: why netonf over TLS?
[17:18:47] --- miah.ness@gmail.com has left
[17:21:01] <bert> slide: Initialization and Athentication: case TLS + PKI
[17:22:44] <bert> slide: Initialization and Athentication: case TLS + PSK
[17:23:12] <bert> slide: ongoing works
[17:25:00] <bert> Sharon: at first not enthused; but we do need to know if there are actual devices that would use this
[17:25:58] <bert> DBH: small boxes often use eb interface
[17:26:19] <bert> so they use HTML and HTTPS
[17:27:14] <bert> So for smaller boxes with netconf it seems easier to have TLS transport
[17:27:34] <bert> So DBH sees possible synergoies
[17:28:02] <bert> BL: need clarification in the drfat on how you transfer useridntity oince you setup TLS
[17:28:07] <bert> SBH agrees
[17:28:13] <bert> s/SBH/DBH
[17:28:29] <bert> in ISMS we have a submission for SNMP over TLS
[17:28:59] <bert> JS has done research and TLS seems to have performance improvements
[17:29:08] <bert> The above is claimed/stated by DBH
[17:29:33] <bert> So we may want to check the results of that research
[17:30:00] <bert> Agenda item: 2.5 Netconf Monitoring Schema (Sharon Chisholm - 10 minutes) Defines Netconf content via XML Schema to be used to monitor the Netconf protocol. http://www.ietf.org/internet-drafts/draft-chisholm-netconf-monitoring-00.txt
[17:30:33] <bert> http://www3.ietf.org/proceedings/07jul/slides/nee-4.ppt
[17:30:40] <bert> slide: problem statement
[17:31:00] <bert> slide: overview
[17:33:07] --- becarpenter has left
[17:33:09] --- becarpenter has joined
[17:33:09] <bert> slide: Required Edits
[17:33:09] --- becarpenter has left
[17:33:34] --- becarpenter has joined
[17:34:33] <bert> Abierman: regarding overview slide
[17:34:51] <bert> where is this useful
[17:35:13] <bert> debuging it seems from the response
[17:35:35] <bert> it is usefull in the beginning; but later?
[17:36:07] <bert> We need more text in the draft, not just XSD, because we do not undersatand XSD very well
[17:36:10] --- oak has joined
[17:36:19] <bert> So PLEAESE more english text
[17:36:43] <bert> Sharon: another usecase. Find who's got a lock can be handy
[17:37:04] <bert> DBH: WE do need additional text pls
[17:37:18] <bert> We have rfc4181 as guideline; pls look at it
[17:38:04] <bert> DBH: need clarification on "msgs sent"
[17:38:29] <bert> DBH: we need security considerations (as we do in MIB documents)
[17:38:32] <bert> agreed
[17:39:17] <bert> Wes: this is critical information that we need to be able to figure out
[17:39:26] <bert> so I see a gazillion use cases
[17:39:42] <bert> Be carefull; it is hard to get it right early
[17:40:15] <bert> directionality may be needed in the future
[17:40:31] <bert> need to think about all potential use cases that may exist in future
[17:41:12] <bert> BL: this is for debugging. It is ongoing debugging as I see it
[17:41:18] <bert> I would also like more statistics
[17:41:38] <bert> Here we provide the stats by NETCONF which I like
[17:42:03] <bert> agenda item: 2.6 Experience of implementing NETCONF over SOAP (Hideki Okita 5 minutes) http://www.ietf.org/internet-drafts/draft-iijima-netconf-soap-implementation-02.txt
[17:42:49] <bert> http://www3.ietf.org/proceedings/07jul/slides/nee-5.ppt
[17:43:04] <bert> slide: Netconf over SOAP Architecture
[17:43:46] <bert> slide: Datamodel query with WSDL
[17:45:43] <bert> slide 6: WDSL file Structure
[17:45:56] <bert> s/WDSL/WSDL/
[17:47:32] <bert> slide 7: concluseions
[17:48:18] <bert> Abierman: this doc has come up 3 times: why not publish as an individual RFC
[17:49:13] <bert> Sharon: are you using WSDL because the manager understands that more easily?
[17:49:58] <bert> The question that conmes up: can you monitor Netconf as a Webservice
[17:50:26] <bert> if there is more to define, maybe an experimental RFC might be better
[17:50:55] <bert> Answer: yes we already see netconf as a webservice
[17:51:17] <bert> EmileStephan: I have been using SOAP for network nagaement; and it worked
[17:51:44] --- Bill has left: Computer went to sleep
[17:51:50] <bert> agenda item: 2.7 A NETCONF Datamodel for Diff-Serv QoS Control Configuration (Hideki Okita 5 minutes) http://www.ietf.org/internet-drafts/draft-okita-ngo-diffservdatamodel-01.txt
[17:52:22] <bert> http://www3.ietf.org/proceedings/07jul/slides/nee-6.ppt
[17:52:31] <bert> wow; already on slide 4
[17:53:33] <bert> slide 5
[17:54:02] <bert> slide 6
[17:54:40] <bert> slide 7
[17:55:10] <bert> slide 8
[17:55:21] <bert> slide 9
[17:55:33] <bert> slide 10
[17:55:54] <bert> slide 11
[17:55:57] <bert> slide 12
[17:56:53] <bert> slide 13
[17:57:58] <bert> agenda item: 3. Charter discussion (15 minutes)
[17:58:17] <bert> http://www3.ietf.org/proceedings/07jul/slides/nee-7.ppt
[17:58:29] <bert> Charter scope is narrower than the agenda of this meeting
[17:58:38] <bert> charter 1/3
[17:59:48] <bert> Description of Working Group The Netconf Extensions and Evolution WG will focus on maintenance and extensions to the NETCONF framework required to address agreed gaps. Note that this working group will not necessarily be the most appropriate home for all NETCONF extensions. In some cases, it may be more appropriate to charter a separate working group. The NETCONF working group has successfully defined an effective and functional framework, but there still remain some gaps in required functionality. Note that the charter does not wish to dictate which Netconf layer problems should be solved at (content, operations, etc).
[17:59:56] --- mjo has left
[18:00:10] --- irino has left
[18:00:19] <bert> slide: charter 2/3
[18:00:20] <bert> Initial problems identified for the working group are as follows. It is assumed that these items will be completed for additional items will be added. Netconf Monitoring: It is considered best practice for IETF working groups to include management of their protocols within the scope of the solution they are providing. Currently Netconf has not provided any such solution. Providing a method to monitor NETCONF is within the scope of this working group. Access Control: It is also considered best practice in management protocols to outline an access control solution. Previous discussion on this topic has suggested that allowing course-grain access control might be more desirable then finer-grain access control solutions provided in the past by solutions like SNMP. The working group should ensure it understands the requirements for access control before proceeding to define the solution.. Fine-grain Locking: It was recognized during the base NETCONF work, locking an entire configuration store did not meet operational or security requirements. This working group will look at solutions for finer-grain locking. Schema Advertisement: Currently the NETCONF protocol is able to advertise which protocol features are supported on a particular box. What is missing is the ability to advertise what XML Schema and what version of those Schema are supported to provide the information at the NETCONF content layer.
[18:02:13] <bert> slide: charter 3/3
[18:02:18] <bert> Goals and Milestones Sept 2007 -00 working group draft for Netconf Monitoring Sept 2007 -00 working group draft for Schema Advertisement Sept 2007 -00 working group draft for Fine Grain Locking Nov 2007 -00 working group draft for Access Control Requirements Mar 2008    Submit Netconf Monitoring to IESG as a Proposed Standard Mar 2008    Submit Schema Advertisement to IESG as a Proposed Standard Aug 2008    Submit Fine Grain Locking to IESG as a Proposed Standard
[18:03:44] --- irino has joined
[18:04:02] <bert> BL: I do not see a draft as a starting point for access control
[18:04:06] <bert> we need to find an editor
[18:04:26] <bert> BillFenner: possible gap: we need more about authorization and authentocation
[18:04:45] <bert> an SSH login feels scary to operators of the network.
[18:05:02] <bert> SSH shares login with other stuff
[18:06:58] <bert> Bert: that seems to be in conmtrast with the message we got form IAB workshop.
[18:07:06] <bert> where operators said the NEED us to use SSH for NM
[18:07:23] <bert> Bill: it is scary for some of the operators
[18:07:38] <bert> So maybe we do need a good acess control story
[18:08:09] <bert> KS (cisco)?: do you expect one proposal for access control?
[18:08:14] --- elwynd has joined
[18:08:14] <bert> there are more solutions
[18:08:26] <bert> DP: we want to understand the problem first BEFORE we go to solutions
[18:09:04] <bert> KS: we need to ne careful not to create schemes that create mor problems than they solve.,
[18:09:15] <bert> Sharon: that is why we need to do the requirements first
[18:09:32] <bert> sofar lack of access control has not seemed to be a problem
[18:10:22] <bert> DBH: contradiction? less fine grained Access Control, but more fine-controlled locking
[18:10:47] <bert> Sharon: maybe charter should say something about being consistent
[18:11:03] <bert> DBH: there is work in ISMS that has to do with access control
[18:11:14] <bert> SSH and radius together. May want to look at that
[18:12:06] <bert> DP: do we think we need a charter item to work on access control requirements
[18:12:53] <bert> Abierman: worries about the milestones. Anyone of these items will need at least 2 years.
[18:13:00] <bert> There is no credibility here
[18:13:25] --- irino has left
[18:13:54] <bert> DR (AD): you MUST put realistic milestones in the charter, otherwise you will not get chartered
[18:14:21] <bert> BL: how about updating the basic protocol? there was quite some discussio n on the mailing lists
[18:14:29] <bert> Can we add some of that to the charter?
[18:14:38] --- irino has joined
[18:14:43] <bert> DP: but we need advise from AD. Maybe it would get done in NETCONF
[18:15:44] <bert> DR (AD): I will speak about that at the end; Any item that gets to be chartered must have an operational need;
[18:16:54] <bert> You also need to show that there are enough contributors
[18:17:01] <bert> Are there prototypes?
[18:17:38] <bert> Need at least 3 committed reviewers for each piece of work (nmot the editors/authors)
[18:18:23] <bert> There were more contributions during the meeting to see if a bullet on the charter makes sense (for example netconf over TLS)
[18:19:54] <bert> Pls do real milestones. Dan will defend them if they are realistic. Give Dan a good justification
[18:20:27] <bert> DP: How about the protocol = extension work (extensions to base protocol)
[18:20:43] <bert> DR (AD): sit together with the chairs of NetConf
[18:21:15] <bert> And answer: Why is this a new WG as opposed to a continuation of existing netconf WG.
[18:21:33] <bert> We could change chairs if the netconf chairs are not willing to continue
[18:22:01] <bert> NECONF is close to concluding their charter
[18:23:27] <bert> Question: are we going a new WG or are we gonnay say we're done for now.
[18:23:46] <bert> DKessens: What is the difference between keeping/rechartering old WG or a new WG
[18:24:05] <bert> ABierman: why are the choices: blank slate or a focused WG?
[18:24:14] <bert> DP: WE listed a few specific items
[18:24:23] <bert> ABiermand: scharter seemed to loose to me
[18:24:36] <bert> Sharon: we are saying these are the sort of extensions
[18:25:23] <bert> Abierman: I would say pick one or two most important things
[18:25:42] <bert> 4-5 major drafts seems impossible.
[18:26:19] <bert> DR (AD): take all the points discussed here and see what is needed and see who commits to contributions and make sure you have enough reviews
[18:26:42] <bert> Chaoirs: so we'll do that and follow up on the mailing list
[18:27:02] --- ray has left
[18:27:04] <bert> Seems people want to indeed keep working on this; but weneed to nail down the workitems
[18:27:08] <bert> session closed
[18:27:12] --- m_ersue has left
[18:27:46] --- Leslie has left
[18:28:12] --- atarashi has left
[18:28:57] --- dbh2 has left
[18:30:48] --- sharonchisholm has left
[18:31:32] --- weshardaker has left: Disconnected.
[18:34:55] --- bert has left
[18:41:18] --- becarpenter has left
[18:41:58] --- oak has left: Disconnected
[18:44:37] --- becarpenter has joined
[18:45:37] --- elwynd has left
[18:54:59] --- sharonchisholm has joined
[18:57:19] --- sharonchisholm has left
[18:58:11] --- becarpenter has left
[19:02:06] --- bert has joined
[19:03:01] --- irino has left: Replaced by new connection
[19:03:24] --- bert has left
[19:20:21] --- elwynd has joined
[19:28:13] --- dbh2 has joined
[19:28:36] --- dbh2 has left
[19:30:45] --- Simon Leinen has left
[19:31:00] --- elwynd has left: Replaced by new connection
[19:31:00] --- elwynd has joined
[19:31:00] --- elwynd has left
[22:58:18] --- weshardaker has joined
[22:58:53] --- weshardaker has left