2.4.14 Network Configuration (netconf) Bof

Current Meeting Report

OPS Area
NETCONF BOF Meeting Minutes
IETF #56
March 17, 2003
Minutes by Glenn Waters and Andy Bierman
Attendance: 259


Andy Bierman <abierman@cisco.com>
Randy Bush <randy@psg.com>

Review Material

XMLCONF Configuration Protocol 


Agenda bashing : 5 minutes
Opening Remarks : 10 minutes
NETCONF Scope presentation : 15 minutes
NETCONF Scope discussion : 15 minutes 
XMLCONF I-D presentation : 35 minutes 
XMLCONF I-D discussion : 40 minutes 
Next Steps : 30 minutes 


  Q: question
  A: answer
  C: comment

1) Opening Remarks

Randy Bush started the meeting by conducting a quick poll:
  Q: How many people here create tools for network management?
  A: about 60 people

  Q: How many people here manage networks?
  A: about 100 people   

  Q: How many people have read the XMLCONF draft?
  A: about 150 people

2) NETCONF Scope presentation

Andy Bierman presented slides on the focus and scope of the proposed WG. The 
scope is generally a protocol for configuration management which meets 
operator requirements as defined in the IAB NM Workshop on Network 
Management and other Internet Drafts.  The scope does not include the 
selection or definition of a Data Definition Language or the 
definition of specific standard data models.  See the slides for more 
detail on this presentation.

3) NETCONF Scope discussion

The presentation was followed by an open microphone Q&A session.

  C: [Fred Baker] security issues not limited to knowing who the peer (IP 
address) is; need something carried in the XML.

  C: [Elliot Lear] need to address the auditing requirement still.

  C: [Perry Metzger] need to define the threat models, i.e.: what do you 
want to defend against and what you do not want to defend against.

  Q: [Eric Flieshman] what space is this work trying to fill in; is it 
replacing the SNMP work

  A: [Randy Bush] not an SNMP replacement - it is augmenting the 
configuration work

  Q: [Eric Flieshman] SNMP consumes lots of bandwidth; is the goal of this 
work to save bandwidth

  A: [Randy Bush] no

  Q: [Faye Ly] what kind of notification traffic is part of this work?  Is it 
configuration type of notifications only?

  A: [Randy Bush and Andy Bierman] Not trying to replace SNMP. Focus on 
things that SNMP is not doing. Also focus on configuring networks not just 

  Q: [Faye Ly] how does this deal with a new box on the network?

  A: [Elliot Lear] initial security certificate exchange is outside the 
scope of the solution

  C: [Andy Bierman] explicit goal is to coexist with console port 

  C: [Weijing Chen] Operators want single interface to do the job 

  C: [Andy Bierman] A device can transport performance information using 
this protocol.

  C: [Dave Perkins] Notifications: config and notification together - this is 
good stuff; 

  Q: [Christian Jacquenet] was COPS-PR considered?

  A: [Randy Bush] no - COPS-PR does not use a text encoding

  C: [Faye Ly] need to build in low bandwidth into the protocol design and 
need to build in robustness to the protocol

  C: [Randy Bush] yes; this is one of the requirements and there are more

  Q: [Johathon Rosenburg] can this handle software upgrades?

  A: [Phil Shafer] nothing prevents this but nothing is defined in the 

  A: [Andy Bierman] need to consider whether the WG should look at this

4) XMLCONF I-D presentation

Rob Enns gave a presentation on the XMLCONF draft.  Some details on the 
operational model and protocol operations were explained.  Refer to the 
slides for more details.

5) XMLCONF I-D discussion

The presentation was followed by an open microphone Q&A session.

  C: Authorization model is not defined in the draft

  C: [Andy Bierman] SOAP decision should be looked at.

  Q: Does kill-session work on a locked session?

  A: [Rob Enns] Yes

  Q: [Arand] Are there two levels of error codes?

  A: [Andy Bierman] It not in the current draft, but it needs to be

  C: [Dave Perkins] In addition to the error codes if bad things happen 
through a "successful" configuration operation then the 
notifications should tell you about the problems.

  C: [Ben Black] want to store a large number of named 

  C: [Andy Bierman] part of the plan is to have that capability

6) Next steps

The meeting concluded with a discussion on the next steps, such as 
formation of a WG. The group consensus is that a working group should be 
formed to pursue this work.

  Q: [Andy Bierman] do people in the room think the scope is defined 

  A: [Randy Presuhn] need to define access control model; need to think 
about multi-system commit; naming pieces of configuration needs to be 

  A: [Ron Bonica] should continue forward with the draft; need work item to 
define an SMI and a "MIB" or two; need to look at the security aspects

  Q: [Andy Bierman]: should the protocol and data model work be 
sequenced or done in parallel?

  A: Parallel

  Q: Data model - what interoperability do we have if there is no data 

  A: [Andy Bierman] Need to do those later. 

  Q: Do we need to consider multi-box transactions? Is this part of the 
protocol? Some want this other do not believe that this is a goal.

  A: [Eric] wants to template the network configuration; this is similar to 
"system wide" configuration; give thought to how schemas can be 
consistent if they are not defined as part of this proposed WG

  C: [Margaret Wasserman] We are trying to define enough to be useful and be 
an iterative improvement over what we have today

  Q: [Andy Bierman] poll: is there interest in doing this work: 

  A: yes.

     - vast majority supported the work (about 240)
     - About 30 - 40 operators supported the work
     - Nobody objected to the work
     - About 60 - 100 people raised their hands that they would 
actively participate in the work
     - About 10 operators raised their hands that they would actively 
participate (review documents) in the