--- 1/draft-ietf-opsawg-model-automation-framework-08.txt 2020-10-23 08:14:23.059626877 -0700 +++ 2/draft-ietf-opsawg-model-automation-framework-09.txt 2020-10-23 08:14:23.163629514 -0700 @@ -5,21 +5,21 @@ Expires: April 26, 2021 Orange D. Lopez Telefonica I+D C. Xie China Telecom L. Geng China Mobile October 23, 2020 A Framework for Automating Service and Network Management with YANG - draft-ietf-opsawg-model-automation-framework-08 + draft-ietf-opsawg-model-automation-framework-09 Abstract Data models provide a programmatic approach to represent services and networks. Concretely, they can be used to derive configuration information for network and service components, and state information that will be monitored and tracked. Data models can be used during the service and network management life cycle, such as service instantiation, provisioning, optimization, monitoring, diagnostic, and assurance. Data models are also instrumental in the automation @@ -637,24 +637,24 @@ lifecycle management. 4.1.1. Service Exposure A service in the context of this document (sometimes called, Network Service) is some form of connectivity between customer sites and the Internet or between customer sites across the operator's network and across the Internet. Service exposure is used to capture services offered to customers - (ordering and order handling). One typical example is that a - customer can use a L3VPN Service Model (L3SM) to request L3VPN - service by providing the abstract technical characterization of the - intended service between customer sites. + (ordering and order handling). One example is that a customer can + use a L3VPN Service Model (L3SM) to request L3VPN service by + providing the abstract technical characterization of the intended + service between customer sites. Service model catalogs can be created along to expose the various services and the information needed to invoke/order a given service. 4.1.2. Service Creation/Modification A customer is usually unaware of the technology that the network operator has available to deliver the service, so the customer does not make requests specific to the underlying technology but is limited to making requests specific to the service that is to be @@ -687,27 +687,27 @@ The performance measurement telemetry (Section 4.2) can be used to provide service assurance at Service and/or Network levels. Performance measurement telemetry model can tie with service or network models to monitor network performance or Service Level Agreement. 4.1.4. Service Optimization Service optimization is a technique that gets the configuration of the network updated due to network changes, incident mitigation, or - new service requirements. One typical example is once a tunnel or a - VPN is setup, Performance monitoring information or telemetry - information per tunnel (or per VPN) can be collected and fed into the - management system. If the network performance doesn't meet the - service requirements, the management system can create new VPN - policies capturing network service requirements and populate them - into the network. + new service requirements. One example is once a tunnel or a VPN is + setup, Performance monitoring information or telemetry information + per tunnel (or per VPN) can be collected and fed into the management + system. If the network performance doesn't meet the service + requirements, the management system can create new VPN policies + capturing network service requirements and populate them into the + network. Both network performance information and policies can be modelled using YANG. With Policy-based management, self-configuration and self-optimization behavior can be specified and implemented. The overall service optimization is managed at the service level, while the network level is responsible for the optimization of the specific network services it provides. 4.1.5. Service Diagnosis @@ -1089,35 +1089,35 @@ The NETCONF access control model [RFC8341] provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content. Security considerations specific to each of the technologies and protocols listed in the document are discussed in the specification documents of each of these protocols. - In order to prevent leaking sensitive information and "confused + In order to prevent leaking sensitive information and the "confused deputy" problem [Hardy] in general, special care should be considered when translating between the various layers in Section 4 or when - aggregating data retrieved from various sources. Typically, - authorization and authentication checks should be performed to ensure - that a data is available to an authorized entity. The network - operator must enforce means to protect privacy-related information - included in customer-facing models. + aggregating data retrieved from various sources. Authorization and + authentication checks should be performed to ensure that a data is + available to an authorized entity. The network operator must enforce + means to protect privacy-related information included in customer- + facing models. To detect misalignment between layers that might be induced by misbehaving nodes, upper layers should continuously monitor the perceived service (Section 4.1.4) and should proceed with checks to assess that the provided service complies with the expected service and that the data reported by an underlying layer is matching the - perceived service by the above layer. Typically, such checks are the + perceived service by the above layer. Such checks are the responsibility of the service diagnosis (Section 4.1.5). When a YANG module includes security-related parameters, it is recommended to include the relevant information as part of the service assurance to track the correct functioning of the security mechanisms. Additional considerations are discussed in the following subsections. 6.1. Service Level