Internet DRAFT - draft-song-ntf
draft-song-ntf
Network Working Group H. Song, Ed.
Internet-Draft T. Zhou
Intended status: Informational ZB. Li
Expires: January 3, 2019 Huawei
G. Fioccola
Telecom Italia
ZQ. Li
China Mobile
P. Martinez-Julia
NICT
L. Ciavaglia
Nokia
A. Wang
China Telecom
July 2, 2018
Toward a Network Telemetry Framework
draft-song-ntf-02
Abstract
This document suggests the necessity of an architectural framework
for network telemetry in order to meet the current and future network
operation requirements. The defining characteristics of network
telemetry shows a clear distinction from the conventional network OAM
concept; hence the network telemetry demands new techniques and
protocols. This document clarifies the terminologies and classifies
the categories and components of a network telemetry framework. The
requirements, challenges, existing solutions, and future directions
are discussed for each category. The network telemetry framework and
the taxonomy help to set a common ground for the collection of
related works and put future technique and standard developments into
perspective.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
Song, et al. Expires January 3, 2019 [Page 1]
�
Internet-Draft Network Telemetry Framework July 2018
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 3, 2019.
Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Motivation . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2. Challenges . . . . . . . . . . . . . . . . . . . . . . . 5
1.3. Glossary . . . . . . . . . . . . . . . . . . . . . . . . 5
1.4. Network Telemetry . . . . . . . . . . . . . . . . . . . . 6
2. The Necessity of a Network Telemetry Framework . . . . . . . 8
3. Network Telemetry Framework . . . . . . . . . . . . . . . . . 9
3.1. Existing Works Mapped in the Framework . . . . . . . . . 11
3.2. Management Plane Telemetry . . . . . . . . . . . . . . . 12
3.2.1. Requirements and Challenges . . . . . . . . . . . . . 12
3.2.2. Push Extensions for NETCONF . . . . . . . . . . . . . 13
3.2.3. gRPC Network Management Interface . . . . . . . . . . 13
3.3. Control Plane Telemetry . . . . . . . . . . . . . . . . . 14
3.3.1. Requirements and Challenges . . . . . . . . . . . . . 14
3.3.2. BGP Monitoring Protocol . . . . . . . . . . . . . . . 14
3.4. Data Plane Telemetry . . . . . . . . . . . . . . . . . . 15
3.4.1. Requirements and Challenges . . . . . . . . . . . . . 15
3.4.2. Technique Classification . . . . . . . . . . . . . . 16
3.4.3. The IPFPM technology . . . . . . . . . . . . . . . . 16
3.4.4. Dynamic Network Probe . . . . . . . . . . . . . . . . 18
3.4.5. IP Flow Information Export (IPFIX) protocol . . . . . 18
Song, et al. Expires January 3, 2019 [Page 2]
�
Internet-Draft Network Telemetry Framework July 2018
3.4.6. In-Situ OAM . . . . . . . . . . . . . . . . . . . . . 18
3.5. External Data and Event Telemetry . . . . . . . . . . . . 19
3.5.1. Requirements and Challenges . . . . . . . . . . . . . 19
4. Security Considerations . . . . . . . . . . . . . . . . . . . 20
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20
6. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 20
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 20
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 20
8.1. Normative References . . . . . . . . . . . . . . . . . . 20
8.2. Informative References . . . . . . . . . . . . . . . . . 20
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 23
1. Motivation
The advance of AI/ML technologies gives networks an unprecedented
opportunity to realize network autonomy with closed control loops.
An intent-driven autonomous network is the logical next step for
network evolution following SDN, aiming to reduce (or even eliminate)
human labor, make the most efficient use of network resources, and
provide better services more aligned with customer requirements.
Although we still have a long way to reach the ultimate goal, the
journey has started nevertheless.
The storage and computing technologies are already mature enough to
be able to retain and process a huge amount of data and make real-
time inference. Tools based on machine learning technologies and big
data analytics are powerful in detecting and reacting on network
faults, anomalies, and policy violations. In turn, the network
policy updates for planning, intrusion prevention, optimization, and
self-healing can be applied. Some tools can even predict future
events based on historical data.
However, the networks fail to keep pace with such data need. The
current network architecture, protocol suite, and system design are
not ready yet to provide enough quality data. In the remaining of
this section, first we identify a few key network operation use cases
that network operators need the most. These use cases are also the
essential functions of the future autonomous networks. Next, we show
why the current network OAM techniques and protocols are not
sufficient to meet the requirements of these use cases. The
discussion underlines the need of a new brood of techniques and
protocols which we put under an umbrella term - network telemetry.
1.1. Use Cases
All these use cases involves the data extracted from the network data
plane and sometimes from the network control plane and management
plane.
Song, et al. Expires January 3, 2019 [Page 3]
�
Internet-Draft Network Telemetry Framework July 2018
Intent and Policy Compliance: Network policies are the rules that
constraint the services for network access, provide differentiate
within a service, or enforce specific treatment on the traffic.
For example, a service function chain is a policy that requires
the selected flows to pass through a set of network functions in
order. An intents is a high-level abstract policy which requires
a complex translation and mapping process before being applied on
networks. While a policy is enforced, the compliance needs to be
verified and monitored continuously.
SLA Compliance: A Service-Level Agreement (SLA) defines the level of
service a user expects from a network operator, which include the
metrics for the service measurement and remedy/penalty procedures
when the service level misses the agreement. Users need to check
if they get the service as promised and network operators need to
evaluate how they can deliver the services that can meet the SLA.
Root Cause Analysis: Network failure often involves a sequence of
chained events and the source of the failure is not
straightforward to identify, especially when the failure is
sporadic. While machine learning or other data analytics
technologies can be used for root cause analysis, it up to the
network to provide all the relevant data for analysis.
Load Balancing, Traffic Engineering, and Network Planning: Network
operators are motivated to optimize their network utilization for
better ROI or lower CAPEX, as well as differentiation across
services and/or users of a given service. The first step is to
know the real-time network conditions before applying policies to
steer the user traffic or adjust the load balancing algorithm. In
some cases network micro-bursts need to be detected in a very
short time-frame so that fine grained traffic control can be
applied to avoid possible network congestion. The long term
network capacity planning and topology augmentation also rely on
the accumulated data of the network operation.
Event Tracking and Prediction: Network visibility is critical for a
healthy network operation. Numerous network events are of
interest to network operators. For example, Network operators
always want to learn where and why packets are dropped for an
application flow. They also want to be warned by some early signs
that some component is going to fail so the proper fix or
replacement can be made in time.
Song, et al. Expires January 3, 2019 [Page 4]
�
Internet-Draft Network Telemetry Framework July 2018
1.2. Challenges
The conventional OAM techniques, as described in [RFC7276], are not
sufficient to support the above use cases for the following reasons:
o Most use cases need to continuously monitor the network and
dynamically refine the data collection in real-time and
interactively. The poll-based low-frequency data collection is
ill-suited for these applications. Streaming data directly pushed
from the data source is preferred.
o Various data is needed from any place ranging from the packet
processing engine to the QoS traffic manager. Traditional data
plane devices cannot provide the necessary probes. An open and
programmable data plane is therefore needed.
o Many application scenarios need to correlate data from multiple
sources (e.g., from distributed nodes or from different network
plane). A piecemeal solution is often lacking the capability to
consolidate the data from multiple sources. The composition of a
complete solution, as partly proposed by ARCA
[I-D.pedro-nmrg-anticipated-adaptation], will be empowered and
guided by a comprehensive framework.
o The passive measurement techniques can either consume too much
network resources and render too much redundant data, or lead to
inaccurate results. The active measurement techniques are
indirect, and they can interfere with the user traffic. We need
techniques that can collect direct and on-demand data from user
traffic.
1.3. Glossary
Before further discussion, we list some key terminology and acronyms
used in this documents. We make an intended distinction between
network telemetry and network OAM.
AI: Artificial Intelligence. Use machine-learning based
technologies to automate network operation.
BMP: BGP Monitoring Protocol
DNP: Dynamic Network Probe
DPI: Deep Packet Inspection
gNMI: gPRC Network Management Interface
Song, et al. Expires January 3, 2019 [Page 5]
�
Internet-Draft Network Telemetry Framework July 2018
gRPC: gRPC Remote Procedure Call
IDN: Intent-Driven Network
IPFIX: IP Flow Information Export Protocol
IPFPM: IP Flow Performance Measurement
IOAM: In-situ OAM
NETCONF: Network Configuration Protocol
Network Telemetry: A general term for a new brood of network
visibility techniques and protocols, with the characteristics
defined in this document. Network telemetry enables smooth
evolution toward intent-driven autonomous networks.
NMS: Network Management System
OAM: Operations, Administration, and Maintenance. A group of
network management functions that provide network fault
indication, fault localization, performance information, and data
and diagnosis functions. Most conventional network monitoring
techniques and protocols belong to network OAM.
SNMP: Simple Network Management Protocol
YANG: A data modeling language for NETCONF
YANG FSM: A YANG model to define device side finite state machine
YANG PUSH: A method to subscribe pushed data from remote YANG
datastore
1.4. Network Telemetry
For a long time, network operators have relied upon protocols such as
SNMP [RFC1157] to monitor the network. SNMP can only provide limited
information about the network. Since SNMP is poll-based, it incurs
low data rate and high processing overhead. Such drawbacks make SNMP
unsuitable for today's automatic network applications.
Network telemetry has emerged as a mainstream technical term to refer
to the newer techniques of data collection and consumption,
distinguishing itself form the convention techniques for network OAM.
It is expected that network telemetry can provide the necessary
network visibility for autonomous networks, address the shortcomings
Song, et al. Expires January 3, 2019 [Page 6]
�
Internet-Draft Network Telemetry Framework July 2018
of conventional OAM techniques, and allow for the emergence of new
techniques bearing certain characterisitcs.
One key difference between the network telemetry and the network OAM
is that the network telemetry assumes an intelligent machine in the
center of a closed control loop, while the network OAM assumes the
human network operators in the middle of an open control loop. The
network telemetry can directly trigger the automated network
operation; The conventional OAM tools only help human operators to
monitor and diagnose the networks and guide manual network
operations. The different assumptions lead to very different
techniques.
Although the network telemetry techniques are just emerging and
subject to continuous evolution, several defining characteristics of
network telemetry have been well accepted:
o Push and Streaming: Instead of polling data from network devices,
the telemetry collector subscribes to the streaming data pushed
from the data source in network devices.
o Volume and Velocity: The telemetry data is intended to be consumed
by machine rather than by human. Therefore, the data volume is
huge and the processing is often in realtime.
o Normalization and Unification: Telemetry aims to address the
overall network automation needs. The piecemeal solutions offered
by the conventional OAM approach are no longer suitable. Efforts
need to be made to normalize the data representation and unify the
protocols.
o Model-based: The data is model-based which allows applications to
configure and consume data with ease.
o Data Fusion: The data for a single application can come from
multiple data sources (e.g., cross domain, cross device, and cross
layer) and needs to be correlated to take effect.
o Dynamic and Interactive: Since the network telemetry means to be
used in a closed control loop for network automation, it needs to
run continuously and adapt to the dynamic and interactive queries
from the network operation controller.
In addition, the ideal network telemetry solution should also support
the following features:
o In-Network Customization: The data can be customized in network at
run-time to cater to the specific need of applications. This
Song, et al. Expires January 3, 2019 [Page 7]
�
Internet-Draft Network Telemetry Framework July 2018
needs the support of a programmable data plane which allows probes
to be deployed at flexible locations.
o Direct Data Plane Export: The data originated from data plane can
be directly exported to the data consumer for efficiency,
especially when the data bandwidth is large and the real-time
processing is required.
o In-band Data Collection: In addition to the passive and active
data collection approaches, the new hybrid approach allows to
directly collect data for any target flow on its entire forwarding
path.
o Non-intrusive: The telemetry system should not fall into the trap
of the "observer effect". That is, it should not change the
network behavior or affect the forwarding performance.
2. The Necessity of a Network Telemetry Framework
Big data analytics and machine-learning based AI technologies are
applied for network operation automation, relying on abundant data
from networks. The single-sourced and static data acquisition cannot
meet the data requirements. It is desirable to have a framework that
integrates multiple telemetry approaches from different layers, and
allows flexible combinations for different applications. The
framework will benefit application development for the following
reasons.
o The future autonomous networks will require a holistic view on
network visibility. All the use cases and applications need to be
supported uniformly and coherently under a single intelligent
agent. Therefore, the protocols and mechanisms should be
consolidated into a minimum yet comprehensive set. A telemetry
framework can help to normalize the technique developments.
o Network visibility presents multiple viewpoints. For example, the
device viewpoint takes the network infrastructure as the
monitoring object from which the network topology and device
status can be acquired; the traffic viewpoint takes the flows or
packets as the monitoring object from which the traffic quality
and path can be acquired. An application may need to switch its
viewpoint during operation. It may also need to correlate a
service and its network experience to acquire the comprehensive
information.
o Applications require network telemetry to be elastic in order to
efficiently use the network resource and reduce the performance
impact. Routine network monitoring covers the entire network with
Song, et al. Expires January 3, 2019 [Page 8]
�
Internet-Draft Network Telemetry Framework July 2018
low data sampling rate. When issues arise or trends emerge, the
telemetry data source can be modified and the data rate can be
boosted.
o Efficient data fusion is critical for applications to reduce the
overall quantity of data and improve the accuracy of analysis.
So far, some telemetry related work has been done within IETF.
However, this work is fragmented and scattered in different working
groups. The lack of coherence makes it difficult to assemble a
comprehensive network telemetry system and causes repetitive and
redundant work.
A formal network telemetry framework is needed for constructing a
working system. The framework should cover the concepts and
components from the standardization perspective. This document
clarifies the layers on which the telemetry is exerted and decomposes
the telemetry system into a set of distinct components that the
existing and future work can easily map to.
3. Network Telemetry Framework
Telemetry can be applied on the data plane, the control plane, and
the management plane in a network, as well as other sources out of
the network, as shown in Figure 1.
Song, et al. Expires January 3, 2019 [Page 9]
�
Internet-Draft Network Telemetry Framework July 2018
+------------------------------+
| |
| Network Operation |<-------+
| Applications | |
| | |
+------------------------------+ |
^ ^ ^ |
| | | |
V | V V
+-----------|---+--------------+ +-----------+
| | | | | |
| Control Pl|ane| | | External |
| Telemetry | <---> | | Data and |
| | | | | Event |
| ^ V | Management | | Telemetry |
+------|--------+ Plane | | |
| V | Telemetry | +-----------+
| | |
| Data Plane <---> |
| Telemetry | |
| | |
+---------------+--------------+
Figure 1: Layer Category of the Network Telemetry Framework
Note that the interaction with the network operation applications can
be indirect. For example, in the management plane telemetry, the
management plane may need to acquire data from the data plane. On
the other hand, an application may involve more than one plane
simultaneously. For example, an SLA compliance application may
require both the data plane telemetry and the control plane
telemetry.
At each plane, the telemetry can be further partitioned into five
distinct components:
Data Source: Determine where the original data is acquired. The
data source usually just provides raw data which needs further
processing. A data source can be considered a probe. A probe can
be statically installed or dynamically installed.
Data Subscription: Determine the protocol and channel for
applications to acquire desired data. Data subscription is also
responsible to define the desired data that might not be directly
available form data sources. The subscription data can be
described by a model. The model can be statically installed or
dynamically installed.
Song, et al. Expires January 3, 2019 [Page 10]
�
Internet-Draft Network Telemetry Framework July 2018
Data Generation: The original data needs to be processed, encoded,
and formatted in network devices to meet application subscription
requirements. This may involve in-network computing and
processing on either the fast path or the slow path in network
devices.
Data Export: Determine how the ready data are delivered to
applications.
Data Analysis and Storage: In this final step, data is consumed by
applications or stored for future reference. Data analysis can be
interactive. It may initiate further data subscription.
+------------------------------+
| |
| Data Analysis/Storage |
| |
+------------------------------+
| ^
| |
V |
+---------------+--------------+
| | |
| Data | Data |
| Subscription | Export |
| | |
+---------------+--------------|
| |
| Data Generation |
| |
+------------------------------|
| |
| Data Source |
| |
+------------------------------+
Figure 2: Components in the Network Telemetry Framework
Since most existing standard-related work belongs to the first four
components, in the remainder of the document, we focus on these
components only.
3.1. Existing Works Mapped in the Framework
The following table provides a non-exhaustive list of existing works
(mainly published in IETF and with the emphasis on the latest new
technologies) and shows their positions in the framework.
Song, et al. Expires January 3, 2019 [Page 11]
�
Internet-Draft Network Telemetry Framework July 2018
+-----------+--------------+---------------+--------------+
| | Management | Control | Data |
| | Plane | Plane | Plane |
+-----------+--------------+---------------+--------------+
| | YANG Data | Control Proto.| Flow/Packet |
| Data | Store | Network State | Statistics |
| Source | | | States |
| | | | DPI |
+-----------+--------------+---------------+--------------+
| | gPRC | NETCONF/YANG | NETCONF/YANG |
| Data | YANG PUSH | BGP | YANG FSM |
| Subscribe | | | |
| | | | |
+-----------+--------------+---------------+--------------+
| | Soft DNP | Soft DNP | In-situ OAM |
| Data | | | IPFPM |
| Generation| | | Hard DNP |
| | | | |
+-----------+--------------+---------------+--------------+
| | gRPC | BMP | IPFIX |
| Data | YANG PUSH | | UDP |
| Export | UDP | | |
| | | | |
+-----------+--------------+---------------+--------------+
Figure 3: Existing Work
3.2. Management Plane Telemetry
3.2.1. Requirements and Challenges
The management plane of the network element interacts with the
Network Management System (NMS), and provides information such as
performance data, network logging data, network warning and defects
data, and network statistics and state data. Some legacy protocols
are widely used for the management plane, such as SNMP and Syslog,
but these protocols do not meet the requirements of the automatic
network operation applications.
New management plane telemetry protocols should consider the
following requirements:
Convenient Data Subscription: An application should have the freedom
to choose the data export means such as the data types and the
export frequency.
Song, et al. Expires January 3, 2019 [Page 12]
�
Internet-Draft Network Telemetry Framework July 2018
Structured Data: For automatic network operation, machines will
replace human for network data comprehension. The schema
languages such as YANG can efficiently describe structured data
and normalize data encoding and transformation.
High Speed Data Transport: In order to retain the information, a
server needs to send a large amount of data at high frequency.
Compact encoding formats are needed to compress the data and
improve the data transport efficiency. The push mode, by
replacing the poll mode, can also reduce the interactions between
clients and servers, which help to improve the server's
efficiency.
3.2.2. Push Extensions for NETCONF
NETCONF [RFC6241] is one popular network management protocol, which
is also recommended by IETF. Although it can be used for data
collection, NETCONF is good at configurations. YANG Push
[I-D.ietf-netconf-yang-push] extends NETCONF and enables subscriber
applications to request a continuous, customized stream of updates
from a YANG datastore. Providing such visibility into changes made
upon YANG configuration and operational objects enables new
capabilities based on the remote mirroring of configuration and
operational state. Moreover, distributed data collection mechanism
[I-D.zhou-netconf-multi-stream-originators] via UDP based publication
channel [I-D.ietf-netconf-udp-pub-channel] provides enhanced
efficiency for the NETCONF based telemetry.
3.2.3. gRPC Network Management Interface
gRPC Network Management Interface (gNMI)
[I-D.openconfig-rtgwg-gnmi-spec] is a network management protocol
based on the gRPC [I-D.kumar-rtgwg-grpc-protocol] RPC (Remote
Procedure Call) framework. With a single gRPC service definition,
both configuration and telemetry can be covered. gRPC is an HTTP/2
[RFC7540] based open source micro service communication framework.
It provides a number of capabilities that makes it well-suited for
network telemetry, including:
o Full-duplex streaming transport model combined with a binary
encoding mechanism provided further improved telemetry efficiency.
o gRPC provides higher-level features consistency across platforms
that common HTTP/2 libraries typically do not. This
characteristic is especially valuable for the fact that telemetry
data collectors normally reside on a large variety of platforms.
o The built-in load-balancing and failover mechanism.
Song, et al. Expires January 3, 2019 [Page 13]
�
Internet-Draft Network Telemetry Framework July 2018
3.3. Control Plane Telemetry
3.3.1. Requirements and Challenges
The control plane telemetry refers to the health condition monitoring
of different network protocols, which covers Layer 2 to Layer 7.
Keeping track of the running status of these protocols is beneficial
for detecting, localizing, and even predicting various network
issues, as well as network optimization, in real-time and in fine
granularities.
One of the most challenging problems for the control plane telemetry
is how to correlate the E2E Key Performance Indicators (KPI) to a
specific layer's KPIs. For example, an IPTV user may describe his
User Experience (UE) by the video fluency and definition. Then in
case of an unusually poor UE KPI or a service disconnection, it is
non-trivial work to delimit and localize the issue to the responsible
protocol layer (e.g., the Transport Layer or the Network Layer), the
responsible protocol (e.g., ISIS or BGP at the Network Layer), and
finally the responsible device(s) with specific reasons.
Traditional OAM-based approaches for control plane KPI measurement
include PING (L3), Tracert (L3), Y.1731 (L2) and so on. One common
issue behind these methods is that they only measure the KPIs instead
of reflecting the actual running status of these protocols, making
them less effective or efficient for control plane troubleshooting
and network optimization. An example of the control plane telemetry
is the BGP monitoring protocol (BMP), it is currently used to
monitoring the BGP routes and enables rich applications, such as BGP
peer analysis, AS analysis, prefix analysis, security analysis, and
so on. However, the monitoring of other layers, protocols and the
cross-layer, cross-protocol KPI correlations are still in their
infancies (e.g., the IGP monitoring is missing), which require
substantial further research.
3.3.2. BGP Monitoring Protocol
BGP Monitoring Protocol (BMP) [RFC7854] is used to monitor BGP
sessions and intended to provide a convenient interface for obtaining
route views.
The BGP routing information is collected from the monitored device(s)
to the BMP monitoring station by setting up the BMP TCP session. The
BGP peers are monitored by the BMP Peer Up and Peer Down
Notifications. The BGP routes (including Adjacency_RIB_In [RFC7854],
Adjacency_RIB_out [I-D.ietf-grow-bmp-adj-rib-out], and Local_Rib
[I-D.ietf-grow-bmp-local-rib] are encapsulated in the BMP Route
Monitoring Message and the BMP Route Mirroring Message, in the form
Song, et al. Expires January 3, 2019 [Page 14]
�
Internet-Draft Network Telemetry Framework July 2018
of both initial table dump and real-time route update. In addition,
BGP statistics are reported through the BMP Stats Report Message,
which could be either timer triggered or event driven. More BMP
extensions can be explored to enrich the applications of BGP
monitoring.
3.4. Data Plane Telemetry
3.4.1. Requirements and Challenges
An effective data plane telemetry system relies on the data that the
network device can expose. The data's quality, quantity, and
timeliness must meet some stringent requirements. This raises some
challenges to the network data plane devices where the first hand
data originate.
o A data plane device's main function is user traffic processing and
forwarding. While supporting network visibility is important, the
telemetry is just an auxiliary function and it should not impede
normal traffic processing and forwarding (i.e., the performance is
not lowered and the behavior is not altered due to the telemetry
functions).
o The network operation applications requires end-to-end visibility
from various sources, which results in a huge volume of data.
However, the sheer data quantity should not stress the network
bandwidth, regardless of the data delivery approach (i.e., through
in-band or out-of-band channels).
o The data plane devices must provide the data in a timely manner
with the minimum possible delay. Long processing, transport,
storage, and analysis delay can impact the effectiveness of the
control loop and even render the data useless.
o The data should be structured and labeled, and easy for
applications to parse and consume. At the same time, the data
types needed by applications can vary significantly. The data
plane devices need to provide enough flexibility and
programmability to support the precise data provision for
applications.
o The data plane telemetry should support incremental deployment and
work even though some devices are unaware of the system. This
challenge is highly relevant to the standards and legacy networks.
The industry has agreed that the data plane programmability is
essential to support network telemetry. Newer data plane chips are
Song, et al. Expires January 3, 2019 [Page 15]
�
Internet-Draft Network Telemetry Framework July 2018
all equipped with advanced telemetry features and provide flexibility
to support customized telemetry functions.
3.4.2. Technique Classification
There can be multiple possible dimensions to classify the data plane
telemetry techniques.
Active and Passive: The active and passive methods (as well as the
hybrid types) are well documented in [RFC7799]. The passive
methods include TCPDUMP, IPFIX [RFC7011], sflow, and traffic
mirror. These methods usually have low data coverage. The
bandwidth cost is very high in oreder to improve the data
coverage. On the other hand, the active methods include Ping,
Traceroute, OWAMP [RFC4656], and TWAMP [RFC5357]. These methods
are intrusive and only provide indirect network measurement
results. The hybrid methods, including in-situ OAM
[I-D.brockners-inband-oam-requirements], IPFPM [RFC8321], and
Multipoint Alternate Marking
[I-D.fioccola-ippm-multipoint-alt-mark], provide a well-balanced
and more flexible approach. However, these methods are also more
complex to implement.
In-Band and Out-of-Band: The telemetry data, before being exported
to some collector, can be carried in user packets. Such methods
are considered in-band (e.g., in-situ OAM
[I-D.brockners-inband-oam-requirements]). If the telemetry data
is directly exported to some collector without modifying the user
packets, Such mothods are considered out-of-band (e.g., postcard-
based INT). It is possible to have hybrid methods. For example,
only the telemetry instruction or partitial data is carried by
user packets (e.g., IPFPM [RFC8321]).
E2E and In-Network: Some E2E methods start from and end at the
network end hosts (e.g., Ping). The other methods work in
networks and are transparent to end hosts. However, if needed,
the in-network methods can be easily extended into end hosts.
Flow, Path, and Node: Depending on the telemetry objective, the
methods can be flow-based (e.g., in-situ OAM
[I-D.brockners-inband-oam-requirements]), path-based (e.g.,
Traceroute), and node-based (e.g., IPFIX [RFC7011]).
3.4.3. The IPFPM technology
The Alternate Marking method is efficient to perform packet loss,
delay, and jitter measurements both in an IP and Overlay Networks, as
Song, et al. Expires January 3, 2019 [Page 16]
�
Internet-Draft Network Telemetry Framework July 2018
presented in IPFPM [RFC8321] and
[I-D.fioccola-ippm-multipoint-alt-mark].
This technique can be applied to point-to-point and multipoint-to-
multipoint flows. Alternate Marking creates batches of packets by
alternating the value of 1 bit (or a label) of the packet header.
These batches of packets are unambiguously recognized over the
network and the comparison of packet counters for each batch allows
the packet loss calculation. The same idea can be applied to delay
measurement by selecting ad hoc packets with a marking bit dedicated
for delay measurements.
Alternate Marking method needs two counters each marking period for
each flow under monitor. For instance, by considering n measurement
points and m monitored flows, the order of magnitude of the packet
counters for each time interval is n*m*2 (1 per color).
Since networks offer rich sets of network performance measurement
data (e.g packet counters), traditional approaches run into
limitations. One reason is the fact that the bottleneck is the
generation and export of the data and the amount of data that can be
reasonably collected from the network. In addition, management tasks
related to determining and configuring which data to generate lead to
significant deployment challenges.
Multipoint Alternate Marking approach, described in
[I-D.fioccola-ippm-multipoint-alt-mark], aims to resolve this issue
and makes the performance monitoring more flexible in case a detailed
analysis is not needed.
An application orchestrates network performance measurements tasks
across the network to allow an optimized monitoring and it can
calibrate how deep can be obtained monitoring data from the network
by configuring measurement points roughly or meticulously.
Using Alternate Marking, it is possible to monitor a Multipoint
Network without examining in depth by using the Network Clustering
(subnetworks that are portions of the entire network that preserve
the same property of the entire network, called clusters). So in
case there is packet loss or the delay is too high the filtering
criteria could be specified more in order to perform a detailed
analysis by using a different combination of clusters up to a per-
flow measurement as described in IPFPM [RFC8321].
In summary, an application can configure initially an end to end
monitoring between ingress points and egress points of the network.
If the network does not experiment issues, this approximate
monitoring is good enough and is very cheap in terms of network
Song, et al. Expires January 3, 2019 [Page 17]
�
Internet-Draft Network Telemetry Framework July 2018
resources. But, in case of problems, the application becomes aware
of the issues from this approximate monitoring and, in order to
localize the portion of the network that has issues, configures the
measurement points more exhaustively. So a new detailed monitoring
is performed. After the detection and resolution of the problem the
initial approximate monitoring can be used again.
3.4.4. Dynamic Network Probe
Hardware based Dynamic Network Probe (DNP) [I-D.song-opsawg-dnp4iq]
provides a programmable means to customize the data that an
application collects from the data plane. A direct benefit of DNP is
the reduction of the exported data. A full DNP solution covers
several components including data source, data subscription, and data
generation. The data subscription needs to define the custom data
which can be composed and derived from the raw data sources. The
data generation takes advantage of the moderate in-network computing
to produce the desired data.
While DNP can introduce unforeseeable flexibility to the data plane
telemetry, it also faces some challenges. It requires a flexible
data plane that can be dynamically reprogrammed at run-time. The
programming API is yet to be defined.
3.4.5. IP Flow Information Export (IPFIX) protocol
Traffic on a network can be seen as a set of flows passing through
network elements. IP Flow Information Export (IPFIX) [RFC7011]
provides a means of transmitting traffic flow information for
administrative or other purposes. A typical IPFIX enabled system
includes a pool of Metering Processes collects data packets at one or
more Observation Points, optionally filters them and aggregates
information about these packets. An Exporter then gathers each of
the Observation Points together into an Observation Domain and sends
this information via the IPFIX protocol to a Collector.
3.4.6. In-Situ OAM
Traditional passive and active monitoring and measurement techniques
are either inaccurate or resource-consuming. It is preferable to
directly acquire data associated with a flow's packets when the
packets pass through a network. In-situ OAM (iOAM)
[I-D.brockners-inband-oam-requirements], a data generation technique,
embeds a new instruction header to user packets and the instruction
directs the network nodes to add the requested data to the packets.
Thus, at the path end the packet's experience on the entire
forwarding path can be collected. Such firsthand data is invaluable
to many network OAM applications.
Song, et al. Expires January 3, 2019 [Page 18]
�
Internet-Draft Network Telemetry Framework July 2018
However, iOAM also faces some challenges. The issues on performance
impact, security, scalability and overhead limits, encapsulation
difficulties in some protocols, and cross-domain deployment need to
be addressed.
3.5. External Data and Event Telemetry
Events that occur outside the boundaries of the network system are
another important source of telemetry information. Correlating both
internal telemetry data and external events with the requirements of
network systems, as presented in Exploiting External Event Detectors
to Anticipate Resource Requirements for the Elastic Adaptation of
SDN/NFV Systems [I-D.pedro-nmrg-anticipated-adaptation], provides a
strategic and functional advantage to management operations.
3.5.1. Requirements and Challenges
As with other sources of telemetry information, the data and events
must meet strict requirements, especially in terms of timeliness,
which is essential to properly incorporate external event information
to management cycles. Thus, the specific challenges are described as
follows:
o The role of external event detector can be played by multiple
elements, including hardware (e.g. physical sensors, such as
seismometers) and software (e.g. Big Data sources that analyze
streams of information, such as Twitter messages). Thus, the
transmitted data must support different shapes but, at the same
time, follow a common but extensible ontology.
o Since the main function of the external event detectors is
actually to perform the notifications, their timeliness is
assumed. However, once messages have been dispatched, they must
be quickly collected and inserted into the control plane with
variable priority, which will be high for important sources and/or
important events and low for secondary ones.
o The ontology used by external detectors must be easily adopted by
current and future devices and applications. Therefore, it must
be easily mapped to current information models, such as in terms
of YANG.
Organizing together both internal and external telemetry information
will be key for the general exploitation of the management
possibilities of current and future network systems, as reflected in
the incorporation of cognitive capabilities to new hardware and
software (virtual) elements.
Song, et al. Expires January 3, 2019 [Page 19]
�
Internet-Draft Network Telemetry Framework July 2018
4. Security Considerations
TBD
5. IANA Considerations
This document includes no request to IANA.
6. Contributors
The other main contributors of this document are listed as follows.
o James N. Guichard, Huawei
o Yunan Gu, Huawei
7. Acknowledgments
We would like to thank Victor Liu and others who have provided
helpful comments and suggestions to improve this document.
8. References
8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
8.2. Informative References
[I-D.brockners-inband-oam-requirements]
Brockners, F., Bhandari, S., Dara, S., Pignataro, C.,
Gredler, H., Leddy, J., Youell, S., Mozes, D., Mizrahi,
T., <>, P., and r. remy@barefootnetworks.com,
"Requirements for In-situ OAM", draft-brockners-inband-
oam-requirements-03 (work in progress), March 2017.
[I-D.fioccola-ippm-multipoint-alt-mark]
Fioccola, G., Cociglio, M., Sapio, A., and R. Sisto,
"Multipoint Alternate Marking method for passive and
hybrid performance monitoring", draft-fioccola-ippm-
multipoint-alt-mark-04 (work in progress), June 2018.
Song, et al. Expires January 3, 2019 [Page 20]
�
Internet-Draft Network Telemetry Framework July 2018
[I-D.ietf-grow-bmp-adj-rib-out]
Evens, T., Bayraktar, S., Lucente, P., Mi, K., and S.
Zhuang, "Support for Adj-RIB-Out in BGP Monitoring
Protocol (BMP)", draft-ietf-grow-bmp-adj-rib-out-01 (work
in progress), March 2018.
[I-D.ietf-grow-bmp-local-rib]
Evens, T., Bayraktar, S., Bhardwaj, M., and P. Lucente,
"Support for Local RIB in BGP Monitoring Protocol (BMP)",
draft-ietf-grow-bmp-local-rib-01 (work in progress),
February 2018.
[I-D.ietf-netconf-udp-pub-channel]
Zheng, G., Zhou, T., and A. Clemm, "UDP based Publication
Channel for Streaming Telemetry", draft-ietf-netconf-udp-
pub-channel-03 (work in progress), July 2018.
[I-D.ietf-netconf-yang-push]
Clemm, A., Voit, E., Prieto, A., Tripathy, A., Nilsen-
Nygaard, E., Bierman, A., and B. Lengyel, "YANG Datastore
Subscription", draft-ietf-netconf-yang-push-17 (work in
progress), July 2018.
[I-D.kumar-rtgwg-grpc-protocol]
Kumar, A., Kolhe, J., Ghemawat, S., and L. Ryan, "gRPC
Protocol", draft-kumar-rtgwg-grpc-protocol-00 (work in
progress), July 2016.
[I-D.openconfig-rtgwg-gnmi-spec]
Shakir, R., Shaikh, A., Borman, P., Hines, M., Lebsack,
C., and C. Morrow, "gRPC Network Management Interface
(gNMI)", draft-openconfig-rtgwg-gnmi-spec-01 (work in
progress), March 2018.
[I-D.pedro-nmrg-anticipated-adaptation]
Martinez-Julia, P., "Exploiting External Event Detectors
to Anticipate Resource Requirements for the Elastic
Adaptation of SDN/NFV Systems", draft-pedro-nmrg-
anticipated-adaptation-02 (work in progress), June 2018.
[I-D.song-opsawg-dnp4iq]
Song, H. and J. Gong, "Requirements for Interactive Query
with Dynamic Network Probes", draft-song-opsawg-dnp4iq-01
(work in progress), June 2017.
Song, et al. Expires January 3, 2019 [Page 21]
�
Internet-Draft Network Telemetry Framework July 2018
[I-D.zhou-netconf-multi-stream-originators]
Zhou, T., Zheng, G., Voit, E., Clemm, A., and A. Bierman,
"Subscription to Multiple Stream Originators", draft-zhou-
netconf-multi-stream-originators-02 (work in progress),
May 2018.
[RFC1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin,
"Simple Network Management Protocol (SNMP)", RFC 1157,
DOI 10.17487/RFC1157, May 1990,
<https://www.rfc-editor.org/info/rfc1157>.
[RFC4656] Shalunov, S., Teitelbaum, B., Karp, A., Boote, J., and M.
Zekauskas, "A One-way Active Measurement Protocol
(OWAMP)", RFC 4656, DOI 10.17487/RFC4656, September 2006,
<https://www.rfc-editor.org/info/rfc4656>.
[RFC5357] Hedayat, K., Krzanowski, R., Morton, A., Yum, K., and J.
Babiarz, "A Two-Way Active Measurement Protocol (TWAMP)",
RFC 5357, DOI 10.17487/RFC5357, October 2008,
<https://www.rfc-editor.org/info/rfc5357>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<https://www.rfc-editor.org/info/rfc6241>.
[RFC7011] Claise, B., Ed., Trammell, B., Ed., and P. Aitken,
"Specification of the IP Flow Information Export (IPFIX)
Protocol for the Exchange of Flow Information", STD 77,
RFC 7011, DOI 10.17487/RFC7011, September 2013,
<https://www.rfc-editor.org/info/rfc7011>.
[RFC7276] Mizrahi, T., Sprecher, N., Bellagamba, E., and Y.
Weingarten, "An Overview of Operations, Administration,
and Maintenance (OAM) Tools", RFC 7276,
DOI 10.17487/RFC7276, June 2014,
<https://www.rfc-editor.org/info/rfc7276>.
[RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext
Transfer Protocol Version 2 (HTTP/2)", RFC 7540,
DOI 10.17487/RFC7540, May 2015,
<https://www.rfc-editor.org/info/rfc7540>.
[RFC7799] Morton, A., "Active and Passive Metrics and Methods (with
Hybrid Types In-Between)", RFC 7799, DOI 10.17487/RFC7799,
May 2016, <https://www.rfc-editor.org/info/rfc7799>.
Song, et al. Expires January 3, 2019 [Page 22]
�
Internet-Draft Network Telemetry Framework July 2018
[RFC7854] Scudder, J., Ed., Fernando, R., and S. Stuart, "BGP
Monitoring Protocol (BMP)", RFC 7854,
DOI 10.17487/RFC7854, June 2016,
<https://www.rfc-editor.org/info/rfc7854>.
[RFC8321] Fioccola, G., Ed., Capello, A., Cociglio, M., Castaldelli,
L., Chen, M., Zheng, L., Mirsky, G., and T. Mizrahi,
"Alternate-Marking Method for Passive and Hybrid
Performance Monitoring", RFC 8321, DOI 10.17487/RFC8321,
January 2018, <https://www.rfc-editor.org/info/rfc8321>.
Authors' Addresses
Haoyu Song (editor)
Huawei
2330 Central Expressway
Santa Clara
USA
Email: haoyu.song@huawei.com
Tianran Zhou
Huawei
156 Beiqing Road
Beijing, 100095
P.R. China
Email: zhoutianran@huawei.com
Zhenbin Li
Huawei
156 Beiqing Road
Beijing, 100095
P.R. China
Email: lizhenbin@huawei.com
Giuseppe Fioccola
Telecom Italia
Via Reiss Romoli, 274
Torino 10148
Italy
Email: giuseppe.fioccola@telecomitalia.it
Song, et al. Expires January 3, 2019 [Page 23]
�
Internet-Draft Network Telemetry Framework July 2018
Zhenqiang Li
China Mobile
No. 32 Xuanwumenxi Ave., Xicheng District
Beijing, 100032
P.R. China
Email: lizhenqiang@chinamobile.com
Pedro Martinez-Julia
NICT
4-2-1, Nukui-Kitamachi
Koganei, Tokyo 184-8795
Japan
Phone: +81 42 327 7293
Email: pedro@nict.go.jp
Laurent Ciavaglia
Nokia
Villarceaux 91460
France
Email: laurent.ciavaglia@nokia.com
Aijun Wang
China Telecom
Beiqijia Town, Changping District
Beijing, 102209
P.R. China
Email: wangaj.bri@chinatelecom.cn
Song, et al. Expires January 3, 2019 [Page 24]
