Network Analytics at IETF 121 in Dublin

IETF arrived in Dublin Ireland where 999 colleagues joined onsite and 593 remote. This time Yannick Buchs and I had the pleasure to do a stoppover in Harpenden UK to meet our Cisco colleagues Robert Wilton , Nicholas Corran , Matthew Green, and Emma Rankin working on IETF YANG-Push implementation. Celebrating Halloween and the first interoperability tests with pmacct and Netgauze udp-notif YANG-Push data collection.

Next day arriving in Ireland and directly heading to the Huawei Research Center in Dublin to meet our Huawei colleagues Benoit Claise , Olga Havel , Michael Mackey , Jean Quilbeuf , Vincenzo Riccobene and Zhuoyao LIN where we collaborate in Network Observability development such as Network Anomaly Detection Digital Map (now known as SIMAP) and Knowledge Graph. Truly impressed with their demonstrations and status updates we moved forward to the IETF hackathon weekend where we participated the following NMOP hackathon projects.

Validate Configured Subscription YANG-Push Publisher Implementations

https://datatracker.ietf.org/meeting/121/materials/slides-121-hackathon-sessd-validate-configured-subscription-yang-push-publisher-implementations

Implement find relationship solution with Augmented-by list in ietf-yang-library

https://datatracker.ietf.org/meeting/121/materials/slides-121-hackathon-sessd-implement-find-relationship-solution-with-augmented-by-list-in-ietf-yang-library-00

Validate BMP Extension for Path Status TLV

https://datatracker.ietf.org/meeting/121/materials/slides-121-grow-validate-bmp-extension-for-path-status-tlv-00.pdf

Antagonist (ANomaly TAGging ON hISTorical data)

https://datatracker.ietf.org/meeting/121/materials/slides-121-hackathon-sessd-antagonist-01

The first two hackathon projects contributed implementations for the YANG-Push to Message Broker integration architecture. Enabling an automated data processing chain for subscribed YANG metrics. We have 3 vendors and and 2 open-source project contributing. The third hackathon project to Network Anomaly Lifecycle, automating the network incident network analytics postmortem process. While the last in improving the BMP implementations by giving visibility into the BGP best path decision process.

The importance of YANG in Network Observability is well understood. The activities around IETF YANG-Push are literally snowballing this time. All klicks now together. Operators clearly voicing the needs of an automated YANG data processing chain, reducing the time to onboard new operational metrics down to minutes. Vendors are collaborating with operators and academia on specification and implementation. IETF being the primary venue of choice.

Many thanks to Cisco, 6WIND and Huawei who contributed test releases for interoperability tests and feature verification and to the hackathon team Yannick Buchs , Robert Wilton, Emma Rankin, Samuel Gauthier, Jérémie Leska, Liu Bin, Benoit Claise, Jean Quilbeuf, Bill Kaufmann, Ebben Aries, Jammes Cummings, Paolo Lucente, Holger Keller, Daniel Voyer, Alex Huang Feng, Maxence Younsi, Pierre Fran?ois, Zhuoyao LIN, Vincenzo Riccobene and Ahmed Elhassany Ph.D. for their contribution to the IETF community.

On Tuesday, NMOP started the IETF week. The newly created charter focuses on network operators needs in network management. This time with two sessions. The second session focusing on experiments developed at the hackathon.

Thomas Graf presented the latest YANG-Push updates on how to integrating YANG-Push into message broker natively. Pointing out the relationship to the presented YANG-Push notifications documents at NETCONF.

Alex Huang Feng and Vincenzo Riccobene presented updates on three Network Anomaly Detection documents. Proposing new YANG schema's and proposals how to integrate Knowledge Graph technologies for Service Disruption Detection and Symptom semantics.

Adrian Farrel presented updates on draft-ietf-nmop-terminology (Some Key Terms for Network Incident and Problem Management) which is key to establish the correct terminology for the NMOP documents and finally Olga Havel presented updates on the Digital Map.

• draft-ietf-nmop-yang-message-broker-integration (An Architecture for YANG-Push to Apache Kafka Integration) describes the motivation and architecture of a native YANG-Push notifications and YANG Schema integration into Apache Kafka Message Broker and YANG Schema Registry currently being developed by Ahmed Elhassany Ph.D, Vivekananda Boudia and Alex Huang Feng.
• draft-netana-nmop-network-anomaly-architecture (An Architecture for a Network Anomaly Detection Framework) describes the motivation and architecture of a Network Anomaly Detection Framework and the relationship to other documents describing network symptom semantics and network incident lifecycle.
• draft-netana-nmop-network-anomaly-semantics (Semantic Metadata Annotation for Network Anomaly Detection) describes why and how semantic metadata annotation helps to test, validate and compare outlier detection, supports supervised and semi-supervised machine learning development, enables data exchange among network operators, vendors and academia and make anomalies for humans apprehensible.
• draft-netana-nmop-network-anomaly-lifecycle (Network Anomaly Lifecycle) describes the lifecycle process to iteratively improve network anomaly detection accurately. Three key stages are proposed, along with a YANG model specifying the required metadata for the network anomaly detection covering the different stages of the lifecycle.
• draft-havel-opsawg-digital-map (Modeling the Digital Map based on RFC 8345: Sharing Experience and Perspectives) extends ietf-network.yang and ietf-network-topology.yang to improve mapping of network dependencies in YANG.

With IETF YANG-Push Implementations and Next Steps, I presented on behalf of the network operators, vendor and academia colleagues a conclusion of several workshops with IETF YANG-Push implementers and operators on their requirements, use cases and suggestions to improve and simplify IETF YANG-Push. The slide deck describes a a MVP like deployment timeline the industry aligned to.

At SRV6OPS and IEPG working group Daniel Voyer and I had the pleasure to present a Network Analytics Network Incident Postmortem on BGP and SRv6. Giving insights how operational metrics are used with Network Anomaly Detection for automating Network Observability.

On Wednesday at OPSAWG working group, Export of Delay Performance Metrics in IPFIX last call concluded and last inputs were incorporated. Alex Huang Feng , Benoit Claise and I looking forward to have in the form of an RFC number an early Christmas present under the Christmas tree.

Export of GTP-U Information in IPFIX and Data Manifest for Contextualized Telemetry Data was presented by Daniel Voyer and and Jean Quilbeuf.

• draft-ietf-opsawg-ipfix-on-path-telemetry (Export of Delay Performance Metrics in IPFIX) extends IPFIX to export On-Path delay at scale by preserving Flow Aggregation (RFC7015). Enables network operators to monitor delay Service Level Objectives for their customers by having a statistical delay view over their network. That helps to understand to identify where delay in the network for which service and forwarding-path is being accumulated. With Pmacct, FD.io VPP and Fluvia with have already 3 open-source and Huawei already has VRP test code available.
• draft-ietf-opsawg-ipfix-gtpu (Export?of?GTP-U?Information?in IPFIX) defines IPFIX information elements for the Generic Packet Radio Service Tunneling Protocol User Plane data.
• draft-claise-opsawg-collected-data-manifest (A Data Manifest for Contextualized Telemetry Data) gives context how YANG push metrics where collected (software version, on-change vs. periodical etc.).

draft-ietf-opsawg-oam-characterization (Guidelines for Charactering "OAM") is addressing much needed terminology for describing OAM. Thanks Carlos Pignataro and Adrian Farrel for picking that up!

Wednesday continued with GROW, where the BGP Monitoring Protocol is being standardized. Enabling visibility into the BGP routing control-plane. Paolo Lucente presented updates on 3 ongoing BMP and one new BMP draft document at the GROW working group.

• draft-ietf-grow-bmp (TLV support for BMP Route Monitoring and Peer Down Messages) passed last call and moved on to IESG. Enabling BMP Path Marking TLV.
• draft-ietf-grow-bmp-path-marking-tlv (Path Marking TLV) brings visibility how BGP paths are being installed into the RIB. With this an network operator can verify redundancy end to end. Important for SLI/SLO use cases.
• draft-ietf-grow-bmp-rel (Logging of routing events in BMP) scope was further extended. Bringing event visibility into the BGP RIB import/export route-policy process.
• draft-lucente-grow-bmp-offline (Making BMP fruible offline) defines a new optional BMP message type that carries a summary of the established BGP sessions along with their capabilities.

Yisong Liu presented a new document draft-liu-grow-bmp-over-quic enabling BMP to use QUIC as data transport. Looking forward to colaborate.

Friday afternoon continued with the NETCONF working group where NETCONF, RESTCONF and YANG-Push are standardized, Alex Huang Feng, Robert Wilton and Thomas Graf presented the latest updates on the existing but also new YANG-push transport and notifications draft documents and Zhuoyao LIN presented extensions on the YANG Library.

• draft-ietf-netconf-udp-notif (UDP-based Transport for Configured Subscriptions) reaching stable state. Enabling JSON and CBOR export at scale with minimal overhead. The udp-notif Library is open-sourced and we have with pmacct a reference implementation.
• draft-ietf-netconf-udp-client-server (YANG Grouping for UDP Clients and UDP Servers) specifies generic groupings for UDP clients and servers instead being part of draft-ietf-netconf-udp-notif. We requested working group adoption and accelerated treatment to avoid further delays on draft-ietf-netconf-udp-notif.
• draft-ietf-netconf-distributed-notif (Subscription to Distributed Notifications) describing how multiple YANG publishers can export on one node. Enabling that YANG operational metrics can be directly export from network processors similar as IPFIX already does.
• draft-netana-netconf-yp-transport-capabilities (YANG Notification Transport Capabilities) proposes a YANG module for YANG notifications transport capabilities which augments "ietf-system-capabilities" YANG module defined in [RFC9196] and provides transport, encoding and encryption system capabilities for transport specific notification.
• draft-netana-netconf-notif-envelope (Extensible YANG model for YANG-Push Notifications) defines a new extensible notification structure, defined in YANG, for use in YANG-Push Notification messages enabling any YANG compatible encodings such as XML, JSON or CBOR.
• draft-ietf-netconf-yang-library-augmentation (Augmented-by Addition into the IETF-YANG-Library) augments the ietf-yang-library in RFC 8525 to provide the augmented-by list. It facilitates the process of obtaining the entire dependencies of YANG model, by directly querying the server's YANG module.
• draft-ietf-netconf-yang-notifications-versioning (Support of Versioning in YANG Notifications Subscription) describes how the YANG push header is being extended with semantic references. Enabling the automated Data Mesh integration without workarounds.
• draft-tgraf-netconf-yang-push-observation-time (Support of Observation Timestamp in YANG-Push Notifications) extends YANG-Push Notifications with the YANG objects observation timestamp and point-in-time for streaming update YANG-Push notifications.
• draft-wilton-netconf-yp-observability (YANG-Push Operational Data Observability Enhancements) proposes some enhancements to YANG-Push to optimize its behavior for operational data telemetry.

draft-lincla-netconf-yang-library-augmentation was recently adopted, working group last call will be initiated next for draft-ietf-netconf-udp-notif, draft-ietf-netconf-udp-client-server and draft-ietf-netconf-distributed-notif, and draft-netana-netconf-notif-envelope working group adoption will start soon as well.

I haven't seen so much traction in IETF YANG-Push in the NETCONF working group. Thanks to Kent Watsen and Per Andersson for accommodating all the work in the agenda. The preceding interim helped a lot to align the community.

All the open-source implementations mentioned in this blog post are available on the following github organisation: https://github.com/network-analytics

I like to thank the amazingly buzzing team Wanting Du, Yannick Buchs, Alex Huang Feng, Maxence Younsi, Pierre Fran?ois, Paolo Lucente, Juan Camilo Cardona Restrepo, Vincenzo Riccobene, Benoit Claise, Olga Havel, Jean Quilbeuf, Zhuoyao LIN, Daniel Voyer, Robert Wilton, Holger Keller, Nils Warnke, Ebben Aries and many friends, Mahesh Jethanandani , Nicholas Corran, Giuseppe Fioccola, Mohamed Boucadair, James Cumming, Bertrand D. , Ketan Talaulikar , Narasimha Prasad . and Sriram Gopalakrishnan in supporting our activities and the IETF community. I am proud of what we achieved as a team in the last few months.

I like to thank all the colleagues and IETF community who contributed and commented on the draft documents and Huawei Research Center of hosting us in their office.

We are all looking very forward to IETF 122 in Bangkok. Stay tuned.

With best wishes, Thomas