Re: [OPSAWG] Network Incident Management Side Meeting Summary
v-04 is posted (https://datatracker.ietf.org/doc/draft-feng-opsawg-incident-management/), the main changes focuses on addressing comments raised in last IETF meeting and side meeting and include: · Update incident definition based on TMF incident API profile specification.¶<https://datatracker.ietf.org/doc/html/draft-feng-opsawg-incident-management#appendix-A-3.1.1> · Update use case on Multi-layer Fault Demarcation based on side meeting discussion and IETF 119 session discussion.¶<https://datatracker.ietf.org/doc/html/draft-feng-opsawg-incident-management#appendix-A-3.2.1> · Update section 5.1 to explain how network incident is generated based on other factors.¶<https://datatracker.ietf.org/doc/html/draft-feng-opsawg-incident-management#appendix-A-3.3.1> · Add one new use cases on Security Events noise reduction based on Situation Awareness.¶<https://datatracker.ietf.org/doc/html/draft-feng-opsawg-incident-management#appendix-A-3.4.1> -Qin 发件人: OPSAWG [mailto:opsawg-boun...@ietf.org] 代表 Qin Wu 发送时间: 2023年11月10日 15:46 收件人: opsawg@ietf.org 抄送: draft-opsawg-evans-discardmo...@ietf.org; draft-netana-opsawg-nmrg-network-anomaly-semant...@ietf.org; draft-feng-opsawg-incident-managem...@ietf.org 主题: [OPSAWG] Network Incident Management Side Meeting Summary Hi, All: Thanks all folks who participated in network incident management discussion on Tuesday afternoon. The side meeting was spent one hour exploring network incident concepts and use cases; three related drafts were discussed. We received a lot of great contributions for the following drafts being discussed: https://datatracker.ietf.org/doc/draft-feng-opsawg-incident-management/ (Service Level Incident) https://datatracker.ietf.org/doc/draft-opsawg-evans-discardmodel/ (Anomaly Detection, Correlation and Mitigation for Packet Discard) https://datatracker.ietf.org/doc/draft-netana-opsawg-nmrg-network-anomaly-semantics/ (Network anomaly semantics) It was identified that multi-layer Fault Demarcation is related to POI, however the network incident model can be defined as generic model used for many other use cases. A few issues were raised in the meeting: 1. Network Incident definitions needs more clarity even though it origins from TMF specification, e.g., how it is related to symptom, anomaly, etc. 2. Besides SLO violation, how network incident is generated based on other factors, more usage examples are needed for these. 3. Incident terminology is well-defined and should be consistent across the drafts and, where possible, synced with other SDO meanings (although the language may vary) Follow up actions include: 1. Nigel and Adrian volunteered to help define key terminology uses and define terms; 2. Dan to check with MEF and TMF documentation to check for SLO handling, including incident and problem coordination and definitions; 3. Open the network incident draft GitHub to the public and use it for draft development and tracking issues. -Qin (on behalf of Team) ___ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
Re: [OPSAWG] Network Incident Management Side Meeting Summary
Thanks Adrian for the update, look forward to reviewing the version and happy to set up a meeting when it is ready. -Qin 发件人: Adrian Farrel [mailto:adr...@olddog.co.uk] 发送时间: 2023年12月13日 0:54 收件人: Qin Wu ; opsawg@ietf.org 抄送: draft-opsawg-evans-discardmo...@ietf.org; draft-netana-opsawg-nmrg-network-anomaly-semant...@ietf.org; draft-feng-opsawg-incident-managem...@ietf.org; ne...@ietf.org 主题: RE: [OPSAWG] Network Incident Management Side Meeting Summary [Adding the NMOP list �C which is currently called NETMO] It’s a month later. Nigel and I have been working on the first version of key terminology. We’ve actually made some progress (perhaps slower than our initial enthusiasm might have suggested). We’re just putting the last polish on our first version that we intent to share “soon.” Cheers, Adrian From: OPSAWG mailto:opsawg-boun...@ietf.org>> On Behalf Of Qin Wu Sent: 10 November 2023 07:46 To: opsawg@ietf.org<mailto:opsawg@ietf.org> Cc: draft-opsawg-evans-discardmo...@ietf.org<mailto:draft-opsawg-evans-discardmo...@ietf.org>; draft-netana-opsawg-nmrg-network-anomaly-semant...@ietf.org<mailto:draft-netana-opsawg-nmrg-network-anomaly-semant...@ietf.org>; draft-feng-opsawg-incident-managem...@ietf.org<mailto:draft-feng-opsawg-incident-managem...@ietf.org> Subject: [OPSAWG] Network Incident Management Side Meeting Summary Hi, All: Thanks all folks who participated in network incident management discussion on Tuesday afternoon. The side meeting was spent one hour exploring network incident concepts and use cases; three related drafts were discussed. We received a lot of great contributions for the following drafts being discussed: https://datatracker.ietf.org/doc/draft-feng-opsawg-incident-management/ (Service Level Incident) https://datatracker.ietf.org/doc/draft-opsawg-evans-discardmodel/ (Anomaly Detection, Correlation and Mitigation for Packet Discard) https://datatracker.ietf.org/doc/draft-netana-opsawg-nmrg-network-anomaly-semantics/ (Network anomaly semantics) It was identified that multi-layer Fault Demarcation is related to POI, however the network incident model can be defined as generic model used for many other use cases. A few issues were raised in the meeting: 1. Network Incident definitions needs more clarity even though it origins from TMF specification, e.g., how it is related to symptom, anomaly, etc. 2. Besides SLO violation, how network incident is generated based on other factors, more usage examples are needed for these. 3. Incident terminology is well-defined and should be consistent across the drafts and, where possible, synced with other SDO meanings (although the language may vary) Follow up actions include: 1. Nigel and Adrian volunteered to help define key terminology uses and define terms; 2. Dan to check with MEF and TMF documentation to check for SLO handling, including incident and problem coordination and definitions; 3. Open the network incident draft GitHub to the public and use it for draft development and tracking issues. -Qin (on behalf of Team) ___ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
Re: [OPSAWG] Network Incident Management Side Meeting Summary
[Adding the NMOP list - which is currently called NETMO] It's a month later. Nigel and I have been working on the first version of key terminology. We've actually made some progress (perhaps slower than our initial enthusiasm might have suggested). We're just putting the last polish on our first version that we intent to share "soon." Cheers, Adrian From: OPSAWG On Behalf Of Qin Wu Sent: 10 November 2023 07:46 To: opsawg@ietf.org Cc: draft-opsawg-evans-discardmo...@ietf.org; draft-netana-opsawg-nmrg-network-anomaly-semant...@ietf.org; draft-feng-opsawg-incident-managem...@ietf.org Subject: [OPSAWG] Network Incident Management Side Meeting Summary Hi, All: Thanks all folks who participated in network incident management discussion on Tuesday afternoon. The side meeting was spent one hour exploring network incident concepts and use cases; three related drafts were discussed. We received a lot of great contributions for the following drafts being discussed: https://datatracker.ietf.org/doc/draft-feng-opsawg-incident-management/ (Service Level Incident) https://datatracker.ietf.org/doc/draft-opsawg-evans-discardmodel/ (Anomaly Detection, Correlation and Mitigation for Packet Discard) https://datatracker.ietf.org/doc/draft-netana-opsawg-nmrg-network-anomaly-se mantics/ (Network anomaly semantics) It was identified that multi-layer Fault Demarcation is related to POI, however the network incident model can be defined as generic model used for many other use cases. A few issues were raised in the meeting: 1. Network Incident definitions needs more clarity even though it origins from TMF specification, e.g., how it is related to symptom, anomaly, etc. 2. Besides SLO violation, how network incident is generated based on other factors, more usage examples are needed for these. 3. Incident terminology is well-defined and should be consistent across the drafts and, where possible, synced with other SDO meanings (although the language may vary) Follow up actions include: 1. Nigel and Adrian volunteered to help define key terminology uses and define terms; 2. Dan to check with MEF and TMF documentation to check for SLO handling, including incident and problem coordination and definitions; 3. Open the network incident draft GitHub to the public and use it for draft development and tracking issues. -Qin (on behalf of Team) ___ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
[OPSAWG] Network Incident Management Side Meeting Summary
Hi, All: Thanks all folks who participated in network incident management discussion on Tuesday afternoon. The side meeting was spent one hour exploring network incident concepts and use cases; three related drafts were discussed. We received a lot of great contributions for the following drafts being discussed: https://datatracker.ietf.org/doc/draft-feng-opsawg-incident-management/ (Service Level Incident) https://datatracker.ietf.org/doc/draft-opsawg-evans-discardmodel/ (Anomaly Detection, Correlation and Mitigation for Packet Discard) https://datatracker.ietf.org/doc/draft-netana-opsawg-nmrg-network-anomaly-semantics/ (Network anomaly semantics) It was identified that multi-layer Fault Demarcation is related to POI, however the network incident model can be defined as generic model used for many other use cases. A few issues were raised in the meeting: 1. Network Incident definitions needs more clarity even though it origins from TMF specification, e.g., how it is related to symptom, anomaly, etc. 2. Besides SLO violation, how network incident is generated based on other factors, more usage examples are needed for these. 3. Incident terminology is well-defined and should be consistent across the drafts and, where possible, synced with other SDO meanings (although the language may vary) Follow up actions include: 1. Nigel and Adrian volunteered to help define key terminology uses and define terms; 2. Dan to check with MEF and TMF documentation to check for SLO handling, including incident and problem coordination and definitions; 3. Open the network incident draft GitHub to the public and use it for draft development and tracking issues. -Qin (on behalf of Team) ___ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg