**Session Date/Time:** 09 Nov 2022 09:30

# opsawg

## Summary

The opsawg meeting covered a wide range of topics, including MUD model updates, IPFIX-related proposals, TCP flag issues in IPFIX, encrypted DNS resolvers, data manifests for contextualized telemetry data, configuration tracing, data models for lifecycle management, a network inventory model, and policy-based network access control. Discussions included potential working group adoption, further review, and coordination with other IETF working groups. There was also an outreach segment from the detnet working group seeking operational input.

## Key Discussion Points

*   **MUD Model Updates:**
    *   Discussion around MUD acceptable URLs and DNS considerations.
    *   Ben Schwartz's comments on using SOCKS V5 were discussed.
    *   Concerns raised about installing root certificates on IoT devices.
    *   Emphasis on using local DNS servers and potential home router filtering based on MUD policies.
*   **IPFIX Related Proposals:**
    *   SRv6 SRH IPFIX draft discussed, including feedback from SPRING WG.
    *   Implementation status presented with open source (VPP) and commercial implementations.
    *   Discussion on exporting on-path delay measurement metrics in IPFIX.
    *   Need to provide context along with delay metrics (interfaces, nodes, next hops).
*   **TCP Flag Issues in IPFIX:**
    *   Inconsistencies between IPFIX registry and TCP flag definitions in older RFCs.
    *   Discussion on whether to create a new RFC to address these issues.
    *   Suggestion to review the entire Ayana registry for similar occurrences.
*   **Encrypted DNS Resolvers:**
    *   Concerns about endpoints connecting to evil twin networks and using attacker-controlled encrypted DNS.
    *   Proposed mechanism using discovered encrypted resolver as a fingerprint.
    *   Discussion on using Trust on First Use (TOFU) and reliance on SSID.
    *   Considerations for devices with V6 multi-homing.
*   **Data Manifest for Contextualized Telemetry Data:**
    *   Goal is to analyze data from collection systems with proper context.
    *   Proposal for two data manifests: platform and data collection.
    *   Discussion on the difference between this proposal and simply subscribing to the Yang push subscription.
    *   Considerations for data integrity and vendor identification.
*   **Configuration Tracing:**
    *   Addressing the issue of tracing configuration changes in multi-layer networks.
    *   Mapping local commit IDs to Northbound and Southbound transactions.
    *   Overlapping work with the Trace Context Extension draft.
    *   Concerns about collision of transaction and client IDs, and data persistence.
*   **Data Model for Lifecycle Motivation Operation:**
    *   Supporting lifecycle management and operation of assets (features, licenses).
    *   Clarifying the scope of the model regarding licenses and features.
    *   Dependence on other inventory drafts.
    *   Discussion about whether license considerations should occur at the OSS level instead of individual device level.
*   **Network Inventory Model:**
    *   Aiming for a complete view of the network status in Enterprise Networks.
    *   Suggesting augmentation of the current IETF network model with software/hardware components and endpoint information.
*   **Policy-Based Network Access Control:**
    *   Ensuring Access Control based on user group identity and time variance policies.
    *   Discussion on realizing the mapping between user group ID and IP address.
    *   Concerns about generic solution for time-based configurations.
*   **PCAP Link Type Registration:**
    *   Desire to adopt a document specifying PCAP link type registration.
*   **detnet Outreach:**
    *   detnet is seeking input from large network operators.
    *   Concerns raised around scalability, cost, and ease of deployment in large-scale networks.
    *   Discussion on clock synchronization requirements and preferred mechanisms for explicit path selection.

## Decisions and Action Items

*   **SRv6 SRH IPFIX:** Chair to follow up on the list to determine if the working group thinks the document is stable and ready for request of code point.
*   **On-Path Delay Measurement in IPFIX:** Chair to conduct a formal call for adoption after IETF 115.
*   **TCP Flag Issues in IPFIX:**
    *   Take to the list and ask the working group if they want to take it on.
    *   Matt and Ben to go through the Ayana registry to see how big of a problem it is.
*   **Data Manifest for Contextualized Telemetry Data:** Chair to determine if the working group would like to adopt it.
*   **Configuration Tracing:**  Authors to work with authors of the Trace Context Extension draft to find a common solution.
*   **Data Model for Lifecycle Motivation Operation:**  Authors to clarify the scope of licensing within the document.
*   **Network Inventory Model:**  Coordinate the Mailing List to reach agreements.
*   **Policy-Based Network Access Control:**  Take to the list to see if there is interest in working on it.
*   **PCAP Link Type Registration:** Chair to determine if they are going through the IESG or ISE.
*   **General:** Robert to create a mailing list for discussion regarding Yang models and inventory models.

## Next Steps

*   Follow up on action items listed above.
*   Discussions will continue on the mailing lists.
*   Coordination with other working groups (e.g., netconf, SPRING) will be necessary for some drafts.
*   detnet working group seeks input from operators of large-scale networks.