Re: [Anima-bootstrap] peer and domain [was BRSKI State Machine]

Brian E Carpenter <> Wed, 19 October 2016 19:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 088901296F8 for <>; Wed, 19 Oct 2016 12:42:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id wubWDpy9MKfp for <>; Wed, 19 Oct 2016 12:42:47 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400e:c00::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EA900129453 for <>; Wed, 19 Oct 2016 12:42:46 -0700 (PDT)
Received: by with SMTP id 128so21178610pfz.0 for <>; Wed, 19 Oct 2016 12:42:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=JwCUGNJlDc5N4UmdPL0y2O8T9IhVm9laKtYXoJDIKvg=; b=N3O9v+uyRyWtZJUlF8LUom8SPHGhGohX5M8O+nmie5Z3nQL1qw9k/kgTiS6gU0fx4O W2bY0XsaFwTLGUnEAMYsN7Rym6nqfUblnLnrToVLMWIvc8pBuF+9p5CUSFLKYmEhh+oZ MS8QV/3DQmMiz+b+nxzpnRNdqY0pGUOsolvN5IdGlg5xQgjscdbwlzBoN/T5uQvmLYk6 R99dfKakhGkw8hreahn9kc6BWE6kj8EiNrK6EfkWhYJFDY4pn5MbqEPotn+2DgtRqJvd GV3jNNfYZdbBBLGhbAPRf4GTu758IsE3yWjiZSZtebGa0Az9AI+l3u7ZfH8aivLa0YZG 7O+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=JwCUGNJlDc5N4UmdPL0y2O8T9IhVm9laKtYXoJDIKvg=; b=ceO47LVe1DnA3sHJcLtelqdJWIPlByycmH3UMHt6e1VJzHLakjTd/ALp9pgybWUeXu mQpeJn1zTmk4L4peKw9+TpqibiQW8SVYQf46IQYgMshfCY47CCD4l/bdmr0Lt4rSWtRB 9OZs0yDJzVOoC2uG8HZjUMNlKeAvqd8BWrGKSFzi0lw2gxzIVsujHRBWe7drz929G6Wg TbX1yDCVlgMSXR/jXYqxCiydYcJ/C6sUMhYE14ycsUFEIeRDMGARGVnwv9TMfPOjjbuF 4hC/SVqj8IjsL76xefEbvkWsPpABkbeyzm66I0MoBxZkB+tHjqhELrcktRCkHUkNqeIu pwDw==
X-Gm-Message-State: AA6/9RlxUTTVdL/QkQwarwYOOUmcu9bMZMB3zHpex+mdZ/4dDEZVzaWKVBbakiXLatgRgw==
X-Received: by with SMTP id f4mr14098681pff.67.1476906166410; Wed, 19 Oct 2016 12:42:46 -0700 (PDT)
Received: from [] ([]) by with ESMTPSA id u10sm65949549pau.32.2016. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Oct 2016 12:42:45 -0700 (PDT)
To: "Michael Behringer (mbehring)" <>, "Max Pritikin (pritikin)" <>
References: <> <> <> <> <>
From: Brian E Carpenter <>
Organization: University of Auckland
Message-ID: <>
Date: Thu, 20 Oct 2016 08:42:48 +1300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Cc: "" <>
Subject: Re: [Anima-bootstrap] peer and domain [was BRSKI State Machine]
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 19 Oct 2016 19:42:49 -0000

Picking out a couple points:

> Right now we really specify the same thing in both BRSKI and ACP drafts.

It's a bit worse, because in practice GRASP has to do a lot of the same
stuff. I won't trouble you with details, but the first sections of GRASP
initialisation carry these comments:

# Initialise global variables
# Is there an ACP?
# What's my address?
# What interfaces do I have?
# Create sockets to send LL multicasts
# Initialise TCP sockets to receive unicast Discovery responses
# Start relay if needed

So, although it doesn't deal with adjacencies as such, if it could
simply grap the adjacency table from the ACP, all of the above would
be much more straightforward. However, that may have things backwards.
If the first thing a GRASP node did after initialisation was something
like flood(objective("AN_ACP")) and then listen for incoming floods from
neighbors, it could quickly learn its potential ACP adjacencies.

So, perhaps ACP formation is a special case ASA that runs always, in insecure
link-local mode, to maintain adjacencies and support the creation of
secure ACP tunnels.

I could write demo code for the adjacency learning, but I'd need some help
on the domain ID.

> make a separate (short) draft for autonomic adjacency discovery, and the adjacency table.

If it's needed we can write it up. Then either embed it arbitrarily in one
of the other documents, or discuss it with the WG.


On 19/10/2016 20:21, Michael Behringer (mbehring) wrote:
>>> What exactly is the "peer" in the above text? I tend to assume it's the
>> proxy.
>>> In that case it seems to me that the discovery process (whether it's
>>> mDNS or GRASP) will discover all available proxies regardless of
>>> domain. And then try them in some order of preference TBD.
>> Agreed. From the perspective of a Pledge new device anything discovered is
>> a “proxy” or perhaps a registrar but it doesn’t yet know the domain(s).
> Mostly agree; two small edits: I would say " From the perspective of a Pledge anything discovered is a *potential* “proxy”."
> I would not mention the registrar, since we decided that if a device happens to be a registrar, it should still behave like a proxy, to keep the behaviour of the pledge as simple as possible. 
> (I'm sure we agree - these are just editorial comments)
>>> Also, all of this needs to work in the absence of an ACP and therefore
>>> of the ACP's adjacency table. That applies to GRASP too, because in
>>> order to perform its various link-local actions, it needs to know
>>> which interfaces it has and which link-local addresses it has. And it
>>> learns of its link-local neighbors as a result of discovery. So while
>>> I fully appreciate the value of the adjacency table, we need to be functional
>> without it.
>> Michael things of discovered proxies as adjacencies for the table. I think of
>> them as a “list of discovered proxies”. The concepts are similar and Michael is
>> correct that the current sentence could be clearer.
> Seen from BRSKI, you are right. 
> My main comment really is: Adjacency discovery, as well as the adjacency table, is really independent of both BRSKI and ACP. It is a feature of an *autonomic node*. When an autonomic node is in factory default, it will use the adjacency table to invoke bootstrap; when it is in a domain, it will use the same table to create an ACP connection. So the adjacency discovery and the table are really separate from BRSKI and ACP. 
> Because of this, I've said for a while the really "correct" thing to do would be to make a separate (short) draft for autonomic adjacency discovery, and the adjacency table. This would be a really nice place to describe the general behaviour of an autonomic node. 
> Right now we really specify the same thing in both BRSKI and ACP drafts. First of all, I think we should be VERY clear that we don't want *two* mechanisms to discover a proxy or an ACP neighbour. We want a single protocol to do this. (I think we agree up to here). 
> The chairs have been pushing hard against another draft, for purely practical reasons, and I understand that, and can live with it. 
> But let's be clear that this should really be the same protocol, it should be specified in one place only, and the other refers to that. (Again, I think we agree on that). 
> Here's what's going to happen in phase 2 of ANIMA: 
> - We'll want Intent to say things like "trust autonomic devices in domain x for the sole purpose of auto-negotiating BGP security". 
> - or "if a node in sees one in, it should create a 'unidirectional' ACP"
> - Therefore, a node now needs to scan its adjacency table, see where there are nodes of domain x. 
> - for such nodes, we'll establish another form of security association, we will NOT include them in the general ACP. 
> - so there will be another way to handle nodes in the table that we've ignored so far. 
> - This will result in another draft. 
> - Now, without the adjacency discovery draft, we need now to point to another "use case" draft, e.g., BRSKI for the details of adjacency discovery, and what to do in which case. 
> To me, we are turning cause and action the wrong way round. 
> Michael
>> - max
>>> Rgds
>>>    Brian