Re: [Anima-bootstrap] peer and domain [was BRSKI State Machine]

["Michael Behringer (mbehring)" <mbehring@cisco.com>]

> > What exactly is the "peer" in the above text? I tend to assume it's the
> proxy.
> > In that case it seems to me that the discovery process (whether it's
> > mDNS or GRASP) will discover all available proxies regardless of
> > domain. And then try them in some order of preference TBD.
> 
> Agreed. From the perspective of a Pledge new device anything discovered is
> a “proxy” or perhaps a registrar but it doesn’t yet know the domain(s).

Mostly agree; two small edits: I would say " From the perspective of a Pledge anything discovered is a *potential* “proxy”."

I would not mention the registrar, since we decided that if a device happens to be a registrar, it should still behave like a proxy, to keep the behaviour of the pledge as simple as possible. 

(I'm sure we agree - these are just editorial comments)

> > Also, all of this needs to work in the absence of an ACP and therefore
> > of the ACP's adjacency table. That applies to GRASP too, because in
> > order to perform its various link-local actions, it needs to know
> > which interfaces it has and which link-local addresses it has. And it
> > learns of its link-local neighbors as a result of discovery. So while
> > I fully appreciate the value of the adjacency table, we need to be functional
> without it.
> 
> Michael things of discovered proxies as adjacencies for the table. I think of
> them as a “list of discovered proxies”. The concepts are similar and Michael is
> correct that the current sentence could be clearer.

Seen from BRSKI, you are right. 

My main comment really is: Adjacency discovery, as well as the adjacency table, is really independent of both BRSKI and ACP. It is a feature of an *autonomic node*. When an autonomic node is in factory default, it will use the adjacency table to invoke bootstrap; when it is in a domain, it will use the same table to create an ACP connection. So the adjacency discovery and the table are really separate from BRSKI and ACP. 

Because of this, I've said for a while the really "correct" thing to do would be to make a separate (short) draft for autonomic adjacency discovery, and the adjacency table. This would be a really nice place to describe the general behaviour of an autonomic node. 
 
Right now we really specify the same thing in both BRSKI and ACP drafts. First of all, I think we should be VERY clear that we don't want *two* mechanisms to discover a proxy or an ACP neighbour. We want a single protocol to do this. (I think we agree up to here). 

The chairs have been pushing hard against another draft, for purely practical reasons, and I understand that, and can live with it. 

But let's be clear that this should really be the same protocol, it should be specified in one place only, and the other refers to that. (Again, I think we agree on that). 

Here's what's going to happen in phase 2 of ANIMA: 
- We'll want Intent to say things like "trust autonomic devices in domain x for the sole purpose of auto-negotiating BGP security". 
- or "if a node in sp.net sees one in customer.sp.net, it should create a 'unidirectional' ACP"
- Therefore, a node now needs to scan its adjacency table, see where there are nodes of domain x. 
- for such nodes, we'll establish another form of security association, we will NOT include them in the general ACP. 
- so there will be another way to handle nodes in the table that we've ignored so far. 
- This will result in another draft. 
- Now, without the adjacency discovery draft, we need now to point to another "use case" draft, e.g., BRSKI for the details of adjacency discovery, and what to do in which case. 

To me, we are turning cause and action the wrong way round. 

Michael


> - max
> 
> >
> > Rgds
> >    Brian
> >
> >