IETF Logo Mail Archive

Re: [Anima-bootstrap] joiner router stateful/stateless considerations

peter van der Stok <stokcons@xs4all.nl> Tue, 19 January 2016 11:13 UTC

Return-Path: <stokcons@xs4all.nl>
X-Original-To: anima-bootstrap@ietfa.amsl.com
Delivered-To: anima-bootstrap@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B8C41B2AE4 for <anima-bootstrap@ietfa.amsl.com>; Tue, 19 Jan 2016 03:13:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.251
X-Spam-Level:
X-Spam-Status: No, score=-2.251 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R81gMPyJpAHb for <anima-bootstrap@ietfa.amsl.com>; Tue, 19 Jan 2016 03:13:28 -0800 (PST)
Received: from lb2-smtp-cloud2.xs4all.net (lb2-smtp-cloud2.xs4all.net [194.109.24.25]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5A1D1B2AEE for <anima-bootstrap@ietf.org>; Tue, 19 Jan 2016 03:13:24 -0800 (PST)
Received: from webmail.xs4all.nl ([194.109.20.216]) by smtp-cloud2.xs4all.net with ESMTP id 7nDN1s00F4fjQrE01nDNUV; Tue, 19 Jan 2016 12:13:23 +0100
Received: from AMontpellier-654-1-17-221.w90-0.abo.wanadoo.fr ([90.0.32.221]) by webmail.xs4all.nl with HTTP (HTTP/1.1 POST); Tue, 19 Jan 2016 12:13:22 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Date: Tue, 19 Jan 2016 12:13:22 +0100
From: peter van der Stok <stokcons@xs4all.nl>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Organization: vanderstok consultancy
Mail-Reply-To: consultancy@vanderstok.org
In-Reply-To: <3993.1453005398@obiwan.sandelman.ca>
References: <3993.1453005398@obiwan.sandelman.ca>
Message-ID: <792a80be15de2b353298752e7b8d160d@xs4all.nl>
X-Sender: stokcons@xs4all.nl (HtNpLTgwbaOJxdeyfgdsFvCWbytgQRrB)
User-Agent: XS4ALL Webmail
Archived-At: <http://mailarchive.ietf.org/arch/msg/anima-bootstrap/lCWMtxGtVZXgoV7aBstgNuILJKA>
Cc: anima-bootstrap <anima-bootstrap@ietf.org>
Subject: Re: [Anima-bootstrap] joiner router stateful/stateless considerations
X-BeenThere: anima-bootstrap@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: consultancy@vanderstok.org
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <anima-bootstrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima-bootstrap/>
List-Post: <mailto:anima-bootstrap@ietf.org>
List-Help: <mailto:anima-bootstrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jan 2016 11:13:31 -0000

Hi Richard,

Thanks for the joinrouter document. It has certainly contributed to my 
understanding.

To clarify how far we are aligned, I like to describe my view on the 
managed (and “constrained”) network. After that I do have a suggestion 
and a question. I will use the term managed network throughout, 
principally mapped from the building control network that I know best.

A managed network has at least two interested parties for its 
management: (1) the network administrator as described in 
anima-reference-model, and (2) the provider of the managed network 
functions. These two co-exist to-day, but with the progressive movement 
from special purpose “proprietary” network standards (like BACnet) 
connected via gateways to Internet towards flat full IP networks, their 
relation changes. Both have a responsibility for the correct functioning 
of these networks, where managed network functions may (should) rely on 
the IP infra-structure managed by the administrator.

Contrary to the view expressed in anima-reference-model, the devices 
which constitute a managed network share a standardized IP stack. This 
stack standardizes the routing protocol, the discovery protocol, use of 
DNS. Also contrary to the view of anima-reference-model, the 
installation of the services running on the managed network may be 
facilitated by a human installer which specifies the names of services 
and devices, and establishes the secure relation between clients and 
servers.

In my opinion, it is beneficial when there is a common automated 
bootstrapping standard that is acceptable to the network administrator 
and the provider of the managed network. The advantage for the provider 
of the managed network is that there is a shared understanding of a 
correctly functioning network on top of which the managed network 
services can be installed. The advantage for the administrator is that 
he exerts some minimal control over the network.

Once this view is accepted, there are some complicating aspects for the 
anima bootstrapping process. There is the “managed network” part with 
the standardized stack without ASAs - possibly using DTLS with CoAP-, 
and there is the more complex Internet with ASAs - probably using http 
with TLS-. If it is reasonable to include the “managed network” devices 
into the anima bootstrapping process, I suggest that the anima 
bootstrapping services both types of networks. That may mean that 2 
solutions from the ones proposed in joinrouter document are chosen.

Having written that, my question concerns figure 1 of keyinfra draft. 
Two arrows are shown between new entity and Proxy with L2 and L3. I 
understand that this means that payloads are encoded at L2 or at L3. I 
am not sure that I understand how this works, because L2 security 
provisioning between for example 802.11 and 802.15.4 devices is 
different. Maintaining both the L2 and L3 option means that the security 
levels need to be aligned between the different link technologies and 
layer 3 technologies. That looks like an addition to the IP over foo 
documents. Is that correct?

Hope this helps,

Peter



Michael Richardson schreef op 2016-01-17 05:36:
> I finished writing:
>   
> https://tools.ietf.org/html/draft-richardson-anima-state-for-joinrouter-00
> 
> (I had another draft name, but it turns outs there is a 50 character 
> limit on
> draft names)
> 
> Abstract:
>    This document explores a number of issues affecting the decision to
>    use a stateful or stateless forwarding mechanism by the join router
>    (aka join assistant) during the bootstrap process for ANIMA.
> 
> 
> I have 6 possible technologies that the joining router could use.
> They fall into three categories from the point of view of the new node:
> 1) HTTPS
> 2) HTTPS via http-proxy
> 3) CoAP/DTLS.
> 
> 1&2 could be unified if the registar is willing to accept an HTTP 
> CONNECT
> command via HTTP (and always connect to itself), and then do HTTPS.
> 
> I realize that I did not describe a method 7, which is a circuit/NAT
> method for CoAP.
> 
> The Joining Router/Registrar interface is possibly agnostic about HTTPS 
> vs
> CoAPS for the IPIP methods.
> 
> From the new node point of view, if we were to make CoAPS mandator to 
> implement
> on the joining router, and HTTP optional that would make the IoT space 
> work
> best.
> 
> On the registrar<->Joining Router point of view, one could make either 
> IPIP
> or circuit proxy MTI.  The IPIP method is more difficult to implement 
> on the
> registrar, so some might argue for making it optional; but really it's 
> about
> simplifying the Joining Router.
> The IPIP mechanisms are already required in the RPL space, and Pascal 
> and 6lo
> are working at ways to compress the IPIP header already.
> 
> It's possible to seperate the IPIP decapsulation from the registrar, 
> but a
> bit messy. If one terminates the DTLS/TLS on the IPIP decapsulator, 
> it's much
> easier, and that would be something one would do if one had to scale 
> the
> registrar beyond a single machine.
> 
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>  -= IPv6 IoT consulting =-
> 
> 
> 
> 
> _______________________________________________
> Anima-bootstrap mailing list
> Anima-bootstrap@ietf.org
> https://www.ietf.org/mailman/listinfo/anima-bootstrap

v2.23.0 | Report a Bug | By Email