IETF Logo Mail Archive

Re: [Anima] I-D Action: draft-yizhou-anima-l2-acp-based-ani-00.txt

Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 20 October 2021 01:37 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D833D3A09E7; Tue, 19 Oct 2021 18:37:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OCbzpTQVgICc; Tue, 19 Oct 2021 18:37:08 -0700 (PDT)
Received: from mail-pg1-x532.google.com (mail-pg1-x532.google.com [IPv6:2607:f8b0:4864:20::532]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEB033A09DD; Tue, 19 Oct 2021 18:37:05 -0700 (PDT)
Received: by mail-pg1-x532.google.com with SMTP id 136so1281650pgc.2; Tue, 19 Oct 2021 18:37:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=5FQLSR1k6R2gQAogP+rSizVu73HndmWXJJvw356iwKE=; b=Sk9LzYXyqPdGxiQDFOtLLvfyD3Kga/g7SoJlJkL6SPJzzl6qDkEd0lPZeB2XYWGe0f 7bcRE5pTd4uDfTfYrD1rI/hnDy8xThlT+K2DWrRg1MdODd1G3krp1XPIZgxKJKNHaSSp 1IHlqFMKUSQGNs0AvOtFpu5hjLGwhee5p9zlJMnG5DH95GZ2jmf+tv/Erz4QREw2js8V Xqqw/9aW5nIvNrrqXr96oWJIqd/t0Cidtun7s7mGoI/pUEoNyDp18n2VQpBPWYXd10aT 1nYnoyc9at/dA7XgMrEPSRXm/mBvB2rdOyGTbf5qJSMdq4OaVD4NsOTAn8zsDagFLZiz +YzQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=5FQLSR1k6R2gQAogP+rSizVu73HndmWXJJvw356iwKE=; b=mj/Tc7F7Hbp9DaXAXf0Mw9TYnTS+EUjwC2bGFxt5+f2dfY0sjt5f/EEglGGOLEc/yt w3GA9j1AuZbWrRx4b6elY8stk0M+i7hs/UGehiW3BE0K872FKgrpH9+yXmLwrhdOJbcQ jBDzpaM9E4XuHywgiI82w/gILhg05gB8JPSmNS2xrc6t76nGu1UrTEbbopqPVkiiTk8q M4vbupStqZmEbbif2VnSo0N/uP1t0NZ3KY+a683lwRGmKjEriDYLkCscF/UE+DnjZpJ0 vnyPl4yFj+vhh8SCikDH5ESEuZbwIFGTr8/LyDwHGG9DqjaFVZRlBfLddylMJH2Rh0Lv Gdqw==
X-Gm-Message-State: AOAM5304LbAISDGu/dDtupoTFu0QQdIHk6dc2x0JVoC3o890i1A2FzCr YCvsYk9vavCLpM6jMsGSS8BC8UyFZtDUjg==
X-Google-Smtp-Source: ABdhPJwhpIOl5QKfCx+jEDkZ+Y7TvRJY1NAFJyzChhsqV+23/4vIBFhpxMtXTNeJ9m46tiyjGo8bLg==
X-Received: by 2002:a62:1d46:0:b0:44d:1a4d:5d03 with SMTP id d67-20020a621d46000000b0044d1a4d5d03mr3329467pfd.55.1634693824229; Tue, 19 Oct 2021 18:37:04 -0700 (PDT)
Received: from ?IPv6:2406:e003:102d:e801:db7:d041:a2d:ce65? ([2406:e003:102d:e801:db7:d041:a2d:ce65]) by smtp.gmail.com with ESMTPSA id p7sm418993pgn.52.2021.10.19.18.37.02 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 19 Oct 2021 18:37:03 -0700 (PDT)
To: draft-yizhou-anima-l2-acp-based-ani@ietf.org
References: <163463033712.25024.851885585891035829@ietfa.amsl.com>
Cc: Anima WG <anima@ietf.org>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <7095c13c-1ad2-3b6e-25f2-657faa06fbaa@gmail.com>
Date: Wed, 20 Oct 2021 14:37:03 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.0
MIME-Version: 1.0
In-Reply-To: <163463033712.25024.851885585891035829@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/BDMCskVHBM3RfpvguBQf96Y3y0A>
Subject: Re: [Anima] I-D Action: draft-yizhou-anima-l2-acp-based-ani-00.txt
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Oct 2021 01:37:14 -0000

Hi,

This is an interesting draft and I think the topic is important. Can you please compare with draft-carpenter-anima-l2acp-scenarios-02? Unfortunately we did not get much response to that draft 2 years ago.

I don't really understand this statement:

  The DULL instance of GRASP is used to discover neighbours. 

DULL allows GRASP discovery, but this discovers ASAs handling a particular GRASP Objective. It is not designed to discover GRASP-capable nodes as such; GRASP doesn't need that. I've been running GRASP over L2 for 4 or 5 years, with no such neighbour discovery.

Also you write:

  Therefore similar functions of topology
  collection and loop-free topology creation is required for L2 ACP.

I don' think that is needed. On a single link, there is no need to know topology. When there are multiple links, the GRASP relaying procedures for M_FLOOD and M_DISCOVER (which are link-local multicast packets) prevent loops. Normal IPv6 routing takes care of unicast packets.

The essential problem with using L2 as an ACP is security. Apart from security, GRASP works perfectly over L2, as long as it supports native link-local multicast.

So, did you look at the L2-independent security proposed in draft-carpenter-anima-quads-grasp? It describes quite strong security for GRASP over any layer 2, but it needs a shared secret. BRSKI and the standard ACP avoid that defect. As far as I can see, that is the entire problem of any L2 ACP solution. If you can avoid a shared secret without BRSKI, that would be great, but I'm not sure it's possible. In fact QUADS is more general than L2; it also secures GRASP on a routed network.

(The code for QUADS security is built into my GRASP code. It is documented at page 22 in https://github.com/becarpenter/graspy/raw/master/graspy.pdf)

Regards
   Brian Carpenter

On 19-Oct-21 20:58, internet-drafts@ietf.org wrote:
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> 
> 
>         Title           : Requirement and a Reference Model of L2 ACP based ANI
>         Authors         : Yizhou Li
>                           Yujing Zhou
>                           Li Shen
> 	Filename        : draft-yizhou-anima-l2-acp-based-ani-00.txt
> 	Pages           : 7
> 	Date            : 2021-10-19
> 
> Abstract:
>    This document discusses the scenarios, requirements and a reference
>    model of ANI (Autonomic Networking Infrastructure) to be constructed
>    in a layer 2 network using L2 Autonomic Control Plane (ACP) and the
>    related functions.  It expands the applicability of ANI to L2 network
>    and maintains the same infrastructure.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-yizhou-anima-l2-acp-based-ani/
> 
> There is also an htmlized version available at:
> https://datatracker.ietf.org/doc/html/draft-yizhou-anima-l2-acp-based-ani-00
> 
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> 
> _______________________________________________
> I-D-Announce mailing list
> I-D-Announce@ietf.org
> https://www.ietf.org/mailman/listinfo/i-d-announce
> Internet-Draft directories: http://www.ietf.org/shadow.html
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>

v2.23.0 | Report a Bug | By Email