IETF Logo Mail Archive

Re: [Anima] I-D Action: draft-yizhou-anima-l2-acp-based-ani-00.txt

Brian E Carpenter <brian.e.carpenter@gmail.com> Fri, 29 October 2021 02:41 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8D4B3A09D5 for <anima@ietfa.amsl.com>; Thu, 28 Oct 2021 19:41:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.428
X-Spam-Level:
X-Spam-Status: No, score=-5.428 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-3.33, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D1Wo6msEUxpe for <anima@ietfa.amsl.com>; Thu, 28 Oct 2021 19:41:44 -0700 (PDT)
Received: from mail-pf1-x42a.google.com (mail-pf1-x42a.google.com [IPv6:2607:f8b0:4864:20::42a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEDAB3A09D4 for <anima@ietf.org>; Thu, 28 Oct 2021 19:41:43 -0700 (PDT)
Received: by mail-pf1-x42a.google.com with SMTP id l1so1434051pfu.5 for <anima@ietf.org>; Thu, 28 Oct 2021 19:41:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=RMeuB7YlGIhw71e2w1z8u+nNZkjpPkrVvI76HgBaeac=; b=CdUG63zdIZQ2eu0itkLyckIODG9AciCoJ3Kozj+9XJS0HC8wRTguOD67X/o+DBLBo/ kj7AHzIy5wPbO4agfZH2rKdQJw9+CD0vEYhG5J2rWRQFl4RdQaPpe20HgcI0dT+UwO5E UMG/LFbquB/dPpNJQ+EkzJGilGrML0IbapAvVMqxEUDCwt5MSB7+0EVZedeRqGWm8CJI Yq00NCHjsSGATxSnjQgkCXrA0k8jocOqgZGWOAZZFfIANJiXveUDFYpHLNRluq3fUKWl kj8JhMEnylxl1HpxRCe1c6EFluV/M/bfNYz0GSL5RYiefIF/vFkSSWe8c5qzZPZZZBLp xAjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=RMeuB7YlGIhw71e2w1z8u+nNZkjpPkrVvI76HgBaeac=; b=Isk0QZrHHLJ+/nhY7v6uT8CGvTah80GeBlLZw5SyKpYnDo5I3BCV6s8GDQwK2DDjRS C+mBB6zMEQ7hv+6b8UIW/sJAJ8ErfaKzK21SeQo33G6SeHmJtw76s/KZzG2TVWie6oqU pDw2snG++YIkMe+Ak0OIY/LlVqTCeF4QEUhrxUkAVb0nKmW8XzCmoQUi20Ch3VigmlgX AQyAlM+RjrwDCEsOr/4OUau9+vjyx5roHYSpRyCzQXusWxRSxlfKIOR4jhvnWGXjGsqr imKZyGp1pwMXHCgbtm3r/N9wGpsEYUD9d3IFtk6R3pcE7Lk4C5Hh/9/RHgKPPaoeM4Ms 8c/Q==
X-Gm-Message-State: AOAM531SF1cf/Ka6XT2gY2Zbrm5bK+M99NT0cm0I8N63hBlMiiLKQbb3 aZtH/ktCBeVcssax+bl3JQ9fgWanCzAkSA==
X-Google-Smtp-Source: ABdhPJzjCY8SqYlKjVmoQ/Gacl3FsZwDOP0wd/xfoKIhvuUeUb52tQmZ6CDBXnMNaTH6mBqNwtVTFw==
X-Received: by 2002:a63:7553:: with SMTP id f19mr6182540pgn.328.1635475302596; Thu, 28 Oct 2021 19:41:42 -0700 (PDT)
Received: from ?IPv6:2406:e003:102d:e801:80b2:5c79:2266:e431? ([2406:e003:102d:e801:80b2:5c79:2266:e431]) by smtp.gmail.com with ESMTPSA id l6sm5146699pfc.126.2021.10.28.19.41.40 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 28 Oct 2021 19:41:41 -0700 (PDT)
To: Liyizhou <liyizhou@huawei.com>, Michael Richardson <mcr+ietf@sandelman.ca>, Anima WG <anima@ietf.org>
References: <163463033712.25024.851885585891035829@ietfa.amsl.com> <7095c13c-1ad2-3b6e-25f2-657faa06fbaa@gmail.com> <32375.1635271594@localhost> <08dfbe37ed2c4b1a94d5be81cb4b8623@huawei.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <aa9cf1cb-08c3-3dd7-260a-6dfe16c8283a@gmail.com>
Date: Fri, 29 Oct 2021 15:41:37 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.0
MIME-Version: 1.0
In-Reply-To: <08dfbe37ed2c4b1a94d5be81cb4b8623@huawei.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/BMcmnPYpHxcIBCz_btwdI6DRkgY>
Subject: Re: [Anima] I-D Action: draft-yizhou-anima-l2-acp-based-ani-00.txt
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Oct 2021 02:41:49 -0000

Just one comment here:

> But quite a number of them feel not so comfortable and hard (or not so willing) to understand to build ACP in ipv6


They do not need to understand IPv6 or do anything except check that the IPv6 stack is enabled in all devices. The ACP will deploy itself without requiring any manual configuration of IPv6 addressing or routing. It's much easier than deploying IPv6 for the dataplane.

Do you think your contacts can be persuaded to read the ANIMA article https://ipj.dreamhosters.com/wp-content/uploads/2021/10/243-ipj.pdf ? It was 
written exactly for such operators.

I do agree that there are use cases for an L2 ACP, but to really compete it must be easier to deploy than RFC8994 and equally secure. If you accept security via a shared secret, we can also solve the problem at layer 3.5 with ad hoc encryption.

Regards
    Brian

On 28-Oct-21 16:59, Liyizhou wrote:
> Hi Michael,
> 
> Thank you for your careful reading. It takes me some time to have some more thinking on the draft.
> 
> You are right that most devices have management interface with L3 capability.
> 
> The difficulty we met was when IPv4 is in use the management interface needs to get to DHCP server first to get its IP. DHCP is a BUM traffic.
> RFC3927 defined a self-configured IPv4 address, but AFAIK it is implemented in some host OS but not on network nodes.
> The expected L2ACP in my mind has the function of L2 loop-free reachability before the management interface of the nodes obtains IP via DHCP.
> 
> I understand an IPv6 link-local address can be used for ACP even when the data plane is IPv4. I tried to talk to some engineers/admins if they would like to use it in such a way. Some think it is ok.
> But quite a number of them feel not so comfortable and hard (or not so willing) to understand to build ACP in ipv6 while keep using IPv4 data plane. And some of the admins are used to use the IPv4 management addresses 
simply because they are short and remembering them is part of their habit 
already.
> The admin is usually very careful about the change of style in managing 
their network. They may want to use telnet to check the node from time to 
time. So the fact that addresses to be remembered have to be short is more important to them than I thought.
> 
> Anima is for operation and maintenance. We can try to change the habit of admins gradually , at the same time I am thinking it may also be worthwhile to give a reasonable tool to those who would like to use it in a more old fashion way.
> 
> I agree with the comments about the scale of SMB and small branch.
> "No L3 physical interfaces" basically refers to L2 physical interface. I think the more correct text should be something like "the interface cannot or is not configured to automatically get IP address without any external exchange."
> 
> 
> Yizhou
> 
> -----Original Message-----
> From: Anima [mailto:anima-bounces@ietf.org] On Behalf Of Michael Richardson
> Sent: Wednesday, October 27, 2021 2:07 AM
> To: Anima WG <anima@ietf.org>
> Subject: Re: [Anima] I-D Action: draft-yizhou-anima-l2-acp-based-ani-00.txt
> 
> 
> I read through draft-yizhou-anima-l2-acp-based-ani-00.txt.
> I don't really understand the applicability.
> 
> It says:
> 
>>    However
>>    there are some cases which require L2 ACP functions in ANI.  The L2
>>    ACP is used in such cases that the managed network is a reletively
>>    small layer 2 network where the network nodes have no L3 physical
>>    interfaces and the network manager would like to use and verify the
>>    L2 topology and reachability first for some management purpose.
> 
> The claim is that there are no L3 "physical interfaces"
> I don't really know what means.
> 
> How is management done?  I guess that there is no SNMP, no SSH, no YANG, and no web interface into these devices?
> Many of the L1 DWDM devices that I have worked with have managment interfaces that provide all of these L3 kind of things (Some don't: They are purely physical/optical devices with no management at
> all.)
> 
>> In SOHO or SMB case, the network is not large and the network nodes
>>     have less resource.  They are pure layer 2 nodes or nodes to be
>>    enrolled as layer 2 first to form the initial simple topology for
>>    cabling verification.  In this case, autonomic network management
>>    with the layer 2 network nodes is required.  Figure 1 shows a typical
>>    example of layer 2 network.
>>
>>    For small branch, the number of hosts is usually less than 200, and
>>    the number of WiFi AP and access switches are both less than 10.
> 
> SOHO/SMB cases do not have 200 hosts.  They have 20 hosts max, with a single AP, and every single one (the one) of the "switches" has an L3 interface on which there is a web interface.
> For a small branch office, those numbers seem reasonable, but I think that every single one of those devices has a L3 management interface.
> 
> While there are many L2/L3 1/10/100Gbps switches have a 100Mb/s L3-only 
management for an OOB network connection, they are all capable of having a management L3 interface attached to any of the L2 "VLANs" which may be created.  Some are annoying/stupid, and can only attach to vlan1, but that's increasingly uncommon.
> 
> So:
>    1) I agree that we need an ACP discovery (DULL) mechanism that does not
>    rely on broadcast frames.
> 
>    2) I also agree that some links might benefit from using MACsec rather than
>    IPsec for seperation across the physical links.
> 
> Both of these mechanisms will reveal the state of L2 connectivity.
> 
> I do not agree that we need any kind of L2-ACP.  We don't need to move ethernet frames around like this.  Anyway, I think 802.1q already provides for that.  yeah, STP sucks.  Don't use STP with redundant voice links.
> For management links, it is okay.  It's just really hard to debug.
> 
> --
> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
>             Sandelman Software Works Inc, Ottawa and Worldwide
> _______________________________________________
> Anima mailing list
> Anima@ietf.org
> https://www.ietf.org/mailman/listinfo/anima
>

v2.23.0 | Report a Bug | By Email