Re: [Anima] Robert Wilton's No Objection on draft-ietf-anima-autonomic-control-plane-28: (with COMMENT)

Michael Richardson <mcr+ietf@sandelman.ca> Sun, 23 August 2020 21:39 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E0F63A0E80; Sun, 23 Aug 2020 14:39:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BOhs0D2OW-eJ; Sun, 23 Aug 2020 14:39:18 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9404E3A0E7C; Sun, 23 Aug 2020 14:39:17 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 012CB389C7; Sun, 23 Aug 2020 17:18:20 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id GsVC0G6eVouC; Sun, 23 Aug 2020 17:18:19 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 19D6B389C6; Sun, 23 Aug 2020 17:18:19 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id A21C31EA; Sun, 23 Aug 2020 17:39:14 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Robert Wilton <rwilton@cisco.com>
cc: "The IESG" <iesg@ietf.org>, anima-chairs@ietf.org, draft-ietf-anima-autonomic-control-plane@ietf.org, anima@ietf.org, jiangsheng@huawei.com
In-Reply-To: <159708388539.28258.3242297268864037873@ietfa.amsl.com>
References: <159708388539.28258.3242297268864037873@ietfa.amsl.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature"
Date: Sun, 23 Aug 2020 17:39:14 -0400
Message-ID: <14395.1598218754@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/FuZ_bkB0anzu_diru3BXBEJuGwg>
Subject: Re: [Anima] Robert Wilton's No Objection on draft-ietf-anima-autonomic-control-plane-28: (with COMMENT)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Aug 2020 21:39:20 -0000

Robert Wilton via Datatracker <noreply@ietf.org> wrote:
    > 6.10.1.  Fundamental Concepts of Autonomic Addressing

    > For a PE device or NID, how does it know which interfaces to run ACP
    > over?

I think that "PE" here means "Provider Edge"?
The answer is that it runs the GRASP DULL on *ALL* interfaces, because it the
device may have no idea it is a Provider Edge device on that Interface.

A Provider might want to turn this off, and they could well do that once the
device has joined the ACP and gotten management control.  But, the risk of
doing that is that the cables will get plugged in wrong, and the operator
will lose access to the device.

In this case, I think that ANIMA's ACP prefers connectivity over the small
amount of privacy lost by indicating that an IKEv2 is listening on an IPv6
Link-Local address.  There is no security breach possible because the IKEv2
(or DTLS) connection will not complete without the right trust anchors present.

A smart heuristic might be to include some kind of dead-man's switch.
The management interface might turn the DULL off on some interfaces for a
period of time, and if the management interface is lost, then the interfaces
would stop being suppressed.  This falls into the quality of implementation
category at this point.

--
Michael Richardson <mcr+IETF@sandelman.ca>ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-