Re: [Anima] some comments about ACP connect
Toerless Eckert <tte@cs.fau.de> Mon, 16 December 2019 19:11 UTC
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67C491208E4 for <anima@ietfa.amsl.com>; Mon, 16 Dec 2019 11:11:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.95
X-Spam-Level:
X-Spam-Status: No, score=-3.95 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IKMZiMLx2EWS for <anima@ietfa.amsl.com>; Mon, 16 Dec 2019 11:11:27 -0800 (PST)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F8DB1208E9 for <anima@ietf.org>; Mon, 16 Dec 2019 11:11:27 -0800 (PST)
Received: from faui48f.informatik.uni-erlangen.de (faui48f.informatik.uni-erlangen.de [131.188.34.52]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id EBC29548016; Mon, 16 Dec 2019 20:11:21 +0100 (CET)
Received: by faui48f.informatik.uni-erlangen.de (Postfix, from userid 10463) id DDB9E440058; Mon, 16 Dec 2019 20:11:21 +0100 (CET)
Date: Mon, 16 Dec 2019 20:11:21 +0100
From: Toerless Eckert <tte@cs.fau.de>
To: Michael Richardson <mcr@sandelman.ca>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, anima@ietf.org
Message-ID: <20191216191121.GA63300@faui48f.informatik.uni-erlangen.de>
References: <83396eee-ac1c-ee53-5949-2a49590637ec@sandelman.ca> <f2d7fac0-1bbd-c8cf-fe22-f8a79dd2a978@gmail.com> <22922.1574933909@dooku.sandelman.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <22922.1574933909@dooku.sandelman.ca>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/QCb8FeNhIrLNJFRnP1k-vH1lE0E>
Subject: Re: [Anima] some comments about ACP connect
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Dec 2019 19:11:29 -0000
On Thu, Nov 28, 2019 at 10:38:29AM +0100, Michael Richardson wrote:
> > I can see that for conventional management tools. I will just observe
> > that GRASP discovery doesn't need to be seeded with any well known
> > addresses (except the GRASP LL multicast address) so GRASP is completely
> > indifferent to how NOC hosts get their unicast addresses. In fact we
> > could easily create a full NOC discovery mechanism over GRASP. I built
> > a MUD Manager discovery mechanism in the hackathon yesterday, and any
> > NOC server could be discovered the same way. It's probably worth
> > re-reading RFC8368 before discussing further.
>
> We will have quite a number of convential management tools in the NOC.
> The need to be able to reach out from operator desktop to equipment with SSH
> (or gosh... telnet?) will persist into the future, and it's why we built and
> secured the ACP.
+1 - my currently hibernating drafts for NOC integration are trying to
close the most basic gaps for that.
> Many existing services will need names, and while putting ULAs into DNS might
> surprise some IPv4 operators, I think it's completely sane.
Enterprises have put rfc1918 addresses into DNS forever. Alas, it only
works with hacks because DNS does not have the concept of different
scope/zones of notes/addresses with accordingly different access
control. But those hacks are fairly standard.
> A question will be how to connect the current crop of management tools to the
> ACP. This can be done by literally connecting desktops via ACP Connect.
Right. The ACP spec defines the two most sane models to do so, but there
are a lot more options achievable through configuration alternatives.
> Another way will involve putting bastion hosts (ssh-jump-hosts) into the NOC,
> as well as hosting virtual desktops on hypervisors connected via ACP Connect.
Right.
CHeers
Toerless
- [Anima] some comments about ACP connect Michael Richardson
- Re: [Anima] some comments about ACP connect Brian E Carpenter
- Re: [Anima] some comments about ACP connect Toerless Eckert
- Re: [Anima] some comments about ACP connect Toerless Eckert
- Re: [Anima] some comments about ACP connect Michael Richardson
- Re: [Anima] some comments about ACP connect Toerless Eckert
- Re: [Anima] some comments about ACP connect Michael Richardson
- Re: [Anima] some comments about ACP connect Toerless Eckert