Re: [Anima] some comments about ACP connect

Toerless Eckert <> Mon, 16 December 2019 19:11 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 67C491208E4 for <>; Mon, 16 Dec 2019 11:11:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.95
X-Spam-Status: No, score=-3.95 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id IKMZiMLx2EWS for <>; Mon, 16 Dec 2019 11:11:27 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6F8DB1208E9 for <>; Mon, 16 Dec 2019 11:11:27 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id EBC29548016; Mon, 16 Dec 2019 20:11:21 +0100 (CET)
Received: by (Postfix, from userid 10463) id DDB9E440058; Mon, 16 Dec 2019 20:11:21 +0100 (CET)
Date: Mon, 16 Dec 2019 20:11:21 +0100
From: Toerless Eckert <>
To: Michael Richardson <>
Cc: Brian E Carpenter <>,
Message-ID: <>
References: <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <>
Subject: Re: [Anima] some comments about ACP connect
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 16 Dec 2019 19:11:29 -0000

On Thu, Nov 28, 2019 at 10:38:29AM +0100, Michael Richardson wrote:
>     > I can see that for conventional management tools. I will just observe
>     > that GRASP discovery doesn't need to be seeded with any well known
>     > addresses (except the GRASP LL multicast address) so GRASP is completely
>     > indifferent to how NOC hosts get their unicast addresses. In fact we
>     > could easily create a full NOC discovery mechanism over GRASP. I built
>     > a MUD Manager discovery mechanism in the hackathon yesterday, and any
>     > NOC server could be discovered the same way. It's probably worth
>     > re-reading RFC8368 before discussing further.
> We will have quite a number of convential management tools in the NOC.
> The need to be able to reach out from operator desktop to equipment with SSH
> (or gosh... telnet?) will persist into the future, and it's why we built and
> secured the ACP.

+1 - my currently hibernating drafts for NOC integration are trying to
close the most basic gaps for that.

> Many existing services will need names, and while putting ULAs into DNS might
> surprise some IPv4 operators, I think it's completely sane.

Enterprises have put rfc1918 addresses into DNS forever. Alas, it only
works with hacks because DNS does not have the concept of different
scope/zones of notes/addresses with accordingly different access
control. But those hacks are fairly standard.

> A question will be how to connect the current crop of management tools to the
> ACP. This can be done by literally connecting desktops via ACP Connect.

Right. The ACP spec defines the two most sane models to do so, but there
are a lot more options achievable through configuration alternatives.

> Another way will involve putting bastion hosts (ssh-jump-hosts) into the NOC,
> as well as hosting virtual desktops on hypervisors connected via ACP Connect.