Re: [Anima] I-D Action: draft-yizhou-anima-l2-acp-based-ani-00.txt
"duzongpeng@foxmail.com" <duzongpeng@foxmail.com> Tue, 26 October 2021 15:08 UTC
Return-Path: <duzongpeng@foxmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B46463A128B; Tue, 26 Oct 2021 08:08:59 -0700 (PDT)
X-Quarantine-ID: <9uzqK96sma9V>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "Message-ID"
X-Spam-Flag: NO
X-Spam-Score: 2.346
X-Spam-Level: **
X-Spam-Status: No, score=2.346 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HELO_DYNAMIC_IPADDR=1.951, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SORBS_WEB=1.5, RDNS_DYNAMIC=0.982, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=foxmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9uzqK96sma9V; Tue, 26 Oct 2021 08:08:54 -0700 (PDT)
Received: from out203-205-221-164.mail.qq.com (out203-205-221-164.mail.qq.com [203.205.221.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31D373A128C; Tue, 26 Oct 2021 08:08:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foxmail.com; s=s201512; t=1635260930; bh=o5brr+q3Q6nyxxEJNnj7cf2ISpu6Ofz0hBGyMQciNjw=; h=Date:From:To:Cc:Subject:References; b=WxCQR9trLjAJChgFSnrNrFHL4BaUGGtWejadVhjb5bKGohshljdIvgp8f/Fuairef FvU/xTQZq59sJ/kbflffXNOKTlrjdkZsCPNeqqqN/GdtqVLrtgykDmWtW/CQ5pFWgP YelugrK42MVE/dcK3EKGnALH6/jE3/hBv4lNHwWk=
Received: from cmcc-PC ([221.130.253.135]) by newxmesmtplogicsvrszb6.qq.com (NewEsmtp) with SMTP id 22C0BEB5; Tue, 26 Oct 2021 23:08:44 +0800
X-QQ-mid: xmsmtpt1635260924tslqzbow1
Message-ID: <tencent_AEF83609359528877220A8709F057675BE07@qq.com>
X-QQ-XMAILINFO: ND42uzdxTIzrkwRSWOapUk75vyZnlZmdJO5KehnxdqBolOziMUJ+uWACdhvec1 +kqarfrQBs+BLjCTNwKD1WF2We9oWYqPPaySxSl+llBI4lC5DSH0c04sh3rzLvgTgKgz0HlyqIOw rYMiilrgtL2EgFBnyjNWsx3n7fX6/pbhVxsOJAirGLewGudCAGncA5qIz+WKK0uHtSrXn3RgOC8I dnbzTmbJW4t5jlGFjo0WgDM1IwrtGN6Wu07Y8mIbaFXFrFZBpiN3MzZ8h4HDk1mMJuIk7pTBea89 IWonlKneGoOnBrzDOy0TeNps3BYpJXvYLE+2lmFit7aRvOzKeYYbiZeFgaJQFxXSuIRlg1SqVSJg d9fWHkA9tMCkM/LksnoY8fAUnC9QRM44+Yy5Ni1k6ulLl3/uBC4nspUFhEQqNr3nrYU07M+gbs3s n5OgbIi+RjjYaLptTAAR3Ar0+pV9V6xsAHVF0wnG3kQUv8L9M2GUhL0cRy4tuzoNDn5ZRWUgKnjO Q6BDFMDA7l2gTg9ocOyC2u4QVITpKWvAqLPDj4BqXUZkIcZsxVHoGZd+qt1e7RtFe+Bla4mSXDls cGWwsA3zedXJ9esMIa1rG+C2BFemDtgwOeJan+jQMIWFaBr05AUcIBG+mCP9s1h+6KfG2nd6A6jY BZrnEOU1+RVBPd63WFoj6/tPZd9g4sx/kih8DazUQap0o77660lK55bG14Du1Dwm9LjzmNdk8KUR xJDK+M8uf64TmZVvZIGMfN5A3FrFj5RKleeZFGBh1YU2ziBj7vlFRnnV+eVkKcDtp3W/IkfpZj1V 7lPyoGlxHyKYi2xuIUMtphxycC2ZIoBN0nbrBgmZN3rSWsVWEQE7irIIwB1URYDD/fAQBO6evWMp 1jVz9a+nlz
Date: Tue, 26 Oct 2021 23:10:14 +0800
From: "duzongpeng@foxmail.com" <duzongpeng@foxmail.com>
To: Liyizhou <liyizhou@huawei.com>, Brian E Carpenter <brian.e.carpenter@gmail.com>, "draft-yizhou-anima-l2-acp-based-ani@ietf.org" <draft-yizhou-anima-l2-acp-based-ani@ietf.org>
Cc: "anima@ietf.org" <anima@ietf.org>
References: <163463033712.25024.851885585891035829@ietfa.amsl.com>, <7095c13c-1ad2-3b6e-25f2-657faa06fbaa@gmail.com>, <b267b71a0ee04522a218620c57d126c6@huawei.com>
X-Priority: 3
X-Has-Attach: no
X-Mailer: Foxmail 7.2.15.80[cn]
Mime-Version: 1.0
Message-ID: <2021102623101401264926@foxmail.com>
Content-Type: multipart/alternative; boundary="----=_001_NextPart606281112573_=----"
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/QRfptMSwykLiKB87oZjkvmHeoKs>
Subject: Re: [Anima] I-D Action: draft-yizhou-anima-l2-acp-based-ani-00.txt
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Oct 2021 15:09:00 -0000
Hi Yizhou and Brian,
I agree that we can refer to related works before.
It is interesting that we can provide a L2 ACP for the GRASP. In this L2 ACP, does the MAC forwarding table is used for packet forwarding?
IMHO, the shared secret may be initially used when joining into the ACP plane, just like a token.
After that, other secrets obtained from the ANIMA network can be used in communications.
Best Regards
Zongpeng Du
duzongpeng@foxmail.com & duzongpeng@chinamobile.com
From: Liyizhou
Date: 2021-10-20 15:14
To: Brian E Carpenter; draft-yizhou-anima-l2-acp-based-ani@ietf.org
CC: Anima WG
Subject: Re: [Anima] I-D Action: draft-yizhou-anima-l2-acp-based-ani-00.txt
Hi Brian and all,
Thanks for pointing to the drafts. I did aware the l2acp-scenarios draft, but not the quads-grasp.
Also Michael has another related document draft-richardson-anima-l2-friendly-acp-02.
Looks like this topic is of great interest, at the same time it might deserve some more discussion on a clear usage scenario of L2.
As section 7 of RFC8994 shows, supporting ACP on L2 switches can be met by making the L2 ports look like (L3) ACP aware interfaces. IPv6 link-local unicast and multicast are to be used. It is ACP on L2 port.
What I would like to go a bit further to discuss is L2 based ACP rather than ACP on L2 port.
A campus network may contain the different types of equipment, L2 switches, L3 routers, hybrid L2/L3 switches. To make things easy, it is quite common that all the nodes are enrolled as layer 2 to form a layer 2 topology. Then a collection of the physical connection/topology would be required to check to see if the cabling is correctly made. That is to say, assuming using link-local unicast and multicast address to reach each L2 port brings extra requirements to L2 devices as L2 ports may never use those IP addresses for their real data plane forwarding.
So L2ACP in the document basically tries to describe a need of a separate control plane reachable using traditional layer 2 (for example, with MAC address, or even physical port number, without requiring IP addresses). RPL is used as ACP L3 routing. So very likely it would not be a convenient approach in L2ACP usage. A loop free mechanism coupled with L2ACP can be used for this separate plane. (The real data forwarding can still use STP for loop-free forwarding. )
That's the difference I see between L2ACP and (L3) ACP on L2 port.
Worth a revisiting of this topic or a waste of time?
Yizhou
-----Original Message-----
From: Anima [mailto:anima-bounces@ietf.org] On Behalf Of Brian E Carpenter
Sent: Wednesday, October 20, 2021 9:37 AM
To: draft-yizhou-anima-l2-acp-based-ani@ietf.org
Cc: Anima WG <anima@ietf.org>
Subject: Re: [Anima] I-D Action: draft-yizhou-anima-l2-acp-based-ani-00.txt
Hi,
This is an interesting draft and I think the topic is important. Can you please compare with draft-carpenter-anima-l2acp-scenarios-02? Unfortunately we did not get much response to that draft 2 years ago.
I don't really understand this statement:
The DULL instance of GRASP is used to discover neighbours.
DULL allows GRASP discovery, but this discovers ASAs handling a particular GRASP Objective. It is not designed to discover GRASP-capable nodes as such; GRASP doesn't need that. I've been running GRASP over L2 for 4 or 5 years, with no such neighbour discovery.
Also you write:
Therefore similar functions of topology
collection and loop-free topology creation is required for L2 ACP.
I don' think that is needed. On a single link, there is no need to know topology. When there are multiple links, the GRASP relaying procedures for M_FLOOD and M_DISCOVER (which are link-local multicast packets) prevent loops. Normal IPv6 routing takes care of unicast packets.
The essential problem with using L2 as an ACP is security. Apart from security, GRASP works perfectly over L2, as long as it supports native link-local multicast.
So, did you look at the L2-independent security proposed in draft-carpenter-anima-quads-grasp? It describes quite strong security for GRASP over any layer 2, but it needs a shared secret. BRSKI and the standard ACP avoid that defect. As far as I can see, that is the entire problem of any L2 ACP solution. If you can avoid a shared secret without BRSKI, that would be great, but I'm not sure it's possible. In fact QUADS is more general than L2; it also secures GRASP on a routed network.
(The code for QUADS security is built into my GRASP code. It is documented at page 22 in https://github.com/becarpenter/graspy/raw/master/graspy.pdf)
Regards
Brian Carpenter
On 19-Oct-21 20:58, internet-drafts@ietf.org wrote:
>
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>
>
> Title : Requirement and a Reference Model of L2 ACP based ANI
> Authors : Yizhou Li
> Yujing Zhou
> Li Shen
> Filename : draft-yizhou-anima-l2-acp-based-ani-00.txt
> Pages : 7
> Date : 2021-10-19
>
> Abstract:
> This document discusses the scenarios, requirements and a reference
> model of ANI (Autonomic Networking Infrastructure) to be constructed
> in a layer 2 network using L2 Autonomic Control Plane (ACP) and the
> related functions. It expands the applicability of ANI to L2 network
> and maintains the same infrastructure.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-yizhou-anima-l2-acp-based-ani/
>
> There is also an htmlized version available at:
> https://datatracker.ietf.org/doc/html/draft-yizhou-anima-l2-acp-based-
> ani-00
>
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
>
> _______________________________________________
> I-D-Announce mailing list
> I-D-Announce@ietf.org
> https://www.ietf.org/mailman/listinfo/i-d-announce
> Internet-Draft directories: http://www.ietf.org/shadow.html or
> ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>
_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
- Re: [Anima] I-D Action: draft-yizhou-anima-l2-acp… Brian E Carpenter
- Re: [Anima] I-D Action: draft-yizhou-anima-l2-acp… Liyizhou
- Re: [Anima] I-D Action: draft-yizhou-anima-l2-acp… duzongpeng@foxmail.com
- Re: [Anima] I-D Action: draft-yizhou-anima-l2-acp… Michael Richardson
- Re: [Anima] I-D Action: draft-yizhou-anima-l2-acp… Michael Richardson
- Re: [Anima] I-D Action: draft-yizhou-anima-l2-acp… Liyizhou
- Re: [Anima] I-D Action: draft-yizhou-anima-l2-acp… Liyizhou
- Re: [Anima] I-D Action: draft-yizhou-anima-l2-acp… Liyizhou
- Re: [Anima] I-D Action: draft-yizhou-anima-l2-acp… Brian E Carpenter
- Re: [Anima] I-D Action: draft-yizhou-anima-l2-acp… Michael Richardson