IETF Logo Mail Archive

Re: [Anima] big pictures diagrams --- how bootstrap fits into signaling and discovery

Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 06 July 2015 00:14 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 601D21A90D0 for <anima@ietfa.amsl.com>; Sun, 5 Jul 2015 17:14:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9ygy9_pmOyW4 for <anima@ietfa.amsl.com>; Sun, 5 Jul 2015 17:14:49 -0700 (PDT)
Received: from mail-pd0-x233.google.com (mail-pd0-x233.google.com [IPv6:2607:f8b0:400e:c02::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A4271A90CC for <anima@ietf.org>; Sun, 5 Jul 2015 17:14:49 -0700 (PDT)
Received: by pdbci14 with SMTP id ci14so94933539pdb.2 for <anima@ietf.org>; Sun, 05 Jul 2015 17:14:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=N4VjTAH+0jSbUOo15AIuZDzEVueHV+a4qBL5M9ciCwI=; b=0+4yy/B6ILPmpo2lyI5ILd7jpCM57+sisHwq+IjDCoiZPfmKrYJR1iA9Gv3KTljqg/ fHnQE4OoDjF7YrRH2vjV0SJdaPktFh6dDa3YS3ijcB+SwaCexPRbLzpPjDBtVefL0iCp 4jUO/2dUpcakXCa4AwJCVKJ4QdbYoAI+QNpeHAoihDThaF6/Kr7WWu+juNaDkj9FAK0U 24dKYPBd4rr9uqijNcQ4LZpGul6McWTCw9jRIQJGwWgQfa5/mDulyAP0NOiYus4wjk15 w4NUiFPgfS5wcvh8M9755UHFEl/i2Qjh7xeoWbWZE2y8165watvk0ogJp2CFmrhgyIZV RY1w==
X-Received: by 10.68.130.226 with SMTP id oh2mr97703291pbb.156.1436141688946; Sun, 05 Jul 2015 17:14:48 -0700 (PDT)
Received: from ?IPv6:2001:df0:0:2006:c0da:ac17:5f6d:8e76? ([2001:df0:0:2006:c0da:ac17:5f6d:8e76]) by mx.google.com with ESMTPSA id uz9sm16110042pac.34.2015.07.05.17.14.45 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 05 Jul 2015 17:14:47 -0700 (PDT)
Message-ID: <5599C873.3030108@gmail.com>
Date: Mon, 06 Jul 2015 12:14:43 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Michael Richardson <mcr+ietf@sandelman.ca>, anima <anima@ietf.org>
References: <12538.1436128199@sandelman.ca>
In-Reply-To: <12538.1436128199@sandelman.ca>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/anima/QZieYrGKTc5KKB1FdkASYd6tcSc>
Subject: Re: [Anima] big pictures diagrams --- how bootstrap fits into signaling and discovery
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jul 2015 00:14:51 -0000

Hi Michael,

Cherry-picking in your message:
On 06/07/2015 08:29, Michael Richardson wrote:
> 
> After reading Brians' slides last week, 

Those were draft slides sent only to the signaling design team.
When they're ready they will of course be for the whole WG.

> I felt that there was some bigger
> picture concepts/questions that were missing.  I drew these diagrams since.

Very interesting. This, IMHO, should be distilled into input to the reference
model draft.

> While I've discussed this with Max, they are my own views.
> 
> There are 9 of them, located at:
>   http://www.sandelman.ca/SSW/ietf/anima/diagrams/

...
>   I will also say that I think that discovery process should include running
>   DHCP(v6).  

Please explain how that works in a network with no administrator
and no pre-existing default configs. I don't see where a north-south
direction would even come from, let alone a designated DHCPv6
server.

> I'm also unconvinced that GDNP/GRASP shouldn't be other than
>   DHCPv6, 

We have a list of 25 requirements. I don't think DHCP fits them,
not even close. (I don't care about packet formats; in fact I'm
pretty sure we'll have use cases where carrying DHCP options in
anima signaling is entirely appropriate.)

> and if it should be other, then should be DNCP based.

I don't think DNCP fits the 25 requirements either, and I tried
quite hard to make it, since at least it isn't a north-south
protocol like DHCP. (Again, I don't care about packet formats;
the current GDNP TLV format is intentionally compatible with DNCP,
but Toerless has argued passionately for a change to JSON/CBOR.)

Please review the requirements and Appendix A in
draft-carpenter-anima-gdn-protocol-04, and if you can show in full
detail how DHCP(v6) or DNCP can meet the requirements, we can have
the discussion.

>   *DISCOVERY* should, I think, occur at layer 2 and layer 3, and the results
>   taken together.

Discovery of what? In Anima signaling, we are only interested in
discovering Anima signaling peers. We are not particularly
interested in topology or nearest-neighbor discovery. The routing
system may need that kind of discovery but IMHO that is simply
a different problem.
...
> 
> 4) http://www.sandelman.ca/SSW/ietf/anima/diagrams/network4-identity.svg
...
> Not shown is some process whereby the BGP peer
>    goes to talk to it's domain controller and learns that R2/R4 are not welcome.

I think that is the tricky bit - how does an entity know *in a zero-touch way*
which domain it is in and how to trust the domain registrar/controller?

>    Several people had expressed needs to have the ACP potentially traverse
>    domain boundaries, and this is an example of discovering a boundary.

I suspect that trust *across* domain boundaries will only be possible
with explicit Intent distribution (saying "it's OK to trust BGP speakers
in domain X presenting credenial Y").
> 
> 
> 5) http://www.sandelman.ca/SSW/ietf/anima/diagrams/network5-routing.svg
> 
>    On top of these point to point tunnels, an RPL (rfc6550) instance would
>    run, 

but... but... only some Anima networks will run RPL. We definitely need to
be agnostic about the choice of IGP. If we've learned one thing from
homenet, we've learned that, surely?

...

> 6) http://www.sandelman.ca/SSW/ietf/anima/diagrams/network6-imprint.svg
> 
>    Devices call "home".
>    In the first version of this diagram, the devices called the vendor A,
>    and vendor B boxes directly.  That could be the case, and they could be
>    redirected to the domain owner based upon sales records, or it could be
>    that the uplink, being provided by the domain owner, intercepts all
>    traffic and directs it to the registrar.  

"Intercepts" is a bad word. IMHO we need to devices to discover whether
there is a local registrar first, and not waste their time trying to
call home to a vendor in deployments where that is impossible. (There
is a chicken/egg problem here, since that should be a matter of Intent
but you can't get Intent until you have been authenticated.)

>    Or the domain registrar could
>    be running an ASA, and could have joined the ACP as well.

Definitely.

I will stop there because I think we need the ACP authors to
comment on much of what you said. But thanks for the systematic
thinking.

    Brian

v2.23.0 | Report a Bug | By Email