IETF Logo Mail Archive

Re: [Anima] big pictures diagrams --- how bootstrap fits into signaling and discovery

Michael Richardson <mcr+ietf@sandelman.ca> Wed, 22 July 2015 08:50 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C19B91ACED2 for <anima@ietfa.amsl.com>; Wed, 22 Jul 2015 01:50:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uS5BXGWZNiES for <anima@ietfa.amsl.com>; Wed, 22 Jul 2015 01:50:36 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA0D11ACEAA for <anima@ietf.org>; Wed, 22 Jul 2015 01:50:35 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 3E0E8204FC for <anima@ietf.org>; Wed, 22 Jul 2015 05:07:20 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id C345163AEC; Wed, 22 Jul 2015 04:50:34 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id A8A7A63AE8 for <anima@ietf.org>; Wed, 22 Jul 2015 04:50:34 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: anima <anima@ietf.org>
In-Reply-To: <5599C873.3030108@gmail.com>
References: <12538.1436128199@sandelman.ca> <5599C873.3030108@gmail.com>
X-Mailer: MH-E 8.6; nmh 1.3-dev; GNU Emacs 24.4.2
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Wed, 22 Jul 2015 04:50:34 -0400
Message-ID: <29717.1437555034@sandelman.ca>
Sender: mcr@sandelman.ca
Archived-At: <http://mailarchive.ietf.org/arch/msg/anima/TEkJYGtRgNTX-vDOb6lWVTxC-kw>
Subject: Re: [Anima] big pictures diagrams --- how bootstrap fits into signaling and discovery
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2015 08:50:39 -0000

Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
    > On 06/07/2015 08:29, Michael Richardson wrote:
    >>
    >> After reading Brians' slides last week,

    > Those were draft slides sent only to the signaling design team.
    > When they're ready they will of course be for the whole WG.

Yes, so I'm not responding to something specific in your slides, but rather
realizing that there I feel that there is some high level stuff missing.
I agree that it belongs in the framework document, but I don't find it
useful to argue in text until after we have argued in pictures (using crayons).

    >> I will also say that I think that discovery process should include running
    >> DHCP(v6).

    > Please explain how that works in a network with no administrator
    > and no pre-existing default configs. I don't see where a north-south
    > direction would even come from, let alone a designated DHCPv6
    > server.

I'm saying, when a new node turns on, that running a DHCPv6 DISCOVERY process
should be part of learning what is going on.  Clearly, if all the other
connected nodes are in a similar state, nobody is going to answer, but in the
case where there is existing infrastructure, that it could reply.

    >> I'm also unconvinced that GDNP/GRASP shouldn't be other than
    >> DHCPv6,

    > We have a list of 25 requirements. I don't think DHCP fits them,
    > not even close. (I don't care about packet formats; in fact I'm
    > pretty sure we'll have use cases where carrying DHCP options in
    > anima signaling is entirely appropriate.)

If we stick with a TLV format, I think that we can make it work inside
DHCPv6.  Maybe we won't use the exact same set of DHCPv6 messages, but I
think that DHCPv6 SOLICIT and DHCPv6 ADVERTISE might be very much what
we want for the discovery process.

    > Please review the requirements and Appendix A in
    > draft-carpenter-anima-gdn-protocol-04, and if you can show in full
    > detail how DHCP(v6) or DNCP can meet the requirements, we can have
    > the discussion.

I'll review the 25 requirements.

    >> On top of these point to point tunnels, an RPL (rfc6550) instance would
    >> run,

    > but... but... only some Anima networks will run RPL. We definitely need to
    > be agnostic about the choice of IGP. If we've learned one thing from
    > homenet, we've learned that, surely?

What I learned is that we had better decide what we are doing up-front.
If we aren't building a routed ACP to faciliate end-to-end management
traffic, then we'd better put that in the *charter*.

As for RPL vs another one, if we don't pick *one* routing protocol, then we
probably don't have interoperability period, and we should go home.

(And, my questions on Monday about the Data Plane ACP essentially amount to:
if the Data Plane can't route traffic, then the ASAs have to proxy traffic,
i.e. do layer-7 routing, and that had better be in context if someone
thinks they really want to throw away e2e for management traffic)

    >> 6) http://www.sandelman.ca/SSW/ietf/anima/diagrams/network6-imprint.svg
    >>
    >> Devices call "home".
    >> In the first version of this diagram, the devices called the vendor A,
    >> and vendor B boxes directly.  That could be the case, and they could be
    >> redirected to the domain owner based upon sales records, or it could be
    >> that the uplink, being provided by the domain owner, intercepts all
    >> traffic and directs it to the registrar.

    > "Intercepts" is a bad word. IMHO we need to devices to discover whether
    > there is a local registrar first, and not waste their time trying to
    > call home to a vendor in deployments where that is impossible. (There
    > is a chicken/egg problem here, since that should be a matter of Intent
    > but you can't get Intent until you have been authenticated.)

I don't agree.
Intents should be signed objects; the device doesn't need to authenticate
itself to the network before it can see the Intent.  The device may be unable
to authenticate the Intent; but if the device has nothing else to do, and the
Intent says, "Get network online", and the device can do that, it might as
well do it.

    >> Or the domain registrar could
    >> be running an ASA, and could have joined the ACP as well.

    > Definitely.

    > I will stop there because I think we need the ACP authors to
    > comment on much of what you said. But thanks for the systematic
    > thinking.

Sorry for leaving this draft in my edit box for over a week.



--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email