IETF Logo Mail Archive

Re: [Anima] unsolicited synchronizaiton in draft-yizhou-anima-ip-to-access-control-groups-01.txt

Liyizhou <liyizhou@huawei.com> Wed, 27 October 2021 02:28 UTC

Return-Path: <liyizhou@huawei.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 483F63A05AA for <anima@ietfa.amsl.com>; Tue, 26 Oct 2021 19:28:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level:
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GFS54eX3jK-a for <anima@ietfa.amsl.com>; Tue, 26 Oct 2021 19:28:21 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 410373A060D for <Anima@ietf.org>; Tue, 26 Oct 2021 19:28:03 -0700 (PDT)
Received: from fraeml740-chm.china.huawei.com (unknown [172.18.147.226]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4HfCCz18h6z67hNv; Wed, 27 Oct 2021 10:23:27 +0800 (CST)
Received: from kwepeml500003.china.huawei.com (7.221.188.182) by fraeml740-chm.china.huawei.com (10.206.15.221) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.15; Wed, 27 Oct 2021 04:28:00 +0200
Received: from kwepeml500003.china.huawei.com ([7.221.188.182]) by kwepeml500003.china.huawei.com ([7.221.188.182]) with mapi id 15.01.2308.015; Wed, 27 Oct 2021 10:27:59 +0800
From: Liyizhou <liyizhou@huawei.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, "duzongpeng@foxmail.com" <duzongpeng@foxmail.com>, "anima@ietf.org" <Anima@ietf.org>
CC: Xun Xiao <Xun.Xiao@huawei.com>
Thread-Topic: [Anima] unsolicited synchronizaiton in draft-yizhou-anima-ip-to-access-control-groups-01.txt
Thread-Index: AdfJfZpcjXPWciEzQ+ykt4YTlmfIWQBLimIJAAtSz9A=
Date: Wed, 27 Oct 2021 02:27:59 +0000
Message-ID: <567afc599d8541249b0d715dd365503b@huawei.com>
References: <51f2d2f0935b469b9f31b63da0042034@huawei.com> <tencent_63515BE53E50A63E84ECB37C426D536A9D08@qq.com> <0ad72bde-0215-8cb5-ba0c-fe1600f418fa@gmail.com>
In-Reply-To: <0ad72bde-0215-8cb5-ba0c-fe1600f418fa@gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.136.98.176]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/d9pRL59Buw_ZkpKxvRSvvR6HHd0>
Subject: Re: [Anima] unsolicited synchronizaiton in draft-yizhou-anima-ip-to-access-control-groups-01.txt
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Oct 2021 02:28:28 -0000

Hi Brian,

I do not really intended to use a generic pub/sub mechanism, though it would work if it is there.

I explained a little bit more in the email to Zongpeng that how it works with unsolicited synchronization without pub/sub objectives.

If I understand your previous email correctly, you talked about pub/sub functionalities to be implemented with (unsolicited synchronization msg + pub/sub objectives) are not ready to be used right now.

I kind of think the co-authors of that draft will be keeping working on pub/sub functions.

But at the same time, even without a full functional pub/sub, a unicast unsolicited sync would be still useful in distributing the mapping info. 

The number of PEP is very limited and the purpose is not to disseminate the policies themselves but to inform the group mapping information. PEP can selectively use those mapping information based on the group based policies provisioned upfront. 

Or did I misunderstand the relationship of pub/sub and unsolicited sync proposed in another draft?

Thanks,
Yizhou


-----Original Message-----
From: Anima [mailto:anima-bounces@ietf.org] On Behalf Of Brian E Carpenter
Sent: Wednesday, October 27, 2021 4:55 AM
To: duzongpeng@foxmail.com; Liyizhou <liyizhou@huawei.com>; anima@ietf.org
Cc: Xun Xiao <Xun.Xiao@huawei.com>
Subject: Re: [Anima] unsolicited synchronizaiton in draft-yizhou-anima-ip-to-access-control-groups-01.txt

I want to be very clear that we do not currently have a design for "unsolicited synchronization" in GRASP that works.

https://mailarchive.ietf.org/arch/msg/anima/31UnJbFe45FZF7u_YQHtJLe9Xv8/

Regards
    Brian

On 27-Oct-21 03:04, duzongpeng@foxmail.com wrote:
> Hi, Yizhou
> 
>      I have read the draft, and I think it is good to have a convince way to update the policies in the network.
> 
> 
>      Also, I want to share some personal understandings here. If any misunderstandings, please correct me. Thanks.
> 
> 
>      The AAPs need to inform the PEPs of the policies of the users by using the GRASP. It can happen when the user logs in, logs out, or triggers some policy changes.
> 
> 
>      Maybe the first step is that the PEPs subscribe to the policy changing even that they are interested in.  Do they send some GRASP messages to AAPs here?
> 
> 
>      And then, if the user logs in, logs out, or triggers some policy changes, the AAP informs the PEPs that have subscribed. GRASP is used here. Is it a multicast?
> 
> Best Regards
> Zongpeng Du
> 
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ---------- duzongpeng@foxmail.com <mailto:duzongpeng@foxmail.com> & 
> duzongpeng@chinamobile.com
> 
>     *From:* Liyizhou <mailto:liyizhou@huawei.com>
>     *Date:* 2021-10-25 17:04
>     *To:* Anima@ietf.org <mailto:Anima@ietf.org>
>     *CC:* Xun Xiao <mailto:Xun.Xiao@huawei.com>
>     *Subject:* [Anima] unsolicited synchronizaiton in draft-yizhou-anima-ip-to-access-control-groups-01.txt
>     Hi all,
>     The Unsolicited Synchronization message (as defined in section 5.1 
> in draft-ietf-anima-grasp-distribution) is greatly leveraged in this 
> document to allow the access authentication point to pass IP to Group 
> mapping
info to policy enforcement point.
>     That would make the information retrieval more efficient compared to request and reply (sync) mode.
>     I guess a missing part is to a flag to be added to objective-flag, i.e.
>            objective-flag = &(
>              F_DISC: 0    ; valid for discovery
>              F_NEG: 1     ; valid for negotiation
>              F_SYNCH: 2   ; valid for synchronization
>              F_NEG_DRY: 3 ; negotiation is a dry run
>              F_UNSLC_SYNCH: 4 ; this
is a missing line to indicate valid for unsolicited synchronization
>            )
>     Looks like the future grasp objectives would require to consider 
> if
they are valid for unsolicited synchronization or not.
>     Rgds,
>     Yizhou
>     _______________________________________________
>     Anima mailing list
>     Anima@ietf.org
>     https://www.ietf.org/mailman/listinfo/anima
> 
> 
> _______________________________________________
> Anima mailing list
> Anima@ietf.org
> https://www.ietf.org/mailman/listinfo/anima
> 

_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

v2.23.0 | Report a Bug | By Email