Re: [Anima] Robert Wilton's No Objection on draft-ietf-anima-autonomic-control-plane-28: (with COMMENT)

Brian E Carpenter <brian.e.carpenter@gmail.com> Sun, 23 August 2020 22:57 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B3973A0EDA; Sun, 23 Aug 2020 15:57:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.146
X-Spam-Level:
X-Spam-Status: No, score=-1.146 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.948, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Wklp-oaCrj6; Sun, 23 Aug 2020 15:57:57 -0700 (PDT)
Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D328D3A0ED3; Sun, 23 Aug 2020 15:57:57 -0700 (PDT)
Received: by mail-pj1-x1034.google.com with SMTP id kr4so3260828pjb.2; Sun, 23 Aug 2020 15:57:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=OLz5CmM/SBzMhQsuvpIOfBhaNFMh/kptD0wOGVbN/HQ=; b=uTE/N8TiU+pYUdskcki4p9EYJepL/b9ZFJA2hcCQ6E1plvcL9Rki89i1B3IgsDKUEM JBSJV+zqlgly8MoqLIOC2/VtuXFSCqKf6s8Eyg6419ume54ldrpegk5eZA9V3De/2Hy+ e0EBfy/ieOsUvAkrvP9r+63rGvV1vXFnr7NoQQ2hpVNONCcrXZ6m+eOiqxkaeolB4evN 2M1T05sMHoXMvlEw+V28ukKtNw0o+khUA8Q794cCdoK9nHGzTifzrsm3KFrTqvFpqoUV 7muhp1tJpp4ljqN1RGn25LqF3imvaVmISNsxCBFOGXWi2uZYaZfQ4e/9fNEqIInxif5i aoIA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=OLz5CmM/SBzMhQsuvpIOfBhaNFMh/kptD0wOGVbN/HQ=; b=bwTX8bRAgV1zPZEaYkNa29AHOUypAliNZfYxQUn98UKw5uqx2t6rEW6Fd49S7mgt0f k2yoULYcTtJF1M4RECfoE+2a98zlDqTBOmM4o8R3mWbVRxXC+Ld67QXMbFz/E6ImqjGJ /hl3+wK9SPZJY3KXAF6+CEhGalOPKmXEdhT6ODJIpnqar27hmX3s4yU+xgqCB6GX+QbM QDmM60iIdumxgLiJThLAvMj5A8oVIYugtqRZ0oWTZMUgGV9dQ04G6MXHJJPDYjwsEyyt eAD21Z1u7x3SBmGU9f7vj3ZVK6ay2QVvXVQuwAhrpNSRc3CpAiW23E4JA3G7QvM3zrfe AxyA==
X-Gm-Message-State: AOAM532tJXfBO0LSGA+IznDz7dzxaQlgOKwwjr19TRhcrMwwt+rxg0JM VY24LPTpmC5X592BX7Njx1Y=
X-Google-Smtp-Source: ABdhPJy/y2fD6xxJZJ6t9YP9BdiVTYpZtggBQ31wIJxIZcxlcrlnuhcde2KhaTJomCxyc7u8xO3b7A==
X-Received: by 2002:a17:90b:4ac7:: with SMTP id mh7mr2178976pjb.99.1598223477226; Sun, 23 Aug 2020 15:57:57 -0700 (PDT)
Received: from [192.168.178.20] ([151.210.139.192]) by smtp.gmail.com with ESMTPSA id c20sm7573222pjv.31.2020.08.23.15.57.53 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 23 Aug 2020 15:57:56 -0700 (PDT)
To: Michael Richardson <mcr+ietf@sandelman.ca>, Robert Wilton <rwilton@cisco.com>
Cc: anima-chairs@ietf.org, draft-ietf-anima-autonomic-control-plane@ietf.org, The IESG <iesg@ietf.org>, anima@ietf.org, jiangsheng@huawei.com
References: <159708388539.28258.3242297268864037873@ietfa.amsl.com> <14395.1598218754@localhost>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <dc903484-fe19-0ddc-dc1e-3ca6f35eb5f4@gmail.com>
Date: Mon, 24 Aug 2020 10:57:51 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <14395.1598218754@localhost>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/g-pz0bPCfw8a0egvB_sAcxTI9rc>
Subject: Re: [Anima] Robert Wilton's No Objection on draft-ietf-anima-autonomic-control-plane-28: (with COMMENT)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Aug 2020 22:58:00 -0000

On 24-Aug-20 09:39, Michael Richardson wrote:
> 
> Robert Wilton via Datatracker <noreply@ietf.org> wrote:
>     > 6.10.1.  Fundamental Concepts of Autonomic Addressing
> 
>     > For a PE device or NID, how does it know which interfaces to run ACP
>     > over?
> 
> I think that "PE" here means "Provider Edge"?
> The answer is that it runs the GRASP DULL on *ALL* interfaces, because it the
> device may have no idea it is a Provider Edge device on that Interface.

That's correct, and it's safe as Michael indicates.

The ANIMA model does not include an explicit mechanism for defining
domain membership. It's implicitly the set of interfaces that
successfully join the ACP, which also means that the nodes have
successfully performed BRSKI.

IMNSHO there's a big chunk of future work here (see section 6 of
RFC8799), but the current ACP definition doesn't depend on it.

   Brian

> 
> A Provider might want to turn this off, and they could well do that once the
> device has joined the ACP and gotten management control.  But, the risk of
> doing that is that the cables will get plugged in wrong, and the operator
> will lose access to the device.
> 
> In this case, I think that ANIMA's ACP prefers connectivity over the small
> amount of privacy lost by indicating that an IKEv2 is listening on an IPv6
> Link-Local address.  There is no security breach possible because the IKEv2
> (or DTLS) connection will not complete without the right trust anchors present.
> 
> A smart heuristic might be to include some kind of dead-man's switch.
> The management interface might turn the DULL off on some interfaces for a
> period of time, and if the management interface is lost, then the interfaces
> would stop being suppressed.  This falls into the quality of implementation
> category at this point.
> 
> --
> Michael Richardson <mcr+IETF@sandelman.ca>ca>, Sandelman Software Works
>  -= IPv6 IoT consulting =-
> 
> 
> _______________________________________________
> Anima mailing list
> Anima@ietf.org
> https://www.ietf.org/mailman/listinfo/anima
>