Re: [Anima] Fwd: I-D Action: draft-carpenter-limited-domains-07.txt
<mohamed.boucadair@orange.com> Fri, 07 June 2019 07:19 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58B9B1201A0 for <anima@ietfa.amsl.com>; Fri, 7 Jun 2019 00:19:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wwr0OAXdZlnZ for <anima@ietfa.amsl.com>; Fri, 7 Jun 2019 00:19:12 -0700 (PDT)
Received: from orange.com (mta135.mail.business.static.orange.com [80.12.70.35]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B19312019B for <anima@ietf.org>; Fri, 7 Jun 2019 00:19:12 -0700 (PDT)
Received: from opfednr01.francetelecom.fr (unknown [xx.xx.xx.65]) by opfednr23.francetelecom.fr (ESMTP service) with ESMTP id 45Kv661sCvz5wm8; Fri, 7 Jun 2019 09:19:10 +0200 (CEST)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.73]) by opfednr01.francetelecom.fr (ESMTP service) with ESMTP id 45Kv6615mdzDq7V; Fri, 7 Jun 2019 09:19:10 +0200 (CEST)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBM23.corporate.adroot.infra.ftgroup ([fe80::9108:27dc:3496:8db3%21]) with mapi id 14.03.0439.000; Fri, 7 Jun 2019 09:19:09 +0200
From: mohamed.boucadair@orange.com
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
CC: Anima WG <anima@ietf.org>, "Liubing (Leo)" <leo.liubing@huawei.com>
Thread-Topic: [Anima] Fwd: I-D Action: draft-carpenter-limited-domains-07.txt
Thread-Index: AQHVHO58qcQZ33R3oEKpXQxgp9p2RKaPv7ZA
Date: Fri, 07 Jun 2019 07:19:09 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93302EAA32E6@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <155538136830.10806.5525996910171440427@ietfa.amsl.com> <52c5425c-2e55-f95b-bca2-ccfba7ac03e8@gmail.com> <787AE7BB302AE849A7480A190F8B93302EA657EB@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <65cf7c3a-3fe8-42c3-df74-1f1362a04f48@gmail.com>
In-Reply-To: <65cf7c3a-3fe8-42c3-df74-1f1362a04f48@gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/kgQZKwxo2Gt1gaHMQNUqEVqGY-4>
Subject: Re: [Anima] Fwd: I-D Action: draft-carpenter-limited-domains-07.txt
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jun 2019 07:19:14 -0000
Hi Brian, Thank you for the follow-up. Please see inline. Cheers, Med > -----Message d'origine----- > De : Anima [mailto:anima-bounces@ietf.org] De la part de Brian E Carpenter > Envoyé : vendredi 7 juin 2019 07:04 > À : BOUCADAIR Mohamed TGI/OLN > Cc : Anima WG; Liubing (Leo) > Objet : Re: [Anima] Fwd: I-D Action: draft-carpenter-limited-domains- > 07.txt > > Hi Med, > > Finally some feedback on your excellent comments. I only mention points > where I have not accepted your point for the next version. > > > Controlled networks may not even be connected to the Internet. > > I suggest to delete “of the Internet”. > > That's true, but in a sense it's true of every IETF standard. If > people want to use private protocols on a disconnected network, > they are of course free to do so. [Med] My hidden comment was that ** interoperability ** is needed even for closed networks. We cannot imply that such networks should use private protocols because they are not connected to the Internet. However, I prefer to mention this > aspect in the main Introduction, not in the Abstract. [Med] OK, thanks. Hope you will reflect the above comment about interoperability. > > > Intent Based Networking... Commentaire [Med6]: Not sure why this > > is mentioned. IBN is not specific to a service, and hence cannot be > > limited to a single domain. > > I don't agree, not as I understand the discussion so far on intent. > It isn't specific to a service, but it is specific to a human point > of control such as a NOC. (Of course, intent could be nested inside > a higher level intent, i.e. nested scopes.) [Med] The issue I had with that text is it assumes that intent are necessarily for services with limited scopes, while it is completely fine to use it for services with ** global ** reachability. IMHO, IBN is a dimension which is not tied to closed networks. > > > specific tunneling and encapsulation techniques may only be > > usable within a given domain... Commentaire [Med7]: inter-AS VPNs > > are also widely used. > > Sure, that's why it's "may". [Med] Yes, but there is that "only" in your text :-) > > > a limited use requirement potentially adds complexity... > > Commentaire [Med9]: This depends on the design of the protocol > > targeting a managed network. See for example, > > https://tools.ietf.org/html/rfc6947#section-4.2.3 > > Agreed, that's why it's "potentially". > > > 6. Functional Requirements of Limited Domains... > > Commentaire [Med12]: I would remove this part from the draft. > > The authors don't agree. This is not a specification, of course, > but it's intended as a pointer to possible future work. [Med] The concern I had with that text it is drawn from a perspective which may not apply to every controlled/limited domain. I'm working on use cases for which your list is great, e.g., BGP automation within massively scale data centers, but if I would like to run a fleet of drones for some usage, I don't necessarily need a "domain identity" or "role verification" as it the bootstrapping of the drones will be with an external control. > > > A basic assumption is that domains should be created and managed as > > automatically as possible, with minimal human configuration required. > > We therefore discuss requirements for automating domain creation and > > management... > > Commentaire [Med13]: This is depoyment-specific. > > Will reword slightly, but do we really want *new* manual management jobs? [Med] It depends on the "limited domain" scope and purpose. Manual operations can be perfectly fine vs. the heaviness of setting and configuring complex schemes. > > > Clearly, the boundary of a limited domain will almost always also act > > as a security boundary... > > Commentaire [Med15]: If such nodes is allowed by the structure of the > limited domain. > > Some closed networks may not hosts such nodes. > > Yes, this is the argument I've had with the BRSKI people about running > BRSKI with no access to the Internet. But that's why we say "almost > always". > [Med] Yeah, but the text assumes that such "role" is always present in a limited domain. Please consider tweaking the text. Thanks. > Thanks and regards. There will be a new version. > > Brian Carpenter > > On 25-Apr-19 21:31, mohamed.boucadair@orange.com wrote: > > Hi Brian, > > > > FWIW, you may find some comments to this I-D at: > > > > * pdf: https://github.com/boucadair/IETF-Drafts- > Reviews/blob/master/draft-carpenter-limited-domains-07-rev%20Med.pdf > > * doc: https://github.com/boucadair/IETF-Drafts- > Reviews/raw/master/draft-carpenter-limited-domains-07-rev%20Med.doc > > > > Cheers, > > Med > > > >> -----Message d'origine----- > >> De : Anima [mailto:anima-bounces@ietf.org] De la part de Brian E > Carpenter > >> Envoyé : mardi 16 avril 2019 04:43 > >> À : Anima WG > >> Cc : Liubing (Leo) > >> Objet : [Anima] Fwd: I-D Action: draft-carpenter-limited-domains-07.txt > >> > >> Hi, > >> > >> Another update following recent comments. The main changes were > >> moving the taxonomy to an appendix, some new examples, and editorial > >> improvements. Please send any new comments that you may have to > >> int-area@ietf.org > >> > >> At the moment the authors plan to submit this draft soon to the > >> Independent Submissions stream, but we'd be glad to hear any > >> alternative suggestions. > >> > >> Regards > >> Brian + Bing > >> > >> -------- Forwarded Message -------- > >> Subject: I-D Action: draft-carpenter-limited-domains-07.txt > >> Date: Mon, 15 Apr 2019 19:22:48 -0700 > >> From: internet-drafts@ietf.org > >> Reply-To: internet-drafts@ietf.org > >> To: i-d-announce@ietf.org > >> > >> > >> A New Internet-Draft is available from the on-line Internet-Drafts > >> directories. > >> > >> > >> Title : Limited Domains and Internet Protocols > >> Authors : Brian Carpenter > >> Bing Liu > >> Filename : draft-carpenter-limited-domains-07.txt > >> Pages : 25 > >> Date : 2019-04-15 > >> > >> Abstract: > >> There is a noticeable trend towards network requirements, behaviours > >> and semantics that are specific to a limited region of the Internet > >> and a particular set of requirements. Policies, default parameters, > >> the options supported, the style of network management and security > >> requirements may vary. This document reviews examples of such > >> limited domains, also known as controlled environments, and emerging > >> solutions, and includes a related taxonomy. It then briefly > >> discusses the standardization of protocols for limited domains. > >> Finally, it shows the needs for a precise definition of limited > >> domain membership and for mechanisms to allow nodes to join a domain > >> securely and to find other members, including boundary nodes. > >> > >> > >> The IETF datatracker status page for this draft is: > >> https://datatracker.ietf.org/doc/draft-carpenter-limited-domains/ > >> > >> There are also htmlized versions available at: > >> https://tools.ietf.org/html/draft-carpenter-limited-domains-07 > >> https://datatracker.ietf.org/doc/html/draft-carpenter-limited-domains- > 07 > >> > >> A diff from the previous version is available at: > >> https://www.ietf.org/rfcdiff?url2=draft-carpenter-limited-domains-07 > >> > >> > >> Please note that it may take a couple of minutes from the time of > submission > >> until the htmlized version and diff are available at tools.ietf.org. > >> > >> Internet-Drafts are also available by anonymous FTP at: > >> ftp://ftp.ietf.org/internet-drafts/ > >> > >> _______________________________________________ > >> I-D-Announce mailing list > >> I-D-Announce@ietf.org > >> https://www.ietf.org/mailman/listinfo/i-d-announce > >> Internet-Draft directories: http://www.ietf.org/shadow.html > >> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > >> > >> _______________________________________________ > >> Anima mailing list > >> Anima@ietf.org > >> https://www.ietf.org/mailman/listinfo/anima > > > > _______________________________________________ > Anima mailing list > Anima@ietf.org > https://www.ietf.org/mailman/listinfo/anima
- [Anima] Fwd: I-D Action: draft-carpenter-limited-… Brian E Carpenter
- Re: [Anima] Fwd: I-D Action: draft-carpenter-limi… mohamed.boucadair
- Re: [Anima] Fwd: I-D Action: draft-carpenter-limi… Brian E Carpenter
- Re: [Anima] Fwd: I-D Action: draft-carpenter-limi… mohamed.boucadair