Re: [Anima] big pictures diagrams --- how bootstrap fits into signaling and discovery
"Max Pritikin (pritikin)" <pritikin@cisco.com> Wed, 22 July 2015 11:06 UTC
Return-Path: <pritikin@cisco.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7CAB1B2A40 for <anima@ietfa.amsl.com>; Wed, 22 Jul 2015 04:06:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qQ02sY6KP58J for <anima@ietfa.amsl.com>; Wed, 22 Jul 2015 04:06:19 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 398591B2A92 for <anima@ietf.org>; Wed, 22 Jul 2015 04:06:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6658; q=dns/txt; s=iport; t=1437563172; x=1438772772; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=0bBr71btOHELNzZIB3XNFD3ZoUCne3k5qNFXkYI27kw=; b=Z0t6FKf80LY59UKUptWP+BoyLBpBiAD9aG6mUpbNckus/FxB0r8ydXmL 0f98rjhswpwoT1dTs4fWFYaO3K6+92jQqautcUNg6f5ITmRr3fxf7CZQi BHICZaMbEuNde5O/szVu2akQ36ZMaBKuDd9F4fSXeUhe0kG4BE1Q0qrWw s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ABBQA8eK9V/51dJa1bgxVUaQa9bAqCQ4M+AoFJOxEBAQEBAQEBgQqEIwEBAQMBAQEBagELBQsCAQgYLiEGCyUCBA4FiBkDCggNxwMNhS4BAQEBAQEBAQEBAQEBAQEBAQEBAQEXi0yCTYFuGDMHgxeBFAWUVwGKSYFoAYFChB2MCoNHg2EmgggFHBWBPm8BgUaBBAEBAQ
X-IronPort-AV: E=Sophos;i="5.15,523,1432598400"; d="scan'208";a="171187625"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by alln-iport-4.cisco.com with ESMTP; 22 Jul 2015 11:06:11 +0000
Received: from xhc-aln-x08.cisco.com (xhc-aln-x08.cisco.com [173.36.12.82]) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id t6MB6A5u009637 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 22 Jul 2015 11:06:10 GMT
Received: from xmb-rcd-x03.cisco.com ([169.254.7.176]) by xhc-aln-x08.cisco.com ([173.36.12.82]) with mapi id 14.03.0195.001; Wed, 22 Jul 2015 06:06:10 -0500
From: "Max Pritikin (pritikin)" <pritikin@cisco.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Thread-Topic: [Anima] big pictures diagrams --- how bootstrap fits into signaling and discovery
Thread-Index: AQHQt2Fkr44w7S3tZUe9vIE9NLS9o53N5pKAgBm1bgCAAAdrgIAAHnUA
Date: Wed, 22 Jul 2015 11:06:09 +0000
Message-ID: <E851FD3A-9E85-4244-869E-4844DEA0E9D5@cisco.com>
References: <12538.1436128199@sandelman.ca> <5599C873.3030108@gmail.com> <29717.1437555034@sandelman.ca> <55AF5F93.5040801@gmail.com>
In-Reply-To: <55AF5F93.5040801@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.61.93.205]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <F88E847CC7D0594E8071E9CEBA529D80@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/anima/ugzQ7sgSpC83w-JGvvJHZ5_vfq8>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, anima <anima@ietf.org>
Subject: Re: [Anima] big pictures diagrams --- how bootstrap fits into signaling and discovery
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2015 11:06:27 -0000
One comment below, On Jul 22, 2015, at 11:17 AM, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote: > Sorry, pressed send too soon. > > On 22/07/2015 20:50, Michael Richardson wrote: >> >> Brian E Carpenter <brian.e.carpenter@gmail.com> wrote: >>> On 06/07/2015 08:29, Michael Richardson wrote: >>>> >>>> After reading Brians' slides last week, >> >>> Those were draft slides sent only to the signaling design team. >>> When they're ready they will of course be for the whole WG. >> >> Yes, so I'm not responding to something specific in your slides, but rather >> realizing that there I feel that there is some high level stuff missing. >> I agree that it belongs in the framework document, but I don't find it >> useful to argue in text until after we have argued in pictures (using crayons). >> >>>> I will also say that I think that discovery process should include running >>>> DHCP(v6). >> >>> Please explain how that works in a network with no administrator >>> and no pre-existing default configs. I don't see where a north-south >>> direction would even come from, let alone a designated DHCPv6 >>> server. >> >> I'm saying, when a new node turns on, that running a DHCPv6 DISCOVERY process >> should be part of learning what is going on. Clearly, if all the other >> connected nodes are in a similar state, nobody is going to answer, but in the >> case where there is existing infrastructure, that it could reply. > > In fact I believe we should specify that a node SHOULD run the whole > DNA machinery (RFC6059). > >>>> I'm also unconvinced that GDNP/GRASP shouldn't be other than >>>> DHCPv6, >> >>> We have a list of 25 requirements. I don't think DHCP fits them, >>> not even close. (I don't care about packet formats; in fact I'm >>> pretty sure we'll have use cases where carrying DHCP options in >>> anima signaling is entirely appropriate.) >> >> If we stick with a TLV format, I think that we can make it work inside >> DHCPv6. Maybe we won't use the exact same set of DHCPv6 messages, but I >> think that DHCPv6 SOLICIT and DHCPv6 ADVERTISE might be very much what >> we want for the discovery process. > > Multi-hop? > >>> Please review the requirements and Appendix A in >>> draft-carpenter-anima-gdn-protocol-04, and if you can show in full >>> detail how DHCP(v6) or DNCP can meet the requirements, we can have >>> the discussion. >> >> I'll review the 25 requirements. >> >>>> On top of these point to point tunnels, an RPL (rfc6550) instance would >>>> run, >> >>> but... but... only some Anima networks will run RPL. We definitely need to >>> be agnostic about the choice of IGP. If we've learned one thing from >>> homenet, we've learned that, surely? >> >> What I learned is that we had better decide what we are doing up-front. >> If we aren't building a routed ACP to faciliate end-to-end management >> traffic, then we'd better put that in the *charter*. > > The ACP will be routed, afaik. We were talking yesterday about picking > a default without going down the same rat hole as HOMENET. > >> As for RPL vs another one, if we don't pick *one* routing protocol, then we >> probably don't have interoperability period, and we should go home. > > Well, there might be a model where you do network-wide discovery to find > which routing protocols are supported. But without agreeing on a lowest > common denominator "MUST implement" protocol, it becomes a procurement > requirement issue, and I don't like that conclusion. > >> (And, my questions on Monday about the Data Plane ACP essentially amount to: >> if the Data Plane can't route traffic, then the ASAs have to proxy traffic, >> i.e. do layer-7 routing, and that had better be in context if someone >> thinks they really want to throw away e2e for management traffic) > > I don't see that. Surely there will be ASAs (in routers) whose job > after bootstrap is to bring up the data plane? > >> >>>> 6) http://www.sandelman.ca/SSW/ietf/anima/diagrams/network6-imprint.svg >>>> >>>> Devices call "home". >>>> In the first version of this diagram, the devices called the vendor A, >>>> and vendor B boxes directly. That could be the case, and they could be >>>> redirected to the domain owner based upon sales records, or it could be >>>> that the uplink, being provided by the domain owner, intercepts all >>>> traffic and directs it to the registrar. >> >>> "Intercepts" is a bad word. IMHO we need to devices to discover whether >>> there is a local registrar first, and not waste their time trying to >>> call home to a vendor in deployments where that is impossible. (There >>> is a chicken/egg problem here, since that should be a matter of Intent >>> but you can't get Intent until you have been authenticated.) >> >> I don't agree. >> Intents should be signed objects; the device doesn't need to authenticate >> itself to the network before it can see the Intent. The device may be unable >> to authenticate the Intent; but if the device has nothing else to do, and the >> Intent says, "Get network online", and the device can do that, it might as >> well do it. > > I'm not sure how the network can trust the device at that time. Maybe we > don't want to send Intent to an untrusted device? An interesting point. Is intent information confidential to the anima domain? My naive assumption would be that one doesn’t get to see intent or anything until bootstrapping is complete — in which case the device *can* be authenticated. I’m not commenting on the requirements discussion concerning if it *should* be authenticated. - max > Brian > >> >>>> Or the domain registrar could >>>> be running an ASA, and could have joined the ACP as well. >> >>> Definitely. >> >>> I will stop there because I think we need the ACP authors to >>> comment on much of what you said. But thanks for the systematic >>> thinking. >> >> Sorry for leaving this draft in my edit box for over a week. >> >> >> >> -- >> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works >> -= IPv6 IoT consulting =- >> >> >> >> >> >> _______________________________________________ >> Anima mailing list >> Anima@ietf.org >> https://www.ietf.org/mailman/listinfo/anima >> > > _______________________________________________ > Anima mailing list > Anima@ietf.org > https://www.ietf.org/mailman/listinfo/anima
- [Anima] big pictures diagrams --- how bootstrap f… Michael Richardson
- Re: [Anima] big pictures diagrams --- how bootstr… Brian E Carpenter
- Re: [Anima] big pictures diagrams --- how bootstr… Michael Richardson
- Re: [Anima] big pictures diagrams --- how bootstr… Brian E Carpenter
- Re: [Anima] big pictures diagrams --- how bootstr… Brian E Carpenter
- Re: [Anima] big pictures diagrams --- how bootstr… Max Pritikin (pritikin)
- [Anima] Secret intent [was big pictures diagrams … Brian E Carpenter
- Re: [Anima] Secret intent [was big pictures diagr… Max Pritikin (pritikin)
- Re: [Anima] Secret intent [was big pictures diagr… Brian E Carpenter
- Re: [Anima] Secret intent [was big pictures diagr… Michael Behringer (mbehring)
- Re: [Anima] Secret intent [was big pictures diagr… Brian E Carpenter
- Re: [Anima] Secret intent [was big pictures diagr… Jéferson Campos Nobre
- [Anima] Secret intent [was big pictures diagrams … Jéferson Campos Nobre
- Re: [Anima] Secret intent [was big pictures diagr… Laurent Ciavaglia
- Re: [Anima] big pictures diagrams --- how bootstr… Michael Behringer (mbehring)
- Re: [Anima] big pictures diagrams --- how bootstr… Brian E Carpenter