[Apn] APN Policy Enforcement
Hesham ElBakoury <helbakoury@gmail.com> Mon, 13 December 2021 02:32 UTC
Return-Path: <helbakoury@gmail.com>
X-Original-To: apn@ietfa.amsl.com
Delivered-To: apn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 997383A0D37 for <apn@ietfa.amsl.com>; Sun, 12 Dec 2021 18:32:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id keaxo6xTRnU9 for <apn@ietfa.amsl.com>; Sun, 12 Dec 2021 18:32:43 -0800 (PST)
Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E44CF3A0D35 for <apn@ietf.org>; Sun, 12 Dec 2021 18:32:42 -0800 (PST)
Received: by mail-wr1-x42b.google.com with SMTP id v11so24625615wrw.10 for <apn@ietf.org>; Sun, 12 Dec 2021 18:32:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=COAkTr7eUId3tO5Gpfw2JMt5hoCXrLVqSqjX0L9UQWE=; b=n4LkjGSMcV5H4DIROo6hIZn4KEaKT+IhAriEiHBdgC3XAjOxMHZPsd6vnSWk/Dn7NH dsbQ6m3wCvAXgU/B3DHm54sOoLELhTmYoWVcWx6uTklcPBHhWhpLKrb+EhedYhfWO9Bl KjTN3ZqJJL80ogMw2j3p6XPnAJN1tblHR1HoTcKgz3xyc19mLXgFmGf/Rg8d7ZbDuL9k vBusEUa7uOLlYg4fV9XQcI/hNyhndlLitVqBReDb/BBS2LJU3b0ljsW915eateygvKcy aXGV+SkFFtMcapm+515jP9ntgfI5tk+kWBPRzapdJg6zE77xAhtVUrl9m9xhRXraWSgu QDEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=COAkTr7eUId3tO5Gpfw2JMt5hoCXrLVqSqjX0L9UQWE=; b=peBXaDJ5a/7JCsmL8Eg3ukv5BFdHmD7CcsQml0hco6gOUQj6Jm1/CCA2DGeXNxeXht dy8J488y+p3osHGDenKTp9L4eKApoMysSZvR6gx7E1LYIH3N01/YkNptkCBpiOqkb7mV w8F9aQR/Le5lUAGDF5pDVzNZtUqrcfLJRgimdCSF+yp44b5N6ZTMQVrb9MK/yTdMvFOi CKslEppReupcQS89EC7SIgXIj+v1dC0wJdyyB//vvlMgPOPjbpWNgBNKMshErT/w0hem T7As55VAcbbBBRYXkv3BLD56stqMQkw/kmVPZfsllYhvK3M07+/1V5pIhKkSI5ZpU/a9 jwsA==
X-Gm-Message-State: AOAM532FKH+JlEYURHK2hp4oIXoTFOwZ6+M+vsBG0Ez6XvdyQbQvTgfk YXwdtcgOsLNi6iZmKnMPraCNgf1gXKInL+PmyrNQmPD5
X-Google-Smtp-Source: ABdhPJwzChD7/tPxiBntOGy0stRX/+V5s71qbLjWeSXxHLGLxcNQBosU+bj/rLUp8WgAR4ntXRihtmHfn23TNGjRx3g=
X-Received: by 2002:a5d:604b:: with SMTP id j11mr29501150wrt.22.1639362759947; Sun, 12 Dec 2021 18:32:39 -0800 (PST)
MIME-Version: 1.0
From: Hesham ElBakoury <helbakoury@gmail.com>
Date: Sun, 12 Dec 2021 18:32:28 -0800
Message-ID: <CAFvDQ9pCHx405e-qOm_wHesaLWcsv_RQQNizdZus91dRuRe5=A@mail.gmail.com>
To: apn@ietf.org
Content-Type: multipart/alternative; boundary="000000000000f6f81c05d2fde260"
Archived-At: <https://mailarchive.ietf.org/arch/msg/apn/7tdD9tA4LU-zB7kJZsnYoMlwLlc>
Subject: [Apn] APN Policy Enforcement
X-BeenThere: apn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Application-aware Networking <apn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apn>, <mailto:apn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/apn/>
List-Post: <mailto:apn@ietf.org>
List-Help: <mailto:apn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apn>, <mailto:apn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Dec 2021 02:32:46 -0000
Hi, My understanding from APN drafts is that policies are defined at Policy Definition Point (PDP) and get configured in Policy Enforcement Points (PEP) using CLI or SDN or distributed to PEP using a protocol. When a PEP receives a packet what fields in APN header it uses to find the right policy to apply to the packet? One of the main APN goals is to avoid using DPI or 5-tuple to find the right policy to use. Therefore, the length of these fields in APN header should be much shorter than the length of the 5-tuple. To avoid configuring policies to PEP, can the entry point of the APN domain embed these policies in the APN header ? For example these policies can be part of the Intents field of the header. Thanks Hesham
- [Apn] APN Policy Enforcement Hesham ElBakoury
- Re: [Apn] APN Policy Enforcement Pengshuping (Peng Shuping)