Re: [Bgp-autoconf] bgp auto configuration -01 update after interim discussion
Warren Kumari <warren@kumari.net> Fri, 25 June 2021 21:01 UTC
Return-Path: <warren@kumari.net>
X-Original-To: bgp-autoconf@ietfa.amsl.com
Delivered-To: bgp-autoconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A38D23A07A8 for <bgp-autoconf@ietfa.amsl.com>; Fri, 25 Jun 2021 14:01:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3zQQ3eNwf3r3 for <bgp-autoconf@ietfa.amsl.com>; Fri, 25 Jun 2021 14:01:43 -0700 (PDT)
Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C23AC3A07A3 for <bgp-autoconf@ietf.org>; Fri, 25 Jun 2021 14:01:42 -0700 (PDT)
Received: by mail-lf1-x12e.google.com with SMTP id j2so18401613lfg.9 for <bgp-autoconf@ietf.org>; Fri, 25 Jun 2021 14:01:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=6JzintsYOhzmbWM5lWzrGAJrhGAjiLLjS5tgub6GZN8=; b=vNCB/VERzkSkrVmhKQhneCaZ1mHIdWbmygY0StH2eQQDTt+hs4jdob7NJDxTlasD61 diNyAnPObYkW76Fj2l4kzXTHM241wVlXUdn7ALH70RdG3O5WBiWiEJ/4GCjQARMdN/yy BmLTfDG5dsNO6Wtt2ccCFl67FjC3Bj+1i4kkDXUde/lJutiNDZxoF317Rdbhsnstjnkq NZB74aqV8XiLdjJMnrYJrHRO+4/0vRGYcQNiZZI5QlkIYzsMsDMJb+/J7C0zpdXsF358 5XoiaA1KOhk7bAgUQB7a7R/PZdQh/10YIpKApnibt5F1fFMa5FpeIval5bRR9MtjwARb Ok8Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=6JzintsYOhzmbWM5lWzrGAJrhGAjiLLjS5tgub6GZN8=; b=N5NNQrtZRaXT4nKmPlu2ai98mDMpIRbIKjRhAEKFAioquQxrsNKXnE6LB7AN7d7Sh2 Uj5E6aKCQvhZkHG+l8jP3t29aG9kZ88dqdGIlOEgjgwXuDwtv+31WmBSQ8qUGH+iqiZo Pgljsb+vyGTo+KZ/2oQBpsh0JS0BmAw6XTTGxtZxGgAX40LvN2CqEP5zVyOBC7DHUqEn riXzrPrPEAwiKf2GdYo2cKGJ0maZTtuWeyxYxzJhhImB0AdCxKZ4SOwhNKlqHb700VcJ NWJJwuktc0BX4zgJcxCtPwT0qhToYzc9aI5h/C93aTw1J9jOMGI3O0DMlxfLMC+8VRdZ K1xQ==
X-Gm-Message-State: AOAM533+CqlZmuuRLbWuNCFi8xM6FtLsQ0mI6fuAl35/FABdDOeqKjdq HTlwQ5EUN49bJ+saJSIOJGWUEBHxLKMIBxK0gKIEnA==
X-Google-Smtp-Source: ABdhPJyMAucPH9RwRRGeBHSP2hJ6V33wTkCczwSML0dKotkhYnEBbQsHVBBLG7nG1sjmM4m5U3vYwYBncdC3tpyA8rM=
X-Received: by 2002:a05:6512:38a5:: with SMTP id o5mr9407617lft.491.1624654899139; Fri, 25 Jun 2021 14:01:39 -0700 (PDT)
MIME-Version: 1.0
References: <20210622203227.GA17412@pfrc.org> <CO1PR13MB4920B3267C962D57395B0354A9079@CO1PR13MB4920.namprd13.prod.outlook.com> <6FDB9A99-A45C-4E83-8B1B-A0F8A8033637@pfrc.org> <CAHw9_i+PukON4ZRiOu4Y_M67RXdG14r5yURR5KdQAdiyCerC0A@mail.gmail.com>
In-Reply-To: <CAHw9_i+PukON4ZRiOu4Y_M67RXdG14r5yURR5KdQAdiyCerC0A@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
Date: Fri, 25 Jun 2021 17:01:03 -0400
Message-ID: <CAHw9_iJJXxmcyEwb2C9MuLBNKPzQgpdzPLmO+VB0xb_7OkY+dg@mail.gmail.com>
To: Jeffrey Haas <jhaas@pfrc.org>
Cc: Linda Dunbar <ldunbar@futurewei.com>, "bgp-autoconf@ietf.org" <bgp-autoconf@ietf.org>, "idr-chairs@ietf.org" <idr-chairs@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/bgp-autoconf/NhhFmUP_pWHeUFq4TVTq48_4ykM>
Subject: Re: [Bgp-autoconf] bgp auto configuration -01 update after interim discussion
X-BeenThere: bgp-autoconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BGP autoconfiguration design team discussion list <bgp-autoconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bgp-autoconf>, <mailto:bgp-autoconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bgp-autoconf/>
List-Post: <mailto:bgp-autoconf@ietf.org>
List-Help: <mailto:bgp-autoconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bgp-autoconf>, <mailto:bgp-autoconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jun 2021 21:01:49 -0000
On Fri, Jun 25, 2021 at 2:39 PM Warren Kumari <warren@kumari.net> wrote: > > On Thu, Jun 24, 2021 at 3:18 PM Jeffrey Haas <jhaas@pfrc.org> wrote: > > > > Linda, > > > > Warren crafted this text. Let's see what his thinking here is. > > > > The majority of the text around the "different trust models" section > in "Operational Trust Considerations" is to provide some background > and level-setting. > The summary is: > 1. Some operators are very trusting -- they will trust anything that > is plugged into a port (they trust their physical security, they trust > protocols to just work, they trust their employees to always plug the > right wires into the right ports, etc). > 2. Some operators are more paranoid -- they design to be as robust as > possible. They will build all configs statically, they minimize trust > in the protocols to do magic, etc. > 3. Some operators will take the "trust but verify" approach -- they'd > be interested in seeing how something like autoconf would work - they > will build static configs, but would like to validate these > configurations by seeing what an autoconf protocol would do. If > they've manually made a peering between sw17 port 7 and sw42 port 17 , > but autoconf says that it wants to build a peering between sw17 port 7 > and sw99 port 48, then a: autoconf is broken or b: port 7 on switch 17 > is probably miswired... > 4: Some operators don't want to worry about any of this stuff - they > just want to plug things in arbitrarily and have the network/autoconf > figure everything out. > > Linda is right - when we talk about design assumptions, we should be > explicit about which of these trust models we are meaning ... and as a quick followup, I believe that this is simply something for us to keep in mind when discussing solutions, etc, and nothing that needs to change in the draft. Please correct me if I'm missing something.... W > -- I suspect > that, at least in the beginning, model 3 will be very common. Existing > datacenter operators will enable autoconf in some sort of "tell me > what you would do here" mode, and confirm that the sessions that > autoconf would bring up match what is actually deployed and in > operation. Assuming that autoconf gets things right, they may move > from using autoconf as a validation / debugging tool to trusting it as > the main way of bringing up sessions. > > W > > > -- Jeff > > > > > > > > > On Jun 24, 2021, at 1:02 PM, Linda Dunbar <ldunbar@futurewei.com> wrote: > > > > > > The discussion can be more productive if we can explicitly name the operational trust models described in the Section 3.6. > > > > > > For example: > > > > > > Trusted Physical Protection: refers to DCs that have very strict physical protection of the datacenter, and their deployment model assumes that anything which plugs into devices in the datacenter is, by definition, trusted. > > > > > > Not-Fully-trusted: > > > a) Using BGP Autoconf to perform validation of data center fabric: ... > > > b) > > > > > > It doesn't make much sense to compare the Auto configuration for the "Trusted Physical Protection" DC with the Auto-config for a) or b) under the Not-Fully-Trusted. > > > > > > My two cents, > > > > > > Linda Dunbar > > > > > > -----Original Message----- > > > From: Bgp-autoconf <bgp-autoconf-bounces@ietf.org> On Behalf Of Jeffrey Haas > > > Sent: Tuesday, June 22, 2021 3:32 PM > > > To: bgp-autoconf@ietf.org > > > Cc: idr-chairs@ietf.org > > > Subject: [Bgp-autoconf] bgp auto configuration -01 update after interim discussion > > > > > > Please find attached proposed updates to the auto-configuration Internet-Draft that attempts to address the consensus discussion at this week's IDR interim for auto configuration. > > > > > > I'd like to publish this on Friday. Your review is greatly appreciated. > > > > > > -- Jeff > > > > > > -- > > > Bgp-autoconf mailing list > > > Bgp-autoconf@ietf.org > > > https://www.ietf.org/mailman/listinfo/bgp-autoconf > > > > > -- > The computing scientist’s main challenge is not to get confused by the > complexities of his own making. > -- E. W. Dijkstra -- The computing scientist’s main challenge is not to get confused by the complexities of his own making. -- E. W. Dijkstra
- [Bgp-autoconf] bgp auto configuration -01 update … Jeffrey Haas
- Re: [Bgp-autoconf] bgp auto configuration -01 upd… Robert Raszuk
- Re: [Bgp-autoconf] bgp auto configuration -01 upd… Jeffrey Haas
- Re: [Bgp-autoconf] bgp auto configuration -01 upd… Robert Raszuk
- Re: [Bgp-autoconf] bgp auto configuration -01 upd… Jeffrey Haas
- Re: [Bgp-autoconf] bgp auto configuration -01 upd… Robert Raszuk
- Re: [Bgp-autoconf] bgp auto configuration -01 upd… Jeffrey Haas
- Re: [Bgp-autoconf] bgp auto configuration -01 upd… Robert Raszuk
- Re: [Bgp-autoconf] bgp auto configuration -01 upd… Jeffrey Haas
- Re: [Bgp-autoconf] bgp auto configuration -01 upd… Acee Lindem (acee)
- Re: [Bgp-autoconf] bgp auto configuration -01 upd… Jeffrey Haas
- Re: [Bgp-autoconf] bgp auto configuration -01 upd… Linda Dunbar
- Re: [Bgp-autoconf] bgp auto configuration -01 upd… Jeffrey Haas
- Re: [Bgp-autoconf] bgp auto configuration -01 upd… Dongjie (Jimmy)
- Re: [Bgp-autoconf] bgp auto configuration -01 upd… Jeffrey Haas
- Re: [Bgp-autoconf] bgp auto configuration -01 upd… Warren Kumari
- Re: [Bgp-autoconf] bgp auto configuration -01 upd… Warren Kumari