IETF Logo Mail Archive

Re: [Capwap] NAT issue and new message element

"Romascanu, Dan (Dan)" <dromasca@avaya.com> Tue, 26 January 2010 10:15 UTC

Return-Path: <capwap-bounces+capwap-archive=lists.ietf.org@frascone.com>
X-Original-To: ietfarch-capwap-archive@core3.amsl.com
Delivered-To: ietfarch-capwap-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ACE383A67AD for <ietfarch-capwap-archive@core3.amsl.com>; Tue, 26 Jan 2010 02:15:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.282
X-Spam-Level:
X-Spam-Status: No, score=-0.282 tagged_above=-999 required=5 tests=[AWL=-1.825, BAYES_00=-2.599, CN_BODY_35=0.339, J_CHICKENPOX_52=0.6, MIME_BASE64_TEXT=1.753, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kbvbot0PTjn9 for <ietfarch-capwap-archive@core3.amsl.com>; Tue, 26 Jan 2010 02:15:38 -0800 (PST)
Received: from lists.tigertech.net (lists.tigertech.net [64.62.209.34]) by core3.amsl.com (Postfix) with ESMTP id D323C3A63EC for <capwap-archive@lists.ietf.org>; Tue, 26 Jan 2010 02:15:38 -0800 (PST)
Received: from zoidberg.tigertech.net (localhost [127.0.0.1]) by zoidberg.tigertech.net (Postfix) with ESMTP id C2C45E18229 for <capwap-archive@lists.ietf.org>; Tue, 26 Jan 2010 02:15:48 -0800 (PST)
Received: from mx3.tigertech.net (morbo.tigertech.net [67.131.251.53]) by lists.tigertech.net (Postfix) with ESMTP id 8AF0CE240E1 for <capwap@lists.tigertech.net>; Tue, 26 Jan 2010 02:15:43 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mx3.tigertech.net (Postfix) with ESMTP id 5713D19DDF7 for <capwap@frascone.com>; Tue, 26 Jan 2010 02:15:43 -0800 (PST)
X-Virus-Scanned: Debian amavisd-new at morbo.tigertech.net
Received: from mx3.tigertech.net (localhost [127.0.0.1]) by mx3.tigertech.net (Postfix) with ESMTP id A66F719DDE7 for <capwap@frascone.com>; Tue, 26 Jan 2010 02:15:42 -0800 (PST)
X-TigerTech-Content-Filter: Clean
X-TigerTech-Spam-Status: Level 0 (High) (P0); Whitelisted TTSSA (dromasca@avaya.com whitelisted)
Received: from p-us1-iereast-outbound-tmp.us1.avaya.com (nj300815-nj-outbound.net.avaya.com [135.11.29.16]) by mx3.tigertech.net (Postfix) with ESMTP for <capwap@frascone.com>; Tue, 26 Jan 2010 02:15:42 -0800 (PST)
X-IronPort-AV: E=Sophos;i="4.49,345,1262581200"; d="scan'208";a="1662727"
Received: from unknown (HELO co300216-co-erhwest.avaya.com) ([198.152.7.5]) by p-us1-iereast-outbound-tmp.us1.avaya.com with ESMTP; 26 Jan 2010 05:15:41 -0500
Received: from unknown (HELO 307622ANEX5.global.avaya.com) ([135.64.140.11]) by co300216-co-erhwest-out.avaya.com with ESMTP; 26 Jan 2010 05:15:39 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Tue, 26 Jan 2010 11:15:31 +0100
Message-ID: <EDC652A26FB23C4EB6384A4584434A0401E957AB@307622ANEX5.global.avaya.com>
In-Reply-To: <007801ca9e70$3615e210$7a449a0a@h3c.huawei3com.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: NAT issue and new message element
Thread-Index: AcqcprveNuuKdJCPS0+7LqXFIzj9XQBxK5xQAAC8lLAAAC+uEAAAVmRw
References: <007801ca9e70$3615e210$7a449a0a@h3c.huawei3com.com>
From: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
To: young <young@h3c.com>, mrw@lilacglade.org, "Mani, Mahalingam (Mani)" <mmani@avaya.com>
Cc: capwap-chairs@tools.ietf.org, capwap@frascone.com, Richard <rishyang@gmail.com>, yozhang@gmail.com, "Bert (IETF) Wijnen" <bertietf@bwijnen.net>
Subject: Re: [Capwap] NAT issue and new message element
X-BeenThere: capwap@frascone.com
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: A list for CAPWAP technical discussions <capwap.frascone.com>
List-Post: <mailto:capwap@frascone.com>
X-Tigertech-Mailman-Hint: 636170776170
List-Subscribe: <http://lists.frascone.com/mailman/listinfo/capwap>, <mailto:capwap-request@frascone.com?subject=subscribe>
List-Unsubscribe: <http://lists.frascone.com/mailman/listinfo/capwap>, <mailto:capwap-request@frascone.com?subject=unsubscribe>
List-Archive: <http://lists.frascone.com/pipermail/capwap>
List-Help: <mailto:capwap-request@frascone.com?subject=help>
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
Errors-To: capwap-bounces+capwap-archive=lists.ietf.org@frascone.com

Second thought - adding a new message element would require the document to be Standards Track because it updates RFC 5415. Another IETF Last Call would be mandatory for this purpose. I was not thinking about reissuing 5415, but working in sections 9.1 and 9.2 of this document. 

To stay with informational status you need to use the vendorID. Would existing implementations accept vendorID = 0 as the 'CAPWAP vendorID' or would they report an error for a zero value? The protocol implementers need again have their saying, bit if zero can be an error than you can apply for a CAPWAP WG vendor ID (the registry at http://www.iana.org/assignments/enterprise-numbers is FCFS) and use it leaving the rest exactly as defined currently in the document.  

BTW - the current problem is a good example of the consequences of defining the management interface after the protocol, and not while the protocol is designed. Unfortunately many WGs in the IETF make this mistake. 

Regards,

Dan 

> -----Original Message-----
> From: young [mailto:young@h3c.com] 
> Sent: Tuesday, January 26, 2010 12:14 PM
> To: Romascanu, Dan (Dan); mrw@lilacglade.org; Mani, Mahalingam (Mani)
> Cc: capwap-chairs@tools.ietf.org; capwap@frascone.com; 
> yozhang@gmail.com; dorothy.gellert@gmail.com; 'Richard'
> Subject: NAT issue and new message element
> 
> Dear Dan and chairs:
> 
> According to Pasi' comments, there is only issue left.
> Please confirm whether the changes to the NAT issue is ok 
> (two new MIB objects would be added)?
> 
> Also, I need you give confirm:
> ////////////
> To issue "section 9.1 and 9.2", I am clear with VendorID = 0. 
> For method of new CAPWAP message element, I need double 
> confirm your suggestion. It means:
> 1) Remove the 9.1 and 9.2 in the MIB draft (also need update 
> the MIB object's reference part). Corresponding to them, add 
> new messages elements in the RFC5415. 
> or
> 2) Defines an extensible messages element in the RFC5415. 
> Based on this new message format, updates the section 9.1 and 
> 9.2 in the MIB drafts.
> 
> I suppose all of you mean 1), since this question is very 
> important, I have To double confirm with all of you before I 
> send the proposal text to Pasi.
> 
> Regards
> Richard
> 
> 
> -----邮件原件-----
> 发件人: young [mailto:young@h3c.com]
> 发送时间: 2010年1月26日 18:05
> 收件人: 'Pasi.Eronen@nokia.com'
> 抄送: 'capwap-chairs@tools.ietf.org'; 'capwap@frascone.com'; 
> 'dromasca@avaya.com'; 'yozhang@gmail.com'; 'iesg@ietf.org'; 
> 'draft-ietf-capwap-base-mib@tools.ietf.org'
> 主题: There is one issue (commented by Pasi) left
> 
> Hi, Pasi:
> 
> Thanks a lot. 
> So for your comments, there is only one issue (about section 
> 9.1/9.2) left.
> I would try to give reply by tomorrow.
> 
> BTW, in the end, once we could close this last issue, I would 
> Put all the changes required in one email, then asked you 
> give a double Confirm.
> Thanks for your guidance. 
> 
> Regards
> Richard
> 
> -----邮件原件-----
> 发件人: Pasi.Eronen@nokia.com [mailto:Pasi.Eronen@nokia.com]
> 发送时间: 2010年1月26日 17:49
> 收件人: young@h3c.com
> 抄送: capwap-chairs@tools.ietf.org; capwap@frascone.com; 
> dromasca@avaya.com; yozhang@gmail.com; iesg@ietf.org; 
> draft-ietf-capwap-base-mib@tools.ietf.org
> 主题: RE: Please check my comments,thanks (draft-ietf-capwap-base-mib)
> 
> shiyang 00338 wrote:
> 
> >> I'm still not sure the MIB object is useful. First of all, 
> such DTLS 
> >> configuration MIB does not currently exist (and is not 
> even planned). 
> >> Second, it hard-codes an assumption that all WTPs 
> connected to an AC 
> >> use same type of authentication. The CAPWAP protocol itself would 
> >> allow some WTPs so use X.509 and others PSK, so if your AC 
> >> implementation supports this, it can't implement this MIB object.
> >> 
> >> BTW, the same limitation seems to apply to e.g. 
> >> capwapBaseDataChannelDTLSPolicyConfig, too -- if your AC supports 
> >> configuring DTLS for only some WTPs (perhaps those located in 
> >> physically less secure environments), it cannot implement this MIB 
> >> object.
> >> 
> >> If the WG feels this MIB object is anyway useful, at the 
> very least 
> >> it should point out that many ACs may not be able to implement it.
> 
> > ////////////////////
> > [Richard]
> > Any way, the configuration of such authentication parameter 
> should not 
> > be in the scope of CAPWAP MIB (I explained it in the last 
> email).  As 
> > per Pasi's comments, I agree to remove both 
> > capwapBaseControlChannelAuthenConfig and 
> > capwapBaseDataChannelDTLSPolicyConfig.
> 
> OK.
> 
> >>> [Richard]
> >>> Yes, capwapBaseWtpState indicates the AC's CAPWAP FSM 
> state for each 
> >>> WTP, not the WTP's FSM.  The capwapBaseWtpState is a MIB 
> object on 
> >>> the AC.
> > 
> >> OK; please clarify the description accordingly.
> >
> > //////////
> > [Richard]
> > The description would be modified:
> > capwapBaseWtpStateTable OBJECT-TYPE
> >     SYNTAX      SEQUENCE OF CapwapBaseWtpStateEntry
> >     MAX-ACCESS  not-accessible
> >     STATUS      current
> >     DESCRIPTION
> >         "A table of objects that indicate the AC's CAPWAP FSM state
> >          for each WTP, and helps the operator to query the WTPs'
> >          current
> >          configuration."
> >     ::= { capwapBaseWtps 2 }
> > 
> > capwapBaseWtpStateEntry  OBJECT-TYPE
> >     SYNTAX      CapwapBaseWtpStateEntry
> >     MAX-ACCESS  not-accessible
> >     STATUS      current
> >     DESCRIPTION
> >         "A set of objects that display the AC's CAPWAP FSM state
> >          for each WTP.
> >          Also, the operator could query the current configuration
> >          of a WTP by using the identifier of the corresponding
> >          WTP profile."
> >     INDEX { capwapBaseWtpStateWtpId }
> >     ::= { capwapBaseWtpStateTable 1 }
> > 
> > capwapBaseWtpStateEntry  OBJECT-TYPE
> >     SYNTAX      CapwapBaseWtpStateEntry
> >     MAX-ACCESS  not-accessible
> >     STATUS      current
> >     DESCRIPTION
> >         "A set of objects that display the AC's CAPWAP FSM state
> >          for each WTP.
> >          Also, the operator could query the current configuration
> >          of a WTP by using the identifier of the corresponding
> >          WTP profile."
> >     INDEX { capwapBaseWtpStateWtpId }
> >     ::= { capwapBaseWtpStateTable 1 }
> > 
> >     capwapBaseWtpState  OBJECT-TYPE
> >     SYNTAX      INTEGER {
> >                   dtls(1),
> >                   join(2),
> >                   image(3),
> >                   configure(4),
> >                   dataCheck(5),
> >                   run(6),
> >                   reset(7),
> >                   dtlsTeardown(8),
> >                   unknown(9)
> >                 }
> >     MAX-ACCESS  read-only
> >     STATUS      current
> >     DESCRIPTION
> >         "Represents the various possible the AC's CAPWAP FSM state
> >          for each WTP.
> >          The following enumerated values are supported:
> >            dtls(1)         - DTLS negotiation states, which include
> >                              DTLS setup, authorize, DTLS connect
> >            join(2)         - The WTP is joining with the AC
> >            image(3)        - The WTP is downloading software
> >            configure(4)    - The WTP is getting configuration from
> >                              the AC
> >            dataCheck(5)    - The AC is waiting for the Data Channel
> >                              Keep Alive Packet
> >            run(6)          - The WTP enters the running state
> >            reset(7)        - The AC transmits a reset 
> request message
> >                              to the WTP
> >            dtlsTeardown(8) - DTLS session is tear down
> >            unknown(9)      - Operator already prepared configuration
> >                              for the WTP, while the WTP has 
> not contact
> >                              with the AC till now"
> >     REFERENCE
> >         "Section 2.3.1. of CAPWAP Protocol Specification, RFC 5415."
> >     ::= { capwapBaseWtpStateEntry 5 }
> > 
> > The section 6 also needs change:
> >    4) capwapBaseWtpStateTable
> >    The WTPs status table is used to indicate the AC's 
> CAPWAP FSM state
> >    for each WTP, and helps operator to query WTPs' current 
> > configuration.
> 
> Looks good!
> 
> <snip>
> (I see there're separate emails about the NAT-related things, 
> so I'm omitting those from here.)
> 
> <snip>
> >>> [Richard] You are correct, it is not required to give a 
> scope limit 
> >>> to the capwapBaseMacAclId. The editors misunderstood the 
> value 255 
> >>> mentioned in the RFC5415.
> >> 
> >> OK.
> >
> > ////////////////
> > [Richard]
> > the change would be:
> > capwapBaseMacAclId OBJECT-TYPE
> >     SYNTAX      Unsigned32
> >     MAX-ACCESS  not-accessible
> >     STATUS      current
> >     DESCRIPTION
> >         "Represents the unique identifier of an ACL."
> >     ::= { capwapBaseMacAclEntry 1 }
> 
> Looks good!
> 
> Best regards,
> Pasi
> 
> 
> 
> 
_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/capwap

Archives: http://lists.frascone.com/pipermail/capwap

v2.23.0 | Report a Bug | By Email