IETF Logo Mail Archive

Re: [Dots] Role reversal in RFC7252

<mohamed.boucadair@orange.com> Tue, 12 November 2019 07:59 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16FB41200A1 for <dots@ietfa.amsl.com>; Mon, 11 Nov 2019 23:59:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x5t4L9T5sBlj for <dots@ietfa.amsl.com>; Mon, 11 Nov 2019 23:59:05 -0800 (PST)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.39]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE1FB120168 for <dots@ietf.org>; Mon, 11 Nov 2019 23:58:58 -0800 (PST)
Received: from opfedar02.francetelecom.fr (unknown [xx.xx.xx.4]) by opfedar26.francetelecom.fr (ESMTP service) with ESMTP id 47C0W51WyCzFq3v; Tue, 12 Nov 2019 08:58:57 +0100 (CET)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.95]) by opfedar02.francetelecom.fr (ESMTP service) with ESMTP id 47C0W50XrmzCql2; Tue, 12 Nov 2019 08:58:57 +0100 (CET)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBM24.corporate.adroot.infra.ftgroup ([fe80::b43f:9973:861e:42af%21]) with mapi id 14.03.0468.000; Tue, 12 Nov 2019 08:58:57 +0100
From: mohamed.boucadair@orange.com
To: Carsten Bormann <cabo@tzi.org>
CC: "dots@ietf.org" <dots@ietf.org>
Thread-Topic: Role reversal in RFC7252
Thread-Index: AdWWMCYu7mRjeWKMSre161Y2+4DxBQC9nnY0AAFJ0gA=
Date: Tue, 12 Nov 2019 07:58:55 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B9330313623BA@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <787AE7BB302AE849A7480A190F8B93303135F7FE@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <7A790E73-62A3-46CE-B821-25B315CBC269@tzi.org> <787AE7BB302AE849A7480A190F8B9330313622C7@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <EF3006CC-D9A3-47E5-AA80-FF21701750EC@tzi.org>
In-Reply-To: <EF3006CC-D9A3-47E5-AA80-FF21701750EC@tzi.org>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/esTh_j5j0_c_pFLwitlqXL0oCTU>
Subject: Re: [Dots] Role reversal in RFC7252
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Nov 2019 07:59:07 -0000

Re-,

Please see inline. 

Cheers,
Med

> -----Message d'origine-----
> De : Carsten Bormann [mailto:cabo@tzi.org]
> Envoyé : mardi 12 novembre 2019 07:59
> À : BOUCADAIR Mohamed TGI/OLN
> Cc : dots@ietf.org
> Objet : Re: Role reversal in RFC7252
> 
> On Nov 12, 2019, at 07:40, <mohamed.boucadair@orange.com>
> <mohamed.boucadair@orange.com> wrote:
> >
> > Hi Carsten,
> >
> > Fully agree if we model an endpoint as both a client and server.
> >
> > The concern I had is when we want to model an endpoint solely as an
> “client" (or as a server).
> 
> The question is why you would want to do this.

[Med] Our initial concerns were: (1) avoid duplicating functionality (CoAP keepalive vs application keepalive) and (2) avoid having dormant code. 

For the second one, I guess this can be controlled by limiting the code to the required functionality. As you can see in https://github.com/boucadair/draft-ietf-dots-signal-channel/blob/master/draft-ietf-dots-signal-channel-39.txt, we added this note:  

   DOTS clients and servers behave as CoAP endpoints.  By default, a
   DOTS client (or server) behaves as a CoAP client (or server).
   Nevertheless, a DOTS client (or server) behaves as a CoAP server (or
   client) for specific operations such as DOTS heartbeat operations
   (Section 4.7).  

> 
> The main point about a server is that its transport address (IP address +
> port number) needs to be known to talk to it.  (The client implicitly
> indicates its transport address in a request, and it only needs to be
> stable up to a response — which may include an observe notification later.)

[Med] ... assuming the state in on-path NATs/FWs is maintained.

> 
> So if your clients are hopping around on different addresses, role reversal
> requires the server-now-client to know the current one.  In a keep alive
> situation, I’d expect that to be the case, so there is very little against
> role reversal.

[Med] OK, thanks. 

In order to progress, we updated the spec with a DOTS heartbeat instead of CoAP ping messages. An example of such HB request is shown below:  
 
     Header: GET (Code=0.01)
     Uri-Path: ".well-known"
     Uri-Path: "dots"
     Uri-Path: "hb" 

FWIW, the required changes to the spec are straightforward: 

https://github.com/boucadair/draft-ietf-dots-signal-channel/blob/master/wdiff%20draft-ietf-dots-signal-channel-38.txt%20draft-ietf-dots-signal-channel-39.pdf

> 
> (I’m assuming DOTS environments are NAT free.)

[Med] We need to deal with both NATs and FWs. We are covering those details in the spec. These considerations will be valid with or without role reversal (observe notifications, for example).

v2.23.0 | Report a Bug | By Email