Re: [Dots] Role reversal in RFC7252

<mohamed.boucadair@orange.com> Tue, 12 November 2019 07:59 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16FB41200A1 for <dots@ietfa.amsl.com>; Mon, 11 Nov 2019 23:59:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x5t4L9T5sBlj for <dots@ietfa.amsl.com>; Mon, 11 Nov 2019 23:59:05 -0800 (PST)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.39]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE1FB120168 for <dots@ietf.org>; Mon, 11 Nov 2019 23:58:58 -0800 (PST)
Received: from opfedar02.francetelecom.fr (unknown [xx.xx.xx.4]) by opfedar26.francetelecom.fr (ESMTP service) with ESMTP id 47C0W51WyCzFq3v; Tue, 12 Nov 2019 08:58:57 +0100 (CET)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.95]) by opfedar02.francetelecom.fr (ESMTP service) with ESMTP id 47C0W50XrmzCql2; Tue, 12 Nov 2019 08:58:57 +0100 (CET)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBM24.corporate.adroot.infra.ftgroup ([fe80::b43f:9973:861e:42af%21]) with mapi id 14.03.0468.000; Tue, 12 Nov 2019 08:58:57 +0100
From: <mohamed.boucadair@orange.com>
To: Carsten Bormann <cabo@tzi.org>
CC: "dots@ietf.org" <dots@ietf.org>
Thread-Topic: Role reversal in RFC7252
Thread-Index: AdWWMCYu7mRjeWKMSre161Y2+4DxBQC9nnY0AAFJ0gA=
Date: Tue, 12 Nov 2019 07:58:55 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B9330313623BA@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <787AE7BB302AE849A7480A190F8B93303135F7FE@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <7A790E73-62A3-46CE-B821-25B315CBC269@tzi.org> <787AE7BB302AE849A7480A190F8B9330313622C7@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <EF3006CC-D9A3-47E5-AA80-FF21701750EC@tzi.org>
In-Reply-To: <EF3006CC-D9A3-47E5-AA80-FF21701750EC@tzi.org>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/esTh_j5j0_c_pFLwitlqXL0oCTU>
Subject: Re: [Dots] Role reversal in RFC7252
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Nov 2019 07:59:07 -0000

Re-,

Please see inline. 

Cheers,
Med

> -----Message d'origine-----
> De : Carsten Bormann [mailto:cabo@tzi.org]
> Envoyé : mardi 12 novembre 2019 07:59
> À : BOUCADAIR Mohamed TGI/OLN
> Cc : dots@ietf.org
> Objet : Re: Role reversal in RFC7252
> 
> On Nov 12, 2019, at 07:40, <mohamed.boucadair@orange.com>;
> <mohamed.boucadair@orange.com>; wrote:
> >
> > Hi Carsten,
> >
> > Fully agree if we model an endpoint as both a client and server.
> >
> > The concern I had is when we want to model an endpoint solely as an
> “client" (or as a server).
> 
> The question is why you would want to do this.

[Med] Our initial concerns were: (1) avoid duplicating functionality (CoAP keepalive vs application keepalive) and (2) avoid having dormant code. 

For the second one, I guess this can be controlled by limiting the code to the required functionality. As you can see in https://github.com/boucadair/draft-ietf-dots-signal-channel/blob/master/draft-ietf-dots-signal-channel-39.txt, we added this note:  

   DOTS clients and servers behave as CoAP endpoints.  By default, a
   DOTS client (or server) behaves as a CoAP client (or server).
   Nevertheless, a DOTS client (or server) behaves as a CoAP server (or
   client) for specific operations such as DOTS heartbeat operations
   (Section 4.7).  

> 
> The main point about a server is that its transport address (IP address +
> port number) needs to be known to talk to it.  (The client implicitly
> indicates its transport address in a request, and it only needs to be
> stable up to a response — which may include an observe notification later.)

[Med] ... assuming the state in on-path NATs/FWs is maintained.

> 
> So if your clients are hopping around on different addresses, role reversal
> requires the server-now-client to know the current one.  In a keep alive
> situation, I’d expect that to be the case, so there is very little against
> role reversal.

[Med] OK, thanks. 

In order to progress, we updated the spec with a DOTS heartbeat instead of CoAP ping messages. An example of such HB request is shown below:  
 
     Header: GET (Code=0.01)
     Uri-Path: ".well-known"
     Uri-Path: "dots"
     Uri-Path: "hb" 

FWIW, the required changes to the spec are straightforward: 

https://github.com/boucadair/draft-ietf-dots-signal-channel/blob/master/wdiff%20draft-ietf-dots-signal-channel-38.txt%20draft-ietf-dots-signal-channel-39.pdf

> 
> (I’m assuming DOTS environments are NAT free.)

[Med] We need to deal with both NATs and FWs. We are covering those details in the spec. These considerations will be valid with or without role reversal (observe notifications, for example).