Re: [EME] First cut at eme requirements

Mark Baugher <mbaugher@cisco.com> Tue, 05 December 2006 20:29 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Grgv2-00026O-N8; Tue, 05 Dec 2006 15:29:36 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Grgv1-00024L-Gg for eme@irtf.org; Tue, 05 Dec 2006 15:29:35 -0500
Received: from sj-iport-4.cisco.com ([171.68.10.86]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Grguy-0001Jk-9x for eme@irtf.org; Tue, 05 Dec 2006 15:29:34 -0500
Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-4.cisco.com with ESMTP; 05 Dec 2006 12:29:31 -0800
Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id kB5KTV8E021236; Tue, 5 Dec 2006 12:29:31 -0800
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id kB5KTJjG021086; Tue, 5 Dec 2006 12:29:31 -0800 (PST)
Received: from xfe-sjc-211.amer.cisco.com ([171.70.151.174]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 5 Dec 2006 12:29:29 -0800
Received: from [192.168.0.11] ([10.21.144.168]) by xfe-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 5 Dec 2006 12:29:28 -0800
In-Reply-To: <E6F7A586E0A3F94D921755964F6BE00672E360@EXCHANGE2.cs.cornell.edu>
References: <E6F7A586E0A3F94D921755964F6BE00672E360@EXCHANGE2.cs.cornell.edu>
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <5A861CCC-06B3-4347-8D5F-212E6A4716D8@cisco.com>
Content-Transfer-Encoding: 7bit
From: Mark Baugher <mbaugher@cisco.com>
Subject: Re: [EME] First cut at eme requirements
Date: Tue, 5 Dec 2006 12:29:28 -0800
To: "Paul Francis" <francis@cs.cornell.edu>
X-Mailer: Apple Mail (2.752.2)
X-OriginalArrivalTime: 05 Dec 2006 20:29:28.0743 (UTC) FILETIME=[1021A370:01C718AC]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=4910; t=1165350571; x=1166214571; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=mbaugher@cisco.com; z=From:=20Mark=20Baugher=20<mbaugher@cisco.com> |Subject:=20Re=3A=20[EME]=20First=20cut=20at=20eme=20requirements |Sender:=20; bh=rvzAnLKdrdZ3aJ1TpKso59CiYx6+ccaFQp2dQ/npjqk=; b=QnvB/8mKlfp83CzpddMc70IzjybHEcdQCl3L8SuOUrKJia7J4PJgjxFs8HxBgA/rYLCfR71f y+PyZLR+afrt786na+gheUihUT5F1yS/G08UFlbMSyMKj8+GyBNoa/6f;
Authentication-Results: sj-dkim-3; header.From=mbaugher@cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 36b1f8810cb91289d885dc8ab4fc8172
Cc: eme <eme@irtf.org>
X-BeenThere: eme@irtf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: end-middle-end research group <eme.irtf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/eme>, <mailto:eme-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/eme>
List-Post: <mailto:eme@irtf.org>
List-Help: <mailto:eme-request@irtf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/eme>, <mailto:eme-request@irtf.org?subject=subscribe>
Errors-To: eme-bounces@irtf.org

On Dec 5, 2006, at 8:20 AM, Paul Francis wrote:

>
> So I guess what is meant by "does not disrupt" is key here.   
> Clearly we want
> a solution that doesn't completely disrupt communications when a  
> middle box
> crashes or paths change.  At a minimum, this means enough state at  
> the end
> systems that they can re-establish communications and, for  
> instance, continue
> a transport stream.  I took this minimum amount of robustness as a  
> given, but
> no harm in codifying it in the requirements doc.
>
> But if by "does not disrupt" you really mean does not disrupt in  
> any way
> (i.e. a voice call continues with nary a glitch), then obviously  
> more of a
> challenge.  There are several levels at which we could try to  
> achieve this:
>
> 1.  Design the protocols in such a way that we don't prevent the  
> deployment
> of redundant hot-failover, fast-reroute kinds of solutions in the
> infrastructure, should one wish to deploy this way.
> 2.  Keep this kind of requirement in mind, and design for it to the  
> extent
> that it doesn't overly complicate the protocol, but otherwise be  
> willing to
> forgo strong non-disruption.
> 3.  Make strong non-disruption a hard requirement.
>
> My feeling is that we should make a good effort to achieve 1 and 2,  
> but stop
> short of 3.

I don't think we want 3, either.  In hindsight, "does not disrupt" is  
a poor choice of words.  Tolerance to path change probably  
distinguishes one EME protocol from another.  Some EME protocols may  
be able to support the operational needs of more types of EME  
applications than others.  This is starting to sound more like an  
observation than a requirement to me, but as an example, an EME  
protocol might enable a middlebox to participate in the end-to-end  
security association in some way.  In this case, it might be okay for  
the endpoint and a middlebox to do an authenticated Diffie-Hellman  
once per session but no more.  So long as the middlebox that is  
incident to the new path is in the same security domain as the  
previous one, redundant or hot-failover is easily done.  If they are  
not in the same security domain, then endpoint policy probably would  
require that the new middlebox be completely authenticated.  In this  
case, a protocol that accomplishes the original goal without a  
relatively-slow crypto operation in response to path change would be  
preferred.

Mark
>
> PF
>
> -----Original Message-----
> From: Mark Baugher [mailto:mbaugher@cisco.com]
> Sent: Monday, December 04, 2006 6:24 PM
> To: Paul Francis
> Cc: eme
> Subject: Re: [EME] First cut at eme requirements
>
>
> On Dec 4, 2006, at 8:38 AM, Paul Francis wrote:
>
>>
>> Good question.  Probably we should have a statement on scale (i.e.
>> global).
>> As for the other two, I want to avoid "obvious" kinds of requirement
>> (i.e.
>> "the system must be robust").  Having said that, I'm certainly aware
>> that one can construct quite specific robustness statements ("the
>> system must be able to tolerate the loss of up to three servers with
>> zero measureable performance
>> degradation") that can have a major impact on system design.
>>
>> But am open to discussion on this.  Do you have any thoughts on how
>> such requirements would be crafted?
>
> Here's what I had in mind: To the extent that the middle box is  
> providing
> services to endpoints and is incident to the path between (or  
> among) the
> endpoints, what happens to end-to-end connectivity when the path  
> changes to
> use other middle boxes?  I think that a robust solution would not  
> disrupt the
> end-to-end communication as needed state is established in  
> different middle
> boxes.
>
> Mark
>
>>
>> PF
>>
>>
>>
>> -----Original Message-----
>> From: Mark Baugher [mailto:mbaugher@cisco.com]
>> Sent: Friday, December 01, 2006 6:47 PM
>> To: Paul Francis
>> Cc: eme
>> Subject: Re: [EME] First cut at eme requirements
>>
>> What are your thoughts on robustness, scalability and fault-recovery
>> requirements?
>>
>> Mark
>>
>> On Nov 28, 2006, at 7:30 AM, Paul Francis wrote:
>>
>>>
>>> Gang,
>>>
>>> Attached is a rough draft of a requirements document for EME.
>>> This is
>>> meant to be the union of the requirements that Handley and I
>>> presented at the BOF in Montreal.  The goal here is to be ambitious
>>> but realistic, and to try to limit ourselves to basic and important
>>> requirements.  This really is a rough draft, and is meant to  
>>> motivate
>>> and focus discussion.
>>>
>>> Mark W, could you post on the wiki when you get a chance?
>>>
>>> Thanks,
>>>
>>> PF (and Saikat)
>>> <eme-requirements.txt>
>>> _______________________________________________
>>> EME mailing list
>>> EME@irtf.org
>>> https://www1.ietf.org/mailman/listinfo/eme

_______________________________________________
EME mailing list
EME@irtf.org
https://www1.ietf.org/mailman/listinfo/eme