Re: [Gen-art] [OPSAWG] Genart early review of draft-ietf-opsawg-mud-08
"M. Ranganathan" <mranga@gmail.com> Thu, 31 August 2017 14:39 UTC
Return-Path: <mranga@gmail.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D6E8132DF0; Thu, 31 Aug 2017 07:39:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TPa7L4sAbQcd; Thu, 31 Aug 2017 07:39:10 -0700 (PDT)
Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 659C8132E13; Thu, 31 Aug 2017 07:39:07 -0700 (PDT)
Received: by mail-wm0-x233.google.com with SMTP id v2so6285104wmf.0; Thu, 31 Aug 2017 07:39:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=It9yk55Cg9x59By8gfRA1zp0v4KLs7UIz40Zw4xeD1g=; b=AjaTQkH2I5Tl31T+03GbPYVrcDsOsdy66ASICKClysQ6dZjeGOyg52KTQPygRDAb/d idQDXIkQ6/PgvhxJqdIrtzmeKZPe70LuJUl1DfRG4nI+cHXgCc17zux5Q6+V596f4Wg2 yDEgeO0Kj/mmz4gyeLrmMBXbD4adt/JqDWKmJXc55fYb/mR83WvYSMb+vSUqkjXOE1fK 4l2CV1xJVrRofeBmO5EiyjrPEysi4bovAhUmawbUcWXZHTH6BIY3ifNUUYffHp6FezsF Jdtgw0WiYSK1HRIv3NozPP1bo6cPJOs7Z4BztARWYdDtX9sNxCj/SUv4nycz773Xnthx CIDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=It9yk55Cg9x59By8gfRA1zp0v4KLs7UIz40Zw4xeD1g=; b=uEAuMRFGzDw2+AOIqZXHrg+xsEUCMme5FCqbixvxy93qqp2cSRMbRPvLAaLnmmBU2Y Cl9NHVk9CN7jLkf6hE01Lbv9l2noisLu0h7A96ogTNaP+e8dEONVSkWWQ1r+1/kbIwCl kPRfgbzvrSQsVeK25W+ILXU7xY1eN+8HDIseEktS1bnVspBsBzeM1EoESk1BFRORqWJC hhBtBrzx9a8FQ/cYjkfb4+88HomWFQRBfp4HOVVFZC9IR5quBZ9NrJb+asbypyy6Ozni S+OThYhYdyM3uq9Vedkz4Rjzt0QkZ/EN6CoVF/xHTxlM2srzDzlR88fGx54cPtVnzWpS A6iQ==
X-Gm-Message-State: AHPjjUiq8g6ODlje22/oYUa/kisOoCZYNoOMpDgLWGw8rIrr//8IxDKY NhhvQ2YL1zTwfsGAMfgyHQOYqWgO3Q==
X-Google-Smtp-Source: ADKCNb7zbhHE2Ulc3DVXkk4nmfGIHnXxu1R0sxAlirDfGtqhkFcBWXQRa1J1R7HQUuiOC5npM/nOIGU/onWoMFrRNnc=
X-Received: by 10.28.95.134 with SMTP id t128mr624749wmb.67.1504190345428; Thu, 31 Aug 2017 07:39:05 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.184.71 with HTTP; Thu, 31 Aug 2017 07:38:24 -0700 (PDT)
In-Reply-To: <8a26b512-495b-4315-a885-32acd41c5460@cisco.com>
References: <150411366399.21627.17047458871931107094@ietfa.amsl.com> <CAHiu4JMCtxFY9qu6q4h30Y=GExx69yLg7xRbSirgURy=7+4_Lw@mail.gmail.com> <8a26b512-495b-4315-a885-32acd41c5460@cisco.com>
From: "M. Ranganathan" <mranga@gmail.com>
Date: Thu, 31 Aug 2017 10:38:24 -0400
Message-ID: <CAHiu4JNQL60xjp2rBQ3t4ZAn63gNoN5LgTcGUG8k474DJvDgDQ@mail.gmail.com>
To: Eliot Lear <lear@cisco.com>
Cc: Robert Sparks <rjsparks@nostrum.com>, gen-art@ietf.org, draft-ietf-opsawg-mud.all@ietf.org, opsawg@ietf.org, ietf@ietf.org
Content-Type: multipart/alternative; boundary="001a1148e96e36c57605580d9b61"
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/FTDnMxYDOz5CzEYSadoWe0J6jKA>
Subject: Re: [Gen-art] [OPSAWG] Genart early review of draft-ietf-opsawg-mud-08
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Aug 2017 14:39:12 -0000
Hi Eliot, Reply in line below: On Thu, Aug 31, 2017 at 4:41 AM, Eliot Lear <lear@cisco.com> wrote: > Hi Ranga, > > Robert wrote a great review, and I'll respond to him in due course with > suggested changes. I wanted to take just a moment to comment to you on > your point: > > On 8/31/17 12:00 AM, M. Ranganathan wrote: > > > > On Wed, Aug 30, 2017 at 1:21 PM, Robert Sparks <rjsparks@nostrum.com> > wrote: > >> >> >> Right now, you leave the DHCP server (when it's used) responsible for >> clearing state in the MUD controller. Please discuss what happens when >> those are distinct elements (as you have in the end of section 9.2) and >> the DHCP server reboots. Perhaps it would make sense for the DHCP server >> to hand the length of the lease it has granted to the MUD controller and >> let the MUD controller clean up on its own? >> > > I would like to add a few words to the comprehensive review presented by > Robert Sparks (I hope it is proper etiquette on this list to do so). > > With respect to the observation above: > > There is also a cache timeout in the MUD profile. Does it make sense that > the MUD controller should take the minimum of the DHCP lease time and the > cache timeout and use that to time out the installed ACLs (?) The DHCP > server should also pass to the MUD controller, some way of identifying the > device to which the lease has been granted (for example the MAC address of > the device). > > The draft also not specify how the DHCP server will communicate with the > MUD controller (presumably via a simple REST interface but what is the URL > to be used and how are the parameters passed?). I think this should be > specified for interoperability between DHCP clients and MUD servers. Maybe > words describing this interaction can be added here. > > > That's right. At the moment, this is an "internalized" function. That is > to say that the DHCP server is said to be tightly coupled to the MUD > controller without standardized interfaces. In my first implementation, I > literally just tailed dhcpd syslog entries and triggered MUD based on > DHCPREQUEST messages. Clean-up state had to do with RELEASE or periodic > SNMP queries. Our implementation at Cisco does something different. > > However... if the OPSAWG would like, and there is interest, we can > formalize that interface. I don't want to do it in THIS draft (it's > already fairly involved), but there's nothing to say we couldn't do some > follow-on work. > > Fair enough? > > Eliot > No problem with waiting to see if there's interest from OPSAWG and others before considering this. By way of explanation on why I think this makes sense to standardize in MUD: I had envisioned an architecture where the MUD controller runs in the Service Provider cloud. The DHCP server would run in the CPE router (e.g. as part of the firmware on a home router + NAT ). If the statement above makes sense, since the home router is typically not made by the same party as the service provider software, I was thinking there should be a standardized interface between the DHCP server and MUD controller. Thanks. Ranga -- M. Ranganathan
- [Gen-art] Genart early review of draft-ietf-opsaw… Robert Sparks
- Re: [Gen-art] [OPSAWG] Genart early review of dra… M. Ranganathan
- Re: [Gen-art] [OPSAWG] Genart early review of dra… M. Ranganathan
- Re: [Gen-art] Genart early review of draft-ietf-o… Dale R. Worley
- Re: [Gen-art] [OPSAWG] Genart early review of dra… Einar Nilsen-Nygaard (einarnn)
- Re: [Gen-art] [OPSAWG] Genart early review of dra… Eliot Lear
- Re: [Gen-art] [OPSAWG] Genart early review of dra… M. Ranganathan
- Re: [Gen-art] Genart early review of draft-ietf-o… Eliot Lear
- Re: [Gen-art] Genart early review of draft-ietf-o… Robert Sparks
- Re: [Gen-art] Genart early review of draft-ietf-o… Eliot Lear