IETF Logo Mail Archive

Re: [i2rs] Provisions for Client Redundancy/Fault Tolerance in draft-atlas-i2rs-architecture-01

Lou Berger <lberger@labn.net> Wed, 14 August 2013 19:20 UTC

Return-Path: <lberger@labn.net>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 837FD21E80DB for <i2rs@ietfa.amsl.com>; Wed, 14 Aug 2013 12:20:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.265
X-Spam-Level:
X-Spam-Status: No, score=-102.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W5p1ujvz7tKx for <i2rs@ietfa.amsl.com>; Wed, 14 Aug 2013 12:20:04 -0700 (PDT)
Received: from oproxy13-pub.mail.unifiedlayer.com (oproxy13-pub.mail.unifiedlayer.com [69.89.16.30]) by ietfa.amsl.com (Postfix) with SMTP id C596611E8191 for <i2rs@ietf.org>; Wed, 14 Aug 2013 12:19:54 -0700 (PDT)
Received: (qmail 31801 invoked by uid 0); 14 Aug 2013 19:19:33 -0000
Received: from unknown (HELO box313.bluehost.com) (69.89.31.113) by oproxy13.mail.unifiedlayer.com with SMTP; 14 Aug 2013 19:19:33 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=labn.net; s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=QfO+NZSAOdvXCCeFoOpGYokaxRxceorD4emfL+bgKSI=; b=r7qvmRcD9+sv6u5KU0w9V3piN0tfO11FuJeG4hMZHC4AbHeD6P3uCuGTDbuZV+HonGxrb6qZmOTqITdPKF61TR5rt4rhDLW7028PAzqaoPHQVeXPUgNgyJSCYNdtw0q/;
Received: from box313.bluehost.com ([69.89.31.113]:48454 helo=[127.0.0.1]) by box313.bluehost.com with esmtpa (Exim 4.80) (envelope-from <lberger@labn.net>) id 1V9gbU-0004NW-Uj; Wed, 14 Aug 2013 13:19:33 -0600
Message-ID: <520BD843.3060007@labn.net>
Date: Wed, 14 Aug 2013 15:19:31 -0400
From: Lou Berger <lberger@labn.net>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Joe Marcus Clarke <jclarke@cisco.com>, Alia Atlas <akatlas@gmail.com>
References: <51FA492D.3070402@labn.net> <CAG4d1rd33Xu-zOQWKeK2ZT7qE3r6kddKk_=VqSaGp5E31usjqQ@mail.gmail.com> <51FA792E.3040908@cisco.com> <6BCE198E4EAEFC4CAB45D75826EFB07602F7B029@eusaamb101.ericsson.se> <51FA7B9E.8000102@cisco.com> <CAG4d1reE5iJDnFW4QWF9oXsORGrdDTx4g5twjsOCRst8zTbHYQ@mail.gmail.com> <51FAEF39.9020102@cisco.com> <CAG4d1renR+EajJ9-+gZ4u80XnyOFDy6RrRq-qJ3K48Eohv5Teg@mail.gmail.com> <520BC310.5030902@cisco.com>
In-Reply-To: <520BC310.5030902@cisco.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Identified-User: {1038:box313.bluehost.com:labnmobi:labn.net} {sentby:smtp auth 69.89.31.113 authed with lberger@labn.net}
Cc: "i2rs@ietf.org" <i2rs@ietf.org>, Joel Halpern <joel.halpern@ericsson.com>
Subject: Re: [i2rs] Provisions for Client Redundancy/Fault Tolerance in draft-atlas-i2rs-architecture-01
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/i2rs>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Aug 2013 19:20:09 -0000

I agree, a fine start.  There's room to add/relocate in the future.

Thanks!

Lou

On 08/14/2013 01:49 PM, Joe Marcus Clarke wrote:
> On 8/13/13 4:58 PM, Alia Atlas wrote:
>> I am going to publish an updated version of
>> draft-atlas-i2rs-architecture without fully addressing this point.
>>
>> I did add in a new subsection (6.4.1 Client Redundancy) under 6.4
>> Identity and Security Role that says:
>>
>> "I2RS must support client redundancy.  At the simplest, this can be
>> handled by having a primary and a backup network application that both
>> use the same client identity and can successfully authenticate as
>> such.  Since I2RS does not require a continuous transport connection
>> and supports multiple transport sessions, this can provide some basic
>> redundancy.  However, it does not address concerns for troubleshooting
>> and accountability about knowing which network application is actually
>> active.  At a minimum, basic transport information about each
>> connection and time can be logged with the identity.  Further
>> discussion is necessary to determine whether additional client
>> identification information is necessary.[[Editor's
>> note: This requires more discussion in the working group.]]"
> 
> This is fine as a start.  I would want to strengthen the language to
> ensure that an I2RS Agent always stores Client connection information
> with a timestamp.  This information should be queriable via I2RS (with
> appropriate read scope).
> 
> Joe
> 
>>
>> Alia
>>
>>
>> On Thu, Aug 1, 2013 at 7:28 PM, Joe Marcus Clarke <jclarke@cisco.com
>> <mailto:jclarke@cisco.com>> wrote:
>>
>>     On 8/1/13 11:19 AM, Alia Atlas wrote:
>>     > Joe,
>>     >
>>     > Ok - so what I hear from you is needed is the
>>     >    client role
>>     >    client identity
>>     >    sub-client identity?
>>     >
>>     > Where the permissions and ownership of state is tied to the client
>>     role?
>>     >  Does that match to what you are saying?  I believe we're assuming
>>     that
>>     > the ownership of state is tied to the client identity - and you are
>>     > suggesting that if so, we need a client sub-identity or such?
>>
>>     Yes, I think that is in line with what I'm suggesting.  If we can allow
>>     Client A to assume the identity of Client B using the same credentials,
>>     I would want some way to know that this is indeed Client B now acting on
>>     behalf of either itself or some northbound controller.
>>
>>     Joe
>>
>>     >
>>     > Alia
>>     >
>>     >
>>     > On Thu, Aug 1, 2013 at 11:15 AM, Joe Marcus Clarke
>>     <jclarke@cisco.com <mailto:jclarke@cisco.com>
>>     > <mailto:jclarke@cisco.com <mailto:jclarke@cisco.com>>> wrote:
>>     >
>>     >     On 8/1/13 11:11 AM, Joel Halpern wrote:
>>     >     > The client is the entity that is authenticated and
>>     authorized. If the
>>     >     > client is acting on behalf of someone else, we assume that the
>>     >     > authentication and authorization of that party is the task
>>     of the
>>     >     client
>>     >     > and outside our scope. However we include that identity so that
>>     >     actions
>>     >     > can be easily correlated with originators.
>>     >
>>     >     Right.  I get that.  I had thought we were talking about two
>>     clients
>>     >     that might be redundant to each other where Client 1 dies and
>>     Client 2
>>     >     assumes its identity to make changes possibly driven by northbound
>>     >     actors.  Even in this case, I feel Client 2 still needs to
>>     maintain a
>>     >     unique identification to the I2RS agent so that one can trace the
>>     >     operation back to the specific I2RS client (in addition to the
>>     >     northbound actor).
>>     >
>>     >     Joe
>>     >
>>     >     >
>>     >     > Yours,
>>     >     > Joel
>>     >     >
>>     >     > Sent from my Android phone using TouchDown
>>     (www.nitrodesk.com <http://www.nitrodesk.com>
>>     >     <http://www.nitrodesk.com>)
>>     >     >
>>     >     > -----Original Message-----
>>     >     > *From:* Joe Marcus Clarke [jclarke@cisco.com
>>     <mailto:jclarke@cisco.com>
>>     >     <mailto:jclarke@cisco.com <mailto:jclarke@cisco.com>>]
>>     >     > *Received:* Thursday, 01 Aug 2013, 17:07
>>     >     > *To:* Alia Atlas [akatlas@gmail.com
>>     <mailto:akatlas@gmail.com> <mailto:akatlas@gmail.com
>>     <mailto:akatlas@gmail.com>>]
>>     >     > *CC:* Lou Berger [lberger@labn.net <mailto:lberger@labn.net>
>>     <mailto:lberger@labn.net <mailto:lberger@labn.net>>];
>>     >     i2rs@ietf.org <mailto:i2rs@ietf.org> <mailto:i2rs@ietf.org
>>     <mailto:i2rs@ietf.org>> [i2rs@ietf.org <mailto:i2rs@ietf.org>
>>     >     <mailto:i2rs@ietf.org <mailto:i2rs@ietf.org>>]; Joel
>>     >     > Halpern [joel.halpern@ericsson.com
>>     <mailto:joel.halpern@ericsson.com> <mailto:joel.halpern@ericsson.com
>>     <mailto:joel.halpern@ericsson.com>>]
>>     >     > *Subject:* Re: [i2rs] Provisions for Client Redundancy/Fault
>>     Tolerance
>>     >     > in draft-atlas-i2rs-architecture-01
>>     >     >
>>     >     > On 8/1/13 7:51 AM, Alia Atlas wrote:
>>     >     >> Not to answer for Joel, but my view is that a client is
>>     identified by
>>     >     >> its identity.  A different application can take over from the
>>     >     first by
>>     >     >> using the same identity.  Loss of a transport session does
>>     not cause
>>     >     >> existing client state to be removed (in the architecture) - so
>>     >     there is
>>     >     >> the ability for a new application to take over.
>>     >     >>
>>     >     >> Does that help?
>>     >     >
>>     >     > That worries me without more discussion about authentication.
>>     >     > Additionally, from a troubleshooting standpoint, if I can
>>     assume the
>>     >     > same identity as another client, how can I be absolutely
>>     sure which
>>     >     > client does what to the agent?  I feel there needs to be more to
>>     >     ensure
>>     >     > accountability of what client does what, certainly from a
>>     security
>>     >     > perspective, but also from a troubleshooting perspective.
>>     >     >
>>     >     > Joe
>>     >     >
>>     >     >>
>>     >     >> Alia
>>     >     >>
>>     >     >>
>>     >     >> On Thu, Aug 1, 2013 at 7:40 AM, Lou Berger
>>     <lberger@labn.net <mailto:lberger@labn.net>
>>     >     <mailto:lberger@labn.net <mailto:lberger@labn.net>>
>>     >     >> <mailto:lberger@labn.net <mailto:lberger@labn.net>
>>     <mailto:lberger@labn.net <mailto:lberger@labn.net>>>> wrote:
>>     >     >>
>>     >     >>     Hi Joel,
>>     >     >>             In today's session, I asked about provisions in the
>>     >     architecture
>>     >     >>     (document) for Client Redundancy/Fault Tolerance. I believe
>>     >     you stated
>>     >     >>     that "it's not needed" and that you'd elaborate on the
>>     list.
>>     >     >>
>>     >     >>     I believe you also answered a latter question by
>>     stating that
>>     >     clients
>>     >     >>     are free to coordinate between themselves to provide
>>     >     redundancy. Is this
>>     >     >>     the simple answer?  If not, can you elaborate?
>>     >     >>
>>     >     >>     Thanks,
>>     >     >>     Lou
>>     >     >>     _______________________________________________
>>     >     >>     i2rs mailing list
>>     >     >>     i2rs@ietf.org <mailto:i2rs@ietf.org>
>>     <mailto:i2rs@ietf.org <mailto:i2rs@ietf.org>> <mailto:i2rs@ietf.org
>>     <mailto:i2rs@ietf.org>
>>     >     <mailto:i2rs@ietf.org <mailto:i2rs@ietf.org>>>
>>     >     >>     https://www.ietf.org/mailman/listinfo/i2rs
>>     >     >>
>>     >     >>
>>     >     >>
>>     >     >>
>>     >     >> _______________________________________________
>>     >     >> i2rs mailing list
>>     >     >> i2rs@ietf.org <mailto:i2rs@ietf.org> <mailto:i2rs@ietf.org
>>     <mailto:i2rs@ietf.org>>
>>     >     >> https://www.ietf.org/mailman/listinfo/i2rs
>>     >     >>
>>     >     >
>>     >     >
>>     >     > --
>>     >     > Joe Marcus Clarke, CCIE #5384,         |          |
>>     >     > SCJP, SCSA, SCNA, SCSECA, VCP        |||||      |||||
>>     >     > Distinguished Services Engineer ..:|||||||||::|||||||||:..
>>     >     > Phone: +1 (919) 392-2867 <tel:%2B1%20%28919%29%20392-2867>
>>     <tel:%2B1%20%28919%29%20392-2867>
>>     >     c i s c o  S y s t e m s
>>     >     > Email: jclarke@cisco.com <mailto:jclarke@cisco.com>
>>     <mailto:jclarke@cisco.com <mailto:jclarke@cisco.com>>
>>     >     >
>>     >     >
>>     >    
>>     ----------------------------------------------------------------------------
>>     >
>>     >
>>     >     --
>>     >     Joe Marcus Clarke, CCIE #5384,         |          |
>>     >     SCJP, SCSA, SCNA, SCSECA, VCP        |||||      |||||
>>     >     Distinguished Services Engineer ..:|||||||||::|||||||||:..
>>     >     Phone: +1 (919) 392-2867 <tel:%2B1%20%28919%29%20392-2867>
>>     <tel:%2B1%20%28919%29%20392-2867>         c
>>     >     i s c o  S y s t e m s
>>     >     Email: jclarke@cisco.com <mailto:jclarke@cisco.com>
>>     <mailto:jclarke@cisco.com <mailto:jclarke@cisco.com>>
>>     >
>>     >    
>>     ----------------------------------------------------------------------------
>>     >
>>     >
>>
>>
>>     --
>>     Joe Marcus Clarke, CCIE #5384,         |          |
>>     SCJP, SCSA, SCNA, SCSECA, VCP        |||||      |||||
>>     Distinguished Services Engineer ..:|||||||||::|||||||||:..
>>     Phone: +1 (919) 392-2867 <tel:%2B1%20%28919%29%20392-2867>         c
>>     i s c o  S y s t e m s
>>     Email: jclarke@cisco.com <mailto:jclarke@cisco.com>
>>
>>     ----------------------------------------------------------------------------
>>
>>
>>
>>
>> _______________________________________________
>> i2rs mailing list
>> i2rs@ietf.org
>> https://www.ietf.org/mailman/listinfo/i2rs
>>
> 
>

v2.23.0 | Report a Bug | By Email