Re: [i2rs] Provisions for Client Redundancy/Fault Tolerance in draft-atlas-i2rs-architecture-01
Lou Berger <lberger@labn.net> Wed, 14 August 2013 19:20 UTC
Return-Path: <lberger@labn.net>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 837FD21E80DB for <i2rs@ietfa.amsl.com>; Wed, 14 Aug 2013 12:20:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.265
X-Spam-Level:
X-Spam-Status: No, score=-102.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W5p1ujvz7tKx for <i2rs@ietfa.amsl.com>; Wed, 14 Aug 2013 12:20:04 -0700 (PDT)
Received: from oproxy13-pub.mail.unifiedlayer.com (oproxy13-pub.mail.unifiedlayer.com [69.89.16.30]) by ietfa.amsl.com (Postfix) with SMTP id C596611E8191 for <i2rs@ietf.org>; Wed, 14 Aug 2013 12:19:54 -0700 (PDT)
Received: (qmail 31801 invoked by uid 0); 14 Aug 2013 19:19:33 -0000
Received: from unknown (HELO box313.bluehost.com) (69.89.31.113) by oproxy13.mail.unifiedlayer.com with SMTP; 14 Aug 2013 19:19:33 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=labn.net; s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=QfO+NZSAOdvXCCeFoOpGYokaxRxceorD4emfL+bgKSI=; b=r7qvmRcD9+sv6u5KU0w9V3piN0tfO11FuJeG4hMZHC4AbHeD6P3uCuGTDbuZV+HonGxrb6qZmOTqITdPKF61TR5rt4rhDLW7028PAzqaoPHQVeXPUgNgyJSCYNdtw0q/;
Received: from box313.bluehost.com ([69.89.31.113]:48454 helo=[127.0.0.1]) by box313.bluehost.com with esmtpa (Exim 4.80) (envelope-from <lberger@labn.net>) id 1V9gbU-0004NW-Uj; Wed, 14 Aug 2013 13:19:33 -0600
Message-ID: <520BD843.3060007@labn.net>
Date: Wed, 14 Aug 2013 15:19:31 -0400
From: Lou Berger <lberger@labn.net>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Joe Marcus Clarke <jclarke@cisco.com>, Alia Atlas <akatlas@gmail.com>
References: <51FA492D.3070402@labn.net> <CAG4d1rd33Xu-zOQWKeK2ZT7qE3r6kddKk_=VqSaGp5E31usjqQ@mail.gmail.com> <51FA792E.3040908@cisco.com> <6BCE198E4EAEFC4CAB45D75826EFB07602F7B029@eusaamb101.ericsson.se> <51FA7B9E.8000102@cisco.com> <CAG4d1reE5iJDnFW4QWF9oXsORGrdDTx4g5twjsOCRst8zTbHYQ@mail.gmail.com> <51FAEF39.9020102@cisco.com> <CAG4d1renR+EajJ9-+gZ4u80XnyOFDy6RrRq-qJ3K48Eohv5Teg@mail.gmail.com> <520BC310.5030902@cisco.com>
In-Reply-To: <520BC310.5030902@cisco.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Identified-User: {1038:box313.bluehost.com:labnmobi:labn.net} {sentby:smtp auth 69.89.31.113 authed with lberger@labn.net}
Cc: "i2rs@ietf.org" <i2rs@ietf.org>, Joel Halpern <joel.halpern@ericsson.com>
Subject: Re: [i2rs] Provisions for Client Redundancy/Fault Tolerance in draft-atlas-i2rs-architecture-01
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/i2rs>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Aug 2013 19:20:09 -0000
I agree, a fine start. There's room to add/relocate in the future. Thanks! Lou On 08/14/2013 01:49 PM, Joe Marcus Clarke wrote: > On 8/13/13 4:58 PM, Alia Atlas wrote: >> I am going to publish an updated version of >> draft-atlas-i2rs-architecture without fully addressing this point. >> >> I did add in a new subsection (6.4.1 Client Redundancy) under 6.4 >> Identity and Security Role that says: >> >> "I2RS must support client redundancy. At the simplest, this can be >> handled by having a primary and a backup network application that both >> use the same client identity and can successfully authenticate as >> such. Since I2RS does not require a continuous transport connection >> and supports multiple transport sessions, this can provide some basic >> redundancy. However, it does not address concerns for troubleshooting >> and accountability about knowing which network application is actually >> active. At a minimum, basic transport information about each >> connection and time can be logged with the identity. Further >> discussion is necessary to determine whether additional client >> identification information is necessary.[[Editor's >> note: This requires more discussion in the working group.]]" > > This is fine as a start. I would want to strengthen the language to > ensure that an I2RS Agent always stores Client connection information > with a timestamp. This information should be queriable via I2RS (with > appropriate read scope). > > Joe > >> >> Alia >> >> >> On Thu, Aug 1, 2013 at 7:28 PM, Joe Marcus Clarke <jclarke@cisco.com >> <mailto:jclarke@cisco.com>> wrote: >> >> On 8/1/13 11:19 AM, Alia Atlas wrote: >> > Joe, >> > >> > Ok - so what I hear from you is needed is the >> > client role >> > client identity >> > sub-client identity? >> > >> > Where the permissions and ownership of state is tied to the client >> role? >> > Does that match to what you are saying? I believe we're assuming >> that >> > the ownership of state is tied to the client identity - and you are >> > suggesting that if so, we need a client sub-identity or such? >> >> Yes, I think that is in line with what I'm suggesting. If we can allow >> Client A to assume the identity of Client B using the same credentials, >> I would want some way to know that this is indeed Client B now acting on >> behalf of either itself or some northbound controller. >> >> Joe >> >> > >> > Alia >> > >> > >> > On Thu, Aug 1, 2013 at 11:15 AM, Joe Marcus Clarke >> <jclarke@cisco.com <mailto:jclarke@cisco.com> >> > <mailto:jclarke@cisco.com <mailto:jclarke@cisco.com>>> wrote: >> > >> > On 8/1/13 11:11 AM, Joel Halpern wrote: >> > > The client is the entity that is authenticated and >> authorized. If the >> > > client is acting on behalf of someone else, we assume that the >> > > authentication and authorization of that party is the task >> of the >> > client >> > > and outside our scope. However we include that identity so that >> > actions >> > > can be easily correlated with originators. >> > >> > Right. I get that. I had thought we were talking about two >> clients >> > that might be redundant to each other where Client 1 dies and >> Client 2 >> > assumes its identity to make changes possibly driven by northbound >> > actors. Even in this case, I feel Client 2 still needs to >> maintain a >> > unique identification to the I2RS agent so that one can trace the >> > operation back to the specific I2RS client (in addition to the >> > northbound actor). >> > >> > Joe >> > >> > > >> > > Yours, >> > > Joel >> > > >> > > Sent from my Android phone using TouchDown >> (www.nitrodesk.com <http://www.nitrodesk.com> >> > <http://www.nitrodesk.com>) >> > > >> > > -----Original Message----- >> > > *From:* Joe Marcus Clarke [jclarke@cisco.com >> <mailto:jclarke@cisco.com> >> > <mailto:jclarke@cisco.com <mailto:jclarke@cisco.com>>] >> > > *Received:* Thursday, 01 Aug 2013, 17:07 >> > > *To:* Alia Atlas [akatlas@gmail.com >> <mailto:akatlas@gmail.com> <mailto:akatlas@gmail.com >> <mailto:akatlas@gmail.com>>] >> > > *CC:* Lou Berger [lberger@labn.net <mailto:lberger@labn.net> >> <mailto:lberger@labn.net <mailto:lberger@labn.net>>]; >> > i2rs@ietf.org <mailto:i2rs@ietf.org> <mailto:i2rs@ietf.org >> <mailto:i2rs@ietf.org>> [i2rs@ietf.org <mailto:i2rs@ietf.org> >> > <mailto:i2rs@ietf.org <mailto:i2rs@ietf.org>>]; Joel >> > > Halpern [joel.halpern@ericsson.com >> <mailto:joel.halpern@ericsson.com> <mailto:joel.halpern@ericsson.com >> <mailto:joel.halpern@ericsson.com>>] >> > > *Subject:* Re: [i2rs] Provisions for Client Redundancy/Fault >> Tolerance >> > > in draft-atlas-i2rs-architecture-01 >> > > >> > > On 8/1/13 7:51 AM, Alia Atlas wrote: >> > >> Not to answer for Joel, but my view is that a client is >> identified by >> > >> its identity. A different application can take over from the >> > first by >> > >> using the same identity. Loss of a transport session does >> not cause >> > >> existing client state to be removed (in the architecture) - so >> > there is >> > >> the ability for a new application to take over. >> > >> >> > >> Does that help? >> > > >> > > That worries me without more discussion about authentication. >> > > Additionally, from a troubleshooting standpoint, if I can >> assume the >> > > same identity as another client, how can I be absolutely >> sure which >> > > client does what to the agent? I feel there needs to be more to >> > ensure >> > > accountability of what client does what, certainly from a >> security >> > > perspective, but also from a troubleshooting perspective. >> > > >> > > Joe >> > > >> > >> >> > >> Alia >> > >> >> > >> >> > >> On Thu, Aug 1, 2013 at 7:40 AM, Lou Berger >> <lberger@labn.net <mailto:lberger@labn.net> >> > <mailto:lberger@labn.net <mailto:lberger@labn.net>> >> > >> <mailto:lberger@labn.net <mailto:lberger@labn.net> >> <mailto:lberger@labn.net <mailto:lberger@labn.net>>>> wrote: >> > >> >> > >> Hi Joel, >> > >> In today's session, I asked about provisions in the >> > architecture >> > >> (document) for Client Redundancy/Fault Tolerance. I believe >> > you stated >> > >> that "it's not needed" and that you'd elaborate on the >> list. >> > >> >> > >> I believe you also answered a latter question by >> stating that >> > clients >> > >> are free to coordinate between themselves to provide >> > redundancy. Is this >> > >> the simple answer? If not, can you elaborate? >> > >> >> > >> Thanks, >> > >> Lou >> > >> _______________________________________________ >> > >> i2rs mailing list >> > >> i2rs@ietf.org <mailto:i2rs@ietf.org> >> <mailto:i2rs@ietf.org <mailto:i2rs@ietf.org>> <mailto:i2rs@ietf.org >> <mailto:i2rs@ietf.org> >> > <mailto:i2rs@ietf.org <mailto:i2rs@ietf.org>>> >> > >> https://www.ietf.org/mailman/listinfo/i2rs >> > >> >> > >> >> > >> >> > >> >> > >> _______________________________________________ >> > >> i2rs mailing list >> > >> i2rs@ietf.org <mailto:i2rs@ietf.org> <mailto:i2rs@ietf.org >> <mailto:i2rs@ietf.org>> >> > >> https://www.ietf.org/mailman/listinfo/i2rs >> > >> >> > > >> > > >> > > -- >> > > Joe Marcus Clarke, CCIE #5384, | | >> > > SCJP, SCSA, SCNA, SCSECA, VCP ||||| ||||| >> > > Distinguished Services Engineer ..:|||||||||::|||||||||:.. >> > > Phone: +1 (919) 392-2867 <tel:%2B1%20%28919%29%20392-2867> >> <tel:%2B1%20%28919%29%20392-2867> >> > c i s c o S y s t e m s >> > > Email: jclarke@cisco.com <mailto:jclarke@cisco.com> >> <mailto:jclarke@cisco.com <mailto:jclarke@cisco.com>> >> > > >> > > >> > >> ---------------------------------------------------------------------------- >> > >> > >> > -- >> > Joe Marcus Clarke, CCIE #5384, | | >> > SCJP, SCSA, SCNA, SCSECA, VCP ||||| ||||| >> > Distinguished Services Engineer ..:|||||||||::|||||||||:.. >> > Phone: +1 (919) 392-2867 <tel:%2B1%20%28919%29%20392-2867> >> <tel:%2B1%20%28919%29%20392-2867> c >> > i s c o S y s t e m s >> > Email: jclarke@cisco.com <mailto:jclarke@cisco.com> >> <mailto:jclarke@cisco.com <mailto:jclarke@cisco.com>> >> > >> > >> ---------------------------------------------------------------------------- >> > >> > >> >> >> -- >> Joe Marcus Clarke, CCIE #5384, | | >> SCJP, SCSA, SCNA, SCSECA, VCP ||||| ||||| >> Distinguished Services Engineer ..:|||||||||::|||||||||:.. >> Phone: +1 (919) 392-2867 <tel:%2B1%20%28919%29%20392-2867> c >> i s c o S y s t e m s >> Email: jclarke@cisco.com <mailto:jclarke@cisco.com> >> >> ---------------------------------------------------------------------------- >> >> >> >> >> _______________________________________________ >> i2rs mailing list >> i2rs@ietf.org >> https://www.ietf.org/mailman/listinfo/i2rs >> > >
- [i2rs] Provisions for Client Redundancy/Fault Tol… Lou Berger
- Re: [i2rs] Provisions for Client Redundancy/Fault… Alia Atlas
- Re: [i2rs] Provisions for Client Redundancy/Fault… Joel M. Halpern
- Re: [i2rs] Provisions for Client Redundancy/Fault… Lou Berger
- Re: [i2rs] Provisions for Client Redundancy/Fault… Lou Berger
- Re: [i2rs] Provisions for Client Redundancy/Fault… Alia Atlas
- Re: [i2rs] Provisions for Client Redundancy/Fault… Lou Berger
- Re: [i2rs] Provisions for Client Redundancy/Fault… Joe Marcus Clarke
- Re: [i2rs] Provisions for Client Redundancy/Fault… Joe Marcus Clarke
- Re: [i2rs] Provisions for Client Redundancy/Fault… Alia Atlas
- Re: [i2rs] Provisions for Client Redundancy/Fault… Joe Marcus Clarke
- Re: [i2rs] Provisions for Client Redundancy/Fault… Alia Atlas
- Re: [i2rs] Provisions for Client Redundancy/Fault… Lou Berger
- Re: [i2rs] Provisions for Client Redundancy/Fault… Lou Berger
- Re: [i2rs] Provisions for Client Redundancy/Fault… Joe Marcus Clarke
- Re: [i2rs] Provisions for Client Redundancy/Fault… Joel Halpern
- Re: [i2rs] Provisions for Client Redundancy/Fault… Russ White
- Re: [i2rs] Provisions for Client Redundancy/Fault… Alia Atlas
- Re: [i2rs] Provisions for Client Redundancy/Fault… Alia Atlas
- Re: [i2rs] Provisions for Client Redundancy/Fault… Joe Marcus Clarke
- Re: [i2rs] Provisions for Client Redundancy/Fault… Lou Berger