Re: [i2rs] Provisions for Client Redundancy/Fault Tolerance in draft-atlas-i2rs-architecture-01
Joe Marcus Clarke <jclarke@cisco.com> Wed, 14 August 2013 17:49 UTC
Return-Path: <jclarke@cisco.com>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C94F21E80DD for <i2rs@ietfa.amsl.com>; Wed, 14 Aug 2013 10:49:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O0b1SDSMNgRr for <i2rs@ietfa.amsl.com>; Wed, 14 Aug 2013 10:49:17 -0700 (PDT)
Received: from av-tac-bru.cisco.com (weird-brew.cisco.com [144.254.15.118]) by ietfa.amsl.com (Postfix) with ESMTP id 5E35121E80DB for <i2rs@ietf.org>; Wed, 14 Aug 2013 10:49:17 -0700 (PDT)
X-TACSUNS: Virus Scanned
Received: from rooster.cisco.com (localhost.cisco.com [127.0.0.1]) by av-tac-bru.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id r7EHn9JW013344; Wed, 14 Aug 2013 19:49:14 +0200 (CEST)
Received: from dhcp-10-150-54-19.cisco.com (dhcp-10-150-54-19.cisco.com [10.150.54.19]) by rooster.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id r7EHn4MQ024802; Wed, 14 Aug 2013 13:49:04 -0400 (EDT)
Message-ID: <520BC310.5030902@cisco.com>
Date: Wed, 14 Aug 2013 13:49:04 -0400
From: Joe Marcus Clarke <jclarke@cisco.com>
Organization: Cisco Systems, Inc.
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: Alia Atlas <akatlas@gmail.com>
References: <51FA492D.3070402@labn.net> <CAG4d1rd33Xu-zOQWKeK2ZT7qE3r6kddKk_=VqSaGp5E31usjqQ@mail.gmail.com> <51FA792E.3040908@cisco.com> <6BCE198E4EAEFC4CAB45D75826EFB07602F7B029@eusaamb101.ericsson.se> <51FA7B9E.8000102@cisco.com> <CAG4d1reE5iJDnFW4QWF9oXsORGrdDTx4g5twjsOCRst8zTbHYQ@mail.gmail.com> <51FAEF39.9020102@cisco.com> <CAG4d1renR+EajJ9-+gZ4u80XnyOFDy6RrRq-qJ3K48Eohv5Teg@mail.gmail.com>
In-Reply-To: <CAG4d1renR+EajJ9-+gZ4u80XnyOFDy6RrRq-qJ3K48Eohv5Teg@mail.gmail.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "i2rs@ietf.org" <i2rs@ietf.org>, Joel Halpern <joel.halpern@ericsson.com>, "lberger@labn.net" <lberger@labn.net>
Subject: Re: [i2rs] Provisions for Client Redundancy/Fault Tolerance in draft-atlas-i2rs-architecture-01
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/i2rs>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Aug 2013 17:49:21 -0000
On 8/13/13 4:58 PM, Alia Atlas wrote: > I am going to publish an updated version of > draft-atlas-i2rs-architecture without fully addressing this point. > > I did add in a new subsection (6.4.1 Client Redundancy) under 6.4 > Identity and Security Role that says: > > "I2RS must support client redundancy. At the simplest, this can be > handled by having a primary and a backup network application that both > use the same client identity and can successfully authenticate as > such. Since I2RS does not require a continuous transport connection > and supports multiple transport sessions, this can provide some basic > redundancy. However, it does not address concerns for troubleshooting > and accountability about knowing which network application is actually > active. At a minimum, basic transport information about each > connection and time can be logged with the identity. Further > discussion is necessary to determine whether additional client > identification information is necessary.[[Editor's > note: This requires more discussion in the working group.]]" This is fine as a start. I would want to strengthen the language to ensure that an I2RS Agent always stores Client connection information with a timestamp. This information should be queriable via I2RS (with appropriate read scope). Joe > > Alia > > > On Thu, Aug 1, 2013 at 7:28 PM, Joe Marcus Clarke <jclarke@cisco.com > <mailto:jclarke@cisco.com>> wrote: > > On 8/1/13 11:19 AM, Alia Atlas wrote: > > Joe, > > > > Ok - so what I hear from you is needed is the > > client role > > client identity > > sub-client identity? > > > > Where the permissions and ownership of state is tied to the client > role? > > Does that match to what you are saying? I believe we're assuming > that > > the ownership of state is tied to the client identity - and you are > > suggesting that if so, we need a client sub-identity or such? > > Yes, I think that is in line with what I'm suggesting. If we can allow > Client A to assume the identity of Client B using the same credentials, > I would want some way to know that this is indeed Client B now acting on > behalf of either itself or some northbound controller. > > Joe > > > > > Alia > > > > > > On Thu, Aug 1, 2013 at 11:15 AM, Joe Marcus Clarke > <jclarke@cisco.com <mailto:jclarke@cisco.com> > > <mailto:jclarke@cisco.com <mailto:jclarke@cisco.com>>> wrote: > > > > On 8/1/13 11:11 AM, Joel Halpern wrote: > > > The client is the entity that is authenticated and > authorized. If the > > > client is acting on behalf of someone else, we assume that the > > > authentication and authorization of that party is the task > of the > > client > > > and outside our scope. However we include that identity so that > > actions > > > can be easily correlated with originators. > > > > Right. I get that. I had thought we were talking about two > clients > > that might be redundant to each other where Client 1 dies and > Client 2 > > assumes its identity to make changes possibly driven by northbound > > actors. Even in this case, I feel Client 2 still needs to > maintain a > > unique identification to the I2RS agent so that one can trace the > > operation back to the specific I2RS client (in addition to the > > northbound actor). > > > > Joe > > > > > > > > Yours, > > > Joel > > > > > > Sent from my Android phone using TouchDown > (www.nitrodesk.com <http://www.nitrodesk.com> > > <http://www.nitrodesk.com>) > > > > > > -----Original Message----- > > > *From:* Joe Marcus Clarke [jclarke@cisco.com > <mailto:jclarke@cisco.com> > > <mailto:jclarke@cisco.com <mailto:jclarke@cisco.com>>] > > > *Received:* Thursday, 01 Aug 2013, 17:07 > > > *To:* Alia Atlas [akatlas@gmail.com > <mailto:akatlas@gmail.com> <mailto:akatlas@gmail.com > <mailto:akatlas@gmail.com>>] > > > *CC:* Lou Berger [lberger@labn.net <mailto:lberger@labn.net> > <mailto:lberger@labn.net <mailto:lberger@labn.net>>]; > > i2rs@ietf.org <mailto:i2rs@ietf.org> <mailto:i2rs@ietf.org > <mailto:i2rs@ietf.org>> [i2rs@ietf.org <mailto:i2rs@ietf.org> > > <mailto:i2rs@ietf.org <mailto:i2rs@ietf.org>>]; Joel > > > Halpern [joel.halpern@ericsson.com > <mailto:joel.halpern@ericsson.com> <mailto:joel.halpern@ericsson.com > <mailto:joel.halpern@ericsson.com>>] > > > *Subject:* Re: [i2rs] Provisions for Client Redundancy/Fault > Tolerance > > > in draft-atlas-i2rs-architecture-01 > > > > > > On 8/1/13 7:51 AM, Alia Atlas wrote: > > >> Not to answer for Joel, but my view is that a client is > identified by > > >> its identity. A different application can take over from the > > first by > > >> using the same identity. Loss of a transport session does > not cause > > >> existing client state to be removed (in the architecture) - so > > there is > > >> the ability for a new application to take over. > > >> > > >> Does that help? > > > > > > That worries me without more discussion about authentication. > > > Additionally, from a troubleshooting standpoint, if I can > assume the > > > same identity as another client, how can I be absolutely > sure which > > > client does what to the agent? I feel there needs to be more to > > ensure > > > accountability of what client does what, certainly from a > security > > > perspective, but also from a troubleshooting perspective. > > > > > > Joe > > > > > >> > > >> Alia > > >> > > >> > > >> On Thu, Aug 1, 2013 at 7:40 AM, Lou Berger > <lberger@labn.net <mailto:lberger@labn.net> > > <mailto:lberger@labn.net <mailto:lberger@labn.net>> > > >> <mailto:lberger@labn.net <mailto:lberger@labn.net> > <mailto:lberger@labn.net <mailto:lberger@labn.net>>>> wrote: > > >> > > >> Hi Joel, > > >> In today's session, I asked about provisions in the > > architecture > > >> (document) for Client Redundancy/Fault Tolerance. I believe > > you stated > > >> that "it's not needed" and that you'd elaborate on the > list. > > >> > > >> I believe you also answered a latter question by > stating that > > clients > > >> are free to coordinate between themselves to provide > > redundancy. Is this > > >> the simple answer? If not, can you elaborate? > > >> > > >> Thanks, > > >> Lou > > >> _______________________________________________ > > >> i2rs mailing list > > >> i2rs@ietf.org <mailto:i2rs@ietf.org> > <mailto:i2rs@ietf.org <mailto:i2rs@ietf.org>> <mailto:i2rs@ietf.org > <mailto:i2rs@ietf.org> > > <mailto:i2rs@ietf.org <mailto:i2rs@ietf.org>>> > > >> https://www.ietf.org/mailman/listinfo/i2rs > > >> > > >> > > >> > > >> > > >> _______________________________________________ > > >> i2rs mailing list > > >> i2rs@ietf.org <mailto:i2rs@ietf.org> <mailto:i2rs@ietf.org > <mailto:i2rs@ietf.org>> > > >> https://www.ietf.org/mailman/listinfo/i2rs > > >> > > > > > > > > > -- > > > Joe Marcus Clarke, CCIE #5384, | | > > > SCJP, SCSA, SCNA, SCSECA, VCP ||||| ||||| > > > Distinguished Services Engineer ..:|||||||||::|||||||||:.. > > > Phone: +1 (919) 392-2867 <tel:%2B1%20%28919%29%20392-2867> > <tel:%2B1%20%28919%29%20392-2867> > > c i s c o S y s t e m s > > > Email: jclarke@cisco.com <mailto:jclarke@cisco.com> > <mailto:jclarke@cisco.com <mailto:jclarke@cisco.com>> > > > > > > > > > ---------------------------------------------------------------------------- > > > > > > -- > > Joe Marcus Clarke, CCIE #5384, | | > > SCJP, SCSA, SCNA, SCSECA, VCP ||||| ||||| > > Distinguished Services Engineer ..:|||||||||::|||||||||:.. > > Phone: +1 (919) 392-2867 <tel:%2B1%20%28919%29%20392-2867> > <tel:%2B1%20%28919%29%20392-2867> c > > i s c o S y s t e m s > > Email: jclarke@cisco.com <mailto:jclarke@cisco.com> > <mailto:jclarke@cisco.com <mailto:jclarke@cisco.com>> > > > > > ---------------------------------------------------------------------------- > > > > > > > -- > Joe Marcus Clarke, CCIE #5384, | | > SCJP, SCSA, SCNA, SCSECA, VCP ||||| ||||| > Distinguished Services Engineer ..:|||||||||::|||||||||:.. > Phone: +1 (919) 392-2867 <tel:%2B1%20%28919%29%20392-2867> c > i s c o S y s t e m s > Email: jclarke@cisco.com <mailto:jclarke@cisco.com> > > ---------------------------------------------------------------------------- > > > > > _______________________________________________ > i2rs mailing list > i2rs@ietf.org > https://www.ietf.org/mailman/listinfo/i2rs > -- Joe Marcus Clarke, CCIE #5384, | | SCJP, SCSA, SCNA, SCSECA, VCP ||||| ||||| Distinguished Services Engineer ..:|||||||||::|||||||||:.. Phone: +1 (919) 392-2867 c i s c o S y s t e m s Email: jclarke@cisco.com ----------------------------------------------------------------------------
- [i2rs] Provisions for Client Redundancy/Fault Tol… Lou Berger
- Re: [i2rs] Provisions for Client Redundancy/Fault… Alia Atlas
- Re: [i2rs] Provisions for Client Redundancy/Fault… Joel M. Halpern
- Re: [i2rs] Provisions for Client Redundancy/Fault… Lou Berger
- Re: [i2rs] Provisions for Client Redundancy/Fault… Lou Berger
- Re: [i2rs] Provisions for Client Redundancy/Fault… Alia Atlas
- Re: [i2rs] Provisions for Client Redundancy/Fault… Lou Berger
- Re: [i2rs] Provisions for Client Redundancy/Fault… Joe Marcus Clarke
- Re: [i2rs] Provisions for Client Redundancy/Fault… Joe Marcus Clarke
- Re: [i2rs] Provisions for Client Redundancy/Fault… Alia Atlas
- Re: [i2rs] Provisions for Client Redundancy/Fault… Joe Marcus Clarke
- Re: [i2rs] Provisions for Client Redundancy/Fault… Alia Atlas
- Re: [i2rs] Provisions for Client Redundancy/Fault… Lou Berger
- Re: [i2rs] Provisions for Client Redundancy/Fault… Lou Berger
- Re: [i2rs] Provisions for Client Redundancy/Fault… Joe Marcus Clarke
- Re: [i2rs] Provisions for Client Redundancy/Fault… Joel Halpern
- Re: [i2rs] Provisions for Client Redundancy/Fault… Russ White
- Re: [i2rs] Provisions for Client Redundancy/Fault… Alia Atlas
- Re: [i2rs] Provisions for Client Redundancy/Fault… Alia Atlas
- Re: [i2rs] Provisions for Client Redundancy/Fault… Joe Marcus Clarke
- Re: [i2rs] Provisions for Client Redundancy/Fault… Lou Berger