Re: [i2rs] draft-mglt-i2rs-security-environment-reqs, REQ 3

Jeff: 

I agree it is a goal rather than an absolute.  My first discussions with
Daniel pointed this out.  Do you think moving it back to 

   REQ 3:  The I2RS Agent validates data to try to insure that
         injecting the Information does not create a deadlock with any other
system
        or a routing loop or prevent the control plane from converging.
       (This is a goal for the system, and it should keep track of when
        Injecting information does cause deadlocks, routing loops, or 
        retards the routing convergence process.). 

Or is it better to suggest it as a recommendation?  Any thoughts? 

Sue 

-----Original Message-----
From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Jeffrey Haas
Sent: Thursday, August 27, 2015 4:32 PM
To: i2rs@ietf.org
Subject: [i2rs] draft-mglt-i2rs-security-environment-reqs, REQ 3

I've been reviewing the environment requirements, thanks for picking up this
work.  Requirement 3 contains the following:

   REQ 3:  The I2RS Agent validates data to ensure injecting the
           information will not create a deadlock with any other system,
           nor will it create a routing loop, nor will it cause the
           control plane to fail to converge.

I2RS has already received feedback from our netconf experts expressing
concern over how validation even at the schema levels may introduce
excessive latency.  This contradicts the I2RS "need for speed".

I have a broader concern that the above requirement may simply be an
intractable problem.  It's a loft goal, but the overhead in validating all
such things is likely not within the goal of speed.

Thoughts?

-- Jeff

_______________________________________________
i2rs mailing list
i2rs@ietf.org
https://www.ietf.org/mailman/listinfo/i2rs