a question on policy gateways

Robert Woody Woodburn <woody@mclean.sparta.com> Wed, 13 October 1993 11:16 UTC

Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa01337; 13 Oct 93 7:16 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa01333; 13 Oct 93 7:16 EDT
Received: from PIZZA.BBN.COM by CNRI.Reston.VA.US id aa06270; 13 Oct 93 7:16 EDT
Received: from pizza by PIZZA.BBN.COM id aa04432; 13 Oct 93 7:10 EDT
Received: from BBN.COM by PIZZA.BBN.COM id aa04428; 13 Oct 93 7:08 EDT
Received: from heisenberg.mclean.sparta.com by BBN.COM id aa26957; 13 Oct 93 7:09 EDT
Received: from tasha.mclean.sparta.com by mclean.sparta.com (5.65/1.34) id AA05254; Wed, 13 Oct 93 07:08:20 -0400
Date: Wed, 13 Oct 1993 07:08:20 -0400
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Robert Woody Woodburn <woody@mclean.sparta.com>
Message-Id: <9310131108.AA05254@mclean.sparta.com>
Received: by tasha.C3I (4.1/SMI-4.1) id AA00381; Wed, 13 Oct 93 07:07:52 EDT
To: murayama@theta.iis.u-tokyo.ac.jp
Cc: idpr-wg@bbn.com, preference@alan.cs.uec.ac.jp, policy-routing@wide.ad.jp
In-Reply-To: 村山優子's message of Wed, 13 Oct 1993 15:25:40 JST <9310130625.AA26543@theta.iis.u-tokyo.ac.jp>
Subject: a question on policy gateways

Hi,

In your example, the capability of monitoring different policy gateways
from other policy gateways in other ADs would be an administrative issue.

The monitoring traffic would have to travel accross the virtual gateway
boundary, just like all other traffic and would be subject to administrative
policies just like all other traffic.  (I assume you are talking about this
sort of "in-band" signalling as in SNMP management.)

It would be reasonable to assume that mutual policies could exist such
that W allows SNMP traffic from W destined for S, and S allows traffic
from S destined for W.

    How about W1 and S3/S4? Should W1 be able to monitor the connectivity 
    between S1 and S3/S4?

Well, if I interpret your question to say can W1 exchange SNMP data with
S1, then yes it can.  (assuming the policies are in place and the 
administrators in W and S have agreed that W can exchange SNMP data and
the SNMP security mechanisms have been agreed upon.)  As to what 
connectivity information you are asking about, I don't see any reason why
W couldn't send SNMP queries to get information about the IDPR portion of
the MIB on S1, or any other PG in S.

    Alternatively, should we consider that W1 should get 
    the connectivity information merely from S1 or any other
    representative of AD S?

That would depend upon the information you want, and what management 
capabilities there are.  Certainly if S1 can proxy query other PGs via
some management mechanism, so that W need only ask this one PG, then
there is nothing to prohibit this.

wood y