Re: [Ieprep] Meaning of Single Administrative Domain
Rex Buddenberg <budden@nps.navy.mil> Tue, 12 October 2004 18:09 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA15399 for <ieprep-web-archive@ietf.org>; Tue, 12 Oct 2004 14:09:23 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CHRGA-0003ni-84 for ieprep-web-archive@ietf.org; Tue, 12 Oct 2004 14:20:33 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CHQxn-0007PE-7Z; Tue, 12 Oct 2004 14:01:31 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CHQq7-0004rZ-5V for ieprep@megatron.ietf.org; Tue, 12 Oct 2004 13:53:35 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA14046 for <ieprep@ietf.org>; Tue, 12 Oct 2004 13:53:34 -0400 (EDT)
Received: from ellis.ad.nps.navy.mil ([131.120.18.61]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CHR0t-0003QJ-Ls for ieprep@ietf.org; Tue, 12 Oct 2004 14:04:44 -0400
Received: from [131.120.179.249] ([131.120.179.249]) by ellis.ad.nps.navy.mil with Microsoft SMTPSVC(5.0.2195.6713); Tue, 12 Oct 2004 10:53:29 -0700
Subject: Re: [Ieprep] Meaning of Single Administrative Domain
From: Rex Buddenberg <budden@nps.navy.mil>
To: steve.norreys@bt.com
In-Reply-To: <9D598A34672DF24F89FF4F851A4161950D2AF1CD@i2km08-ukbr.domain1.systemhost.net>
References: <9D598A34672DF24F89FF4F851A4161950D2AF1CD@i2km08-ukbr.domain1.systemhost.net>
Content-Type: text/plain
Message-Id: <1097603609.1779.64.camel@antony>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.6 (1.4.6-2)
Date: Tue, 12 Oct 2004 10:53:29 -0700
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 12 Oct 2004 17:53:29.0436 (UTC) FILETIME=[61B0B9C0:01C4B084]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 5d7a7e767f20255fce80fa0b77fb2433
Content-Transfer-Encoding: 7bit
Cc: ieprep@ietf.org
X-BeenThere: ieprep@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Internet Emergency Preparedness Working Group <ieprep.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ieprep>, <mailto:ieprep-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ieprep@ietf.org>
List-Help: <mailto:ieprep-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ieprep>, <mailto:ieprep-request@ietf.org?subject=subscribe>
Sender: ieprep-bounces@ietf.org
Errors-To: ieprep-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b22590c27682ace61775ee7b453b40d3
Content-Transfer-Encoding: 7bit
Steve, This is pretty important both to the organization and the technology. Ken's pretty much on target. The definition you repeated is one that matches up administrative control and autonomous systems and is generally used in IETF. When the Internet (then ARPANet) started tiering, the notion of Autonomous Systems was born and routers got a differentiation with exterior and interior gateway protocols. (Hope this isn't too pedantic a review). Within an AS, we run an interior protocol (such as OSPF) and all routers have identical knowledge of the network topology (assuming the network is converged). Administratively, this can only really happen if we have a single administrative control. This comprehensive knowledge of which routers can directly talk with which is confined to the AS -- the outside world (other admin domains) don't know. Rather they only know where the gateways into this AS are. These gateways (border routers) say 'send traffic to this AS to me and I'll take care of it'. Exterior gateway protocols (BGP4) implement this approach. This handles the interface between administrative domains ... and ASs. Why's this important in emergency services? Case 1 might be where the fire department has a network in a community to control its assets and the police department has another, different network. Two ASs. And I've certainly seen communities where this kind of insularity exists. The upsides in this partitioning have to do with security (enclaving). The downsides include poorer Ao for a fixed amount of infrastructure, greater difficulty in controlling QoS (assuming inadequate overprovisioning that necessitates it) and flexibility to meet changing situations. Case 2 might be where the city administration runs the entire network as a single AS. The upsides and downsides noted above essentially evert. But one has to draw a line somewhere -- it doesn't make sense for a community to attempt to run it's network as the same AS as a national emergency service network (e.g. national level police force or coast guard). And it may or may not make sense for the emergency services network to be in the same AS as the k12 schools. The problem Ken is trying to frame comes from some past discussion on this board where trying to pass diff-serv (DS byte) information across border routers is deemed as: 1) necessary to make diff-serv work end-to-end. A good share of the discussion is whether that's necessary. 2) leaving a gaping security hole open. A Bad Guy can flood a network with high priority traffic and thereby impose a denial of service attack. (All the practicing ISPs lined up here -- they all zero out the DS byte to close off the DOS vector). That help any? On Tue, 2004-10-12 at 05:33, steve.norreys@bt.com wrote: > All > > Perhaps someone out there can help me as I am having some difficulty in > defining the exact meaning of a single administrative domain that is > part of the last call for "Emergency Telecommunications Services (ETS) > Requirements for a Single Administrative Domain". > > According to draft-ietf-ieprep-domain-req-02.txt section 1 the > explanation of the Administrative Domain: is "The collection of > resources under the control of a single administrative authority. This > authority establishes the design and operation of a set of resources > (i.e., the network)." > > However further on in the document in section 4.2 in the explanation of > the relationship to the work ongoing in the ITU-T this statement is > made: "However, to provide a bridge of > understanding, the reader can assume that ETS within the IETF is > synonymous with TDR in the ITU -- each involving authorized use of a > service that attempts to compensate for stressed conditions of > resources." > > These two statements are in my mind conflicting. In the recent ITU-T PCP > meeting one of the definitions of TDR is to do with international > communications to and from the disaster area and local communications at > the disaster area. This is not a single network on the contrary it is a > requirement for cooperation of many networks especially international > networks. > > I may have misunderstood the point here and would grateful if someone > could put me on the correct path. > > > Regards > > Steve Norreys > Signalling and Protocols > Tel: +441277323220 > email steve.norreys@bt.com > > > British Telecommunications plc > Registered office: 81 Newgate Street London EC1A 7AJ > Registered in England no. 1800000 > This electronic message contains information from British > Telecommunications plc which may be privileged or confidential. The > information is intended to be for the use of the individual(s) or entity > named above. If you are not the intended recipient be aware that any > disclosure, copying, distribution or use of the contents of this > information is prohibited. If you have received this electronic message > in error, please notify us by telephone or email (to the numbers or > address above) immediately. > Activity and use of the British Telecommunications plc E-mail system is > monitored to secure its effective operation and for other lawful > business purposes. Communications using this system will also be > monitored and may be recorded to secure effective operation and for > other lawful business purposes. > > > > _______________________________________________ > Ieprep mailing list > Ieprep@ietf.org > https://www1.ietf.org/mailman/listinfo/ieprep -- b _______________________________________________ Ieprep mailing list Ieprep@ietf.org https://www1.ietf.org/mailman/listinfo/ieprep
- [Ieprep] Meaning of Single Administrative Domain steve.norreys
- RE: [Ieprep] Meaning of Single Administrative Dom… Ken Carlberg
- RE: [Ieprep] Meaning of Single Administrative Dom… steve.norreys
- Re: [Ieprep] Meaning of Single Administrative Dom… Rex Buddenberg