Re: [Ieprep] proposed charter
Rex Buddenberg <budden@nps.navy.mil> Fri, 03 November 2006 20:07 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gg5K2-0006oH-S5; Fri, 03 Nov 2006 15:07:26 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gg5K1-0006kV-K6 for ieprep@ietf.org; Fri, 03 Nov 2006 15:07:25 -0500
Received: from virginia.nps.edu ([205.155.65.15]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gg5K0-00029J-Ms for ieprep@ietf.org; Fri, 03 Nov 2006 15:07:25 -0500
Received: from north-latitude.nps.navy.mil ([131.120.179.249] RDNS failed) by virginia.nps.edu with Microsoft SMTPSVC(6.0.3790.1830); Fri, 3 Nov 2006 12:07:23 -0800
Subject: Re: [Ieprep] proposed charter
From: Rex Buddenberg <budden@nps.navy.mil>
To: ieprep@ietf.org
In-Reply-To: <4.3.2.7.2.20060926002023.0357bed0@email.cisco.com>
References: <4.3.2.7.2.20060926002023.0357bed0@email.cisco.com>
Content-Type: text/plain
Date: Fri, 03 Nov 2006 12:08:14 -0800
Message-Id: <1162584494.6434.308.camel@north-latitude.nps.navy.mil>
Mime-Version: 1.0
X-Mailer: Evolution 2.4.0
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 03 Nov 2006 20:07:23.0089 (UTC) FILETIME=[ACC2E410:01C6FF83]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 2b2ad76aced9b1d558e34a970a85c027
X-BeenThere: ieprep@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Internet Emergency Preparedness Working Group <ieprep.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ieprep>, <mailto:ieprep-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ieprep@ietf.org>
List-Help: <mailto:ieprep-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ieprep>, <mailto:ieprep-request@ietf.org?subject=subscribe>
Errors-To: ieprep-bounces@ietf.org
Comments, thoughts, recommendations on the charter. I've probably been reading too many thesis drafts ... but: >The IEPREP WG will address proactive measures to congestion and recovery >from various outages using three perspectives: The sentence is missing a verb (what comes after 'to'). And this opens the door to a lot of foggy thinking. But the term 'recovery' provides a good way into analyzing the problem. We should properly be addressing qos and QoS but we need a good fix on the problems first. My experience tells me that addressing high availability engineering issues first -- the things one does before a disaster strikes -- will throw a lot of the QoS problems into the no-nevermind locker. And my experience with chaotic situations like this tell me that security (especially authenticity) trumps a lot of other requirements. And the qos problem is much more that just servicing some priority customers. There are some underlying choices of technology that are pretty critical. And these critical issues lie primarily at layer 2; an area that IETF astutely stays out of. Let's see if I can synthesize some things at the bottom. First some analysis: Consider something like Katrina; it's a good example. The first thing to understand about any disaster like that is that you always have chaos. You have a large influx of people into the disaster footprint wanting to do good. And you quite likely have groups of refugees wanting to get out. Regardless of the specifics, chaos reigns. The prerequisite to doing anything else is to settle down the chaos. And a foundation key to that is to get a serviceable communications system running. Serviceable and interoperable are near-synonyms here; interoperable and internetworkable are even nearer-synonyms. So the basic desire in IEPREP is good -- how can we properly harness internet technology to meet this basic need? Synthesis, first dab. We really need three parts of the plumbing (and the SAFENET group in federal government got the parts right, although I don't care much for their namecalling): - a reach from the disaster footprint out to the undamaged internet - a backbone within the disaster footprint (routers at the edge, no end systems on this segment) - a fanout to reach to end systems -- traditionally the domain of LANs (and most of the cellphone technologies). For reference, SAFENET calls these the Enterprise, Jurisdiction and Incident area networks respectively. You also need some critical overhead parts: - it's all gotta be routable network or we can't hold the rest of the discussion. - you need some network operations support (i.e. a NOC). (outside the disaster footprint) - you need some training, 1) particularly in the reachback and backbone equipment deployment and configuration and 2) the remote management. - you need a sackful of gateways to meet the sackful of technologies that folks will show up with in the fanout network category. I'd contend that without this much context, you can't have much productive discussion about qos and QoS. But now we've got a sketch. Where does the congestion occur and what tools do we need to handle it? We don't have congestion in the intact portion of the internet. And we don't have it at the fanout portion (at least not in the sense that we can't split/bridge and play the well-worn overprovisioning tricks). Where we do have congestion is in the reachback and backbone networks. In most cases, we're confined to radio-WAN technologies of some sort (unless we string emergency fiber ... do it if you can). Which means that in these segments you'll have about four orders of magnitude less capacity an in the rest of the 'net. This manifests itself in two problems: 1. These network segments must be stable under overload because we can expect overload to be a ubiquitous condition. This should drive choices of technology: contention access networks will stall under overload; non-contention access (scheduling) is stable. (Scheduling access methods also afford bandwidth efficiency at exactly the place we need it and allow for QoS controls to be implemented -- you can do neither of these with contention access). 2. You need some sort of queue control at the routers. This is the part of the problem that has been well-worn in IEPREP in the past. Admittance control and prioritization are needed, but the usual warning that oversteering is likely to make the cure worse than the disease. Similar discussions pertain to applications (like the SIP ones we've had here). But I'm not going there today.... But scope -- looking only at congestion and QoS issues -- is far to limiting. IEPREP needs to address some things that have hitherto been considered outside scope if it wishes to produce anything relevant. High availability engineering is at the top of this list. The more robust the internetwork is prior to a disaster, the less there is to patch and restore when the disaster strikes (the World Trade Center anecdotes and the minimal impacts on the Internet are here relevant). The textbook on high availability engineering lists three principles: - elimination of single points of failure - reliable crossover - prompt notification of failures Of these, the second is properly addressed by the basic design of IP. This should drive an underlying requirement of routable networks ... and hook them together with routers, not bridges. The third principle is the reasoning behind the NOC and training recommendations above. The first principle is where the unknowns lie -- you don't know where a disaster will strike so you will have some damaged footprint ... otherwise we wouldn't be doing this. Pre-disaster, do the high Ao homework. Post-disaster, have the tools to patch/fill the disaster footprint quickly. And the most important parts of this patch/fill operation in terms of infrastructure are the backbone and reachback segments of the net -- provide a bunch of POPs (aka routers) at the border of the backbone network and the problem at the federal level is in hand. And we've enabled the local jurisdictions to solve their problems by finding something to plug into the POPs. If you're not familiar with that waterfront, there are a wide variety of wannabe solutions, only a few of which are natively routable networks. The rest require some kind of gateway (e.g. P25 land mobile radio). The QoS problem shows up here, but you can't address it before you address the gateway issue itself. Some fireman with a land mobile radio needs to talk to somebody who's several segments away and only one of those segments is LMR; the rest are routable networks. I'm expecting Darwin to clean up a lot of this mess in the next few years, but it hasn't happened yet. I'll try and synthesize in a bit, but a couple of other kvetchings first: - "voice was the driving application for IEPREP in the past, ...all applications essential to emergency communications" This comment (focus on the word 'all' is correct. In spades. When a colleague of mine put down a laydown in Thailand (post-tsunami), the fanout was 802.11 WiFi. When the guys got things working, they just turned it on -- no advertising. Within a couple of hours, they had ~50 users. This was right in the middle of the refugee camp area and morgue -- a great deal of the traffic was 'I'm ok' e-mail. While we've no statistics, we don't think any of that was VOIP. - "considerations for treatment and security of emergency" Right phrase; wrong target, IMHO. While stories of scavengers reeling up wire to salvage the copper are legion, the concerns we've seen have been for safety of the people involved. So the first thing you want to do is minimize the number of people within-footprint (why the NOC is outside). On Gulf Coast, one genre of victim that tended not to evacuate were the drug addicts. After a few days without a fix -- their support system went away too -- these folks floating around among your emergency services personnel are not necessarily a Good Thing. - "IEPREP will pursue subject matter experts (e.g., security)" In an emergency situation (remember, chaos?) there is lots of misinformation. Just one example was the report of the levees in New Orleans giving way -- the authentic message was lost among the swirl of misinformation. Authentication is the single most important security feature needed -- and it's authentication of the content that is where the focus needs to be (digital signature of e-mail body parts is a good example). This won't solve all of the chaos problems, but it provides a tool that is targeted at the right place. This requirement falls above QoS control in my book. Emergency services operations also have occasional needs for confidentiality (medical data is an example). These security measures belong in layer 7 applications; otherwise the network plumbing is not usable by the folks who need it most. Summary of analysis. My gripe about the existing IEPREP charter (and the proposed recharter, although it's better) is that we're not holistic enough. 1) Focusing on the micro issue of priority doesn't address enough of the QoS problem and 2) focusing on QoS doesn't get arms 'round the high Ao and security issues that are at least as important. (How'd we get into this? My take is that 'IETF does protocols' and only layer-3-and-higher to boot. That clamps on the blinders pretty tightly because the one high Ao problem that's within that scope is the one we've already solved). Synthesis. With all of that, what _should_ the charter be saying? IEPREP has always been a non-traditional WG within the ethic of IETF. So let's accept that and get arms around the whole problem. I'm here: > The IEPREP WG will address - the high availability engineering principles as applied to internet infrastructure, both pre- and post-disaster. Answer the question for both a federal and a local level jurisdiction of 'what should I do to prepare?' - recommend protocols and procedures to provide for authenticating and, as required, confidentiality-protecting traffic within, into and out of a disaster area. - recommend protocols, technology choices and provisioning practices to address the dearth of communications capacity and the large amount of high-priority traffic that always attend a disaster. and here: > IEPREP WG will address proactive measures to congestion and recovery from various outages using three perspectives: This part is pretty close except the primary focus should be on 'recovery', both pre- and post-. But in 2. there's an unrecognized divide here between what federal level government should be doing and what local jurisdictions should be planning. Ask the question 'what should I do?' from the position of county OES coordinator, and from the position of a federal agency. (In general, the feds should be, IMHO, looking at the backbone, reachback and NOC issues while the locals should be worrying about fanout, possibly the backbone, and the install/configure training issues.) Remember how many local jurisdictions we're dealing with: it's dozens at the federal level alone,... and thousands at the local level -- and these cats are looking for a cat-herder with a can-opener and some catfood. Leveraging commercial (#3) is on target; leave as is. So is #1. Help? -- Rex Buddenberg Naval Postgraduate School Code IS/Bu Monterey, Ca 93943 831/656-3576 _______________________________________________ Ieprep mailing list Ieprep@ietf.org https://www1.ietf.org/mailman/listinfo/ieprep
- [Ieprep] proposed charter Curtis Villamizar
- Re: [Ieprep] proposed charter James M. Polk
- Re: [Ieprep] proposed charter Fred Baker
- Re: [Ieprep] proposed charter Curtis Villamizar
- Re: [Ieprep] proposed charter Curtis Villamizar
- [Ieprep] liason & the 5 priorities ken carlberg
- Re: [Ieprep] proposed charter (Implementation) Janet P Gunn
- Re: [Ieprep] proposed charter 5 priority levels Janet P Gunn
- [Ieprep] Re: liason & the 5 priorities Curtis Villamizar
- [Ieprep] Re: liason & the 5 priorities ken carlberg
- Re: [Ieprep] proposed charter (Implementation) Curtis Villamizar
- Re: [Ieprep] proposed charter 5 priority levels Curtis Villamizar
- Re: [Ieprep] proposed charter 5 priority levels ken carlberg
- [Ieprep] Re: liason & the 5 priorities Curtis Villamizar
- Re: [Ieprep] proposed charter Fred Baker
- Re: [Ieprep] proposed charter Curtis Villamizar
- Re: [Ieprep] proposed charter 5 priority levels Janet P Gunn
- Re: [Ieprep] proposed charter 5 priority levels Janet P Gunn
- Re: [Ieprep] proposed charter Fred Baker
- Re: [Ieprep] proposed charter Curtis Villamizar
- RE: [Ieprep] proposed charter GOLDMAN, STUART O (STUART)
- Re: [Ieprep] proposed charter James M. Polk
- Re: [Ieprep] proposed charter Curtis Villamizar
- Re: [Ieprep] proposed charter Rex Buddenberg
- Re: [Ieprep] proposed charter Fred Baker
- Re: [Ieprep] proposed charter Janet P Gunn
- RE: [Ieprep] proposed charter Dolly, Martin C, ALABS
- ETS applicability, was Re: [Ieprep] proposed char… ken carlberg
- Re: [Ieprep] proposed charter Curtis Villamizar
- Re: [Ieprep] proposed charter Rex Buddenberg