IETF Logo Mail Archive

Re: [Int-area] FW: New Version Notification for draft-eckert-intarea-flow-metadata-framework-01.txt

"Reinaldo Penno (repenno)" <repenno@cisco.com> Fri, 19 July 2013 11:33 UTC

Return-Path: <repenno@cisco.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B938611E80F8 for <int-area@ietfa.amsl.com>; Fri, 19 Jul 2013 04:33:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nKMqDoP4sq8l for <int-area@ietfa.amsl.com>; Fri, 19 Jul 2013 04:33:01 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) by ietfa.amsl.com (Postfix) with ESMTP id B979A21E80A6 for <int-area@ietf.org>; Fri, 19 Jul 2013 04:33:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2839; q=dns/txt; s=iport; t=1374233581; x=1375443181; h=from:to:cc:subject:date:message-id:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=yRr9jVkNpNCP/7tKcpRbZTlh2HqOQRv4AkW3azYdsf0=; b=CYhYA7P9ZU4URPjaKud1xyMbPe1eFXnT9a4SpMcxNcwmQXcnnmC06FGy 2xatVy8VNg8W+qIpd+/d/WYRJrYaa8gR1Ebol1KY18baZJLioH6scOOev N00NefN35qA9Gb1TPcqzabWxaYwBiEZ4XZKXO482UfBaQpFpXr52G1Vqz I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgIFAIYj6VGtJV2c/2dsb2JhbABRCYMGgQXARoEQFnSCJAEBAQR3AhIBCCIZBDkUCAkCBAENBQiICLZWjlQJgQExB4MQbgOIcKA6gVmBOYFxOQ
X-IronPort-AV: E=Sophos;i="4.89,700,1367971200"; d="scan'208";a="236890154"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-5.cisco.com with ESMTP; 19 Jul 2013 11:33:01 +0000
Received: from xhc-rcd-x04.cisco.com (xhc-rcd-x04.cisco.com [173.37.183.78]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id r6JBX1w8031366 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 19 Jul 2013 11:33:01 GMT
Received: from xmb-rcd-x04.cisco.com ([169.254.8.56]) by xhc-rcd-x04.cisco.com ([fe80::200:5efe:173.37.183.34%12]) with mapi id 14.02.0318.004; Fri, 19 Jul 2013 06:33:00 -0500
From: "Reinaldo Penno (repenno)" <repenno@cisco.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, "Toerless Eckert (eckert)" <eckert@cisco.com>
Thread-Topic: [Int-area] FW: New Version Notification for draft-eckert-intarea-flow-metadata-framework-01.txt
Thread-Index: Ac6Bn0gbxl2mtmX2RumGmT6rK69PKgB822jgAAhZAoAAAX6WIAAnaaeAAAn1JAAAATsDAA==
Date: Fri, 19 Jul 2013 11:33:00 +0000
Message-ID: <45A697A8FFD7CF48BCF2BE7E106F0604090C9E94@xmb-rcd-x04.cisco.com>
In-Reply-To: <94C682931C08B048B7A8645303FDC9F36EE2DDB790@PUEXCB1B.nanterre.francetelecom.fr>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.13.0.110805
x-originating-ip: [10.86.247.83]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <16FA8F4625DB934BAD471EF2ED0A6D1C@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "int-area@ietf.org" <int-area@ietf.org>
Subject: Re: [Int-area] FW: New Version Notification for draft-eckert-intarea-flow-metadata-framework-01.txt
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/int-area>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jul 2013 11:33:08 -0000

Hi Med,

I agree with you that we need to cover in more detail the managed CPE
deployments but I wonder if this is the best document to do it.

Maybe a use-cases draft based on very concrete scenarios would be best.

Thanks,

Reinaldo


On 7/19/13 4:57 AM, "mohamed.boucadair@orange.com"
<mohamed.boucadair@orange.com> wrote:

>Dear Toerless,
>
>Please see inline.
>
>Cheers,
>Med
>
>>-----Message d'origine-----
>>De : Toerless Eckert [mailto:eckert@cisco.com]
>>Envoyé : vendredi 19 juillet 2013 05:13
>>À : BOUCADAIR Mohamed OLNC/OLN
>>Cc : Reinaldo Penno (repenno); Charles Eckel (eckelcu); int-area@ietf.org
>>Objet : Re: [Int-area] FW: New Version Notification for draft-eckert-
>>intarea-flow-metadata-framework-01.txt
>>
>>On Thu, Jul 18, 2013 at 02:11:21PM +0200, mohamed.boucadair@orange.com
>>wrote:
>>> >[RP] I believe the end-point making the request for flow
>>>characteristics
>>> >will be the CPE in many cases where the applications is not metadata
>>> >aware. In other words, the CPE makes the request on behalf of
>>applications.
>>> [Med] I'm more interested in this CPE flavor (managed CPE) since it
>>avoids relying on applications to benefit from the added value of this
>>approach. This is worth be discussed in the document too.
>>
>>See section 3.1.4.1 which talks about proxies. The problem really is
>>where
>>the proxied information comes from. If the proxy is doing DPI inspection
>>to
>>deduce it or some configured mappings, then it's likely going to be
>>unreliable
>>(encryption) or suffer from problems in getting it provisioned.
>
>[Med] Section 3.1.4.1 as it is does not provide decent discussion of
>these deployment issues and considerations. Sketching the expected
>behavior of such intermediary functions would even be better. This
>applies also for the other deployment-related issues I listed in my
>initial e-mail.
>
>>
>>To me these inspecting proxies are a way to get a foot in the door with
>>the method while it takes its time to persuade app-developers (or
>>middleware
>>like browsers) to signal the information explicitly (couple of years
>>?...).
>>
>>> [Med] The question is not whether a secure transport is used or not but
>>to what extent the flow description is accurate (e.g., send fake flow
>>description, systematically request treatment with higher priority,
>>etc.).
>>
>>Right. That was the intention of 3.1.4.2. Ultimately the network taking
>>action on the metadata needs to trust the authenticated identity
>>associated with the attributes to not lie about the attributes - OR
>>enforce the semantic of the attributes signalled.
>>
>[Med] this discussion about trust is worth to be elaborated further in
>the document. For sure, this point will be raised by others.
>
>>Cheers
>>    Toerless

v2.23.0 | Report a Bug | By Email