Re: [L3sm] Next Step of RFC8049
David Ball <daviball@cisco.com> Wed, 28 June 2017 09:36 UTC
Return-Path: <daviball@cisco.com>
X-Original-To: l3sm@ietfa.amsl.com
Delivered-To: l3sm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0A4612EC03 for <l3sm@ietfa.amsl.com>; Wed, 28 Jun 2017 02:36:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.492
X-Spam-Level:
X-Spam-Status: No, score=-14.492 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VIso1kvoTA3Z for <l3sm@ietfa.amsl.com>; Wed, 28 Jun 2017 02:36:15 -0700 (PDT)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F36A126D85 for <l3sm@ietf.org>; Wed, 28 Jun 2017 02:36:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=16365; q=dns/txt; s=iport; t=1498642575; x=1499852175; h=subject:to:references:from:message-id:date:mime-version: in-reply-to; bh=/HsYhbigdsw0LMb6D7Orjc2HiFBSpx/7c4o4PyKHJXc=; b=fac7KI+tAOZu/N3ibwJEhgVCx1SsCTrWGsklRWY4RXxctd+PN25eJAc8 IaqtvUf3cP2QXRj7VD/XyIsve1Hjk6hf+WYQ8QdqMt5XBgaf2RjFM5N0e 5qFZZ4VlkXWdAUffOBw07jD1/8zvCU//3MdLQDa2FsH9HFpFUzwuXa/5A M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D9AAAVeFNZ/xbLJq1GFhoBAQEBAgEBAQEIAQEBAYJvglqDbIoZc5B1kE+FK4IRhhwCg0QYAQIBAQEBAQEBayiFGAEBAQECASMKXAkCDgoTFAMCAkYRBgEMBgIBAYokCJMjnWKCJimLNAEBAQEBAQEBAQEBAQEBAQEBAQEBAR2DJ4NMggyCeYE8gnUpRoJdgmEFkEWOL4p7iHWCCoVKg0uGd4xXiFEfOIEKMCEIGxVJhRYHEIFnPzaJOgEBAQ
X-IronPort-AV: E=Sophos;i="5.40,274,1496102400"; d="scan'208,217";a="695453340"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Jun 2017 09:36:10 +0000
Received: from [10.63.23.161] (dhcp-ensft1-uk-vla370-10-63-23-161.cisco.com [10.63.23.161]) by aer-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id v5S9aAfC010396; Wed, 28 Jun 2017 09:36:10 GMT
To: Qin Wu <bill.wu@huawei.com>, "Ogaki, Kenichi" <ke-oogaki@kddi.com>, "stephane.litkowski@orange.com" <stephane.litkowski@orange.com>, "l3sm@ietf.org" <l3sm@ietf.org>
References: <etPan.5911cab4.327b23c6.d3a@Qin-Wude-iPhone> <0a70dc6a-961d-66f2-d3a4-c7b9a48706ff@cisco.com> <00d301d2e00b$f0200ca0$d06025e0$@kddi.com> <48fc67df-aefe-a855-9c2a-0b8ca453149e@cisco.com> <006d01d2e4ed$f5f14ea0$e1d3ebe0$@kddi.com> <6f6fade7-1e5e-3cf0-e961-4d3f535eb3de@cisco.com> <6561_1498038981_594A42C5_6561_270_2_9E32478DFA9976438E7A22F69B08FF921E9C913F@OPEXCLILMA4.corporate.adroot.infra.ftgroup> <7caf4c4d-b132-2e07-54c8-8e9c62727293@cisco.com> <00b101d2ee2b$8ef28ab0$acd7a010$@kddi.com> <0ed5e7de-9ab3-19a9-06ba-f0ec8a83c658@cisco.com> <B8F9A780D330094D99AF023C5877DABA9A987485@nkgeml513-mbx.china.huawei.com>
From: David Ball <daviball@cisco.com>
Message-ID: <c900e6a6-cab3-cde2-ce4c-7d37eb8fddd7@cisco.com>
Date: Wed, 28 Jun 2017 10:36:10 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0
MIME-Version: 1.0
In-Reply-To: <B8F9A780D330094D99AF023C5877DABA9A987485@nkgeml513-mbx.china.huawei.com>
Content-Type: multipart/alternative; boundary="------------015D108C68CCBDDEAB55A0B4"
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/l3sm/4_v6mM1iweMlBVNoJGhWTecoXLI>
Subject: Re: [L3sm] Next Step of RFC8049
X-BeenThere: l3sm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: L3VPN Service YANG Model discussion group <l3sm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l3sm>, <mailto:l3sm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/l3sm/>
List-Post: <mailto:l3sm@ietf.org>
List-Help: <mailto:l3sm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l3sm>, <mailto:l3sm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jun 2017 09:36:20 -0000
Hi Qin,
You have cycled this round to the start of the thread. :) There must be
some out-of-band way of identifying and authenticating the customer from
whom the request is being received, otherwise customer foo could request
a service for customer bar just by filling in a different value for this
leaf in the model! You are right that the VPN service is a list, but a
given customer should only ever be able to use the model to access their
own services, they should not be able to access services for any other
customer.
David
On 28/06/2017 03:37, Qin Wu wrote:
>
> David:
>
> A few thoughts and comments below.
>
> *发件人:*David Ball [mailto:daviball@cisco.com]
> *发送时间:*2017年6月27日19:53
> *收件人:*Ogaki, Kenichi; stephane.litkowski@orange.com; Qin Wu;
> l3sm@ietf.org
> *主题:*Re: [L3sm] Next Step of RFC8049
>
> Thanks Kenichi - there is one of your answers that I'm still confused
> about, see below:
>
> On 26/06/2017 04:23, Ogaki, Kenichi wrote:
>
> 4. Under the VPN service, there is a leaf for the
> customer name. If the model is supposed to represent the
> request from a customer to the SP, I would have thought
> the customer name would be known out-of-band, e.g. from
> the AAA for the request? It would be bad if one customer
> could request things for another customer by filling in a
> different customer name in the model!
>
> [KO] A customer can only access the model instance of
> that customer. Please see section 10.
>
> [DB] Yes exactly - if a customer can only access their own
> instance of the model, why does the customer name need to
> be specified within the model? You already know you are
> dealing with that customer's instance of the model. It
> seems like the customer-name leaf is unnecessary?
>
> [KO] As common usecases, a VPN service is provided not
> only by Tier 1 providers, but also by Tier 2 providers or
> IT divisions of enterprises in order to provide their own
> end users by using a Tier 1 provider's VPN service. Such
> customers usually requires this kind of attributes for
> their management purposes.
>
> [DB2]
>
> I didn't really follow this, sorry. The module contains the
>
> information that needs to be sent from the customer to the SP,
> right?
>
> If the customer using the model (i.e. the Tier2 in your above
> example)
>
> needs to track which of their own customers the service is
> for, that's
>
> something that's internal to them, isn't it?
>
> [KO3] Yes, that's internal to them, but they (i.e. our customers)
> really request and are currently using this. Then, we need to
> model this.
>
>
> Perhaps I am misunderstanding the scenario.
>
> If I understand correctly, the case is where the yang is being used
> between a Tier2 provider (lets call them T2-telecom) and Tier1
> provider (lets call them T1-networks). In other words, from the
> perspective of the RFC and the yang module, T1-networks is the SP and
> T2-telecom is the customer.
>
> T2-telecom has their own customers call them (foo-bank,
> bar-supermarket and baz-advertising). Whenever T2-telecom orders a
> new VPN from T1-networks, they want to record, in their internal
> systems, which of their end customers the new VPN is for. Of course
> there is probably a lot of other information they want to store in
> their internal systems about their customers, such as contact info,
> billing and invoicing info, trouble tickets, etc.
>
> What I don't understand is why T2-telecom would want to send the name
> of their end-customer (foo-bank, bar-supermarket or baz-advertising)
> to T1-networks as part of the netconf request when they order a new
> VPN. What is T1-networks going to do with this information?
>
> [Qin]:
>
> 1.With customer name,you could use it as a key to lookup detailed
> customer information such as contact info, billing info if needed.
>
> 2. You forget that VPN service is defined as a list of VPN Service.
> That is to say different VPN service could belong to different customer,
>
> Adding customer name, we could know which customer has which VPN service.
>
> 3. customer name is just defined as an optional parameter. You don’t
> need to specify it in the case you don’t need it.
> David
>
>
> --
> David Ball
> <daviball@cisco.com> <mailto:daviball@cisco.com>
--
David Ball
<daviball@cisco.com>
- [L3sm] Next Step of RFC8049 Qin Wu
- Re: [L3sm] Next Step of RFC8049 David Ball
- Re: [L3sm] Next Step of RFC8049 Ogaki, Kenichi
- Re: [L3sm] Next Step of RFC8049 David Ball
- Re: [L3sm] Next Step of RFC8049 Ogaki, Kenichi
- Re: [L3sm] Next Step of RFC8049 David Ball
- Re: [L3sm] Next Step of RFC8049 stephane.litkowski
- Re: [L3sm] Next Step of RFC8049 Qin Wu
- Re: [L3sm] Next Step of RFC8049 David Ball
- Re: [L3sm] Next Step of RFC8049 Qin Wu
- Re: [L3sm] Next Step of RFC8049 Ogaki, Kenichi
- Re: [L3sm] Next Step of RFC8049 David Ball
- Re: [L3sm] Next Step of RFC8049 David Ball
- Re: [L3sm] Next Step of RFC8049 Qin Wu
- Re: [L3sm] Next Step of RFC8049 Qin Wu
- Re: [L3sm] Next Step of RFC8049 David Ball
- Re: [L3sm] Next Step of RFC8049 Qin Wu
- Re: [L3sm] Next Step of RFC8049 Ogaki, Kenichi
- Re: [L3sm] Next Step of RFC8049 Ogaki, Kenichi
- [L3sm] 答复: Next Step of RFC8049 Qin Wu
- Re: [L3sm] Next Step of RFC8049 David Ball