[nasr] Re: Scope: Forwarding AND Routing or JUST Forwarding?

Meiling Chen <chenmeiling@chinamobile.com> Mon, 14 October 2024 03:13 UTC

Return-Path: <chenmeiling@chinamobile.com>
X-Original-To: nasr@ietfa.amsl.com
Delivered-To: nasr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C5A2C151066 for <nasr@ietfa.amsl.com>; Sun, 13 Oct 2024 20:13:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vkb1bjL7_SxZ for <nasr@ietfa.amsl.com>; Sun, 13 Oct 2024 20:13:34 -0700 (PDT)
Received: from cmccmta2.chinamobile.com (cmccmta4.chinamobile.com [111.22.67.137]) by ietfa.amsl.com (Postfix) with ESMTP id 6B4EEC14F68C for <nasr@ietf.org>; Sun, 13 Oct 2024 20:13:33 -0700 (PDT)
X-RM-TagInfo: emlType=0
X-RM-SPAM-FLAG: 00000000
Received: from spf.mail.chinamobile.com (unknown[10.188.0.87]) by rmmx-syy-dmz-app08-12008 (RichMail) with SMTP id 2ee8670c8c590d3-50111; Mon, 14 Oct 2024 11:13:31 +0800 (CST)
X-RM-TRANSID: 2ee8670c8c590d3-50111
X-RM-TagInfo: emlType=0
X-RM-SPAM-FLAG: 00000000
Received: from cmcc-PC (unknown[10.2.53.48]) by rmsmtp-syy-appsvr08-12008 (RichMail) with SMTP id 2ee8670c8c5aad3-8fab2; Mon, 14 Oct 2024 11:13:31 +0800 (CST)
X-RM-TRANSID: 2ee8670c8c5aad3-8fab2
Date: Mon, 14 Oct 2024 11:13:30 +0800
From: Meiling Chen <chenmeiling@chinamobile.com>
To: Toerless Eckert <tte@cs.fau.de>, Luigi Iannone <ggx@gigix.net>
References: <ZwbGthujwae3cCuK@faui48e.informatik.uni-erlangen.de>
X-Priority: 3
X-Has-Attach: no
X-Mailer: Foxmail 7.2.9.115[cn]
Mime-Version: 1.0
Message-ID: <202410141113301248653@chinamobile.com>
Content-Type: multipart/alternative; boundary="----=_001_NextPart762243364524_=----"
Message-ID-Hash: X4I3TI7KYWL7E3M5URROVLXZL5SHGDHZ
X-Message-ID-Hash: X4I3TI7KYWL7E3M5URROVLXZL5SHGDHZ
X-MailFrom: chenmeiling@chinamobile.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "nasr@ietf.org" <nasr@ietf.org>
X-Mailman-Version: 3.3.9rc5
Precedence: list
Subject: [nasr] Re: Scope: Forwarding AND Routing or JUST Forwarding?
List-Id: Network Attestation for Secure Routing <nasr.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nasr/au3fioX-vXHLOncp49G9GDmAqu8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nasr>
List-Help: <mailto:nasr-request@ietf.org?subject=help>
List-Owner: <mailto:nasr-owner@ietf.org>
List-Post: <mailto:nasr@ietf.org>
List-Subscribe: <mailto:nasr-join@ietf.org>
List-Unsubscribe: <mailto:nasr-leave@ietf.org>

Hi Toerless,

Complete deployable / operationizable solutions for NASR, very important, and I believe it is also the ultimate purpose of NASR's existence.
Do you have more ideas for the solution? Perhaps a diagram can provide us with a clearer understanding of your suggestions.

Best,
Meiling

 
From: Toerless Eckert
Date: 2024-10-10 02:08
To: Luigi Iannone
CC: nasr
Subject: [nasr] Re: Scope: Forwarding AND Routing or JUST Forwarding?
Luigi:
 
I think we should define complete deployable / operationizable solutions for NASR.
I think we should strive to re-use as much existing technology as possible,
and only invent where we can show there is an unavoidable gap.
 
This is pretty much also the AD guidance we where given in ANIMA, and which i think
is waht IETF should always give for solutions. And i don't think we can simply
get NASR successfully deployed without specifying the solution level.
 
When it comes to control plane, i think the work is mostly a profiling and
combination of existing control plane functionality - such as IGP. In ANIMA
this is for example what rfc8994 did. I could imagine that
the control plane specs for NASR could start out similarily.
 
Btw: For ANIMA we really only had one "novel" forwarding plane functionality,
which was really within the realm of existing IETF specs, but just not deployed
in that combination - IPsec over link-local-scope IPv6. And it's still not working
in Linux... So another word of advice: also consider as an option te most hacky but
most easily implemented first forwarding plane functionality. Because getting stuff
into Linux can really suck...
 
Cheers
    Toerless
 
On Tue, Oct 08, 2024 at 01:36:17PM +0200, Luigi Iannone wrote:
> Hello NASRers,
> 
> One of the topic that we can tackle on the mailing list and finalize during the interim is about the scope of NASR in particular about “Routing vs Forwarding”.
> 
> During the BoF, several persons pointed out that we are not clear on whether NASR is about:
> 
> 1) Fowarding: being able to audit a path and obtain a proof of transit. Building the path being out of scope.
> 
> 2)  Routing: This is forawarding + Building the path by distributing trust and  reachability information.
> 
> In my personal opinion I see NASR more on the forwarding side, hence focusing on the auditing tools. 
> 
> Extending routing solution to distribute relevant information for NASR to work can be done in the future and not necessarily in the NASR WG but as an extension of other protocols, hence in their respective WGs.
> 
> Anyone to share more thoughts on this point?   
> 
> L.
> -- 
> nasr mailing list -- nasr@ietf.org
> To unsubscribe send an email to nasr-leave@ietf.org