Re: [Netconf] NETCONF call home and new port assignment
"Reinaldo Penno (repenno)" <repenno@cisco.com> Tue, 25 February 2014 17:06 UTC
Return-Path: <repenno@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7537A1A081D for <netconf@ietfa.amsl.com>; Tue, 25 Feb 2014 09:06:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.448
X-Spam-Level:
X-Spam-Status: No, score=-14.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_24=0.6, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y6pViYUcPpRN for <netconf@ietfa.amsl.com>; Tue, 25 Feb 2014 09:06:30 -0800 (PST)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) by ietfa.amsl.com (Postfix) with ESMTP id A6D5B1A0818 for <netconf@ietf.org>; Tue, 25 Feb 2014 09:06:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5914; q=dns/txt; s=iport; t=1393347987; x=1394557587; h=from:to:subject:date:message-id:in-reply-to:content-id: content-transfer-encoding:mime-version; bh=cML1IDYSTtd+5pFQjUR4EszhlouvHV+9ZjbmVmI8u+4=; b=gV+9SfP/xfAI/mC8AcBtiZla00iBZK3Ygu0xs8u8DyXyazd7YZd3M+UD hhX8B3oMEZJP5kfbFiaU3D8Na1JesnFXFOSRkaB7HuPX6fXlSqv+74KY7 YPxFoLdOnYvnZzfunRmdZm2dHHQNogUr8Xxg1ZyM4/GnvU730f49USsRf M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgUFANHMDFOtJV2Z/2dsb2JhbABZgwY7V8ECT4EYFnSCJQEBAQQBAQEkRAMXBgEIEQMBAgFVCx0IAgQBEgkSh2oNxwIXjhMBARw1BQaEMgSJEI8kkieDLYFxOQ
X-IronPort-AV: E=Sophos;i="4.97,541,1389744000"; d="scan'208";a="306491512"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-4.cisco.com with ESMTP; 25 Feb 2014 17:06:26 +0000
Received: from xhc-aln-x15.cisco.com (xhc-aln-x15.cisco.com [173.36.12.89]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id s1PH6P7f002569 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 25 Feb 2014 17:06:26 GMT
Received: from xmb-rcd-x04.cisco.com ([169.254.8.99]) by xhc-aln-x15.cisco.com ([173.36.12.89]) with mapi id 14.03.0123.003; Tue, 25 Feb 2014 11:06:25 -0600
From: "Reinaldo Penno (repenno)" <repenno@cisco.com>
To: "Bert Wijnen (IETF)" <bertietf@bwijnen.net>, Kent Watsen <kwatsen@juniper.net>, netconf <netconf@ietf.org>
Thread-Topic: [Netconf] NETCONF call home and new port assignment
Thread-Index: AQHPMh0sIMAEhPViDUCrzWQVqmFe/JrGgIWAgAABzoD//4++AA==
Date: Tue, 25 Feb 2014 17:06:25 +0000
Message-ID: <CF3209F5.998E%repenno@cisco.com>
In-Reply-To: <530CBB3B.90804@bwijnen.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.2.3.120616
x-originating-ip: [10.21.76.86]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <3A3C786BDF01254C85E761FDBEC92148@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/netconf/5r-aqaFyXd2Xi-2SWKrkEmH8zEw
Subject: Re: [Netconf] NETCONF call home and new port assignment
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Feb 2014 17:06:39 -0000
I have some comments on this draft. Since the draft proposes a ³cold² reverse connection I was expecting some discussion on the traversal of middleboxes. Given folks that have been deploying NMS implicitly take for granted that connections are always inside->out, with the exception of SNMP traps, such a draft should assume some pitfalls and suggest ways around them. In the case of SNMP for example, the ³solution² is firewalls/NATs that implement SNMP ALG, but even then, a first inside->outside connection is expected. Some points to consider: - The NMS IP address downloaded from config server can not be behind a firewall unless there is some pinhole or traversal method the device can use - If NMS is behind a NAT, the IP:port should be the outside and stable. - In the worst case maybe configuration server (which theoretically could be reached by both parties) could d server as a relay. - If a NAT exists between NMS and device, one can not assume registered ports will be available. Therefore config server needs to be able to send port information. - Device should be prepared to check with configuration server is external port has changed due to state being removed on the NAT. Thanks, -RP On 2/25/14, 7:48 AM, "Bert Wijnen (IETF)" <bertietf@bwijnen.net> wrote: > > >On 25/02/14 16:41, Kent Watsen wrote: >> >> I believe that is the case as well, but note that we need two port >> assignments - one for reverse-SSH and another for reverse-TLS. >> >I think that is fine. >It was/is the principle that we CAN ask for a port number if we have >consecensus >that that is what we want. > >Bert > >> Cheers! >> Kent >> >> >> >> On 2/25/14 6:31 AM, "Bert Wijnen (IETF)" <bertietf@bwijnen.net> wrote: >> >>> NETCONF WG participants, >>> >>> there has been quite some discussion about this topic on our mailing >>>list. >>> We (WG chairs) have asked our AD (Benoit) to follow up in the IESG. >>> >>> Our current understanding is that if our WG has consensus on asking for >>> a new port, then we can do so and we should get one. >>> >>> We (WG chairs) belive we have (at least rough) consensus on this matter >>> and so we will ask for a new port. >>> >>> Bert and Mehmet >>> >>> >>> -------- Original Message -------- >>> Subject: Re: NETCONF call home and new port assignment >>> Resent-To: bertietf@bwijnen.net, mehmet.ersue@nsn.com,, >>> bclaise@cisco.com, joelja@bogus.com, jjaeggli@zynga.com >>> Date: Mon, 20 Jan 2014 15:58:52 +0100 >>> From: Benoit Claise <bclaise@cisco.com> >>> CC: Joe Touch <touch@isi.edu>, "netconf-chairs@tools.ietf.org" >>> <netconf-chairs@tools.ietf.org>, "Romascanu, Dan (Dan)" >>> <dromasca@avaya.com>, Lemon Ted <ted.lemon@nominum.com>, >>> "ops-ads@tools.ietf.org" <ops-ads@tools.ietf.org>, >>> Kent Watsen <kwatsen@juniper.net> >>> >>> Dear all, >>> >>> We discussed the issue of potentially allocating a new port for the >>> NETCONF call home during our informal telechat last week. >>> Personally, I wanted a confirmation on the procedure. >>> Material: >>> >>>http://www.iana.org/assignments/service-names-port-numbers/service-names >>>-p >>> ort-numbers.xhtml >>> an >>> RFC 6335 >>> >>> Bottom line: The review of the port assignment via IETF standards >>> (consensus based) does not go to the port review >>> >>> There is strong consensus to allocate this port in the NETCONF WG. >>> - http://www.ietf.org/proceedings/88/minutes/minutes-88-netconf >>> 30 in favor, 0 against >>> - doublechecked on the mailing list >>> http://www.ietf.org/mail-archive/web/netconf/current/msg08445.html >>> >>> So we're good here, let's proceed with the new port design >>> >>> Regards, Benoit >>> >>>> Hi, Benoit, >>>> >>>> On 11/4/2013 10:30 AM, Benoit Claise wrote: >>>>> Hi Joe, >>>>> >>>>> Regarding the "NETCONF call home and new port assignment" discussion >>>>>on >>>>> the NETCONF mailer, I'm wondering if your comments are made as the >>>>>port >>>>> expert reviewer or as a contributor. >>>> >>>> The ports review team doesn't participate in that role on these >>>> discussions on the lists; we review requests and report directly to >>>> IANA. So I'm speaking as a contributor, but it's with the ports review >>>> in the back of my mind. >>>> >>>>> In the NETCONF WG, there is strong consensus that the new port is the >>>>> preferred way. We checked that today: by a show of hand, everybody >>>>> wanted a new port. >>>> >>>> Everyone always does. >>>> >>>>> I want to understand if there is a major flaw in requesting this >>>>>port. >>>> >>>> There's often a case where the individual request makes sense, but in >>>> the broader context of "tragedy of the commons" it doesn't. That's my >>>> impression here. There should be other ways to accomplish this - the >>>> SYN attempt I recently saw looked like a good alternative that would >>>> scale to other assignments, e.g. >>>> >>>>> Note: I contacted it you directly, because I'm not sure how to reach >>>>> all >>>>> the expert reviewers at the same time. >>>> >>>> There's no official way to do that. We respond to requests for reviews >>>> from IANA, and report back to IANA directly. There's no "official" >>>> role for us in the IETF directly. >>>> >>>> Joe >>>> >>>>> >>>>> >>>>>http://www.iana.org/assignments/service-names-port-numbers/service-nam >>>>>es >>>>> -port-numbers.xhtml >>>>> >>>>> is not explicit >>>>> >>>>> Regards, Benoit (OPS AD) >>>> . >>>> >>> >>> >>> >>> >>> _______________________________________________ >>> Netconf mailing list >>> Netconf@ietf.org >>> https://www.ietf.org/mailman/listinfo/netconf >>> >>> >> >> >> > >_______________________________________________ >Netconf mailing list >Netconf@ietf.org >https://www.ietf.org/mailman/listinfo/netconf
- Re: [Netconf] NETCONF call home and new port assi… Bert Wijnen (IETF)
- Re: [Netconf] NETCONF call home and new port assi… Kent Watsen
- Re: [Netconf] NETCONF call home and new port assi… Bert Wijnen (IETF)
- Re: [Netconf] NETCONF call home and new port assi… Reinaldo Penno (repenno)
- Re: [Netconf] NETCONF call home and new port assi… Juergen Schoenwaelder
- Re: [Netconf] NETCONF call home and new port assi… Reinaldo Penno (repenno)
- Re: [Netconf] NETCONF call home and new port assi… Juergen Schoenwaelder
- Re: [Netconf] NETCONF call home and new port assi… Reinaldo Penno (repenno)
- Re: [Netconf] NETCONF call home and new port assi… Juergen Schoenwaelder
- Re: [Netconf] NETCONF call home and new port assi… Mikael Abrahamsson
- Re: [Netconf] NETCONF call home and new port assi… Reinaldo Penno (repenno)
- Re: [Netconf] NETCONF call home and new port assi… Mikael Abrahamsson
- Re: [Netconf] NETCONF call home and new port assi… Reinaldo Penno (repenno)
- Re: [Netconf] NETCONF call home and new port assi… Joe Touch
- Re: [Netconf] NETCONF call home and new port assi… Bert Wijnen (IETF)
- Re: [Netconf] NETCONF call home and new port assi… Ersue, Mehmet (NSN - DE/Munich)
- Re: [Netconf] NETCONF call home and new port assi… Joe Touch