Re: [RPSEC] Discontiguous Deployment (Show of Hands)....
Curtis Villamizar <curtis@occnc.com> Wed, 28 February 2007 18:00 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com)
by megatron.ietf.org with esmtp (Exim 4.43)
id 1HMT6G-0000KI-PD; Wed, 28 Feb 2007 13:00:24 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
by megatron.ietf.org with esmtp (Exim 4.43) id 1HMT6F-0000DN-7b
for rpsec@ietf.org; Wed, 28 Feb 2007 13:00:23 -0500
Received: from [69.37.59.173] (helo=workhorse.brookfield.occnc.com)
by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HMT6D-00087s-Pe
for rpsec@ietf.org; Wed, 28 Feb 2007 13:00:23 -0500
Received: from workhorse.brookfield.occnc.com (localhost [127.0.0.1])
by workhorse.brookfield.occnc.com (8.13.6/8.13.4) with ESMTP id
l1SHtYEQ081106; Wed, 28 Feb 2007 12:55:34 -0500 (EST)
(envelope-from curtis@occnc.com)
X-DKIM: Sendmail DKIM Filter v0.5.2 workhorse.brookfield.occnc.com
l1SHtYEQ081106
DKIM-Signature: a=rsa-sha1; c=relaxed/simple; d=occnc.com; s=workhorse;
t=1172685334; bh=qqp5M1EyM8RdUCD42t2g3mPOtyc=; h=To:cc:Reply-To:
From:Subject:In-reply-to:Date; b=O6+Prp5ttopyRykqxW3fLdRAIAU/Zy6dli
ljYum11dPoB5QGnfc8L6DTRVPErqq0oTUgBx0Y/nInPtUxoCBmzQ==
Message-Id: <200702281755.l1SHtYEQ081106@workhorse.brookfield.occnc.com>
To: sandy@tislabs.com (Sandy Murphy)
From: Curtis Villamizar <curtis@occnc.com>
Subject: Re: [RPSEC] Discontiguous Deployment (Show of Hands)....
In-reply-to: Your message of "Wed, 28 Feb 2007 12:41:25 EST."
<20070228174125.E53EC3F443@pecan.tislabs.com>
Date: Wed, 28 Feb 2007 12:55:34 -0500
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 8b431ad66d60be2d47c7bfeb879db82c
Cc: riw@cisco.com, ttauber@1-4-5.net, rpsec@ietf.org
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: curtis@occnc.com
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>,
<mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>,
<mailto:rpsec-request@ietf.org?subject=subscribe>
Errors-To: rpsec-bounces@ietf.org
In message <20070228174125.E53EC3F443@pecan.tislabs.com> Sandy Murphy writes: > > I got to thinking about: > > Tony Tauber said: > > >> o In an environment where secured service is in the process of > >> being deplyed a mechanism MUST exist to support a transition > >> free of service interruption. > > > >I think the original bullet is about something else and still has > >merit, but I like your addition. > > If a secured service requires a change in the router software, > would it not then require a service interrruption to upgrade the software? Some routers can do a change in software without disruption. For routers that don't that shouldn't disqualify the protocol change. Obviously no progress can be made without software changes. > Is this stipulation intended to outlaw any and all in-band secured service? No. IMHO. > Would a replacement for the TCP MD5 method, for example, be outlawed? In that case BGP gracefull restart might be suggested as a means of easing the transition. Again, the absense of gracefull restart in an implementation or failure to use it shouldn't disqualify the protocol extension. > Just how broad a "free of service interruption" requirement is this? > > --Sandy Do it right and it could be completely free of service interruption. I think the intent is to completely disallow "flag day" changes that require simultaneious change to multiple routers that can't be accomplished in a reasonable amount of time and to discourage changes that require taking one thing down before bringing another up in a way that can't be done at all without disruption. For BGP session restarts gracefull restart should be assumed. But then again, I'm just lurking so I could be clueless (again? :). Does the above statement need this level of clarification in the document in your opinion? [Assuming I've got it mostly right here.] Curtis _______________________________________________ RPSEC mailing list RPSEC@ietf.org https://www1.ietf.org/mailman/listinfo/rpsec
- [RPSEC] Discontiguous Deployment (Show of Hands).… Russ White
- RE: [RPSEC] Discontiguous Deployment (Show of Han… Tony Li
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Marcus Leech
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Iljitsch van Beijnum
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Blaine Christian
- RE: [RPSEC] Discontiguous Deployment (Show of Han… Tony Li
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Cat Okita
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Iljitsch van Beijnum
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Tom Petch
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Russ White
- Re: [RPSEC] Discontiguous Deployment (Show of Han… sandy
- Re: [RPSEC] Discontiguous Deployment (Show of Han… sandy
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Stephen Kent
- Re: [RPSEC] Discontiguous Deployment (Show of Han… sandy
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Stephen Kent
- RE: [RPSEC] Discontiguous Deployment (Show of Han… Bora Akyol
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Henk Uijterwaal
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Tony Tauber
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Tony Tauber
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Curtis Villamizar
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Sandy Murphy
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Curtis Villamizar
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Doug Montgomery