Re: [RTG-DIR] [Anima] Rtgdir telechat review of? draft-ietf-anima-autonomic-control-plane-13
"Joel M. Halpern" <jmh@joelhalpern.com> Fri, 08 June 2018 23:47 UTC
Return-Path: <jmh@joelhalpern.com>
X-Original-To: rtg-dir@ietfa.amsl.com
Delivered-To: rtg-dir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F6E8130DE0; Fri, 8 Jun 2018 16:47:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZktgR7QUhUp8; Fri, 8 Jun 2018 16:47:20 -0700 (PDT)
Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E86EE130DC0; Fri, 8 Jun 2018 16:47:20 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id C90BF400A74; Fri, 8 Jun 2018 16:47:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1528501640; bh=/e3WBU964clZ95x6CEoHV6vjjOg8OuFIkDJ+22Omvr8=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=TaZmqevDc+5GxEwYsH+36CpAI2jCBY1ONtQpitr5f5kDp8V+HI6uHH8HnfvuF/u5f d9p1SuPnKYLw8CjbUXZqxe46H0/8OdRG72KrcLf+gYfGp5wA/LrX7MymLoYacCgmOp kaLIt69ibaGmTohLAxVv7m0O9fiwwEqH4MLfyIgs=
X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net
Received: from Joels-MacBook-Pro.local (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id AA27D400B49; Fri, 8 Jun 2018 16:47:19 -0700 (PDT)
To: Toerless Eckert <tte@cs.fau.de>
Cc: rtg-dir@ietf.org, anima@ietf.org, ietf@ietf.org, draft-ietf-anima-autonomic-control-plane.all@ietf.org
References: <20180608230416.jy4xjp7smqm444tc@faui48f.informatik.uni-erlangen.de>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <be960bb1-2b1e-a5f4-1b45-7fbfda89bd8f@joelhalpern.com>
Date: Fri, 08 Jun 2018 19:47:18 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <20180608230416.jy4xjp7smqm444tc@faui48f.informatik.uni-erlangen.de>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-dir/jIsF77N1i8GkofaC84zg_LzxL8Q>
Subject: Re: [RTG-DIR] [Anima] Rtgdir telechat review of? draft-ietf-anima-autonomic-control-plane-13
X-BeenThere: rtg-dir@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Routing Area Directorate <rtg-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-dir/>
List-Post: <mailto:rtg-dir@ietf.org>
List-Help: <mailto:rtg-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jun 2018 23:47:25 -0000
Thank you. Those fixes make sense. You might want to talk to a DNS expert about what the right terminology is for what youa re trying to achieve with the rsub content. I think I understand it, and I think it is reasonable. And I am insufficiently expert to tell what the right formalism is for it (thinks have evolved since 1034.) Net: good enough for me. Yours, Joel On 6/8/18 7:04 PM, Toerless Eckert wrote: > Thanks, Joel > > Replies Inline > > Changes for feedback from Mirja, Kumar and Joel committed to -16, > didn't create separate diff for individual reviewers as diff is not large. > (Just ignore whole section 11 moved to appendix in diff.) > > https://tools.ietf.org/id/draft-ietf-anima-autonomic-control-plane-16.txt > > http://tools.ietf.org//rfcdiff?url1=https://tools.ietf.org/id/draft-ietf-anima-autonomic-control-plane-15.txt&url2=https://tools.ietf.org/id/draft-ietf-anima-autonomic-control-plane-16.txt > > Cheers > Toerless > > On Thu, Jun 07, 2018 at 05:09:37PM -0400, Joel M. Halpern wrote: >> Thank you for all your work on this. >> >> While I still find the presence of the address allocation mechanism strange >> to find in this document, I can live with it. >> So with this complaint done, I will shut up about it already. > > Thanks. Lets take it offline. I am still interested to understand that > point, especially after the text i added in the hope to clear this concern. > > Answers inline. > > Thanks > Toerless > >> Aside from some items noted below, this seems to be in good shape. >> >> Moderate: >> >> Section 10.3.4 has a helpful discussion of some of the complexities of >> determining where to auto-enable the ACP. I am a bit surprised not to see >> some discussion of which VLANs to enable for ACP in an Ethernet environment. > > Thats a topic better to be discussed in followup work. Cisco IOS ACP > implementation does support automatic VLAN discovery & selection. > Lot of experience/insight from that. Trust me, it would be scope creep > for the ACP document itself. > >> For WDM< since wavelength usage is configured, I presume that ACP would >> never try to auto-enable a frequency band? > > Right. Given the experience with VLANs, the clean cut we could make > for this basic ACP specification is to logically sit on top of > IPv6 subnet interfaces, ignore all L2/L1 complexities > and live with the dependency against IPv6 being able to bring up > link-local-scope reachability to neighbors. [ And then write followup > docs if/when we ever get this first doc out as an RFC ;-) ] > > The way i would imagine WDM is a bit more like ethernet switches in section 7 > though: You'd want to get ACP connectivity across your optical equipment > and also be able to reach through the ACP your optical equipment, but > that would not use special colors, but more likely should be added > to / leverage the existing in-band management channels of the optical > equipment. Long discussion. Let me rather stop. > >> Minor comments: >> In section 6.1.1 the text and the ABNF says that an rsub is a full domain >> (using the same domain-name construct as the "domain" which is an FQDN. >> However, the example shows a partial domain string which is concatenated >> with the "domain" to produce an FQDN. And the syntqx of "routing-subdomain" >> shows that concatenation. This suggests that the text needs to be clear as >> to what the syntactic content of the rsub field is. > > Hmm... RFC1034 does not even mention the term "fully qualified (domain name)" / FQDN, > You seem to read RFC1034 3.5 to mean that all domain are FQDN, but that is > not clear to me. In the RR examples of RFC1034, FQDNs are identified by ending > with a ".", which AFAIK is the standard for FQDN,but the 3.5 syntax doesn't > even allow you to create such an FQDN, so i was thinking that 3.5 "domain" > do not have to be FQDNs, and therefore i am assuming that is is also perfectly > legal to use a syntax of domain3 = domain2 . domain1, > as in routing-subdomain = rsub . domain-domain-name. > >> Might it be better not >> to define it as a "domain-name" but to define it as FFS, with a caveat that >> whatever usage is later defined needs to be suitable for combining with the >> "domain" for generating the hash for the ULA Global ID? > > Well, it does have to be some RFC822-local-part-FFS, but i think its a > lot better if its constrained to the domain name syntax, because it is > quite normal operations to have for every actual routing subdomain in the > network also some associated domain name, and that is what "routing-subdomain" > is. > > So if i build a parser for configuring my segmented routing with the ACP, > its a lot more logical to allow only longer domain names for > routing-subdomain that all have the same parent domain (domain). > >> Just to be clear, as written the text seems to end up with <domain<.<domain> >> where <domain> is from RFC 1034. > > Right. See above. > > I tried to figure out how to unconfuse this. > > I changed "domain" to "acp-domain-name", so that its not confused > with RFC1034 "domain", eliminated "domain-name", and also changed > the definition of rsub to use RFC1034 "subdomain" instead of "domain", > even though i can for the heck of it not figure out what the difference > between domain and subdomain is, except that a domain can be " ", > which seems to be the domain root, but its not really defined. > But at least it should hopefully eliminate the misconception that rsub > has to be an FQDN. > >> Section 6.1.2 bullet one states that "The peer certificate is valid as >> proven by the security association protocol exchange." I may be >> overstepping my knowledge, but I think there are two different things. First >> is the certificate validity, which is an internal property of the >> certificate. The second is the certficate applicability which may be >> informed by the protocol exchange. > > Good catch. Fixed as follows: > > The following points constitute the ACP domain membership check of a possible peer certificate, independent of the protocol used: > The peer certificate is valid (lifetime). > The peer has proved ownership of the private key associated with the certifictes public key. > >> Related to that, please put in a reference to which protocol exchange >> you mean? > > No, the goal is to define this independent of protocol. > > >> Either there is a document inconsistency, or there is a typo in the >> first paragraph of section 6.10.7.3, in that the address prefix length for >> the zone address sub-scheme is /127, not /126. >> >> >> Yours, >> Joel >
- Re: [RTG-DIR] [Anima] Rtgdir telechat review of? … Toerless Eckert
- Re: [RTG-DIR] [Anima] Rtgdir telechat review of? … Toerless Eckert
- Re: [RTG-DIR] [Anima] Rtgdir telechat review of? … Joel M. Halpern
- Re: [RTG-DIR] [Anima] Rtgdir telechat review of? … Joel M. Halpern
- Re: [RTG-DIR] [Anima] Rtgdir telechat review of? … Toerless Eckert
- [RTG-DIR] Rtgdir telechat review of draft-ietf-an… Joel Halpern
- Re: [RTG-DIR] Rtgdir telechat review of draft-iet… Toerless Eckert
- Re: [RTG-DIR] Rtgdir telechat review of draft-iet… Joel M. Halpern
- [RTG-DIR] ULA issue [Re: Rtgdir telechat review o… Brian E Carpenter
- Re: [RTG-DIR] Rtgdir telechat review of draft-iet… Toerless Eckert
- Re: [RTG-DIR] Rtgdir telechat review of draft-iet… Joel M. Halpern
- Re: [RTG-DIR] Rtgdir telechat review of draft-iet… Brian E Carpenter
- Re: [RTG-DIR] [Anima] Rtgdir telechat review of d… Toerless Eckert
- Re: [RTG-DIR] [Anima] Rtgdir telechat review of d… jmh.direct
- Re: [RTG-DIR] [Anima] Rtgdir telechat review of? … Toerless Eckert
- Re: [RTG-DIR] [Anima] Rtgdir telechat review of? … Joel M. Halpern