Re: [saag] [Apn] APN presentation in SAAG on Thursday.
"Pengshuping (Peng Shuping)" <pengshuping@huawei.com> Thu, 11 March 2021 15:18 UTC
Return-Path: <pengshuping@huawei.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB1603A10A0; Thu, 11 Mar 2021 07:18:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LO_69-KJa0Ni; Thu, 11 Mar 2021 07:18:38 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 684263A109F; Thu, 11 Mar 2021 07:18:38 -0800 (PST)
Received: from fraeml712-chm.china.huawei.com (unknown [172.18.147.201]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4DxC9Y5FK5z67xk8; Thu, 11 Mar 2021 23:12:33 +0800 (CST)
Received: from fraeml796-chm.china.huawei.com (10.206.15.17) by fraeml712-chm.china.huawei.com (10.206.15.61) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Thu, 11 Mar 2021 16:18:34 +0100
Received: from fraeml796-chm.china.huawei.com (10.206.15.17) by fraeml796-chm.china.huawei.com (10.206.15.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Thu, 11 Mar 2021 16:18:33 +0100
Received: from DGGEML424-HUB.china.huawei.com (10.1.199.41) by fraeml796-chm.china.huawei.com (10.206.15.17) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.1.2106.2 via Frontend Transport; Thu, 11 Mar 2021 16:18:33 +0100
Received: from DGGEML512-MBX.china.huawei.com ([169.254.2.49]) by dggeml424-hub.china.huawei.com ([10.1.199.41]) with mapi id 14.03.0513.000; Thu, 11 Mar 2021 23:18:28 +0800
From: "Pengshuping (Peng Shuping)" <pengshuping@huawei.com>
To: Joey S <joeysalazar@article19.org>
CC: "apn@ietf.org" <apn@ietf.org>, "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [Apn] APN presentation in SAAG on Thursday.
Thread-Index: AdcVu/Z/GGGXForPQk6AVSzwcsErRAAfrAeAABOlzkA=
Date: Thu, 11 Mar 2021 15:18:28 +0000
Message-ID: <4278D47A901B3041A737953BAA078ADE199AF9C4@dggeml512-mbx.china.huawei.com>
References: <4278D47A901B3041A737953BAA078ADE1999FAD5@dggeml512-mbx.china.huawei.com> <fbf453b6-ef7a-7b09-1272-3d41463bd45d@article19.org>
In-Reply-To: <fbf453b6-ef7a-7b09-1272-3d41463bd45d@article19.org>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.153.195.12]
Content-Type: multipart/alternative; boundary="_000_4278D47A901B3041A737953BAA078ADE199AF9C4dggeml512mbxchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/sU2Z7hrITr7T1cOEbI7reAtW2v0>
Subject: Re: [saag] [Apn] APN presentation in SAAG on Thursday.
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Mar 2021 15:18:44 -0000
Hi Joey, Thank you for your questions. Please find in line below. From: Joey S [mailto:joeysalazar@article19.org] Sent: Thursday, March 11, 2021 9:52 PM To: Pengshuping (Peng Shuping) <pengshuping@huawei.com> Cc: apn@ietf.org; saag@ietf.org Subject: Re: [Apn] APN presentation in SAAG on Thursday. Hi Shuping, Thank you for the presentation in saag today, a couple of follow up questions; * What type of user identifying information is included in the implementation of 'fine-grain user' and 'application' groups? APN is not about identifying either the particular user or application. It is about applying policies on the differentiated traffic flow based on the APN attribute information in the various nodes/service functions along the path more efficiently. For identifying the user group the access port on the network edge devices could be used by the network operators such as VLAN ID or QinQ. The attribute is an opaque value and just a bit string against which the policies are applied within the network. No need to say who the user is and what the application is. Those type of information is not useful for the policy enforcement on the network nodes either. * How is the mapping of '5-tuple to SLA/policy' generated? This mapping can be generated by the configuration or the controller. How would a CPE treat an application whose 5-tuple information is not included/defined in the APN attribute? CPE is the network device which tags the APN attribute. On this network edge device, the information already in the packet header such as 5-tuple can be used to generate the APN attribute. Best regards, Shuping Thank you, -- Joey Salazar Digital Sr. Programme Officer ARTICLE 19 6E9C 95E5 5BED 9413 5D08 55D5 0A40 4136 0DF0 1A91 On 10-Mar-21 8:46 AM, Pengshuping (Peng Shuping) wrote: Hi Folks, Thanks to the ADs and the Chairs, we are going to present APN (Application-aware Networking) in the SAAG working group at 13:00-15:00 (UTC+1) Thursday. APN is focused on developing a framework and set of mechanisms to derive, convey and use an attribute information to allow for the implementation of fine-grain user (group)-, application (group)-, and service-level requirements at the network layer. APN works within a limited trusted domain, which typically is defined as a service provider's limited domain in which MPLS, VXLAN, SR/SRv6 and other tunnel technologies are adopted to provide services. In the presentation, we would like to introduce the concepts, clarify the scope, attract people to understand and discuss the topic, and collect feedback and suggestions on this work, to further address the main concerns that were raised by the IESG. For the SECers, we would like to especially know about what the security issues are when the APN attribute is used within a limited operator's controlled domain. Please find the latest version of the key draft, clarifying the scope and the gap analysis. https://datatracker.ietf.org/doc/html/draft-peng-apn-scope-gap-analysis-01 We have been discussing in the APN mailing list regarding the various aspects of APN. If you have not subscribed, you are very welcome to subscribe. You can also find the archived discussions. https://datatracker.ietf.org/wg/apn/about/ More information about APN can be found here. https://github.com/APN-Community Best Regards, Shuping
- [saag] APN presentation in SAAG on Thursday. Pengshuping (Peng Shuping)
- Re: [saag] [Apn] APN presentation in SAAG on Thur… Joey S
- Re: [saag] [Apn] APN presentation in SAAG on Thur… Pengshuping (Peng Shuping)