Re: [sami] FW: New Version Notification for draft-gu-statemigration-framework-00.txt

<david.black@emc.com> Fri, 06 July 2012 22:25 UTC

Return-Path: <david.black@emc.com>
X-Original-To: sami@ietfa.amsl.com
Delivered-To: sami@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6CD521F857F for <sami@ietfa.amsl.com>; Fri, 6 Jul 2012 15:25:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.505
X-Spam-Level:
X-Spam-Status: No, score=-102.505 tagged_above=-999 required=5 tests=[AWL=0.094, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eGB4ygQYw3Di for <sami@ietfa.amsl.com>; Fri, 6 Jul 2012 15:25:56 -0700 (PDT)
Received: from mexforward.lss.emc.com (hop-nat-141.emc.com [168.159.213.141]) by ietfa.amsl.com (Postfix) with ESMTP id 0505D21F858A for <sami@ietf.org>; Fri, 6 Jul 2012 15:25:55 -0700 (PDT)
Received: from hop04-l1d11-si03.isus.emc.com (HOP04-L1D11-SI03.isus.emc.com [10.254.111.23]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id q66MQ7MW006577 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 6 Jul 2012 18:26:07 -0400
Received: from mailhub.lss.emc.com (mailhub.lss.emc.com [10.254.222.130]) by hop04-l1d11-si03.isus.emc.com (RSA Interceptor); Fri, 6 Jul 2012 18:25:51 -0400
Received: from mxhub25.corp.emc.com (mxhub25.corp.emc.com [10.254.110.181]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id q66MPpjU018094; Fri, 6 Jul 2012 18:25:51 -0400
Received: from mx15a.corp.emc.com ([169.254.1.189]) by mxhub25.corp.emc.com ([10.254.110.181]) with mapi; Fri, 6 Jul 2012 18:25:51 -0400
From: <david.black@emc.com>
To: <guyingjie@huawei.com>, <sami@ietf.org>
Date: Fri, 6 Jul 2012 18:25:50 -0400
Thread-Topic: [sami] FW: New Version Notification for draft-gu-statemigration-framework-00.txt
Thread-Index: AQHNWU7IqoqDPM0kk0Cmx0m6bNU0jZcYe1oggARdCqA=
Message-ID: <8D3D17ACE214DC429325B2B98F3AE71208D3AF36@MX15A.corp.emc.com>
References: <A27496C192613C44A82D819E1B98DB573402F42A@SZXEML511-MBS.china.huawei.com>
In-Reply-To: <A27496C192613C44A82D819E1B98DB573402F42A@SZXEML511-MBS.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-EMM-MHVC: 1
Cc: david.black@emc.com
Subject: Re: [sami] FW: New Version Notification for draft-gu-statemigration-framework-00.txt
X-BeenThere: sami@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: State Migration <sami.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sami>, <mailto:sami-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sami>
List-Post: <mailto:sami@ietf.org>
List-Help: <mailto:sami-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sami>, <mailto:sami-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jul 2012 22:25:57 -0000

I generally like this draft - I've sent a bunch of comments directly to the
authors, many of which are editorial.

OTOH, the 4.2 State vs. Policy section appears worthy of a wider discussion.

This section appears to introduce a concept of a related set of middleboxes
- the rough operational definition is "the set of middleboxes across which
policy has to be uniformly provisioned in order to obtain consistent policy
enforcement in the presence of middlebox state migration".  This seems rather
important to understanding the likely scope of deployment and the administrative
characteristics of state migration so I'd suggest more text on this concept
in that section or somewhere nearby.  This also relates to discussion of
middleboxes knowing about each other in the second paragraph of Section 6.
In addition, with respect to the concerns in at least section 7.2, this
leans towards a heavy reliance on configuration for (or to support) discovery.

The fact that this topic touches upon multiple sections is indicative of its
importance, and it feels like a good "place to dig" to come up with an
initial state migration problem scenario/subset) that might be solvable in
a reasonable period of time. The sort of thing I have in mind is that if
the middleboxes are under common administration, and are in the same
administrative domain as the attachment points across which the endpoint
movement occurs, a number of the hard problems in Section 7 (e.g., discovery)
are amenable to solution via configuration and the security discussion is
qualitatively rather different from what's in Section 8.

Thanks,
--David
----------------------------------------------------
David L. Black, Distinguished Engineer
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786
david.black@emc.com        Mobile: +1 (978) 394-7754
----------------------------------------------------

> -----Original Message-----
> From: sami-bounces@ietf.org [mailto:sami-bounces@ietf.org] On Behalf Of
> Guyingjie (Yingjie)
> Sent: Wednesday, July 04, 2012 12:07 AM
> To: sami@ietf.org
> Cc: Melinda Shore; Senthil Sivakumar (ssenthil)
> Subject: [sami] FW: New Version Notification for draft-gu-statemigration-
> framework-00.txt
> 
> Hi all,
> We just submitted a framework draft for state migration.
> 
> We are looking forward to your comments. Thanks in advance.
> 
> 
> 
> Best Regards
> Gu Yingjie
> 
> 
> -----邮件原件-----
> 发件人: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org]
> 发送时间: 2012年7月4日 乐乐3:05
> 收件人: melinda.shore@nomountain.net
> 抄送: Guyingjie (Yingjie); ssenthil@cisco.com
> 主题: New Version Notification for draft-gu-statemigration-framework-00.txt
> 
> 
> A new version of I-D, draft-gu-statemigration-framework-00.txt
> has been successfully submitted by Melinda Shore and posted to the
> IETF repository.
> 
> Filename:	 draft-gu-statemigration-framework
> Revision:	 00
> Title:		 A Framework and Problem Statement for Flow-associated
> Middlebox State Migration
> Creation date:	 2012-07-03
> WG ID:		 Individual Submission
> Number of pages: 17
> URL:             http://www.ietf.org/internet-drafts/draft-gu-statemigration-
> framework-00.txt
> Status:          http://datatracker.ietf.org/doc/draft-gu-statemigration-
> framework
> Htmlized:        http://tools.ietf.org/html/draft-gu-statemigration-framework-
> 00
> 
> 
> Abstract:
>    This document presents an initial framework and discussion of the
>    problem of transferring middlebox (for example, firewall or NAT)
>    flow-coupled state from one middlebox to another while the flow is
>    still active.  This has most recently come up in the context of
>    virtual machine (VM) migration between hypervisors, but it is a
>    problem that has appeared in other situations, as well.  We present
>    some of the parameters of the problem, define some language for
>    discussing the problem, and begin to identify a path forward for
>    addressing it.
> 
> 
> 
> 
> The IETF Secretariat
> _______________________________________________
> sami mailing list
> sami@ietf.org
> https://www.ietf.org/mailman/listinfo/sami