Re: [Teas] Spencer Dawkins' Yes on draft-ietf-teas-pce-central-control-04: (with COMMENT)
Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Mon, 04 September 2017 14:42 UTC
Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: teas@ietfa.amsl.com
Delivered-To: teas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F17621321A6; Mon, 4 Sep 2017 07:42:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UszoKYnotpfJ; Mon, 4 Sep 2017 07:42:56 -0700 (PDT)
Received: from mail-yw0-x22b.google.com (mail-yw0-x22b.google.com [IPv6:2607:f8b0:4002:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B518E1321A1; Mon, 4 Sep 2017 07:42:56 -0700 (PDT)
Received: by mail-yw0-x22b.google.com with SMTP id w204so2837955ywg.3; Mon, 04 Sep 2017 07:42:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=7pNCCkdgCHe0jcxERZP2cPA2TJFc78Qtx0hlnLAM/Ks=; b=fuNpDclmB1fUjrH1YXu+tiONeWQZMHjFsFX3YUI9qhG69MeQ5sSmLejrfVr83T9YJO WP/Fqxy+OXRDWIVu3ttiPDwZlXf1nc/fxuXScn9RDQlZbClg4doz2vmGFpDMmYeLNHJw A8fWzBpFyot1Sv3HrOZNbKYuVP8JsCA4ahyls4dXoMFKnRDgPPIfOaPSxbJgrvUyZfX+ ANxzSMSjPekCBELQl9oglS3Rvcel5rDaspoxJ3cea2hvCtjRwf+yy2Z6FI8+DPq/QM8s qcoL81nE5/IQAViASUikDmljkClce7RBIRXIFeqWApp04DHr9/oQsW2EYgPfFrvDK59a FJBw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=7pNCCkdgCHe0jcxERZP2cPA2TJFc78Qtx0hlnLAM/Ks=; b=kOrmQfgiwEz8Rw+lPvRWUFBfrKUNWFnbxndpOdCRmH+AuAOx/+rvZz2+zyqPq+vzI4 MrXWGg5lMLfEKSF+TxpcbisaooucqOuL6TGtmD8LZuRCdmHWpL17Rxj8qqNDr/+Pk1J4 uw2sUKhw0RuP9EYlN6k6vpFOrwpVrGy829ShYG/FKXlsXgGJa9Hyhid1BqGldGn/UoPS LSYjyHIuzzqxxNp3U00TYZuYeV2MqOwyIojRyeDrwIYRTsz2uK2O6TVgGFIGcnJM+POk iabTAl+jZOShiiK00uxwyMHEl7Z2l2EjNdk06LU5c0yWxz6rV3bNbZNHdFsGHRxyxL8j zSQQ==
X-Gm-Message-State: AHPjjUhDUNdx/vsZ1GTlf/vUlgsc+x5VgwLWrOF8p3gAPQhIXoTAniL6 cd31gF1Akhc9jy7gsaNLUDNpSEgpQQ==
X-Google-Smtp-Source: ADKCNb6UsR6FZ4NEGinPmLwMyoNdIqmtUj0lhl4T2H8GZuuG8ECmICZzZm+w0++yn/trJxoBNK5fR/Z2cwuKhJ0UUYY=
X-Received: by 10.37.44.69 with SMTP id s66mr694173ybs.75.1504536175689; Mon, 04 Sep 2017 07:42:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.2.148 with HTTP; Mon, 4 Sep 2017 07:42:55 -0700 (PDT)
In-Reply-To: <04c001d32562$d1e0f500$75a2df00$@olddog.co.uk>
References: <150387138757.9798.12253471138493060140.idtracker@ietfa.amsl.com> <04c001d32562$d1e0f500$75a2df00$@olddog.co.uk>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Mon, 04 Sep 2017 09:42:55 -0500
Message-ID: <CAKKJt-e5eT88a=j4WqzaesvCYfsQ3b49v=yEnQURrPX9-i-AJw@mail.gmail.com>
To: "adrian@olddog.co.uk" <adrian@olddog.co.uk>
Cc: The IESG <iesg@ietf.org>, draft-ietf-teas-pce-central-control@ietf.org, teas-chairs@ietf.org, "TEAS WG (teas@ietf.org)" <teas@ietf.org>, vbeeram@juniper.net
Content-Type: multipart/alternative; boundary="001a114321084dc65905585e20db"
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas/6Zpi7tO3Aw-eFNFoshCqdQ_8wuo>
Subject: Re: [Teas] Spencer Dawkins' Yes on draft-ietf-teas-pce-central-control-04: (with COMMENT)
X-BeenThere: teas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teas>, <mailto:teas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas/>
List-Post: <mailto:teas@ietf.org>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teas>, <mailto:teas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Sep 2017 14:43:00 -0000
Hi, Adrian, On Mon, Sep 4, 2017 at 4:47 AM, Adrian Farrel <adrian@olddog.co.uk> wrote: > Thanks Spencer, > > [snip] > > > In > > https://tools.ietf.org/html/draft-ietf-teas-pce-central- > control-04#section-3.1.1, > > the description is short, which could be fine, but meant I was guessing > at a > > lot of high-level details that I could dig out of > > https://tools.ietf.org/html/draft-ietf-pce-stateful-pce-21 for myself, > but it > > might be helpful to include a couple of points, like whether the PCCs in > this > > technology are (always?) LSRs participating in the IGP (OSPF or IS-IS), > and > > whether the PCEs are (always?) either LSRs or servers also participating > in the > > IGP, and whether the IGP is (always?) used to set up LSPs, for readers > who have > > a (G)MPLS or MPLS-TE network now, to figure out how it maps at a high > level to > > what they already have. I’m guessing from > > https://tools.ietf.org/html/draft-ietf-pce-stateful-pce-21#section-5.5, > but I’m > > guessing. > > I have added... > <t>In this mode of operation, the PCE may construct its TED in a > number of ways as > described in <xref target="RFC4655"/> including (but not > limited to) participating > in the IGP or receiving information from a network element via > BGP-LS > <xref target="RFC7752" />.</t> > I wouldn't mind more explanation, but this already helps a lot - enough that I understand the text now. > > I’m not quite sure what to do with this part of the security > considerations: > > > > In > > short, while the interactions with a PCE-based controller are not > > substantially different to those in any other SDN architecture, the > > security implications of SDN have not been fully discussed or > > described. Therefore, protocol and applicability work around > > solutions for this architecture must take proper account of these > > concerns. > > > > It is expected that each new document that is produced for a specific > > use case will also include considerations of the security impacts of > > the use of a PCE-based central controller on the network type and > > services being managed. > > > > If I’m reading this literally, it’s saying that we haven’t finished > discussing > > SDN security considerations in general yet, so each new document will > consider > > the security impact of a PCE-based central controller on the network > type and > > services being managed as an SDN. Is that what was meant? > > Yes. You read it right. > A subtext might be "Don't try to lean on any pre-existing SDN work to pass > the buck on PCE-CC security, because you'll probably fall on your face." > Thanks for confirming my worst suspicions. :-) And the subtext for that might be "Spencer hopes someone looks at this exchange and says, you know, we really SHOULD be thinking about SDN security in the general case, what would it take to make that happen?", but that''s not your problem any longer :D > > If I’m reading the manageability considerations section correctly, > perhaps it’s > > worth pointing out what the extension story is for the IGPs that will be > used > > in some of the technologies discussed earlier in the document, if that’s > part > > of this work as well. > > Yes. > Added a sentence to the second paragraph of this section... > This may require > protocol extensions for the mechanisms listed in this paragraph. > Perfect. And thanks for all of the above ... Spencer > > Cheers, > Adrian > >
- [Teas] Spencer Dawkins' Yes on draft-ietf-teas-pc… Spencer Dawkins
- Re: [Teas] Spencer Dawkins' Yes on draft-ietf-tea… Adrian Farrel
- Re: [Teas] Spencer Dawkins' Yes on draft-ietf-tea… Spencer Dawkins at IETF