[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Begin last call on draft-ietf-opsec-routing-capabilities-00.txt

To: 'patrick cain' <pcain@coopercain.com>, opsec@ops.ietf.org
Subject: RE: Begin last call on draft-ietf-opsec-routing-capabilities-00.txt
From: Miao Fuyou <miaofy@huawei.com>
Date: Fri, 19 Jan 2007 11:45:47 +0800
In-reply-to: <01a801c73724$7453ae60$7401a8c0@familyroom>

Following is some comments from Russ and Ross months back, the document will
be updated with these  comments in.

Thanks,
Miao

-----Original Message-----
From: Ross Callon [mailto:rcallon@juniper.net] 
Sent: Thursday, September 14, 2006 11:24 AM
To: Russ White
Cc: ye zhao; miaofy@huawei.com; gmj@pobox.com; pcain@coopercain.com;
rcallon@juniper.net
Subject: Re: Proposed new section for routing control plane capabilities

At 12:29 PM 9/13/2006 -0400, Russ White wrote:
>...
> >       This capability specifies that device implementations ensure that
> >       at least a certain minimum sufficient level of resources are
> >       available for management functions.  This may include resources at
> >       ingress to the device, on egress from the device, for internal
> >       transmission, and processing.  This may include at least 
> > protocols
>
>I think you might need to include storing data structures here (?).
>Though this is more of an 'interface to the wire' type of draft, it 
>might need to be called out explicitly.

Yes. This was sort of nagging at me, but I didn't get it written in.
Data structures / memory does indeed represent a resource that can be
exhausted, and that should be mentioned in the draft.

The current draft has been submitted. Thus my proposal would be to include
this in the next update.

> >       used for configuration, monitoring, configuration backup, logging,
> >       time synchronization, and authentication.
>
>Authorization probably needs to be included, as well as 
>authentication.... In some cases, you can authorize a user to run a 
>specific command, or configure a specific thing, in which case failure 
>to authorize can have a huge impact on network operations, particularly 
>during a time of attack or failure.

So this becomes...

 >       used for configuration, monitoring, configuration backup, logging,
 >       time synchronization, authentication, and authorization.

>Would you want to also add the capability of having an out of band 
>connection to the device? Or is this included in the other 
>drafts/sections that we've taken out?

Isn't this in Ron Bonica's draft? It has timed out. I will ping him
regarding whether he intends to resurrect it.

> > 4.2.  Ensure Resources for Routing Functions
> >
> >    Capability.
> >
> >       This capability specifies that a device implementation ensures at
> >       least a certain minimum sufficient level of resources are
> >       available for routing protocol functions.  This may include
>
>"This capability specifies that a device implementation ensures at 
>least a certain minimum sufficient level of resources are available to 
>receive and send routing protocol packets, process routing protocols 
>packets, and perform the processing necessary to modify the local 
>routing and forwarding tables in reaction to changes in the network
topology."
>
>Perhaps too precise, but probably more precise, at least, is a bit 
>better (?).

If it is right, then I don't mind being too precise.

> >       If routing HELLO packets are not prioritized, then it is 
> > possible
>
>I don't know if you want to limit to this HELLOs, unless you make it 
>explicit that this is just an example (?)....

I think that starting this sentence with "For example, if routing..."
would be a good move. Other things could of course go wrong.

thanks, Ross
 

> -----Original Message-----
> From: owner-opsec@psg.com [mailto:owner-opsec@psg.com] On 
> Behalf Of patrick cain
> Sent: Saturday, January 13, 2007 11:07 PM
> To: opsec@ops.ietf.org
> Subject: Begin last call on 
> draft-ietf-opsec-routing-capabilities-00.txt
> 
> Hi,
> 
> I hope everyone had (or will have) a calm and happy holiday season.
> Continuing our goal of progressing through all the OPSEC documents...
> 
> The authors and co-chairs think that this document is ready 
> for progression.
> This begins working group last call on:
> 
> http://www.ietf.org/internet-drafts/draft-ietf-opsec-routing-c
> apabilities-00
> .txt
> 
>  "Routing Control Plane Security Capabilities"
>               
> 
> The last call will terminate at the end of the month 
> (Wednesday January 31, 2007).
> 
> Comments to the list please.
> 
> Thanks,
> Pat (and Ross) 
> 
> 
>

References:
- Begin last call on draft-ietf-opsec-routing-capabilities-00.txt
  - From: "patrick cain" <pcain@coopercain.com>

Prev by Date: Begin last call on draft-ietf-opsec-routing-capabilities-00.txt
Next by Date: RE: Begin last call on draft-ietf-opsec-routing-capabilities-00.txt
Previous by thread: Begin last call on draft-ietf-opsec-routing-capabilities-00.txt
Next by thread: RE: Begin last call on draft-ietf-opsec-routing-capabilities-00.txt
Index(es):
- Date
- Thread