Re: COPS SSQ/SSC

[Keith McCloghrie <kzm@cisco.com>]

> I have a question regarding the State Synchronization process.  Let's say,
> for example, the PEP has reconnected to the PDP after a connection failure
> and the PDP does not have memory of the PEP installed state.  Therefore, the
> PDP issues a SSQ without a client-handle in order to become synchronized
> with the PEP.  Now, during the synchronization process, the PEP sends a REQ
> with client specific information about a interface-type/role combo that the
> PDP has no knowledge of and the PDP sends a DEC specifying an error.

There's no good that can come from the PDP sending a DEC specifying an
error in this situation, because there's nothing the PEP can do about
it.  It would result in the PEP not having any policy for the relevant
interfaces !!

A better solution is for the PDP to have a set of policies, M, that it
uses for misconfigured interfaces.  So, when the PDP receives the
unknown interface-type/role combination from the PEP, then a) the PDP
sends the M set of policies to the PEP, so that the PEP can configure
the relevant interfaces, and b) the PDP can inform the administrator
such that the misconfiguration (either of the PDP or PEP) can be fixed.

Keith.

> My
> specific question is:  Should the PEP send an SSC if it receives a DEC
> error?  The RFC only states that after the PEP completes the synchronization
> it will send an SSC.  In my opinion, the state is not synchronized if the
> PEP has installed state that the PDP does not have installed.  I can think
> of other paths which can be taken but they are beyond the scope of this
> question.