[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Policy control for RSVP

To: rap@ops.ietf.org
Subject: RE: Policy control for RSVP
From: Kaustubh Phanse <kphanse@ee.vt.edu>
Date: Wed, 4 Jul 2001 16:35:47 -0400 (EDT)


Hi! Diana,

	Thanks for your reply. I do understand that this could be one way
to do it and is generally mentioned in most RFCs/published papers. But, I
am not yet sure whether this is the ONLY way to do it.
Can't both the access and resource authorization policies be performed
only on the RESV message? I guess for "valid" RSVP flows, the advantage in
doing this seems to be two-fold: (1) Reduction in the set-up time, since
now the PEP will forward the PATH message without having to wait for PDP's
decision, and (2) Reduction in amount of signalling overhead. Isn't it?
Please correct me if I am wrong.

Thank you very much.
regards
Kaustubh

-----------------------------------------------------------------------------
On Tue, 3 Jul 2001, Rawlins, Diana wrote:

> Kaustubh,
> 
> IMHO I would perform access authorization policies on the Request
> PATH and resource authorization oriented policies on the Request
> RESV. 
> 
> -Diana
> 
> 
> -----Original Message-----
> From: Kaustubh Phanse [mailto:kphanse@ee.vt.edu]
> Sent: Monday, July 02, 2001 6:48 PM
> To: rap@ops.ietf.org
> Subject: Policy control for RSVP
> 
> 
> 
> 	Re-sending the message (please see below) that I had sent a few
> days back. Did not really receive any response...so I am not sure if my
> query was too naive?! But, either way, I would be grateful if someone
> could please help me with this. Even after reading the RFCs/drafts, its 
> still not clear why/whether there is a need for policy control on BOTH the
> PATH and RESV messages for a given RSVP flow. 
> 
> Thank you very much.
> regards
> Kaustubh
> 
> ----------------------------------------------------------------------------
> -
> On Fri, 22 Jun 2001, Kaustubh Phanse wrote:
> 
> > 
> > 	Just wanted to clarify my understanding of the policy
> > control/processing of PATH and RESV messages.
> > 
> > 	To successfully implement policy-based admission control, during
> > the initiation of an RSVP reservation, is it really "necessary" to enforce
> > policy control on both PATH and RESV messages? I understand that policy
> > elements in PATH message can be used to authenticate users/applications
> > and the corresponding Tspec. But this may be achieved even by
> > policy control of the RESV message. So, even if PEP on the sender side
> > does not perform any policy-based admission control on an "invalid" PATH
> > message and lets it flow to the receiver, the PEP on the receiver-side
> > should be able to "reject" the resulting "invalid" RESV message...right?
> > And hence such a policy framework should still work? Is there a scenario
> > where this is NOT the case and policy control on both PATH and RESV
> > message is "critical" for successful enforcement of PAC.
> > 
> > Please forgive my ignorance on this topic! :) Any comments/clarifications
> > are more than welcome.
> > 
> > Thanks in advance.
> > sincerely,
> > Kaustubh 
> >
> ----------------------------------------------------------------------------
> -
> >  Kaustubh S. Phanse					  kphanse@ee.vt.edu
> >  PhD student				       http://www.ee.vt.edu/~kphanse
> >  Alexandria Research Institute
> >  Electrical & Computer Engineering Department		               
> >  Virginia Polytechnic Institute & State University 
> >
> ----------------------------------------------------------------------------
> -
> > 
> > 
> > 
> 
>

Prev by Date: Client Failure
Next by Date: RE: draft-ietf-rap-auth-policy-data-00.txt
Prev by thread: Policy control for RSVP
Next by thread: Re: Policy control for RSVP
Index(es):
- Date
- Thread