On 24-Aug-20 09:39, Michael Richardson wrote: > > Robert Wilton via Datatracker <[email protected]> wrote: > > 6.10.1. Fundamental Concepts of Autonomic Addressing > > > For a PE device or NID, how does it know which interfaces to run ACP > > over? > > I think that "PE" here means "Provider Edge"? > The answer is that it runs the GRASP DULL on *ALL* interfaces, because it the > device may have no idea it is a Provider Edge device on that Interface.
That's correct, and it's safe as Michael indicates. The ANIMA model does not include an explicit mechanism for defining domain membership. It's implicitly the set of interfaces that successfully join the ACP, which also means that the nodes have successfully performed BRSKI. IMNSHO there's a big chunk of future work here (see section 6 of RFC8799), but the current ACP definition doesn't depend on it. Brian > > A Provider might want to turn this off, and they could well do that once the > device has joined the ACP and gotten management control. But, the risk of > doing that is that the cables will get plugged in wrong, and the operator > will lose access to the device. > > In this case, I think that ANIMA's ACP prefers connectivity over the small > amount of privacy lost by indicating that an IKEv2 is listening on an IPv6 > Link-Local address. There is no security breach possible because the IKEv2 > (or DTLS) connection will not complete without the right trust anchors > present. > > A smart heuristic might be to include some kind of dead-man's switch. > The management interface might turn the DULL off on some interfaces for a > period of time, and if the management interface is lost, then the interfaces > would stop being suppressed. This falls into the quality of implementation > category at this point. > > -- > Michael Richardson <[email protected]>, Sandelman Software Works > -= IPv6 IoT consulting =- > > > _______________________________________________ > Anima mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/anima > _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
