I want to be very clear that we do not currently have a design for "unsolicited
synchronization" in GRASP that works.
https://mailarchive.ietf.org/arch/msg/anima/31UnJbFe45FZF7u_YQHtJLe9Xv8/
Regards
Brian
On 27-Oct-21 03:04, duzongp...@foxmail.com wrote:
Hi, Yizhou
I have read the draft, and I think it is good to have a convince way to
update the policies in the network.
Also, I want to share some personal understandings here. If any
misunderstandings, please correct me. Thanks.
The AAPs need to inform the PEPs of the policies of the users by using the
GRASP. It can happen when the user logs in, logs out, or triggers some policy
changes.
Maybe the first step is that the PEPs subscribe to the policy changing
even that they are interested in. Do they send some GRASP messages to AAPs
here?
And then, if the user logs in, logs out, or triggers some policy changes,
the AAP informs the PEPs that have subscribed. GRASP is used here. Is it a
multicast?
Best Regards
Zongpeng Du
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
duzongp...@foxmail.com <mailto:duzongp...@foxmail.com> &
duzongp...@chinamobile.com
*From:* Liyizhou <mailto:liyiz...@huawei.com>
*Date:* 2021-10-25 17:04
*To:* Anima@ietf.org <mailto:Anima@ietf.org>
*CC:* Xun Xiao <mailto:xun.x...@huawei.com>
*Subject:* [Anima] unsolicited synchronizaiton in
draft-yizhou-anima-ip-to-access-control-groups-01.txt
Hi all,
The Unsolicited Synchronization message (as defined in section 5.1 in draft-ietf-anima-grasp-distribution) is greatly leveraged in this document to allow the access authentication point to pass IP to Group mapping
info to policy enforcement point.
That would make the information retrieval more efficient compared to
request and reply (sync) mode.
I guess a missing part is to a flag to be added to objective-flag, i.e.
objective-flag = &(
F_DISC: 0 ; valid for discovery
F_NEG: 1 ; valid for negotiation
F_SYNCH: 2 ; valid for synchronization
F_NEG_DRY: 3 ; negotiation is a dry run
F_UNSLC_SYNCH: 4 ; this
is a missing line to indicate valid for unsolicited synchronization
)
Looks like the future grasp objectives would require to consider if
they are valid for unsolicited synchronization or not.
Rgds,
Yizhou
_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima