Re: [OPSAWG] πŸ”” WG adoption call on draft-richardson-opsawg-mud-acceptable-urls-03

Mon, 01 Feb 2021 17:54:26 -0800 

Qin Wu <bill...@huawei.com> wrote:
    > Hi, authors of draft-richardson-opsawg-mud-acceptable-urls: I have seen
    > most of comments I raised earlier on have been addressed, e.g.,
    > 1. provide recommendation to the implementers or developer on when they
    > choose MUD URL updating and when they choose MUD file updating?

I think that I've changed section 2 to address this, but perhaps I have not
gone far enough.

    > 2.Clarify the difference between RFC8520 and
    > draft-richardson-opsawg-mud-acceptable-urls on MUD file signing 3.Add
    > summary text at the beginning of the section 2 Thanks for that, it
    > improve clarity and readability. I support adoption of this work

I want all MUD files signed; RFC8520 was a bit more pragmatic.

    > One more comment is Does MUD URL updating require any new protocol
    > exchange between end device and firmware server, how does end device
    > detect MUL URL change?  Thanks!

RFC8520 says nothing about how the LLDP or DHCP servers communicate at all.
At present, this is up to the vendor to figure out.

Enterprise DHCP servers tend to be centralized, via DHCP relays, so having
the two (redundant) servers on each campus send updates to a MUD controller
via some scripting process, etc. seems reasonable.   Probably it will be up
to MUD controller vendors to figure how to plug into the DHCP servers that
are popular among their customers.

The LLDP data set is usually collected via SNMP today, and probably by
RESTCONF later on.  So that collection system needs to forward information.
The LLDP information already includes a great deal with information about the
port/chassis/etc. where the device is located, and that information is
clearly needed by the MUD controller to push policy out.

Getting a MUD controllers is likely a reason to invest in a state-of-the-art
SDN process in my opinion.

In the home... it is all on a single platform, so it's all inside the one box.

--
Michael Richardson <mcr+i...@sandelman.ca>   . o O ( IPv6 IΓΈT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

Attachment: signature.asc
Description: PGP signature

_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg

Reply via email to