1 / 11

Stable Connectivity

This document provides a comprehensive overview of the ANIMA Autonomic Control Plane (ACP) and its use cases, such as centralized NOC using ACP, virtual inband "out-of-band" network, and virtual "Data Communications Network" (DCN). It also describes various options for deploying and managing ACP in a distributed agent environment. The document covers important details helpful for ongoing working group discussions.

pgaither
Download Presentation

Stable Connectivity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Stable Connectivity IETF 93 07/2015 Prague draft-eckert-anima-stable-connectivity-01 T.Eckert M. Behringer

  2. Overview • Refresher • Covers important details helpful toremember during ongoing WG work (ACP / reference model) • Stable-connectivity: • Use-cases for ACP • Centralized NOC using ACP • Virtual inband “out-of-band” network • Virtual “Data Communications Network” (DCN) • Describe options how to use it • Distributed agents using ACP • Out of scope today

  3. NOC Context Certificate Authority (CA) AN Registrar • Day 1: Deploy • Day 1: Enroll, build ACP Autonomic Control Plane Data Plane (target) autonomic network

  4. NOC Context Certificate Authority (CA) NOC backend systems NMS, controller Apps.. … AN Registrar • Day 1: Deploy • Day 1: Enroll, build ACP • Day 1..N: Provision, Manage,… ACP -Autonomic Control Plane DP -Data Plane (target) autonomic network

  5. NOC Scope Certificate Authority (CA) NOC backend systems NMS, controller Apps.. … OAM/Mgmt plane ssh/SNMP Netconf/YANG ftp/tftp/traceroute CLI/XMPP MPLS-OAM, AN Registrar • Communication • NOC  OAM/MGMT • Using DP to modify DP can be self-destructive • Workijng around that can make provisioning complex • Day 0/1: Use ACP to build DP • Day N: Use ACP to change DP • Dual-path: • ACP reliable, secure, potentially slow • DP fast, insecure, ?unreliable? • How to monitor DP ? Inband (DP), out-of-band.. Data Plane Data Plane Autonomic Control Plane Autonomic Control Plane autonomic network

  6. NOC Solution (1) IPv4 only Certificate Authority (CA) IPv4 only NOC backend systems NMS, controller Apps.. … OAM/Mgmt plane ssh/SNMP Netconf/YANG ftp/tftp/traceroute CLI/XMPP MPLS-OAM, AN Registrar IPv6 only NOC Backend for AN • Jumpstart • IPv4 only network • Start IPv6 ONLY to access ACP with new/limited NOC functions • Registrar needs to access DP to get to IPv4 only CA Data Plane Data Plane Autonomic Control Plane Autonomic Control Plane autonomic network

  7. NOC Solution (2) Certificate Authority (CA) Dual-Stack NOC backend systems NMS, controller Apps.. … OAM/Mgmt plane ssh/SNMP Netconf/YANG ftp/tftp/traceroute CLI/XMPP MPLS-OAM, AN Registrar • BAD ?! • Dual-Stack NOC option 1 • IPv6 ONLY ACP • IPv4 ONLY DP • ACP to NOC router setup • Use DNS to select ACP/DP • Not a sufficient solution to work with a network that wants an IPv6 data plane Data Plane Data Plane Autonomic Control Plane Autonomic Control Plane autonomic network

  8. NOC Solution (3) Certificate Authority (CA) Dual-Stack NOC backend systems NMS, controller Apps.. … OAM/Mgmt plane ssh/SNMP Netconf/YANG ftp/tftp/traceroute CLI/XMPP MPLS-OAM, AN Registrar • The real solution • IPv6 access to DP AND ACP • Single address NOC devices for both ACP/DP: • Requires source/dest routing for return traffic (OAM->NOC) • Recommend separate ACP and DP address on NOC devices. • Automatic source-address selection based on dest-address as standard in IPv6 V6 ACP address V6 data-plane addr (V4 data-plane addr) V6 (source) routing function/device Data Plane v4/v6 Data Plane v4/v6 Autonomic Control Plane Autonomic Control Plane autonomic network

  9. NOC Solution (4) Certificate Authority (CA) Dual-Stack NOC backend systems NMS, controller Apps.. … OAM/Mgmt plane ssh/SNMP Netconf/YANG ftp/tftp/traceroute CLI/XMPP MPLS-OAM, AN Registrar • Extends ACP security into NOC • Moves ACP/DP selection from ACP edge-router (3) into each NOC device. Data Plane v4/v6 Data Plane v4/v6 Autonomic Control Plane Autonomic Control Plane autonomic network

  10. More • MP-TCP • DP+ACP – automatically select best connectivity • Implementation challenge: both paths are in two VRFs – needs some shim-layer work in autonomic devices. • Hybrid step 3 / 4: • NOC devices do not have full ACP. • Just AN certificates • Can rely on ACP security if they are fine to only use TLS protocols across DP • Use legacy insecure protocols (tftp, DNS, SNMP, …) only across ACP • -01 rev: • Discussion about use of ULA addresses and unused lower bit part of ULA space: • Conclusion: Registered ULA addresses not necessary. “Self-publish” might be helpful

  11. Thank You

More Related