Central point for configuration management using netconf?

["Kathleen M. Moriarty" <moriarty@ll.mit.edu>]

Hello,

I am working on a draft in the INCH working group, RID
http://www.ietf.org/internet-drafts/draft-ietf-inch-rid-00.txt,
and need to provide a hand off for mitigating or stopping traffic when 
the source of a security incident is identified.

So far, I have only been able to locate protocols that allow this to be 
automated like netconf or SNMP, but no central point that one would need 
to go through in order to make this happen for change control, etc.  I 
have been asked by folks implementing my draft what this hand off will 
be and am trying to determine what the best solution would be.  The 
ideas I have had so far include either SNMP or netconf for device 
configuration, but this leaves things very open ended in my mind.  Would 
the idea of netconf be to allow any management system to directly 
configure devices if they have the appropriate access controls, 
authentication, etc.?  Or would there be a central server that the 
requests must be filtered through to make sure the network configuration 
changes are documented and a sanity check is performed?

Thank you for you assistance!
Kathleen




--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>