[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Central point for configuration management using netconf?

To: "Kathleen M. Moriarty" <moriarty@ll.mit.edu>
Subject: Re: Central point for configuration management using netconf?
From: Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de>
Date: Thu, 22 Apr 2004 02:13:36 +0200
Cc: netconf@ops.ietf.org
In-reply-to: <4086E68D.2010202@ll.mit.edu>
Mail-followup-to: "Kathleen M. Moriarty" <moriarty@ll.mit.edu>, netconf@ops.ietf.org
References: <4086E68D.2010202@ll.mit.edu>
Reply-to: j.schoenwaelder@iu-bremen.de
User-agent: Mutt/1.5.5.1+cvs20040105i

On Wed, Apr 21, 2004 at 05:24:29PM -0400, Kathleen M. Moriarty wrote:

> I am working on a draft in the INCH working group, RID
> http://www.ietf.org/internet-drafts/draft-ietf-inch-rid-00.txt,
> and need to provide a hand off for mitigating or stopping traffic when 
> the source of a security incident is identified.
> 
> So far, I have only been able to locate protocols that allow this to be 
> automated like netconf or SNMP, but no central point that one would need 
> to go through in order to make this happen for change control, etc.  I 
> have been asked by folks implementing my draft what this hand off will 
> be and am trying to determine what the best solution would be.  The 
> ideas I have had so far include either SNMP or netconf for device 
> configuration, but this leaves things very open ended in my mind.  Would 
> the idea of netconf be to allow any management system to directly 
> configure devices if they have the appropriate access controls, 
> authentication, etc.?  Or would there be a central server that the 
> requests must be filtered through to make sure the network configuration 
> changes are documented and a sanity check is performed?

I would not like to give you direct access to my devices. So I agree
that you would have to go through a filtering system which is under
my control (an element manager in telco terms). The first thing to
check is probably whether there is general agreement on this model.

If there is agreement on this model, the next question is to ask which
communication mechanism is useful for this purpose. Traditionally, the
IETF did not much work on defining protocols for communication between
element managers. Perhaps this is something where web services make 
sense or where perhaps EPP (RFC 3730) can be used. You can of course
solve this problem by talking SNMP or netconf to the element manager,
but I have some doubts that this will be very practical.

/js

-- 
Juergen Schoenwaelder		    International University Bremen
<http://www.eecs.iu-bremen.de/>	    P.O. Box 750 561, 28725 Bremen, Germany

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Follow-Ups:
- Re: Central point for configuration management using netconf?
  - From: "Kathleen M. Moriarty" <moriarty@ll.mit.edu>

References:
- Central point for configuration management using netconf?
  - From: "Kathleen M. Moriarty" <moriarty@ll.mit.edu>

Prev by Date: Re: Central point for configuration management using netconf?
Next by Date: Re: Central point for configuration management using netconf?
Previous by thread: Re: Central point for configuration management using netconf?
Next by thread: Re: Central point for configuration management using netconf?
Index(es):
- Date
- Thread