[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Reply to reveiw comments from Pekka Savola (2 of ?)

To: "Smith, Donald" <Donald.Smith@qwest.com>
Subject: RE: Reply to reveiw comments from Pekka Savola (2 of ?)
From: George Jones <gmj@pobox.com>
Date: Thu, 26 Feb 2004 05:25:02 -0800 (PST)
Cc: owner-opsec@psg.com, "" <opsec@ops.ietf.org>
In-reply-to: <2D00AD0E4D36D411BD300008C786E42412B25EC0@Denntex021.qwest.net>
References: <2D00AD0E4D36D411BD300008C786E42412B25EC0@Denntex021.qwest.net>
Reply-to: gmj@pobox.com

On Wed, 25 Feb 2004, Smith, Donald wrote:

djs> this is intended to be as simple as push in this button
djs> and power cycle. If it requires sending out a tech it
djs> could take longer to recover. Should (must?) it require physical
djs> access to change the console setting? I am thinking about changing
djs> the baud rate via a key sequence.

This req is aimed at the IP-is-broken-now-what-do-i-do mgt question.
"Physcal access" is an ill-defined concept in the presence of terminal
servers and system consoles that let you issue software comands such
as "reset" and "power cycle".  Ease of use in crisis situations (the
goal of this req) aids security by enabling quick responses when
needed.  Not sure if/how to address the physical access question.
If you have good/strong ideas, let me know.

>
>
> 04>   Requirement. There MUST be a method defined and published for
> 04>      returning the console communication parameters to their default
> 04>      settings.   This method must not require the current settings
> to
> 04>      be known.
> 04>   Examples.
> 04>
> 04>      One method might be to send a break or a predefined character
> 04>      sequence on a serial line.
>
> djs> George maybe I am stating the odvious but although
> djs> many systems implement break as a key sequence it
> djs> is an electronic singnal.

Sure. Are you suggesting a change ?  Wording ?

> ps>
> ps> 2.4.8 Support Text Configuration Files
> ps>
> ps> ==> is text compression using e.g. gzip or bzip2 allowed, though?
>
> Hmm.  Remotely savable.  No propritary format.   I'd say yes, but I
> can't think of a good way to reword this.  Thoughts ?
>
> djs>  Requirement. The device MUST provide a means to
> djs> remotely save a copy of the system configuration
> djs> file(s) in a "well defined" format.

Right.  But what's "well defined" ?  Text ?  Complete BNF
grammer ? XML ?

> I could be convinced do something like s/all...protocols/BGP/
> or (better) s/protocols/protocols used to recieve routes from
> external sources/ (wording ?)....but being able to filter
> routes is pretty fundemntal for networks that are in scope.
>
> djs> EBGP external border gateway protocol.

Better ?

04> 2.7.5 Support Route Filtering
04>
04>    Requirement. The device MUST provide a means to filter routing
04>       updates for all protocols to be used to exchange external
04>       routing information.
04>
04>    Justification. See [RFC3013] and section 3.2 of [RFC2196].
04>
04>    Examples. Operators may wish to ignore advertisements for routes to
04>       addresses allocated for private internets. See eBGP.

George M. Jones    |  "Not everything that counts can be counted, and not
                   |  everything that can be counted counts."
                   |
                   |      Albert Einstein
gmj@pobox.com

References:
- RE: Reply to reveiw comments from Pekka Savola (2 of ?)
  - From: "Smith, Donald" <Donald.Smith@qwest.com>

Prev by Date: RE: Reply to review comments from Pekka Savola (1 of ?)
Next by Date: Re: Reply to reveiw comments from Pekka Savola (2 of ?)
Previous by thread: RE: Reply to reveiw comments from Pekka Savola (2 of ?)
Index(es):
- Date
- Thread