Hey On Wed, 10 Dec 2014, John MacAuley wrote:
Specifically, we are treating them as an independent domain, which does not reflect that the ports on exchange is leased by the connecting network, and hence be under control of the NSA of that network.
So you are saying that a port in an exchange point is not owned by the exchange point, but the network on the far end of the port?
Well, I reckon the exchange owns the port/switch, but it is leased to the network, so it is (or should be) theirs to administrate.
The argument was that each link (SDP) was owned by a single network, even though it interconnected two networks.
There are lot of options here: Links can be owned by a single entity and connect the network internally (these are faily easy). Links can be owner by a single entity but connect to another network in one end (typical for customer connects). Links can be co-owned (e.g. the ANA links), and have various policies for them. E.g. a static allocation for each network, and a best effort queue on top of those. AFAIK Cross-connects in data centers are often shared cost-wise, but can of course also be payed by a single entity (there are places where we would happily pay for a cross-connect if the other network would peer with us). Add link AUPs on top of all that.
If we believe this is true, and it sounds like you have a good example of where it is, then we need to consider this in our NML modelling which we do not at the moment.
NML more or less left policy as an exercise for the user. The domain/node-first approach makes policies very difficult to model in it.
Did we start this discussion in Uppsala which ended up with us needing people to describe their policies?
I have already described most of ours in my presentation at Uppsala. I think one of the issues is that most NRENs don't have very complex policies, so it has limited attention.
Allowing a third party NSA to create circuits on an exchange to another networks port violoates the simple principle that an NSA should be in charge of the networks resources.
I think we need to clarify this statement. The uPA is always permitted to reject any request it receives so is in total control of its own resources.
The point here, is that another NSA is controlling its resources. When you lease a port on an exchange your NSA should control it. That is not the situation we have today.
How does this exchange point decide to connect two ports together if each is owned by a different network? Is this a phone call to each network operator asking if it is okay to make the connection?
Typically phone or email is involved to ensure that both customers want the cross-link setup. But it is bilateral agreement, with the link being set up by a third party.
There are a number of standard access control solutions for authorizing access to resources, including protocols for acquiring said permissions (tokens, authorization certificates, etc.). The problem is we need to understand the types of policies that will need to be enforced so we can determine an kind of solution. I remember the discussion in Uppsala where someone had a policy decision based on a transit network three times removed from the current network.
Yeah, we have those. They are typically related to link AUPs. I can make arbitrary long ones though. The switching node mechanism in NML cannot describe these cases. Blocking upstream networks is not that uncommon in BGP. Juniper even has some examples with it, e.g.: http://www.juniper.net/documentation/en_US/junos13.3/topics/example/policy-a...
The following presents a scheme that keeps the port under control by their respective NSA, doesn't require any static pre-allocation, and does not require any out-of-band token distribution. [snip]
OMG - this is exactly like the Network Element "Gun rack" I designed and applied for a patent on back in the days of the Pacific Bell purchase by SBC. I love it. Now that I see it I realized we had the exact same problem in Optical back in the good old Nortel days.
[snip]
As a cost cutting measure they started sharing single Network Elements with their peering partners instead of back-to-back configurations.
We have started doing something like this several places for the exact same cost-cutting reason. A lot of this also aligns up quite well with the GNA. [snip]
So the assumption here is that NSA X has port A and port B defined with a special policy indicating that the special two step reservation must be performed?
Yes. My idea was that the NSA should announce something else than UPA role, but maybe it needs to be per port (but I am not happy about that complexity). It also possible to have the networks present direct links in their topology and have the entire thing encapsulated. This makes the exchange points disappear from the topology :-)
Also, NSA A talks directly to NSA B in step 2?
Yes (though technically it could be forwarded, but I dislike request forwarding, as NSA access revocation becomes a pain = bad security design). Best regards, Henrik Henrik Thostrup Jensen <htj at nordu.net> Software Developer, NORDUnet