John Vollbrecht wrote:
[..] A domain of a single link however seems different [..]
[...] it is important to note that the adjacent network (not necessarily a node) enforces the policy of the link. This could be done by having the link delegate policy to the adjacent network or by having the adjacent network contact the policy server for the link. In the first case policy is run by the adjacent network for the link, in the second the adjacent network asks for approval from the link.
This is indeed the crucial question. From an architectural point of view, the former model is the easiest one, as the requester does not need to have knowledge about the delegation is done (the requester directly talks to the owner of the link without worrying how it is enforced). In the later model, the requester ask one domain for resources in another domain, and (presumably?) has to be aware of that. For reasons of simplicity, I prefer the first model. As added advantage is that this seems very similar to how delegation is done for virtual networks. Perhaps related is the question how NSI deals with domains that do not support NSI yet. This is something to consider -- if we create an architecture that only works if all domains in the world deploy it at the same time, then we risk that the deployment takes as long as, say, IPv6. I wonder if the second model you describe above (where a domain enforces the policy of a neighbouring domain that does not support NSI) is applicable to this situation as well. Regards, Freek