Hi, Titouan has asked me to forward this to the list so that he can reply in public. You can safely ignore the first sentence.
-------- Forwarded Message -------- Subject: draft-soulard-anima-grasp-router-problem-statement-00 Date: Wed, 24 Jun 2026 16:09:09 +1200 From: Brian E Carpenter <[email protected]> To: [email protected] Bonjour Titouan, J'ai lu ce brouillon avec beaucoup d'intérêt, évidemment. I hope you will excuse me if I continue in English; I'm very happy to speak French but it goes very slowly if I write it.
As defined in the GRASP specification, every solution must specify a security mechanism to be used by GRASP.
Of course, the ACP as defined can never operate cross-domain. It is heresy in the ANIMA WG, but I think GRASP operating over a more traditional infrastructure is perfectly fine. The requirement in RFC 8990 was carefully constructed to allow this. Of course, the relay router in your model could impose its own trust model (for example, a limited set of GRASP objectives that are allowed to cross the trust boundary). And then once a relationship is built with another relay router, any secure connection would work - very likely TLS.
The proposed architecture prompts for at least three specific additions to the GRASP protocol: definition of an objective for the relay node
That is easy I think. Isn't it really used only for other nodes to find the relay? So the relay itself uses the traditional M_FLOOD to tell all its traditional GRASP neighbours "I'm a relay router". Or maybe it's even easier. It receives GRASP multicast traffic just like any other traditional GRASP relay. But it's configured to relay specific objectives over a TLS connection to another relay router (as well as to its other LAN interfaces if they exist).
, standardization of an algorithm for relaying,
I don't think that's a big problem. Remember this is UDP, so we can simply send a packet and forget it. The relay router that receives it just has to treat it as if it arrived on a native LAN interface. If you imagine that the connections between the relay routers are long thin Ethernets there is no new model (in fact an implementation using an L2VPN solution would surely make life simpler).
and development of a mechanism to inhibit the hop-by-hop multicast mechanism for some nodes.
At the moment, a GRASP node that finds itself to have two or more LAN interfaces will relay to them automatically. But that is orthogonal to the router relay mechanism, and they could coexist in one node. So I would say the opposite: *add* a mechanism for sending relayed multicasts to a remote relay router. If you look at my demo code, you would add this mechanism after line 3741 in https://github.com/becarpenter/graspy/blob/master/grasp.py, for M_FLOOD. It's a bit more complicated for relaying M_DISCOVER but completely possible. There is one thing missing in your description - how do the relay routers find each other? Are they pre-configured, are they announced in DNS? In my code, I'd want to solve that problem in the module https://github.com/becarpenter/graspy/blob/master/acp.py Amitiés, Brian Carpenter _______________________________________________ Anima mailing list -- [email protected] To unsubscribe send an email to [email protected]
