On 1/23/13 5:04 PM, Alia Atlas wrote: > I'd be interested in hearing others perspective on the use-cases requiring > multi-headed control and what you see this requirement as meaning. This > is a rather > different requirement, in terms of embedding the policy-enforcement into > the > routing system, from what is currently done for CLI/NetConf/SNMP. In > those cases, > the latest writing wins and installs its state. For i2rs, an idea > proposed (in > http://tools.ietf.org/html/draft-atlas-irs-policy-framework) is that > different i2rs clients > are decided between based upon precedence. > > Frequently, different services are "known" to not collide, based upon > human-assigned > policy - such as different prefixes for different traffic types, etc. > > To get things started with a use-case, consider that there are two > different services > that are using i2rs. > a) Special Traffic Flow Routing: a service that installs > policy-based routing filters to > route specific traffic on predetermined paths. > b) DDoS Detection: a service that detects traffic of interest and > installs policy-based > routing filters to route the suspicious traffic to an analysis box. > In this case, the second service could have a higher precedence to > override the first service's > installed filters when necessary. > > Any opinions?
More like a thought. In the use case you describe, couldn't both coexist? Meaning you could simply have two PBR "actions," one that routes the traffic and the other that copies the interesting traffic to the DDoS sniffer. So the precedence may be the same and both can coexist. Now, if the DDoS service finds a problem in the copied traffic, it can install an overlapping policy that would preempt the original. As to the flow in the draft, if the new, higher-precedence service is transient and the store-if-not-best bit is set, then the previous state will be restored (if it has the next best precedence). Shouldn't the commissioner be notified again that its state is active again? Joe -- Joe Marcus Clarke, CCIE #5384, | | SCJP, SCSA, SCNA, SCSECA, VCP ||||| ||||| Distinguished Services Engineer ..:|||||||||::|||||||||:.. Phone: +1 (919) 392-2867 c i s c o S y s t e m s Email: [email protected] ---------------------------------------------------------------------------- _______________________________________________ i2rs mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2rs
