The virtual router question is an interesting one. I believe that the
answer is "it depends".
On the one hand there is a base device. There may or may not need to be
capability for I2RS access to that entity.
Then there are the individual virtual routers. My inclination would be
to use separate I2RS clients, each with a separate I2RS identity and
identifier. But there appears to be enough flexibility in the modeling
that we are discussing that one could probably model it as one I2RS
agent with various pieces and parts. In which case that one agent has
only one identity and one identifier.
Yours,
Joel
On 8/14/13 5:24 AM, t.petch wrote:
----- Original Message -----
From: "Alia Atlas" <[email protected]>
To: "Joe Marcus Clarke" <[email protected]>
Cc: <[email protected]>
Sent: Tuesday, August 13, 2013 9:01 PM
Hi Joe,
Thanks for the detailed review and suggestions. Responses are
in-line.
Alia
On Wed, Jul 31, 2013 at 6:57 AM, Joe Marcus Clarke
<[email protected]>wrote:
<snip>
Section 6.4:
Each I2RS Client will have an identity; it can also have secondary
identities to be used for troubleshooting.
JMC: Each application will have a _unique_ identity.
[Alia] Hmm, this ties into the discussion about how we want to handle
redundancy and recovery for clients. It's also a bit of a
tautology - a
client is solely identified by its identity. I have changed it to
say
that "Each I2RS Client will have a unique identity" - but that just
helps
clarify the intent.
I think that this nicely encapsulates a confusion between identity and
identifier. Identifiers identify. Objects, in a very generic sense,
have identity. Thus if a human being is an instance of an object, they
may be identified, based on context, by SSN, passport number, name, name
and date of birth, cell phone number etc; all could be valid
identifiers: but equally, a cell phone number could be the identifier of
a cell phone, which is associated with a function and multiple people,
while the cell phone could also be identified by its IMEI so the
determination of what is an identity, may take some consideration. This
is often critical in security; you have a secure channel but with what?
Is the identifier sufficient proof of the identity?
Working with routers, you usually have multiple identifiers; the SNMP
sysName is not (usually) the OSPF 32 bit router id, while the BGP
Identifier (note, identifier) is different again.
Identifiers exist within a namespace, with rules about syntax,
uniqueness and so on (even if this are not made explicit).
The revised I-D contains
" A secondary identity is merely a unique, opaque identifier ..."
and
"An I2RS Client may supply a secondary opaque identity .."
I think that most uses of the word "identity" in this I-D are actually
referring to "identifier" but at the same time, given that almost all
routers have multiple identifiers (as above), then this issue, of the
difference between identity and identifier needs making explicit in this
I-D.
Tom Petch
(p.s. if you have multiple virtual routers in one physical router, how
many identities are there? Discuss.)
_______________________________________________
i2rs mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i2rs
_______________________________________________
i2rs mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i2rs
