On 4/10/18 06:43, Eliot Lear wrote:
> With that in mind, I propose the following edit:
> DHCP servers may implement MUD functionality themselves or they may
> pass along appropriate information to a network management system or
> MUD controller.  A DHCP server that does process the MUD URL MUST adhere
> to the process specified in {{RFC2818}} and {{RFC5280}} to validate
> the TLS certificate of the web server hosting the MUD file.  Those
> servers will retrieve the file, process it, create and install the
> necessary configuration on the relevant network element.  Servers
> SHOULD monitor the gateway for state changes on a given interface.  A
> DHCP server that does not provide MUD functionality and has forwarded
> a MUD URL to a MUD controller MUST notify the MUD controller
> of any corresponding change to the DHCP state of the client
> (such as expiration or explicit release of a network address lease).
> Should the DHCP server fail, in the case when it implements the MUD
> controller functionality, any backup mechanisms SHOULD include the MUD
> state, and the server SHOULD resolve the status of clients upon its
> restart, similar to what it would do, absent MUD controller
> functionality.  In the case where the DHCP server forwards information
> to the MUD controller, the MUD controller will either make use of
> redundant DHCP servers for information, or otherwise clear state based
> on other network information, such as monitoring port status on a
> switch via SNMP, Radius accounting, or similar mechanisms.

Robert says this text works for him, and it does address the comments,
but I wonder if it's getting too far afield where at this point you're
re-describing a MUD controller as a software feature of DHCP?  That is,
do we really need to call out that a DHCP server can _also_ be a MUD
controller?  They may be co-resident on the same server, they may be in
the same process space.  Does it matter?

It seems to me, the most valuable part of this text is the in the second
paragraph where the DHCP state's impact on the MUD controller (where
ever that is) is described.


OPSAWG mailing list

Reply via email to