On Tue, 2006-10-17 at 10:03 -0700, Zhenghui Xie wrote: > I. Proposal: > network/loopback, network/physical, network/initial, network/services will > be > deleted. The transient tasks currently done by these services will be done > by > NWAM daemon except the IP sec related part and the IP tunneling related > part > in network/initial.
I'm slightly confused by the wording and the intent. If network/initial is deleted, then how can IPsec and IP tunneling still be in network/initial? Also, why is IP tunneling not something that would be configured by the NWAM daemon itself like other IP interfaces? Would it not be appropriate to have tunnel configuration be part of a profile much like a link aggregation or an IPMP group? > milestone/network will remain for backwards compatibility, but it will be > obsoleted so that we can delete it later. There might be concerns that > poorly > written network applications will need to depend on milestone/network > because they will fail if they don't find certain peer. The above rationale for milestone/network isn't consistent with the milestone/network in step 3 below. > II. How it works: > NWAM daemon will take the following steps sequentially when it starts: > 1. NWAM plumbs and configures loopback interface first. > 2. If any security rules (IP filter and/or IPsec and/or any other security) > need to be loaded when only loopback is available, NWAM will load them > now > (need to discuss with IP filter team and IPsec team to see if such a > need > exists and if so what would be best way to load them) > 3. NWAM then enables milestone/network. > 4. NWAM then applies the standalone ULP(Upper Layer Profile) to the system. > Meanwhile the daemon tries to gather information from outside networks > and > to connect to one or more networks. > 5. If some network is connected(how to define this is TBD) and we need to > switch to another ULP, daemon will perform a ULP switch. > > After started, NWAM daemon keep listening to any network environment > changes > and user administration activities (for instance, user ask for profile > switch > or user makes change in the current active ULP). If such a change will > cause > a ULP switch or some service(s) refreshed, NWAM daemon will do so. ... > Note2: Per Seb's latest email, clearview team is re-defining IP tunneling. No > IP > tunneling service is listed here for now. That's true, but it would be good to know where NWAM sees IP tunnels fitting in. Can I define a tunnel as part of a profile? If this is the case wouldn't they be created by the NWAM daemon? -Seb
