Re: [Isms] ISMS/SSH and notifications

To: "tom.petch" <cfinss at dial.pipex.com>
Subject: Re: [Isms] ISMS/SSH and notifications
From: Juergen Schoenwaelder <j.schoenwaelder at jacobs-university.de>
Date: Wed, 28 May 2008 19:04:14 +0200
Cc: isms at ietf.org
Delivered-to: ietfarch-isms-web-archive at core3.amsl.com
Delivered-to: isms at core3.amsl.com
In-reply-to: <009901c8c0ca$123be0e0$0601a8c0@allison>
List-archive: <http://www.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
Mail-followup-to: "tom.petch" <cfinss at dial.pipex.com>, David Harrington <ietfdbh at comcast.net>, Pasi.Eronen at nokia.com, isms at ietf.org
References: <029e01c8bf90$4f4b7440$0600a8c0@china.huawei.com> <009901c8c0ca$123be0e0$0601a8c0@allison>
Reply-to: j.schoenwaelder at jacobs-university.de
Sender: isms-bounces at ietf.org
User-agent: Mutt/1.5.17 (2007-11-01)

On Wed, May 28, 2008 at 12:25:51PM +0200, tom.petch wrote:

> TCP is different and the TCP source port is usually used cyclically, starting at
> some value, may be determined by the implementation but sometimes appears to be
> pseudo-random.  But does it have to be?
>
> (I remain convinced that reusing a CR/CG connection for a NO+CR entity remains
> the simplest deployment, even if the CR/CG is just used for the retrieval of a
> one well-known object eg snmpTsmHereiamsendmenotificationsplease )

As I pointed out in some WG meeting, reusing a SSH (or simply TCP)
connection means to install SNMP target configuration that is only
meaningful as long as the connection exists. I doubt it very much that
there is a portable way to share a listening TCP endpoint and a
connection TCP endpoint; I would be surprised if this works at all in
any meaningful way if I look at the TCP state machine.

Hence, when the SSH (or simply TCP) connection goes away, the SNMP
target configuration pointing to it needs to be garbage collected.
This implies that once the TCP connection is gone, there is either no
way to send a notification anymore or you have to have a backup SNMP
target configuration to be used after the connection has disappeared
(which again requires configuration information so that the SNMP
engine hosting the notification originator knows about this fail-over
situation).

To make this work, several extensions to the SNMP target tables are
needed and I recall that we abstained from this when we wrote the SNMP
over TCP mapping since all this creates several new failure modes.

/js (speaking as technical contributor)

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms

References:
- Re: [Isms] ISMS/SSH and notifications
  - From: David Harrington
- Re: [Isms] ISMS/SSH and notifications
  - From: tom.petch

Prev by Date: Re: [Isms] ssh notifications and draft-ietf-isms-secshell-10
Next by Date: Re: [Isms] ssh notifications and draft-ietf-isms-secshell-10
Previous by thread: Re: [Isms] ISMS/SSH and notifications
Next by thread: Re: [Isms] ISMS/SSH and notifications
Index(es):
- Date
- Thread

Re: [Isms] ISMS/SSH and notifications

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.