[Nsi-wg] Please begin testing

John MacAuley john.macauley at surfnet.nl
Wed Nov 2 09:05:20 CDT 2011 

I just need HTTPS.  I am not authenticating the client.

I will send back to the endpoint in the format requested in the replyTo field.

John.

On 2011-11-02, at 9:52 AM, Tomohiro Kudoh wrote:

> So, John, could you please clarify how https should be supported by aggregators?
> 
> - Do you need just https (SSL/TLS)? Or, is client authentication required?
> 
> - As a providerNSA, can you use http to send back confirm/fail message
> to a requester?
> 
> Tomohiro
> 
> 2011/11/2 Jerry Sobieski <jerry at nordu.net>:
>> Hi All-
>> 
>> I did not mean to imply everyone had to implement an HTTPS interface - I
>> just meant the issue needs to be resolved and the solution tested.
>> 
>> The Spec says "authenticated and secure" - but it does not require HTTPS.
>> So we are in grey area.    For the SC demo we will do the following:
>> 
>> 1- The Aggregator NSAs *should* implement both HTTPS and HTTP transports for
>> their RA.  This will allow them to segment requests to either type of PA.
>> The aggregator NSAs are G-LAMBDA-A, AutoBAHN, and OpenNSA.  (OpenNSA plans
>> to implement both modes for the RA for the SC demo...but will be close.  TK:
>> What about GL-A?  RK: Is this possible for AB prior to SC?
>> 
>> 2- For the SC demo, PAs can do either HTTP or HTTPS.  The RA client must be
>> able to conform to the PA they intend to interact with.
>> 
>> If your client RA is HTTP only, and it wants to interact with a HTTPS only
>> PA, it can forward its primitive request to an HTTP Aggregator PA which will
>> "segment" the request and send it to the HTTPS PA.  This adds one layer to
>> the service tree, but is otherwise is a fully compliant property of the
>> protocol.
>> 
>> Does this help resolve the problem?
>> Jerry
>> 
>> 
>> On 11/2/11 4:18 AM, Radek Krzywania wrote:
>>> 
>>> Hi,
>>> I agree with Tomohiro. We spent a lot of time fighting with dataplane for
>>> FIA demo, instead of working with NSI protocol itself. We still do not have
>>> HTTPS and can’t talk with DRAC at NetherLight, who is direct peer and GEANT
>>> related NRENS way to US and Japan. It's critical for us. I would appreciate
>>> if for SC demo we could use HTTP mode as well.
>>> 
>>> Best regards
>>> Radek
>>> 
>>> ________________________________________________________________________
>>> Radoslaw Krzywania                      Network Research and Development
>>>                                            Poznan Supercomputing and
>>> radek.krzywania at man.poznan.pl                   Networking Center
>>> +48 61 850 25 26                             http://www.man.poznan.pl
>>> ________________________________________________________________________
>>> 
>>> 
>>>> -----Original Message-----
>>>> From: Tomohiro Kudoh [mailto:t.kudoh at aist.go.jp]
>>>> Sent: Wednesday, November 02, 2011 5:36 AM
>>>> To: Jerry Sobieski
>>>> Cc: t.kudoh at aist.go.jp; nsi-plugfest at m.aist.go.jp; automatedgole-
>>>> pilot at internet2.edu; nsi-wg at ogf.org
>>>> Subject: Re: [Nsi-wg] Please begin testing
>>>> 
>>>> Hi Jerry,
>>>> 
>>>> Again, I think not all the NSA should support https, but only
>>>> aggregaters are required to do so.
>>>> 
>>>> Considering the time we have before SC, making https madatory may have
>>>> too
>>>> much risk for success of SC demonstration.
>>>> 
>>>> Tomohiro
>>>> 
>>>> 
>>>> On Wed, 02 Nov 2011 00:12:44 -0400
>>>> Jerry Sobieski<jerry at nordu.net>  wrote:
>>>> 
>>>>> Hi all-
>>>>> 
>>>>> I just circulated the most recent global NSI topology for the
>>>>> Supercomputing demos.
>>>>> 
>>>>> It is now time to begin testing again.   Please get started asap, and
>>>>> monitor the nsi-wg chat room on Skype.
>>>>> 
>>>>> For those of you with uRA clients that do not perform any segmentation,
>>>>> please select an aggregator NSA and begin testing to that network NSA.
>>>>> 
>>>>> For the Aggregator NSAs, please verify that you are able to interop with
>>>>> each other implementation, then to each network.  start with your direct
>>>>> data plane neighbors and work your way outward.  (TK: do you have some
>>>>> thoughts on this verification process...?)
>>>>> 
>>>>> I think the key issues we need to work thru are a) HTTPS interop, b) SC
>>>>> WSDL consistency, c) Query result consistency, and then just
>>>>> coordination among the whole group so we do not get too many requests
>>>>> interfering with one another.   All NSI implementations should be able
>>>>> to successfully talk to all the other implementations by now with all
>>>>> primitives.
>>>>> 
>>>>> If we need additional VLANs, let me know and I can add more to the
>>>> 
>>>> topology.
>>>>> 
>>>>> We will want to develop a looping script at some point this week or
>>>>> early next.  This script will issues a sequence of Reservation Requests
>>>>> and walk the connection(s) through their lifecycle while the viz tools
>>>>> track the state transitions. _/This will be the fundamental demo during
>>>>> the conference.
>>>>> /_
>>>>> We probably need some simple orchestration tools:  An end system
>>>> 
>>>> daemon
>>>>> 
>>>>> that will configure an particular  IPaddr on the VLAN subinterface when
>>>>> a connection is provisioned and then issue/respond to pings.  Any idle
>>>>> hands out there want to work on some code?
>>>>> 
>>>>> Thanks!
>>>>> Jerry
>>> 
>> 
> 
>

More information about the nsi-wg mailing list