[Nsi-wg] new state machine
Henrik Thostrup Jensen
htj at nordu.net
Wed Feb 15 05:24:34 EST 2012
Hi Tomohiro
(long email, sorry).
On Thu, 9 Feb 2012, Tomohiro Kudoh wrote:
> Here is a slide of a new state machine.
Thanks for making this.
I am bit puzzled by the introduction of the auto-provisioning state, but I
can see it being useful in places where there is an NRM which can do
auto-start, and auto-provisioning representing that we are interacting
with the NRM to set this up. If this is what you meant, I think it makes
sense.
It is still not possible to release an auto-provisioned connection (i.e.,
going back to reserved from auto-provision), which I think is needed. It
will probably not be the most used feature, but since we have the ability
to release a provisioned connection it should also be possible to stop an
auto-provisioning from happening, which is currently not possible. If we
introduce this and the auto-provisioning state, we will also need a state
for when auto-provisioning is being cancelled.
Event when a connection have been auto-provisioned it should still, IMHO,
go through the provision state as this is when the hardware brings up the
connection - it is not something that can be skipped. This would cause
provisionConfirmed to be emitted twice, which is not what we want. The new
state machine is also slightly inconsistent wrt. provisionConfirmed - in
auto provision it is emitted when going into auto-provision (i.e., long
before the hardware is activated), and in the non-auto-provision it is
emitted when the hardware is activated. Could we consider introducing a
new primitive, e.g., autoProvisionConfirmed or linkActivated which was
emitted when the hardware is brought up. I know this somewhat breaks the
nice symmetry of the model.
Finally: I have difficulty seperating the cleaning and terminating state,
and they seem mostly equivalent for me, but I hadn't joined NSI at the
time it was created, so can someone fill me in. I also not quite sure how
to respond to a forcedEnd message.
> I am not sure how we can handle prov.fl (and rel.fl) messages. Since
> they are not related to data plane, they are almost fatal. Going back
> to the previous state may not make sense. (In most cases, such .fl
> message will not be sent back, but time out will happen).
I think we have to realize that the current four primitives and associated
responses doesn't cut it. These failures can be either fatal (as in: the
connection is termianted), or non-fatal (as in: try again later and it
might work). However this is not possible to express in the current
provisionFailed / releaseFailed primitives. The protocol is designed such
that the requester can expect the remote connection to be in a certain
state when a one of these primitives are received, but that is not the
case here. This is also the case with terminateFailed, which I don't think
any of us really know how to handle :-).
A solution is to use the forcedEnd for fatal events, and have
provisionFailed / releaseFailed indicate a move back to scheduled -
however then there is no need for a releaseFailed.
I've attached a picture of the state machine as I envision it. There are
probably still some things wrong with it, and it mostly as basis for
future discussion :-).
Best regards, Henrik
Henrik Thostrup Jensen <htj at nordu.net>
Software Developer, NORDUnet
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nsi-statemachine-htj-20120215.pdf
Type: application/pdf
Size: 8194 bytes
Desc:
URL: <http://www.ogf.org/pipermail/nsi-wg/attachments/20120215/3c640a6e/attachment-0001.pdf>
More information about the nsi-wg
mailing list