Operational Feedback Requested on Pending Standard


Below is an email sent to the IETF OPS Area mailing list soliciting
feedback from operators regarding firewalls. We would also appreciate
feedback from the Operators Mailing Lists. Please respond to the OPS Area
mailing list if you have a position on the item below. You can subscribe
to the Operations and Management Area mailing list at the URL below if you
are not already subscribed.


On behalf of the OPS Area Directors and myself, thank you.

Ted - With OPS Area WG Hat On

Hi Ted,

develloping IASON I did run into that problem.

Among other things IASON was meant to read the configuration of
a device and the things connected to it. When e.g. a switch port
was bad, a device was unplugged and plugged into another port,
then IASON was meant to reconfigure the switch, vpn and parameters,
so that the device could run as if nothing had changed.

Most dramatically IASON would allow you to replace a CISCO by an
HP ProCurve switch and automatically configure everything as soon
as the device was switched on (DHCP and bootp).

IASON would discover any device that was asking for DHCP and bootp
to query an initial configuration then it would look through its
ports and MAC lists to see where it was connected and what devices
where connected

Of course IASON would work with ifIndex not with ifName as these
are different from manufacturer to manufacturer - and definitely not
ifAlias because IASON would configure the device before an operator
could see it.

I might teach IASON to use ifName and keep tables for the different
hardware but definitely not ifAlias.

Well, neither Global Crossing nor Exodus cared for IASON so the
snmp part was never finished and IASON only used snmpwalk to scan

I remember the faces of two operators at a new installation when
they plugged in three new switches and IASON immediately moved
them to a vpn where the operators could not find them. As soon
as they plugged in a service laptop it would connect that laptop
to the NOC vpn but they would never see the management port.

Of course IASON had already issued new passwords, so rs232 would
not help them either :slight_smile:

Peter and Karin

Ted Seely wrote: