Re: [Netconf] I-D Action: draft-ietf-netconf-reverse-ssh-00.txt

[t.petch <ietfc%btconnect.com@localhost>]

----- Original Message -----
From: "Martin Bjorklund" <mbj%tail-f.com@localhost>
To: <ietfc%btconnect.com@localhost>
Cc: <kwatsen%juniper.net@localhost>; <jhutz%cmu.edu@localhost>; <ietf-ssh%NetBSD.org@localhost>;
<netconf%ietf.org@localhost>
Sent: Wednesday, June 26, 2013 11:08 AM

> t.petch <ietfc%btconnect.com@localhost> wrote:
> > I am really confused.  If the device/netconf server will not allow
> > inbound SSH connections,  then I cannot see how your I-D can work.
It
> > has the device setting up a TCP connection on a port which signals
to
> > the Netconf client/NMS to make an SSH connection to the Netconf
> > server/device
>
> No, the device sets up the TCP connection, and then the SSH protocol
> is run on this connection.
>
>   o  The NETCONF client accepts an incoming TCP connection and
>      immediately starts the SSH client protocol.
>
> This can probably be made more clear in the text...

Martin

Yes!  That is exactly what I said.  But what I also said is that Kent
says
" It works fairly well for automating the discovery of devices with
static IPs
on a reachable network, but not at all when the devices are behind a
firewall that won't allow inbound SSH connections."

Works not at all ..  when the devices are behind a firewall.

So if devices behind a firewall is a requirement, then the design fails
to meet it.

If that is not a requirement, why has Kent raised it (and it has been
raised before)?

This should confuse everyone (not just me:-)

Tom Petch






>
>
> /martin
>