Update 1_3_2_1.md

menckend · Jun 9, 2024 · ca62f8e · ca62f8e
1 parent edb4ca4
commit ca62f8e
Showing 1 changed file with 31 additions and 17 deletions.
diff --git a/pages/1/3(ecmp-symmetric)/1_3_2_1.md b/pages/1/3(ecmp-symmetric)/1_3_2_1.md
@@ -70,6 +70,37 @@ The two figures below show the same graph, with the elements' visual orentation
 
 
 
+
+## Rules of Inference
+
+We use the following rules of inference in building our graph (network topology):
+
+* A node may be instantiated under the following conditions
+ * Each node is characterized as either "statefu" (dashed line) or "stateless" (solid line)
+ * Each node is characterized with a single security zone (a unique color per security zone on the graph)
+* Edges may be instantiated under the following conditions
+ * A path that does *not* include a stateful node *must* exist between all stateless nodes with the same security-zone property
+ * An edge between two different security zones *must* connect to stateful nodes
+ * Unless the node has the security-zone "0" property, in which case the node with zone "0" may be stateless
+* 
+ - All nodes have a "site-ID" and "zone-ID" property
+ - Non-stateful nodes can only be connected to:
+ - condition-1
+ - Other non-stateful nodes with the same "zone-ID" property
+ - or
+ - Stateful nodes
+ - and
+ - condition-2
+ - Nodes with the same site-ID value
+ - or
+ - Nodes with a site-ID value of "0"
+ - Nodes can only be connected to:
+
+
+
+
+
+
 ## Observation: Recursion of "zones" and "sites"
 
 It is apparrent from the visual depiction of the graphs that the "transit zone "zone-0" has a parent/child relationship with the "workload-hosting" zones (zones 0.1 - 0.3) and that the "WAN site" (site "0") has a parent/child relationship with the "workload-hosting" sites (sites 0.1 - 0.3) What, if anything does this suggest about recursively defined sites and/or zones? Would there be an value in such constructs in the first place?
@@ -96,20 +127,3 @@ The following figure depicts a topology with the "root" site ("0") having three
 Security zones might also be nested nested using a similar mechanism, although in this case the distinction between child/parent object has a deeper policy significance in the real-world networks that we are modelling. If we entertain the concept of recursively structured network security zones, it becomes quickly apparent that there is a parent-child relationship between "transit zone" and "workload-hosting zone", and that the a workload-hosting-zone with "child" sub-zones *is* the transit-zone for it child/sub-zones. As illustrated in the following figures:
 
 
-
-## Rules of Inference
-
-We use the following rules of inference in building our graph (network topology):
-
- - All nodes have a "site-ID" and "zone-ID" property
- - Non-stateful nodes can only be connected to:
- - condition-1
- - Other non-stateful nodes with the same "zone-ID" property
- - or
- - Stateful nodes
- - and
- - condition-2
- - Nodes with the same site-ID value
- - or
- - Nodes with a site-ID value of "0"
- - Nodes can only be connected to: