[Apn] 答复: A new draft on APN for your review, thank you!

[Feng Yang <yangfeng@chinamobile.com>]

Hi Linda,

 

It is feasible if we do this based on regulation and agreement with customer. 

There are many ways to do application identification, DPI\DNS\5 Tuples\URL\APN. Needs to use different  technology to handle different scenarios. That is the pain point.

 

BR，

 

杨锋

Feng Yang

 

发件人: Apn [mailto:apn-bounces@ietf.org] 代表 Linda Dunbar
发送时间: 2021年1月23日 01:26
收件人: Feng Yang; 'Pengshuping (Peng Shuping)'; apn@ietf.org; rtgwg@ietf.org
主题: Re: [Apn] A new draft on APN for your review, thank you!

 

 

Feng, 

 

MEF88 (Application Security for SD-WAN services) states that if subscribers need the Security services by the SDWAN services provided by the Service Providers, the subscribers need to provide the security key (such as TLS1.2 keys) to the Providers. https://wiki.mef.net/display/DSC/SD-WAN+Application+Security+Project+Contributions

 

I am curious from China Mobile perspective, is it a feasible for China Mobile subscribers to provide their TLS1.2 key to you? 

 

Thanks, Linda Dunbar

 

 

From: rtgwg <rtgwg-bounces@ietf.org> On Behalf Of Feng Yang
Sent: Friday, January 22, 2021 1:54 AM
To: 'Pengshuping (Peng Shuping)' <pengshuping@huawei.com>; apn@ietf.org; rtgwg@ietf.org
Subject: 答复: [Apn] A new draft on APN for your review, thank you!

 

Hi Shuping,

 

SD-WAN is expected to carry quite some applications over hybrid links, such as internet, mpls, etc. Only with the application information, , it is possible for SD-WAN CPE to direct the traffic over different paths according to the application requirement.

For the application information, quite some ways work properly if the traffic is not encrypted. So the problem here is how to get the application information from the encrypted packets.  

 

Application information is the base that we can provide a lot of services. We expect to combine this with SRv6  in order to provide a new competitive SD-WAN service which can put SLA service、cloud based VAS(Value Added Service) together in a flexible way.

 

BR，

 

杨锋

Feng Yang

 

发件人: Apn [mailto:apn-bounces@ietf.org] 代表 Pengshuping (Peng Shuping)
发送时间: 2021年1月20日 14:18
收件人: apn@ietf.org; rtgwg@ietf.org
主题: Re: [Apn] A new draft on APN for your review, thank you!

 

Dear all, 

 

In the MEF 70 “SD-WAN Service Attribute and Services”, Table 4 on Page 36 has defined the fields (from layer 2 through layer 4) which are expected to be able to match against ingress IP Packets. APPID is explicitly listed as a criterion.

 

“The APPID Policy Criterion provides the ability for the Service Provider to define and name both simple and complex matches. These can include standard matches available to all of the Service Provider’s Subscribers from a catalog and/or custom matches developed by the Service Provider by agreement with a particular Subscriber.”

 

https://www.mef.net/wp-content/uploads/2019/07/MEF-70.pdf <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mef.net%2Fwp-content%2Fuploads%2F2019%2F07%2FMEF-70.pdf&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C4c092e96fa604c5f89eb08d8beaae006%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637468988437111085%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=N0zZ3aZ%2F88oYs3GG4FJbj3eUbXQz%2B1xZKZ5HX8KW99Y%3D&reserved=0> 

 

Is there anybody who knows more about the details about this criterion and its implementations of the catalog and the interactions? How does the standard match and the custom match work in the real system? What are the key elements in the system? How do they interact? 

 

Many thanks!

 

Best regards, 

Shuping 

 

 

From: Pengshuping (Peng Shuping) 
Sent: Tuesday, December 15, 2020 11:12 AM
To: apn@ietf.org; rtgwg@ietf.org
Subject: A new draft on APN for your review, thank you! 

 

Dear all, 

 

A new draft on APN has been posted, https://datatracker.ietf.org/doc/html/draft-peng-apn-scope-gap-analysis <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-peng-apn-scope-gap-analysis&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C4c092e96fa604c5f89eb08d8beaae006%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637468988437121080%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=2zHps5x%2BPAngdBs2OmoWDoZVfcuJR00vulMhdP8Q%2B%2FA%3D&reserved=0> .

 

In this draft, we clarified the scope of the APN work in IETF, introduced an example use case and the basic solution. Moreover, we compared with the existing “similar” work/solutions and did corresponding gap analysis. 

 

Your review and comments are very much appreciated. Thank you!

 

Best regards, 

Shuping 

 

 

A new version of I-D, draft-peng-apn-scope-gap-analysis-00.txt

has been successfully submitted by Shuping Peng and posted to the IETF repository.

 

Name:              draft-peng-apn-scope-gap-analysis

Revision: 00

Title:                 APN Scope and Gap Analysis

Document date:      2020-12-16

Group:              Individual Submission

Pages:              11

URL:            https://www.ietf.org/archive/id/draft-peng-apn-scope-gap-analysis-00.txt <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-peng-apn-scope-gap-analysis-00.txt&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C4c092e96fa604c5f89eb08d8beaae006%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637468988437121080%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=xM21DHtsz2HcEqAWrNzsSvcTxTKtXCaGHat2kx4Dn0c%3D&reserved=0> 

Status:         https://datatracker.ietf.org/doc/draft-peng-apn-scope-gap-analysis/ <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-peng-apn-scope-gap-analysis%2F&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C4c092e96fa604c5f89eb08d8beaae006%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637468988437131063%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=gqxkPULsqdZjCJ7xw3qTabkdm96wv%2BSnYpNBEQ0VjA0%3D&reserved=0> 

Htmlized:       https://datatracker.ietf.org/doc/html/draft-peng-apn-scope-gap-analysis <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-peng-apn-scope-gap-analysis&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C4c092e96fa604c5f89eb08d8beaae006%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637468988437131063%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=%2FqDARDM4UG0Drbr%2F5U4nx3HF5E1fG%2Fv2dbX3rGB5Mo0%3D&reserved=0> 

Htmlized:       https://tools.ietf.org/html/draft-peng-apn-scope-gap-analysis-00 <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-peng-apn-scope-gap-analysis-00&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C4c092e96fa604c5f89eb08d8beaae006%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637468988437141061%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=A2v6Dqx61FmMXdHf8K2guAmQEutAz55CBye7iFscNNo%3D&reserved=0> 

 

 

Abstract:

   The APN work in IETF is focused on developing a framework and set of

   mechanisms to derive, convey and use an identifier to allow for

   implementing fine-grain user-, application-, and service-level

   requirements at the network layer.  This document describes the scope

   of the APN work and the solution gap analysis.