Re: [bess] I-D Action: draft-ietf-idr-tunnel-encaps-01.txt
"Carlos Pignataro (cpignata)" <cpignata@cisco.com> Thu, 11 February 2016 23:38 UTC
Return-Path: <cpignata@cisco.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 595811A6FBA; Thu, 11 Feb 2016 15:38:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.502
X-Spam-Level:
X-Spam-Status: No, score=-14.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nL6TDz_2f0ww; Thu, 11 Feb 2016 15:38:26 -0800 (PST)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56FD91B3C7F; Thu, 11 Feb 2016 15:38:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6146; q=dns/txt; s=iport; t=1455233906; x=1456443506; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=56j+8vLztHIY8UyAk5Lux4jqWX6h7z3uE1/rNEDKk8A=; b=jiRouNYSycAymZ9i/nhEYPXf+NMsQAIowWgop/yeWHklYBV0wlxAc5k+ KIoCdYFopo9dTS9txp13Sut+vLITvpIp38x0Jg7CPnCIIsPC27yrLH/Lu TRajnZGBYIC0AqJ6rFTCUFbCRKjth5c7LfzuWoRRXGApO19h+THU2AMis A=;
X-Files: signature.asc : 841
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CyAgD2Gr1W/5pdJa1egzpSbQaIVbEuDoFnFwqFbAKBNjgUAQEBAQEBAYEKhEEBAQEDAQEBASBLCwULAgEIGCoCAicLJQIEDgUOBod+CA6yM48IAQEBAQEBAQEBAQEBAQEBAQEBAQEBDQQEhhKBbAiCQocyK4EPBZZ3AYJ/gWSIb451jj0BHgFDggIZgUpqh1d8AQEB
X-IronPort-AV: E=Sophos;i="5.22,433,1449532800"; d="asc'?scan'208";a="236741421"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Feb 2016 23:38:25 +0000
Received: from XCH-RTP-020.cisco.com (xch-rtp-020.cisco.com [64.101.220.160]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id u1BNcPIF004716 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 11 Feb 2016 23:38:25 GMT
Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-020.cisco.com (64.101.220.160) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Thu, 11 Feb 2016 18:38:24 -0500
Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1104.009; Thu, 11 Feb 2016 18:38:24 -0500
From: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
To: Eric C Rosen <erosen@juniper.net>
Thread-Topic: [bess] I-D Action: draft-ietf-idr-tunnel-encaps-01.txt
Thread-Index: AQHRQYNgm76iX7yesESh/1GkNtrtOp8oG2EA
Date: Thu, 11 Feb 2016 23:38:24 +0000
Message-ID: <F39D317C-7787-4F42-A8DE-ECD82DDB1741@cisco.com>
References: <20151221171512.15817.2209.idtracker@ietfa.amsl.com> <56815342.7030609@juniper.net>
In-Reply-To: <56815342.7030609@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.82.228.25]
Content-Type: multipart/signed; boundary="Apple-Mail=_25EBF653-7EAA-4C34-8CC1-C3202866254B"; protocol="application/pgp-signature"; micalg="pgp-sha256"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/bess/-LPd08re5lWI1QQ9bQENBGRwKQ4>
Cc: "idr@ietf.org" <idr@ietf.org>, "bess@ietf.org" <bess@ietf.org>
Subject: Re: [bess] I-D Action: draft-ietf-idr-tunnel-encaps-01.txt
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2016 23:38:31 -0000
Hi, Eric,
Thanks for sending this out — I am interested in this document, and will give it a critical review (in particular the sections you call out below).
In the mean time, however, I wanted to send a few high-level comments (prepended with “CMP”) from scanning through it. I hope these are useful.
3.2. Encapsulation Sub-TLVs for Particular Tunnel Types
This section defines Tunnel Encapsulation sub-TLVs for the following
tunnel types: VXLAN ([RFC7348]), VXLAN-GPE ([VXLAN-GPE]), NVGRE
([RFC7637]), GTP ([GTP-U]), MPLS-in-GRE ([RFC2784], [RFC2890],
[RFC4023]), L2TPv3 ([RFC3931]), and GRE ([RFC2784], [RFC2890],
[RFC4023]).
CMP: More comments below, but I am a bit confused about the need to include MPLS-in-GRE, and the lack of IP-in-IP (Tunnel Type 7) for example.
CMP: A couple of editorial comments as well: For GRE, I think you also need to cite RFC 7676 (GRE over IPv6)
CMP: Also, having this document Obsolete RFC 5512 effectively also orphans a number of Tunnel types and sub-TLVs. For example, Tunnel Types values 3-6 from RFC 5566 (IPsec Tunnel Encap) and IPsec Tunnel Authenticator sub-TLV. I do not know if the answer is to also have that incorporated (useful parts as you say) and obsoleted. Maybe not, maybe it does make sense given it is a short doc, which would lead to a complete self-contained set of Tunnel types.
3.2.4. L2TPv3
…
Cookie: an optional, variable length (encoded in octets -- 0 to 8
octets) value used by L2TPv3 to check the association of a
CMP: The cookie can only take sizes 0, 4, or 8 octets, and not 0..8
3.2.7. MPLS-in-GRE
CMP: This seems to be an example and not a separate encapsulation type. This is GRE Type, with MPLS as protocol sub-TLV. I see that the section says:
While it is not really necessary to have both the GRE and MPLS-in-GRE
tunnel types, both are included for reasons of backwards
compatibility.
CMP: I will also note that having two different ways of doing the same thing (Tunnel Type 2 and protocol 0x8847 vs. Tunnel Type 11) takes us away from interop., and that there does not seem to be MPLS-in-GRE defined in any RFC (so it seems like potentially a good time to rationalize instead of perpetuate). My $0.02 only.
CMP: Should MPLS-over-GRE be an example only? Or otherwise, how do we interop the two types of “ MPLS-over-GRE”? Should an example be also added about MPLS-over-L3TPv3?
3.3.1. IPv4 DS Field
CMP: Why not also define this for IPv6?
3.3.2. UDP Destination Port
CMP: One additional thought. Obsoleting RFC 5512 also removes the anchor from RFC 5640 — that is not a terrible deal in itself, but is there also an opportunity to generalize the Load-Balancing approach thereby defined to also include the new encapsulations’ LB, UDP-based (port as the LB Field), etc?
I hope these are clear and useful — Thanks!
— Carlos.
> On Dec 28, 2015, at 10:20 AM, Eric C Rosen <erosen@juniper.net> wrote:
>
> The -01 revision of draft-ietf-idr-tunnel-encaps has the following changes from the -00 revision:
>
> - By popular request, it has been written in such a way as to obsolete RFC5512. This means that anything useful in RFC5512 had to be incorporated into the new draft. I would welcome opinions on whether this was done correctly.
>
> - Two new sub-TLVs are specified: "MPLS Label Stack" and "Prefix-SID". I would welcome opinions on whether these are useful or not. (I'm pretty sure that the first is useful, the second is more speculative.)
>
> - If you are familiar with deployed uses of the Encapsulation Extended Community, the Color Extended Community, or the Router's MAC Extended Community, it may be worth checking section 4 to make sure that the draft does not introduce any problems.
>
> - I wish more folks would take a critical look at section 8, which is primarily about the use of VXLAN/NVGRE/VXLAN-GPE together with labeled address families.
>
> I would also be interested in hearing if anyone has an opinion on the utility of using this sort of mechanism to signal IPsec tunnels. Once RFC 5512 is obsoleted, RFC 5566 ("BGP IPsec Tunnel Encapsulation Attribute") will need to be revised. It might be possible to generalize that in such a way as to facilitate the secure interconnection of two private ASes across the public Internet. Comments on whether RFC 5566 takes a reasonable approach would be welcome.
>
>
>
> _______________________________________________
> BESS mailing list
> BESS@ietf.org
> https://www.ietf.org/mailman/listinfo/bess
- Re: [bess] I-D Action: draft-ietf-idr-tunnel-enca… Carlos Pignataro (cpignata)
- Re: [bess] I-D Action: draft-ietf-idr-tunnel-enca… Eric C Rosen
- Re: [bess] I-D Action: draft-ietf-idr-tunnel-enca… Eric C Rosen
- Re: [bess] I-D Action: draft-ietf-idr-tunnel-enca… Carlos Pignataro (cpignata)