Re: [bess] Benoit Claise's Discuss on draft-ietf-bess-mvpn-extranet-04: (with DISCUSS and COMMENT)
Eric C Rosen <erosen@juniper.net> Tue, 22 December 2015 14:53 UTC
Return-Path: <erosen@juniper.net>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C3A41A079D; Tue, 22 Dec 2015 06:53:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.502
X-Spam-Level:
X-Spam-Status: No, score=-0.502 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cOU5Fm26Kbz1; Tue, 22 Dec 2015 06:53:14 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0720.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:720]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 141E71A066C; Tue, 22 Dec 2015 06:53:13 -0800 (PST)
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=erosen@juniper.net;
Received: from [172.29.33.26] (66.129.241.10) by BY2PR0501MB2006.namprd05.prod.outlook.com (10.163.197.17) with Microsoft SMTP Server (TLS) id 15.1.361.13; Tue, 22 Dec 2015 14:52:50 +0000
To: Benoit Claise <bclaise@cisco.com>, The IESG <iesg@ietf.org>
References: <20151217133049.1038.44405.idtracker@ietfa.amsl.com>
From: Eric C Rosen <erosen@juniper.net>
Message-ID: <567963BD.5040706@juniper.net>
Date: Tue, 22 Dec 2015 09:52:45 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <20151217133049.1038.44405.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Originating-IP: [66.129.241.10]
X-ClientProxiedBy: CY1PR17CA0003.namprd17.prod.outlook.com (25.163.68.13) To BY2PR0501MB2006.namprd05.prod.outlook.com (25.163.197.17)
X-Microsoft-Exchange-Diagnostics: 1; BY2PR0501MB2006; 2:bbvPtEbVyzbRRMDCz9XjSZ0YOmuug6ijw6nRus/swrq3/GeLJAECix6I1DjWWFjTBGNq7jdxy7rwuZ/eYV8u2cqimqM4OYf7LrfZbnGp5xfNNa3lQV+woYWO+G18980JvQyuIe5djMMSKqunVabaig==; 3:bOH/72iJkXfPXMsc1OeA3wF+U0T1n39fMhNZ2K2wUnHFEyac57DVs4o+7BpxdM8BR8RiH6QL3JFnCJMuUG9AGCGi//IfLId4Gxr5zjfZbTGIJzWX2X45H3md1VA8J/mO; 25:Nje/u0ansRjsaql4BpS7ZEOW8R14GaFioxwS51RI3+YbFEREQ83dudYwAnV0ScRlX/XyhYxKfUdLNBW32LT47FGL3Xr3eiixf0alEm40tbonZX5fVDU0dA8jj9G65rC+ICpVfd8+vpDTuOpss2aAz0RA9gMfHWaKWHwdksNInFrDWdFZERVIc8deunxX1Bdt9vA6fT3FRsf7A+50EjdHvrAP8MIyfbqAPpuPBqHKsdyRrhEYtvfmNT9xxw0lULpm
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR0501MB2006;
X-Microsoft-Exchange-Diagnostics: 1; BY2PR0501MB2006; 20:3/MVKxar9m95FClTBZBkPvb4/O6SWNj33rbChj0kky6Iw7orjzYwgoeAprPZk+VdTxLYkymJdng59/W6h+0c/goyGOlWkqkHeC4WTLhi3W4VRBKO37QwFyQ78FcrpGzwVXGX0r6zJDCtXiQflTfLjJEAZEqtbSjFCXFwpI5+aeXteJ57p9DwuwB5Lam5pipB9XusBjXjpQ6HoQamvFUnZPW3Jn7bOcsi4EnnN82ByJAZwWTfkYOAJqPiNbO+dssNXsRBmBXBFWE+hi8BAcOQSmuIqGL8fwFtEb6PBwJiwfTkpPp5CWmfmYtj/IJzdsB+iPPZm8iSfc9HYP8BeQHo7K0Xgb6NupN7c8MtWtJ0UfCdCb0IMrSoQ5MaoU01Mjg+8Nbi6l6vAK0Ww5svb1B4IxZtEiRfBWWSxL72SCQgReFEO0VItomIrF+5hGeiloBBiDPlzPG6aVcFZJ3Srlnxz+UKKadXMH9aU6gldp0Tjrk+q9KUSunrNvIUd3tMS3Lh; 4:4hzw2l/F4q9b2bUSei+vKrzz3TDOTA8/Wy63FQSSbzy8e2hguByCgbzmA3RzbwJ7PgC4yQRnmiagjymA+GaOhxv6G6n74mtBs1pKZsog0ty/KLP6cmwsPEuX7hHdvGMpvF4Y1MX8KywFq1qevJosx/t8J4o80wbxgqlk58uwVF1PowNf4hwPMNn6UyHnwGUOg7lZFXsQO+MN6qqddomb+VuqoaU77f0RprR0z/2U2otYQAH8cDJxQ0M4hwTwirlO+BTQUftKS6XZgEVr5q8woLAB0kqFc95Fa1J9x90RzyawJaZsV1Cd6JJiMvx64+uxT/SALK8QcjAqHqfNlnnajFZbu+6ILbmUJs0+1vho1rFjd9CTEC+4xi2TS90CTDH0
X-Microsoft-Antispam-PRVS: <BY2PR0501MB2006FC9E8C7658C70361A1A8D4E50@BY2PR0501MB2006.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(520078)(5005006)(3002001)(10201501046); SRVR:BY2PR0501MB2006; BCL:0; PCL:0; RULEID:; SRVR:BY2PR0501MB2006;
X-Forefront-PRVS: 0798146F16
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6009001)(6049001)(479174004)(199003)(189002)(52044002)(24454002)(377454003)(15975445007)(81156007)(19580395003)(40100003)(5001770100001)(65806001)(189998001)(76176999)(33656002)(86362001)(47776003)(36756003)(122386002)(101416001)(80316001)(87266999)(83506001)(4001350100001)(1096002)(65956001)(5001960100002)(87976001)(23676002)(99136001)(5004730100002)(92566002)(586003)(66066001)(97736004)(59896002)(2950100001)(230783001)(54356999)(42186005)(106356001)(105586002)(6116002)(5008740100001)(50466002)(65816999)(77096005)(50986999)(64126003)(3846002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR0501MB2006; H:[172.29.33.26]; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Received-SPF: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1;BY2PR0501MB2006;23:BhB3tomxik+VNP3PO7mAyoWel25EIAhkQXLJklgazo8wJsMfLRDCvrZqu/Zxd43hp7ylp7R3KvjW+LlqJeMRfbVyg7Ip23qxj7csVexjOmXVUtievTGwNZH+Mw9fFdh5lxC6yhWp9DuT40Lu7C5ttdqqwNFUG8x1v4aNUedAO0yuStiPf3VlEkVxPIjRT/EnkpazbXHGrX+iUFn6bm40j+7YEITwDCmmv7tmCIUNDvvdmOEYgRvQ23Xlp+kqSQ6MTcZcQskwNLGuEkto+XQvBgRmSxAKn4k3bCJMh2FVegIex/9a98n2sO403mWmsW2MGBEbA7TaVBMsDafIIcsGXpN1Y3Vju2C8RjCX9/b3TJRgpauMzhWFnqbKsqbTXtJZjaO2cpkvrMoeFZnpaxrPMKLQpwkHU3kGxaVby+6WwDcgH89Qzi2g94yv0E3gRN2xszhEBKLmHsJbLkZQXcy/RugRJP7wXGZ6lQ9Aevk6ymUHlIFb+EACV49QEi8taTv8HC8yqOl27VNjef4cifXqCv7EyPx1bkLp2fS+PglJMMbkNXOAGmAUFTbKmXNxfhmUiIJizbay1BGtHAFGqBGHt7OfWqDcOfrO91uCnWPLiagJe22JZZBK0fyAtzs6FtxVq0YQt55pgbDQ+fUwHlVoctyDlLdmBFm80cvZZqI6/rkAGgZkRqNx/UvmFOhtYrs3zWMnvAMa5ZISWBSdTc96rM3WuNuCrS5KlZpcyWYa+4ufyU8LkbekIx378W8I+xMiirT5404vbCQammvX0g6wKYSfHBDUXWNwvizuKV7aMAFr9zls7kFmfjETS0RzoZM1EmHSGywHQWD+RJYbxg8g6B2WO2eXJ3jBTmForXZ3jLVIBXdFw5KYy2B8ufrX60VYzfH7R9f0xSO41Tl97c6quDzCDfuDwTj1qAcMI6y5tNxXZHysPIn/ogz8+c4Gknp15hmC50iSJ9bWYMMtJRecgW3SQuAIN/zkWESqfTS/VeCCJIRsi75ET05UAzgRiCn6jrc+i1SJOwavPpREtsFsUS1OFAEodCKzAMCvimug2zCzbxsI8+nS6UV+C+Hic4tWcNUaDUbh0C+2WWFrivoN2cUr29MXAzNrDIwiwFcIJqIEPSLXX9jWOuAceBmOVFxMLwiwV43FawneO2YT2gO3XZ4WfqvlSlRL343qIFSIwUC7ioYvysPrvnSkYnuyVV7t0MGuIo7bpkQ8Oi9QNWmMwyEavPf/ynGUZxMBsDErtvnI22vxImLyh5L9D04b7yn2YifDmbldwdbb5RdzrmH1UnkU18PNTNYvFdgRMIBz+I4ixWw3+XLofm0dYxkrO4/N
X-Microsoft-Exchange-Diagnostics: 1; BY2PR0501MB2006; 5:J8uu7G0HOSR5s7XaIoFFF9YMMonPDyeb6GA34/h3yZQx+spPBuyE9jpSidmlKGEsPgH7X+L3Finc19b3TadNdGcnCgsWKb6CdsYRh7+QG19piSQ58WYDsveVZL7r1CJWlogsNYXN6RRZtkVV19f+Bg==; 24:hJfvvg7WxYnewiVAsTW6DTFyIYuo/I2OJ9u4iujBxzrQKm7x34lXMUT/60jPyMnPPAtVHKUjnnML6K3dfggiipDGHCNEKcQfGD4EBKr5XxE=
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Dec 2015 14:52:50.5973 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR0501MB2006
Archived-At: <http://mailarchive.ietf.org/arch/msg/bess/0uIBVrgDqqUb0MEBrwIz-xIllVQ>
Cc: draft-ietf-bess-mvpn-extranet@ietf.org, shares@ndzh.com, aretana@cisco.com, bess-chairs@ietf.org, martin.vigoureux@alcatel-lucent.com, bess@ietf.org
Subject: Re: [bess] Benoit Claise's Discuss on draft-ietf-bess-mvpn-extranet-04: (with DISCUSS and COMMENT)
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Dec 2015 14:53:18 -0000
Draft-ietf-bess-mvpn-extranet-05 has been posted. This revision contains some edits to the sections on the Extended Communities, and some other editorial changes, stemming from the ops-dir review. I did not follow the suggestion of the ops-dir review to add an "Operator Tips and Tricks" section, as that would be outside the scope of the document, and there is no IETF requirement to include such a section. On 12/17/2015 8:30 AM, Benoit Claise wrote: > Benoit Claise has entered the following ballot position for > draft-ietf-bess-mvpn-extranet-04: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-bess-mvpn-extranet/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > As mentioned in Sue Hares' OPS DIR, 3 major concerns. The last one is > actually for the security ADs. > > Status: Not ready, three major concerns and two editorial nits: > > Major concerns: > > 1) Specification of the Extranet Source Extended Community and Extra > Source extended Community > > Please provide the type of detail as show in RFC 4360 sections 3.1, 3.2, > and 3.3. > > 2) Why is there no Deployment considerations section? > > The whole draft is a set of rules for handling policy, BGP A-D routes, > tunnel set-up, and PIM Join/leaves in the case of an intra net. Unless > these rules are followed exactly, traffic may flow into a VPN it is not > suppose to. > > If the customer and the SP must coordinate on setting up filters, the > procedure is outside the document. > > An error in any of these set-ups is considered a “security violation”. > > Milo Medin stated “with enough trust” a rock can fly to the moon. > However, the NASA flights were fragile and risky. In the journey to the > moon, there was no other choice. Instrumentation has 4-5 backups. > > In this set-up, one has to ask “is there another choice” to this whole > design that seem fragile addition of extranets to an intra-AS multicast > design. If the design is not fragile, then there should be a deployment > section indicating how to manage the RTs, RDs, and policy set-up. > Perhaps experience with the Intra-As has shown deployment tips that would > make this less fragile. If so, it would be good to include an > operations consideration section. > > If a new class of tools provides monitoring or provisioning, mentioning > these would be useful. If yang modules are being developed, that would > be useful. > > Places that indicate issues with violated constraint: > > p. 11, 12, 19 (2.3.2 – a priori knowledge, inability to detect), , p. 25 > last paragraph (violation of constraints will cause things to not work. > However, only policy can control), p. 27 4.2.2 (1st paragraph, Route > Reflector must not change), p. 31 (5.1, first paragraph), > > 3) Is security section really a security section? It seems more like > “do this policy” or this will fail. It should get a stronger review from > the security directorate > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Editorial suggestions: > > > > Summary: In general the authors provide dense English text to describe > this rules. In general the English text contains valid complex > sentences. However, a few things should be suggested: > > > > 1) PTA – define it in a definition section or spell out the > abbreviation > > 2) Phrases like “the RT RT-R” become overly dense. Use “Route > Target RT-R”. > > 3) Breaking up section 6.2.1 – with subjection and subtitles would > make it more readable, > > 4) P. 36 second paragraph. The reason for the “MUST” in 1st full > paragraph is a bit vague. It seems logical, but the reasoning is just > vague in the text. > > 5) paragraph 2 in page 47 (section 7.3.1) is awkward, please reword. > > > 6) Paragraph 5 in page 47 (section 7.3.1) – does not explain why the > condition should hold. The authors have done this in eac other case, so > it seems inconsistent. > > 7) Page 53 – section 7.4.5 paragraph 3 “VRF route Import EC” – > please spell out first usage and give abbreviation (VRF Route Import > Extended Community (EC). > >
- [bess] Benoit Claise's Discuss on draft-ietf-bess… Benoit Claise
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Stephen Farrell
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Susan Hares
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Susan Hares
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Susan Hares
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Susan Hares
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Benoit Claise
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… joel jaeggli
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… joel jaeggli
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Martin Vigoureux
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Alvaro Retana (aretana)
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Susan Hares