[bess] solicit feedback on draft-dunbar-bess-bgp-sdwan-usage description of using BGP UPDATE messages to achieve SD-WAN Application Based Segmentation
Linda Dunbar <linda.dunbar@futurewei.com> Fri, 31 January 2020 22:16 UTC
Return-Path: <linda.dunbar@futurewei.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3368E120052; Fri, 31 Jan 2020 14:16:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DC_PNG_UNO_LARGO=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lF6XjZ8R5nkz; Fri, 31 Jan 2020 14:16:43 -0800 (PST)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2117.outbound.protection.outlook.com [40.107.236.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C6E912002E; Fri, 31 Jan 2020 14:16:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=h1ttciYS841vUPpY432Iyam5XVVl+FwdkQDt5+ALmPRz56sLs6nAc9KYITUObpZ7/OLToEX82pqxSQwO8N4EJI2HhLMb4oNgT9xkLbBMSfu0swnAp2jHIpHZR20rg7M+igbvGl+vYWuTnaODFYz2uoOuLT5Vm/xQ+NBJdr5N9RuzjwaoBjJW3cMww6eF6jfAoXvQt/9AXo8VTeXM1mn79O8bFYo30f6TZSuxkcyHpjgLmczrJDpg0M6t5AaHlp9DrF6Ftf9CA7x574SkCE5hPXRkWrLIoL7H07WYjY3FcXoGGJLEjsNS7E6OtDrZqAdGfOo452STmHS3JAYdcu9T/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=X2mEYHK2EQWWvHOolvSP2XumriQc4SGwiVy0Q9lt8gg=; b=Hdfl9WBzoHsMp3QmPsGa66OjJH2U0kQmOZS0qtpaX9G+KGmUJ0XG1vyNfah3tiqN3yt9LA5XYp0n3DM9xfqaSpFkZAvEF3G2JZ32QmqU2eEuboHxN7lm5JN9mmnRzUw/UH6lbWkhJKn8IpPIf46FSKHCzTqMNzFcE2jQ7ijNyeifxDSD7NkmFEZqI4t95TwYC5DOOcxQA8QNtoIs26/2u49JnDZgNTZ04qSwXvslTK3l3Y9GpfhC2ENhlLquaQDcGdzgub7p2R0TyYi1FYeZC3Z+mNL19hvGuiPMLhUgIPPWeOUFfwR8NE9EJzEqMSbV2CNQfeJg9x7Ct9CEtLCmDw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=X2mEYHK2EQWWvHOolvSP2XumriQc4SGwiVy0Q9lt8gg=; b=S9fRwCxyb6yAQmjjPExH0w34e5Umj/+qYMCk+j4Ue3UWXu888TuthUCg8w8GFBg2zGfwcRsbKQCh1hycut70YS/qEPjyR2f8aJmRIiX6DT7BkR4vmkJsQJc7AyTdBHPozYGhRJsQ6SsbS9o/wkHw6mZrJAmBQQXG1hXCnRHMcPc=
Received: from MWHPR1301MB2096.namprd13.prod.outlook.com (10.174.170.35) by MWHPR1301MB2080.namprd13.prod.outlook.com (10.174.169.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2707.14; Fri, 31 Jan 2020 22:16:38 +0000
Received: from MWHPR1301MB2096.namprd13.prod.outlook.com ([fe80::e893:a912:1d3a:5a33]) by MWHPR1301MB2096.namprd13.prod.outlook.com ([fe80::e893:a912:1d3a:5a33%6]) with mapi id 15.20.2686.028; Fri, 31 Jan 2020 22:16:38 +0000
From: Linda Dunbar <linda.dunbar@futurewei.com>
To: "bess@ietf.org" <bess@ietf.org>
CC: "draft-dunbar-bess-bgp-sdwan-usage@ietf.org" <draft-dunbar-bess-bgp-sdwan-usage@ietf.org>
Thread-Topic: solicit feedback on draft-dunbar-bess-bgp-sdwan-usage description of using BGP UPDATE messages to achieve SD-WAN Application Based Segmentation
Thread-Index: AdXYg+Zzlmc8RhWQTG6sFC31Aq4Tmg==
Date: Fri, 31 Jan 2020 22:16:38 +0000
Message-ID: <MWHPR1301MB2096BC7F3A028A3C11595F7185070@MWHPR1301MB2096.namprd13.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=linda.dunbar@futurewei.com;
x-originating-ip: [12.111.81.71]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6712644a-010c-4ee4-3551-08d7a69b3e0e
x-ms-traffictypediagnostic: MWHPR1301MB2080:
x-microsoft-antispam-prvs: <MWHPR1301MB2080532CF7F3B0EC8806684585070@MWHPR1301MB2080.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 029976C540
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(396003)(346002)(366004)(136003)(376002)(39840400004)(199004)(189003)(26005)(8676002)(186003)(6916009)(81156014)(81166006)(8936002)(44832011)(86362001)(4743002)(66574012)(2906002)(478600001)(6506007)(55016002)(9686003)(861006)(66476007)(76116006)(66556008)(64756008)(66446008)(66946007)(33656002)(66616009)(316002)(450100002)(4326008)(7696005)(5660300002)(71200400001)(966005)(15650500001)(52536014); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR1301MB2080; H:MWHPR1301MB2096.namprd13.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: futurewei.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ihE26q7ZiIW/0slIAhhng2TmGfbmyX08gAlMhlH+4j6bZ31gjKXIz2rGzK1Xivb6W10mN1n4FRMPhwDYHViHaA/uw+MG6UdsR15N/JFMQDtqgX7SpQGa0HAZcaPmkMfflt3j5ZttZb4ezEY0fwRqFY8I8VkvFDMPjcEw4wIXngrm2YAsYirvMaG+8MDudVbfK678oCj6jB8piVnAnrRK+65tvLuKxzN6Knfn4bcYN86801/ers//CmNzucWMS7Ry5W0pNrmBxumAFq8UzhBFQUoaFPFjRaMYcozSS8EGefkcfN2d40awnMx8uTqCphVibtTWrXsbsIodIQVsv3rXZLFqwf3M+Wc2tz4ccblnJErbUVS0vEwI4scdj6eqkBJkCA0AB14hlLofDji8uRQJMLQdjObMRipivuZERkuoDykpCuKNvvOwBEL+/crIV4Nd1yHwip2b0l/ikcRo8+VvOiy9FWx3iX4521OqKLrf6w+R9QuLphi6S+XVXYD0UtGLx7bLjqEP7mpxmV3uAGZNzw==
x-ms-exchange-antispam-messagedata: xjixkyQUyFR/YKjofNxgfdm4Pfc44oJGZ575bgQawNrg12YudQOJsaCx+IEVifSlL4v6v4hVawpjuz5QzPku+HGLrIcFeOMpaliPhq8DXBTHEfbY9e9Xl9lxCNjOH744Cfa7KtB+JT4m4mqtMAZYHw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/related; boundary="_004_MWHPR1301MB2096BC7F3A028A3C11595F7185070MWHPR1301MB2096_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6712644a-010c-4ee4-3551-08d7a69b3e0e
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Jan 2020 22:16:38.6045 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IPs2ZToVR6NhgmAikT4SrsR8d0QsBnm5/WkS5DQrkxMIkB+0VRn5DI0nsKKykROf5IO/g3nopfIpB9av2vuEyg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR1301MB2080
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/1GVGPo4tM0GOab4Wv6Z5NxgyBa4>
Subject: [bess] solicit feedback on draft-dunbar-bess-bgp-sdwan-usage description of using BGP UPDATE messages to achieve SD-WAN Application Based Segmentation
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jan 2020 22:16:45 -0000
BESS participants: "SDWAN" networks is characterized by: 1. Augment of transport, which refers to utilizing overlay paths over different underlay networks. Very often there are multiple parallel overlay paths between any two SDWAN edges, some of which are private networks over which traffic can traverse without encryption, others require encryption, e.g. over untrusted public networks. 2. Enable direct Internet access from remote sites, instead hauling all traffic to Corporate HQ for centralized policy control. 3. Some traffic are routed based on application IDs instead of based on destination IP addresses. https://datatracker.ietf.org/doc/draft-dunbar-bess-bgp-sdwan-usage/ describes examples of using BGP UPDATE messages to achieve the SDWAN Application Based Segmentation, assuming that the applications are assigned with unique IP addresses. In the Figure below, the following BGP Updates can be advertised to ensure that Payment Application only communicates with the Payment Gateway: [cid:image001.png@01D5D851.C2B24030] BGP UPDATE #1 from C-PE2 to RR for the RED P2P topology (only propagated to Payment GW node: - MP-NLRI Path Attribute: * 30.1.1.x/24 - Tunnel Encap Path Attribute * IPsec Attributes for PaymentGW ->C-PE2 BGP UPDATE #2 from C-PE2 to RR for the routes to be reached by Purple: - MP-NLRI Path Attribute: * 10.1.x.x * 12.4.x.x - TunnelEncap Path Attribute: * Any node to C-PE2 Your feedback is greatly appreciated. Thank you very much. Linda Dunbar
- [bess] solicit feedback on draft-dunbar-bess-bgp-… Linda Dunbar
- Re: [bess] solicit feedback on draft-dunbar-bess-… Linda Dunbar