IETF Logo Mail Archive

[bess] IPSec Tunnels and draft-sajassi-bess-secure-evpn

Susan Hares <shares@ndzh.com> Tue, 28 July 2020 15:30 UTC

Return-Path: <shares@ndzh.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0D663A109E for <bess@ietfa.amsl.com>; Tue, 28 Jul 2020 08:30:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.215
X-Spam-Level: *
X-Spam-Status: No, score=1.215 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.267, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id smCvpq68ONxC for <bess@ietfa.amsl.com>; Tue, 28 Jul 2020 08:30:26 -0700 (PDT)
Received: from hickoryhill-consulting.com (50-245-122-97-static.hfc.comcastbusiness.net [50.245.122.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8D383A0E54 for <bess@ietf.org>; Tue, 28 Jul 2020 08:29:42 -0700 (PDT)
X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=50.107.100.94;
From: Susan Hares <shares@ndzh.com>
To: "'Ali Sajassi (sajassi)'" <sajassi@cisco.com>, bess@ietf.org
Cc: "'Hu, Jun (Nokia - US/Mountain View)'" <jun.hu@nokia.com>
Date: Tue, 28 Jul 2020 11:29:17 -0400
Message-ID: <007f01d664f3$e2b14ff0$a813efd0$@ndzh.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0080_01D664D2.5BA491F0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdZk8izhjCdDx5/XSYuR36KvQpfiTA==
Content-Language: en-us
X-Antivirus: AVG (VPS 200728-4, 07/28/2020), Outbound message
X-Antivirus-Status: Not-Tested
X-Authenticated-User: skh@ndzh.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/6EK7kAJSiHWA9QLxbWGx74Uf7vE>
Subject: [bess] IPSec Tunnels and draft-sajassi-bess-secure-evpn
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2020 15:30:35 -0000

Ali and bess WG: 

 

IDR has 3 proposals for IPsec tunnels that impact
draft-ietf-idr-tunnel-encaps-17.txt.  As an IDR co-chair/shepherd,  I have
been discussing these three drafts (Ali and two other authors sets) to try
to find out if we can have one general solutions.   

 

The discussion has been very fruitful to point up BGP issues of
interoperability, security, privacy, manageability, and scaling.  For
example, there is a lack of a clear specification between RFC6514 (PMSI
tunnel attribute) and the tunnel-encaps draft that specifies how these
drafts interoperate.  I suspect the bess and idr chairs will need to discuss
if tunnel-encaps has to address this point. 

 

I wrote up my ideas in draft-hares-idr-bgp-ipsec-analysis-00.txt so the
authors could tell me what I misunderstood.   You'll find this draft stops
half way.  I have the rest of the draft written, but I wanted feedback from
all the author teams before sending it out. 

 

After hearing some of the details from the authors, I would like to sponsor
an IDR interim so we could discuss these issues at length.   If you think
this is a good idea, please let me know. 

 

One other thing. unfortunately, I scheduled a set of meetings for EDT time
after IETF meetings this week.   Your next response will occur from 11-16
UTC on Wednesday. 

 

Cheerily, Sue

v2.23.0 | Report a Bug | By Email