IETF Logo Mail Archive

Re: [bess] Benoit Claise's Discuss on draft-ietf-bess-mvpn-extranet-04: (with DISCUSS and COMMENT)

Eric C Rosen <erosen@juniper.net> Wed, 27 January 2016 18:35 UTC

Return-Path: <erosen@juniper.net>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D554E1B2AE3; Wed, 27 Jan 2016 10:35:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1RDuur-GgCuT; Wed, 27 Jan 2016 10:35:35 -0800 (PST)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0105.outbound.protection.outlook.com [207.46.100.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE37D1B2AE4; Wed, 27 Jan 2016 10:35:34 -0800 (PST)
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=erosen@juniper.net;
Received: from [172.28.32.198] (66.129.241.10) by BY2PR0501MB2149.namprd05.prod.outlook.com (10.163.198.23) with Microsoft SMTP Server (TLS) id 15.1.390.13; Wed, 27 Jan 2016 18:35:31 +0000
To: Benoit Claise <bclaise@cisco.com>, Susan Hares <shares@ndzh.com>, 'The IESG' <iesg@ietf.org>
References: <20151217133049.1038.44405.idtracker@ietfa.amsl.com> <56741869.5020505@juniper.net> <00af01d139c6$898fb720$9caf2560$@ndzh.com> <567859EC.6030103@juniper.net> <006101d13ce1$725cd650$571682f0$@ndzh.com> <56799F9F.4010907@juniper.net> <000d01d13d94$80868a10$81939e30$@ndzh.com> <56966A3D.4000708@juniper.net> <56A88FE9.7000505@cisco.com>
From: Eric C Rosen <erosen@juniper.net>
Message-ID: <56A90DEF.2000701@juniper.net>
Date: Wed, 27 Jan 2016 13:35:27 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <56A88FE9.7000505@cisco.com>
Content-Type: multipart/alternative; boundary="------------060506040102020103020807"
X-Originating-IP: [66.129.241.10]
X-ClientProxiedBy: CY1PR16CA0003.namprd16.prod.outlook.com (25.162.134.141) To BY2PR0501MB2149.namprd05.prod.outlook.com (25.163.198.23)
X-Microsoft-Exchange-Diagnostics: 1; BY2PR0501MB2149; 2:ua9FXPmUYG4PKSH1pBp8Q5BxsWglfgXrlxnQ2P81NWMkv92XYd53qadLUZbsBJfv+/J0tWjtu0Kl6axEtjh/sJnpuTNTXqx5bZ5clLjbUus3EW4S+7O/DlJBsEyLZa/bB3Op6/eK+8V1df0EOpFi+Q==; 3:qCygc/zxyejmgEPcsg0cDOdl45WKW66EnHetZkrW4HhCIISPak9wZ19Q9rU7Qdm/r+r+Z0uy/g1XZ0VDHAriVpc8OUJKPb8WYR2UvlIzrS2rmyvPX/1F3L1q9VGxX7TJ; 25:s608ZeD1cKnzx8rMGxvMt/VBOmQklIPK468miXFas44Kn5EVm37paCTC+BpVBSc+rOBk11B+bOPvanXrjE8v8wGdWzVxMhtWlWjpyFUUo1e9mTc9zFihA2Nl6GTgBUKhQvU/E1W8iorNe2KjKqJ+ycEqANGzNmEvsOzicE7Bq+MFMf2G2+A/oeY33c9d6Gd2GKdlVMHAJ7+luoQ+Sm4ulyT+pkIYZiT/GzEseNkFn3wvCO+HNOChLOcsFtvxCQ05
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR0501MB2149;
X-MS-Office365-Filtering-Correlation-Id: 63b00830-54a2-4a5f-33e2-08d32748a422
X-Microsoft-Exchange-Diagnostics: 1; BY2PR0501MB2149; 20:dsfg8a4cWx6BlZSQmp9GPM8qPzfDeQlSVgQ+aZwbKkc+MoCB8yeXA+bm/uBPspabhgeRzvqp/jB/EZkylnJFX02xGpiEiMz5Y2maxLsDqCebYuD4WnaCtoHf36CApFEG5ZGeo63gn90Ia/0dkfB3B95z9M0yfseK7/0jqRuG0O7IiuH5n4YEzdwMCyfB6lIwvG1uQMfF/9gH+08HfzQyQQPb4kYHtOF7t6LHvCZcfOdhcHuPPdEtQBMnZCYOdSiNDSya05hKC+AsDEAirJW+jvT5zG/T4kVQFaqDQMJfZJP6ZrXUMnB/4HG5+XDCuxErUuuFFkYeWttgdSk7+r0YZvBIrRWJJbo4FPxIycwDlpMjaw4Kg7afBzgYs0K5Avs0oORRgQ5vw+1WM0GtAmgxAlAGjd5uun0t6aIgzIC9pWHypvs1v74kCyi4Y7qf3fuSsbuNxIpAQoYbAK20QXGzOANK7Fcwz3FCMNCMzXgTAHqXVTgg3Gbe6rnx/GJyqYQX; 4:DdUx/Me0oLMlqs0bW8C9B7S3Qu8SWGqm2iBzoO2jZbjC99hUDjN+6Y4CwFYk1feVISo7ox0m2hgDq7z1HLkIwV8xsYNcdXYx9P7Axr8C3YM/7TQjluJMGFTa+mDbbYEEdYCR0fSGzBz1wmi0kr+Avc9dW4s6BgUsvHH/Sfy/Rblw2WNZB7i8ZaarzsRDALuKwId2EyJ7u4YKJQucJbmN5dk7mEYfyfNlAIXb5cpHlfq4wiHeDWYoJkZuzHcArNg73hkg/XO24O9uimLotVvpUeL1RLQ7rquMniRNkjO+0E+ikw6n+GWethuK5+6qy8SIDgtTGLdbg8K25i2nCNb12+qG5oxRfWtER/E63yCdOOcY7DLDdzJuJo1JCwQfgb10VYQ/S/pWNp7tfRjelg1YdqW3fMUfJWnK3tTdzkFHI8c=
X-Microsoft-Antispam-PRVS: <BY2PR0501MB214900DEDD45F76C7806C2E7D4D90@BY2PR0501MB2149.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(95692535739014);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046); SRVR:BY2PR0501MB2149; BCL:0; PCL:0; RULEID:; SRVR:BY2PR0501MB2149;
X-Forefront-PRVS: 0834BAF534
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6049001)(6009001)(479174004)(24454002)(189002)(377454003)(199003)(87266999)(5001960100002)(54356999)(3846002)(84326002)(2950100001)(77096005)(5004730100002)(1096002)(5008740100001)(189998001)(81156007)(65956001)(50986999)(101416001)(586003)(76176999)(106356001)(65806001)(65816999)(105586002)(16236675004)(64126003)(6116002)(87976001)(19580395003)(33656002)(83506001)(42186005)(2906002)(97736004)(122386002)(80316001)(4326007)(19580405001)(512874002)(36756003)(230783001)(5001770100001)(92566002)(66066001)(59896002)(40100003)(86362001)(93886004)(4001350100001); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR0501MB2149; H:[172.28.32.198]; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Received-SPF: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1;BY2PR0501MB2149;23:fgbeAJBoLTztiAmO57qS84Kbb4koSy55yz8tjiHvFQtj30bquSgTV8v3Sl0DlssyxAZ5q/j0Bdumv+gAL8lTNDcx+I2aTR6L+GBkaNXTkZ1TelSArZT+nmzPElWwaXjzsmtBS2Z1PiybdCzNOy6NvHEY+UtDV8aVJaVNxN6LbRbkEodeM6h+hGMJXH9oGHxz4BfLULGECeXP9igRL+xD6i4aGCSe+Sk9/h0Nwu/7PtlTBEj/HhTlRnSgG+HvK6taZa2dTaAZB+EZOJ4A/JUuIvMO2BPxRlGb7+17Uctl7hUloJ4Qfzf/ecQ3CEp4jg8IWSzyyXZACQAMIkCC/iXer4qz3WC+Gt4MzMyS/jLjHZqsN5MfcaaaZk/qpEyCixftDeGaxnIjPp8CU+j+YMQIEyOc5tHAnpfhuW9bKY+pmWfVZlq3R3eVVYW9anj7gn/Tz0O5a5aPoGsWo1SVpTklsUBSfFefYnC3KChNNY8r+jss24eyQiqNL8GeFKObGBNXeeNHDfyoEER6lBFcVPFyk54e7vHzp9/aJK94K9KugPKVh98BlVaQeyMU7dmsZRvF8d0Fn6O3vA6+m47rI4pVvRVvHpNU/Jg+BBJzUEtmymp+ANOG9gE16aYhV0SSp3Yyhh32yfCpFJQQiLbWYGO1Lzc7V5hZwdvyN2h8Fwdk5HONuBbyvNolR3ZUVOgCL47lLXG/oBQlsrbyf/PvOowaymHvObj+Y82eKF+oQlBrmCMmyRxIJFZGwFjPSPjpHNw+A8qxIqAFY3d9i6FZH+Coea1U8g3crYDyfbynMfB8ZkUGI86l1WCi4EZ7BX8qOZ1IZSSRRIDZtqCqUqWGtEHXWD9dy1hYIxCbdQpTb+xRug3kv+YagGlPOm/RyS5hKxT/9P0pTtguz6oQcPGqwqwJziiM2B2Ka8ERpAl31X00ryW8N/GdZPAeIYgCIaluCeA84L3JWh55HFSGH6n2KDBvCjHfuNWRai3BBPbYMsYkcCzHJyXspJwL3cKMZMXALCcpDAUfrt9QI9IZahz5dBbqdsVrZV+vNUZ20V9sYSNwpBEoVgigNdoXFeXtxrrmlIWB15+iVK3KMYTND4MC8mibCrDWkExdkHhq8X3fQfCVrGW5yW6S+PHfzXY6eqxy3F1nPKdZaj9Vys4LCaYzA2R6zKxai/3eN/Gdp3wfJ8LhCdnQMB34r7MScG6834xwIiZ36Bnc3UxO3vjoWh5f2X4ab5P+MpLCXmwNF35XJUOXz+eC86Cxj42owsB1T6JeG9yDeay56ALtSyEcd9j4CVy88bZ9zI928hjFfp7yNfWwiXkprxQLib9rrQFE/Zm8+4jW4UqDXdBqf08eewjfzArIsA==
X-Microsoft-Exchange-Diagnostics: 1; BY2PR0501MB2149; 5:13zcDg5hWGEZHDqTH7h8M/kYhZ1rl4lw3dCLGFbBQfU99sw9r2y8BW5CdrWYJApYKdlLn2RjnciQJUqN9eAXe7dteyoql/1n+W1ISgvlMf4ZaXlf4W19751uEIpoPHCsYPeIa81y+9tkZgRsnjHS1w==; 24:y6UI/W5r1EUxyp7dpBSWAdIjVp1YnotH6FXXI89ZLXqVJBUSmUv01sM/EaKBGZbcj9eM445/t7srQjow8EnYKAqmpbJFgil8pntrS+5zhd0=
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jan 2016 18:35:31.9517 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR0501MB2149
Archived-At: <http://mailarchive.ietf.org/arch/msg/bess/9ufDax0n0uhfSRo9DRKjPWc_p3s>
Cc: draft-ietf-bess-mvpn-extranet@ietf.org, aretana@cisco.com, "'John G. Scudder'" <jgs@juniper.net>, bess-chairs@ietf.org, martin.vigoureux@alcatel-lucent.com, bess@ietf.org
Subject: Re: [bess] Benoit Claise's Discuss on draft-ietf-bess-mvpn-extranet-04: (with DISCUSS and COMMENT)
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 18:35:38 -0000

On 1/27/2016 4:37 AM, Benoit Claise wrote:
>
> This document doesn't give an operator “so-what” for deployment in 60 
> pages.
I'm afraid I don't understand this sentence.

> You know, a few summary paragraphs that indicates where this 
> specification is useful and where it is not for operators, and the 
> potential fragility of the solution (which could be in a new 
> operational consideration section or in the security considerations.
As I've been trying to explain to Sue, I don't understand what is being 
asked for in these "few summary paragraphs".   An "operator's guide to 
provisioning extranets" would be useful, but not within the scope of 
this draft.

The security considerations section already points out that 
misconfiguration of the Route Targets may result in misdelivery of 
traffic; the above text is merely a paraphrase of material that is 
already present in the document.

Note that there is no requirement to have a separate "operational 
considerations" section.

> I don't think I've seen text around coordination to set up filter, for 
> example.
Coordination to set up filters?  I don't know what you are referring to.

>
> Sue has been trying to be helpful and even proposed some text:
>
>     Whenever a VPN is provisioned, there is a risk that provisioning
>     errors will result in an unintended cross-connection of VPNs,
>     which would create a security problem for the customers.  Extranet
>     can be particularly tricky, as it intentionally cross-connects
>     VPNs, but in a manner that is intended to be strictly limited by
>     policy.  If one is connecting two VPNs that have overlapping
>     address spaces, one has to be sure that the inter-VPN traffic
>     isn't to/from the part of the address space that is in the
>     overlap. The draft discusses a lot of the corner cases, and a lot
>     of the scenarios in which things can go wrong.
>

Actually, I wrote that text in an email to Sue.  Although it too is just 
a paraphrase of existing materiaI, I could add it to the "overview" 
section as part of the description of what an extranet is.   Are you 
saying that you will lift the DISCUSS if I just add that paragraph?

v2.23.0 | Report a Bug | By Email