Re: [bess] Benoit Claise's Discuss on draft-ietf-bess-mvpn-extranet-04: (with DISCUSS and COMMENT)
joel jaeggli <joelja@bogus.com> Sun, 28 February 2016 16:37 UTC
Return-Path: <joelja@bogus.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01BB11A6F30; Sun, 28 Feb 2016 08:37:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.006] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V1tkHi8s4YUo; Sun, 28 Feb 2016 08:37:03 -0800 (PST)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08E571A6F2E; Sun, 28 Feb 2016 08:37:03 -0800 (PST)
Received: from mb-2.local (66-214-223-54.static.reno.nv.charter.com [66.214.223.54]) (authenticated bits=0) by nagasaki.bogus.com (8.14.9/8.14.9) with ESMTP id u1SGaeSh024819 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sun, 28 Feb 2016 16:36:41 GMT (envelope-from joelja@bogus.com)
To: Eric C Rosen <erosen@juniper.net>, Benoit Claise <bclaise@cisco.com>, Susan Hares <shares@ndzh.com>, 'The IESG' <iesg@ietf.org>
References: <20151217133049.1038.44405.idtracker@ietfa.amsl.com> <56741869.5020505@juniper.net> <00af01d139c6$898fb720$9caf2560$@ndzh.com> <567859EC.6030103@juniper.net> <006101d13ce1$725cd650$571682f0$@ndzh.com> <56799F9F.4010907@juniper.net> <000d01d13d94$80868a10$81939e30$@ndzh.com> <56966A3D.4000708@juniper.net> <56A88FE9.7000505@cisco.com> <56A90DEF.2000701@juniper.net> <c44ca50f-ba9a-2c3b-3f54-9a4b2d8fd8cb@bogus.com> <56CF713C.8010105@juniper.net>
From: joel jaeggli <joelja@bogus.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <d92734ee-572e-d6ab-48a8-242b33e7582f@bogus.com>
Date: Sun, 28 Feb 2016 08:36:34 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.0
MIME-Version: 1.0
In-Reply-To: <56CF713C.8010105@juniper.net>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="So9kjJ6rJNK14Ls8jQP08Fkmwl77m14Df"
Archived-At: <http://mailarchive.ietf.org/arch/msg/bess/Gg4e8CvN5TpvhqmvUOCB4vRvlug>
X-Mailman-Approved-At: Sun, 28 Feb 2016 10:57:18 -0800
Cc: draft-ietf-bess-mvpn-extranet@ietf.org, aretana@cisco.com, "'John G. Scudder'" <jgs@juniper.net>, bess-chairs@ietf.org, martin.vigoureux@alcatel-lucent.com, bess@ietf.org
Subject: Re: [bess] Benoit Claise's Discuss on draft-ietf-bess-mvpn-extranet-04: (with DISCUSS and COMMENT)
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Feb 2016 16:37:05 -0000
On 2/25/16 1:25 PM, Eric C Rosen wrote: > On 2/24/2016 6:14 PM, joel jaeggli wrote: >> Providing >> operational advice isn't in scope? Section 1.3 goes into detail to the >> point where it is hard to parse the application of route distinguishers. > Anyone who understands the normative references will know what a Route > Distinguisher is and what a VRF is. The fundamental part of > provisioning any RFC4364 VPN is to create the VRFs, and to provision > each VRF with Route Distinguishers. Yeah, I'm not convinced of that, there is eleborate discussion of the requirement for one RD per VRF and then extranet seperation adds a twist that. However, when Extranet Separation is used, some of the local-RD routes exported from the VRF will contain the extranet RD. Details concerning the exported routes that contain the extranet RD can be found in Sections 4.1 and 7.3. > Section 1.3 states that, for the purposes of MVPN, two VRFs MUST NOT be > configured with the same RD. > > It further states that if the "extranet separation" feature is not > required, every VRF MUST be configured with a single RD. If the feature > is required, every VRF MUST be configured with two RDs, one called the > "default RD" and one called the "extranet RD". > > In other words, that entire section specifies requirements that must be > met by whatever process is used to provision the MVPN extranet. It also > specifies reasons why these requirements are in place by mentioning some > of the situations in which the protocols presuppose that these > provisioning requirements are met. > > I don't see what's missing. I find it puzzling that a section whose > whole purpose is to clarify the provisioning requirements (and the > dependencies of the protocols on those requirements) would be held up as > an example of how there are no operational considerations. > > It's true that the section is more focused on providing a precise > description of the provisioning requirements than on providing a > tutorial or guide or "advice". But the former is within the scope of > the document and the latter is not. After all, the purpose of this > document is to specify the protocols and procedures that need to be > implemented. The purpose is not to define a service model or > provisioning system. > >> extranets are by the nature set up by two independent entities. one >> presumes both mutual cooridnation, and design efforts required to avoid >> collisions. > Extranet involves two VPNs, but the provisioning of the extranet is > generally done by the single service provider that is providing both of > those VPNs. Thus the provisioning of an extranet generally does not > require coordination between two independent entities. > > It is possible that two independent providers will coordinate to provide > an extranet, but it is also possible that two independent providers will > coordinate to provide a single VPN, if that single VPN has sites > attached to both providers. > > For this reason, RFC4364 defines the Route Targets in such a way as to > enable service providers to allocate globally unique Route Targets. > The need for uniqueness of the Route Targets is not specific to extranet > or to multicast, and is covered in the normative references. > >> the concerns in 2.3.2 >> >> Section 3 of this document describes a procedure known as "extranet >> separation". When extranet separation is used, the ambiguity of >> Section 2.1 is prevented. However, the ambiguity of Section 2.2 is >> not prevented by extranet separation. Therefore, the use of extranet >> separation is not a sufficient condition for avoiding the procedures >> referenced in Section 2.3.1. Extranet separation is, however, >> implied by the policies discussed in this section (Section 2.3.2). >> >> so being prescriptive with respect to how these may be operated seems >> like it would be helpful. > The draft goes into excruciating detail about how to avoid address > ambiguity when moving data between two VPNs that have overlapping > address spaces. It specifies a protocol-based mechanism ("discard from > the wrong tunnel") allows you to determine which of two streams is the > one you want, even if both streams use the same IP addresses. It also > specifies policies, for assigning multicast flows to tunnels, that can > be used to avoid address ambiguity. > > Again, I don't see what is lacking. >> Note that there is no requirement to have a separate "operational >> considerations" section. >> nor would that I think be necessary to address the concern. >> > Perhaps someone could explain to me exactly what is necessary to address > the concern. > > >
- [bess] Benoit Claise's Discuss on draft-ietf-bess… Benoit Claise
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Stephen Farrell
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Susan Hares
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Susan Hares
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Susan Hares
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Susan Hares
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Benoit Claise
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… joel jaeggli
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… joel jaeggli
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Martin Vigoureux
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Alvaro Retana (aretana)
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Susan Hares