IETF Logo Mail Archive

Re: [bess] Benoit Claise's Discuss on draft-ietf-bess-mvpn-extranet-04: (with DISCUSS and COMMENT)

joel jaeggli <joelja@bogus.com> Sun, 28 February 2016 16:37 UTC

Return-Path: <joelja@bogus.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01BB11A6F30; Sun, 28 Feb 2016 08:37:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.006] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V1tkHi8s4YUo; Sun, 28 Feb 2016 08:37:03 -0800 (PST)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08E571A6F2E; Sun, 28 Feb 2016 08:37:03 -0800 (PST)
Received: from mb-2.local (66-214-223-54.static.reno.nv.charter.com [66.214.223.54]) (authenticated bits=0) by nagasaki.bogus.com (8.14.9/8.14.9) with ESMTP id u1SGaeSh024819 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sun, 28 Feb 2016 16:36:41 GMT (envelope-from joelja@bogus.com)
To: Eric C Rosen <erosen@juniper.net>, Benoit Claise <bclaise@cisco.com>, Susan Hares <shares@ndzh.com>, 'The IESG' <iesg@ietf.org>
References: <20151217133049.1038.44405.idtracker@ietfa.amsl.com> <56741869.5020505@juniper.net> <00af01d139c6$898fb720$9caf2560$@ndzh.com> <567859EC.6030103@juniper.net> <006101d13ce1$725cd650$571682f0$@ndzh.com> <56799F9F.4010907@juniper.net> <000d01d13d94$80868a10$81939e30$@ndzh.com> <56966A3D.4000708@juniper.net> <56A88FE9.7000505@cisco.com> <56A90DEF.2000701@juniper.net> <c44ca50f-ba9a-2c3b-3f54-9a4b2d8fd8cb@bogus.com> <56CF713C.8010105@juniper.net>
From: joel jaeggli <joelja@bogus.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <d92734ee-572e-d6ab-48a8-242b33e7582f@bogus.com>
Date: Sun, 28 Feb 2016 08:36:34 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.0
MIME-Version: 1.0
In-Reply-To: <56CF713C.8010105@juniper.net>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="So9kjJ6rJNK14Ls8jQP08Fkmwl77m14Df"
Archived-At: <http://mailarchive.ietf.org/arch/msg/bess/Gg4e8CvN5TpvhqmvUOCB4vRvlug>
X-Mailman-Approved-At: Sun, 28 Feb 2016 10:57:18 -0800
Cc: draft-ietf-bess-mvpn-extranet@ietf.org, aretana@cisco.com, "'John G. Scudder'" <jgs@juniper.net>, bess-chairs@ietf.org, martin.vigoureux@alcatel-lucent.com, bess@ietf.org
Subject: Re: [bess] Benoit Claise's Discuss on draft-ietf-bess-mvpn-extranet-04: (with DISCUSS and COMMENT)
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Feb 2016 16:37:05 -0000

On 2/25/16 1:25 PM, Eric C Rosen wrote:
> On 2/24/2016 6:14 PM, joel jaeggli wrote:
>> Providing
>> operational advice isn't in scope? Section 1.3 goes into detail to the
>> point where it is hard to parse the application of route  distinguishers.
> Anyone who understands the normative references will know what a Route
> Distinguisher is and what a VRF is.  The fundamental part of
> provisioning any RFC4364 VPN is to create the VRFs, and to provision
> each VRF with Route Distinguishers.

Yeah, I'm not convinced of that, there is eleborate discussion of the
requirement for one RD per VRF and then extranet seperation adds a twist
that.

   However, when Extranet Separation is used, some of
   the local-RD routes exported from the VRF will contain the extranet
   RD.  Details concerning the exported routes that contain the extranet
   RD can be found in Sections 4.1 and 7.3.

> Section 1.3 states that, for the purposes of MVPN, two VRFs MUST NOT be
> configured with the same RD.
> 
> It further states that if the "extranet separation" feature is not
> required, every VRF MUST be configured with a single RD.  If the feature
> is required, every VRF MUST be configured with two RDs, one called the
> "default RD" and one called the "extranet RD".
> 
> In other words, that entire section specifies requirements that must be
> met by whatever process is used to provision the MVPN extranet. It also
> specifies reasons why these requirements are in place by mentioning some
> of the situations in which the protocols presuppose that these
> provisioning requirements are met.
> 
> I don't see what's missing.  I find it puzzling that a section whose
> whole purpose is to clarify the provisioning requirements (and the
> dependencies of the protocols on those requirements) would be held up as
> an example of how there are no operational considerations.
>
> It's true that the section is more focused on providing a precise
> description of the provisioning requirements than on providing a
> tutorial or guide or "advice".  But the former is within the scope of
> the document and the latter is not.  After all, the purpose of this
> document is to specify the protocols and procedures that need to be
> implemented.  The purpose is not to define a service model or
> provisioning system.
> 
>> extranets are by the nature set up by two independent entities. one
>> presumes both mutual cooridnation, and design efforts required to avoid
>> collisions.
> Extranet involves two VPNs, but the provisioning of the extranet is
> generally done by the single service provider that is providing both of
> those VPNs.  Thus the provisioning of an extranet generally does not
> require coordination between two independent entities.
> 
> It is possible that two independent providers will coordinate to provide
> an extranet, but it is also possible that two independent providers will
> coordinate to provide a single VPN, if that single VPN has sites
> attached to both providers.
> 
> For this reason, RFC4364 defines the Route Targets in such a way as to
> enable service providers to allocate globally unique Route Targets.  
> The need for uniqueness of the Route Targets is not specific to extranet
> or to multicast, and is covered in the normative references.
> 
>> the concerns in 2.3.2
>>
>>     Section 3 of this document describes a procedure known as "extranet
>>     separation".  When extranet separation is used, the ambiguity of
>>     Section 2.1 is prevented.  However, the ambiguity of Section 2.2 is
>>     not prevented by extranet separation.  Therefore, the use of extranet
>>     separation is not a sufficient condition for avoiding the procedures
>>     referenced in Section 2.3.1.  Extranet separation is, however,
>>     implied by the policies discussed in this section (Section 2.3.2).
>>
>> so being prescriptive with respect to how these may be operated seems
>> like it would be helpful.
> The draft goes into excruciating detail about how to avoid address
> ambiguity when moving data between two VPNs that have overlapping
> address spaces.  It specifies a protocol-based mechanism ("discard from
> the wrong tunnel") allows you to determine which of two streams is the
> one you want, even if both streams use the same IP addresses.  It also
> specifies policies, for assigning multicast flows to tunnels, that can
> be used to avoid address ambiguity.
> 
> Again, I don't see what is lacking.
>> Note that there is no requirement to have a separate "operational
>> considerations" section.
>> nor would that I think be necessary to address the concern.
>>
> Perhaps someone could explain to me exactly what is necessary to address
> the concern.
> 
> 
>

v2.23.0 | Report a Bug | By Email