Re: [bess] Benoit Claise's Discuss on draft-ietf-bess-mvpn-extranet-04: (with DISCUSS and COMMENT)
"Susan Hares" <shares@ndzh.com> Thu, 17 December 2015 14:00 UTC
Return-Path: <shares@ndzh.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 712411B2DED; Thu, 17 Dec 2015 06:00:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.055
X-Spam-Level:
X-Spam-Status: No, score=-99.055 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KrosE5Vm2_Xw; Thu, 17 Dec 2015 06:00:41 -0800 (PST)
Received: from hickoryhill-consulting.com (hhc-web3.hickoryhill-consulting.com [64.9.205.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB4E11B2D01; Thu, 17 Dec 2015 06:00:39 -0800 (PST)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=74.43.47.177;
From: Susan Hares <shares@ndzh.com>
To: 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>, 'Benoit Claise' <bclaise@cisco.com>, 'The IESG' <iesg@ietf.org>
References: <20151217133049.1038.44405.idtracker@ietfa.amsl.com> <5672BE86.3090505@cs.tcd.ie>
In-Reply-To: <5672BE86.3090505@cs.tcd.ie>
Date: Thu, 17 Dec 2015 09:00:40 -0500
Message-ID: <003001d138d3$50bf8a40$f23e9ec0$@ndzh.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQLS05QNmCOjnF9/ygy/QKz2M1D3eQIOAow0nLuOblA=
Content-Language: en-us
X-Authenticated-User: skh@ndzh.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/bess/MTBBzJhCn1EcIT7EWxLWtPsYy90>
Cc: aretana@cisco.com, bess-chairs@ietf.org, draft-ietf-bess-mvpn-extranet@ietf.org, martin.vigoureux@alcatel-lucent.com, bess@ietf.org
Subject: Re: [bess] Benoit Claise's Discuss on draft-ietf-bess-mvpn-extranet-04: (with DISCUSS and COMMENT)
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Dec 2015 14:00:45 -0000
Stephen: They are adding 2 BGP Extended communities. They are modifying rules for distribution of BGP routes and PIM trees in the case of MPLS VPNs supporting multicast. The thing that worries me is they are stating that "breaking any of the policy rules" is a security consideration. However, as far as I can tell the specification lacks an indication of how to trace or audit such rules. P as to "Private" VPNS is simply an indication of overlay VPNS used for a set of customers. Just one variant of routing technology specified, IMHO. Sue -----Original Message----- From: BESS [mailto:bess-bounces@ietf.org] On Behalf Of Stephen Farrell Sent: Thursday, December 17, 2015 8:54 AM To: Benoit Claise; The IESG Cc: draft-ietf-bess-mvpn-extranet@ietf.org; bess@ietf.org; aretana@cisco.com; bess-chairs@ietf.org; martin.vigoureux@alcatel-lucent.com; shares@ndzh.com Subject: Re: [bess] Benoit Claise's Discuss on draft-ietf-bess-mvpn-extranet-04: (with DISCUSS and COMMENT) On 17/12/15 13:30, Benoit Claise wrote: > 3) Is security section really a security section? It seems more like > “do this policy” or this will fail. It should get a stronger review > from the security directorate I've not posted a ballot for this one as my question is more "What does P really stand for in this kind of VPN?" and I don't really get what here is new that requires a PS. So any security discuss would likely be met by "not new, can't change" and is therefore perhaps not the best use of our time. It'd be better if we could get some folks to try to re-instate the P == Private in VPN. (But that is admittedly very hard if one really has to do multicast.) S. _______________________________________________ BESS mailing list BESS@ietf.org https://www.ietf.org/mailman/listinfo/bess
- [bess] Benoit Claise's Discuss on draft-ietf-bess… Benoit Claise
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Stephen Farrell
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Susan Hares
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Susan Hares
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Susan Hares
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Susan Hares
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Benoit Claise
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… joel jaeggli
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… joel jaeggli
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Martin Vigoureux
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Alvaro Retana (aretana)
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Susan Hares