IETF Logo Mail Archive

Re: [bess] Joel Jaeggli's Discuss on draft-ietf-bess-mvpn-extranet-06: (with DISCUSS and COMMENT)

"Alvaro Retana (aretana)" <aretana@cisco.com> Tue, 01 March 2016 22:43 UTC

Return-Path: <aretana@cisco.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 476941B42CF; Tue, 1 Mar 2016 14:43:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.507
X-Spam-Level:
X-Spam-Status: No, score=-14.507 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.006, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1L2mN31SvyUt; Tue, 1 Mar 2016 14:43:33 -0800 (PST)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40C3F1B42CC; Tue, 1 Mar 2016 14:43:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3525; q=dns/txt; s=iport; t=1456872213; x=1458081813; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=dNfzNJ3a5THafCsFu5AMnHOhs3ics7fx2u9KOVZrGA0=; b=Kj8z6mF8Acp8cyDcJ9q4MFkkafkg+sfWzQ3+Iqh0Pig7pozIfTted98u sXMk5MdRrNfpwtPi21nY9GjFVwz8TAqfkz96DAZbuTcy+IDFNP6rPi4j2 tx3cJpCugCVD4g+0ENKAhj6vh3iUMUNVs5ATS2yJAkuRwh4wdQAAKog/f 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AcAgAcB9ZW/49dJa1cgzpSbQa4GoITAQ2BZiGFcgKBTjgUAQEBAQEBAWQnhEIBAQR5EAIBCEYyJQIEDgUUiAsOA74cAQEBAQEBAQECAQEBAQEBAQEBAQERBIYShDqEM4Q8BYdXix6EGQGFWIgJgWCERIhSjksBHgEBQoIDGRSBNGqHQ34BAQE
X-IronPort-AV: E=Sophos;i="5.22,524,1449532800"; d="scan'208";a="244587790"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 01 Mar 2016 22:43:32 +0000
Received: from XCH-ALN-004.cisco.com (xch-aln-004.cisco.com [173.36.7.14]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id u21MhWh8019442 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 1 Mar 2016 22:43:32 GMT
Received: from xch-aln-002.cisco.com (173.36.7.12) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 1 Mar 2016 16:43:31 -0600
Received: from xch-aln-002.cisco.com ([173.36.7.12]) by XCH-ALN-002.cisco.com ([173.36.7.12]) with mapi id 15.00.1104.009; Tue, 1 Mar 2016 16:43:31 -0600
From: "Alvaro Retana (aretana)" <aretana@cisco.com>
To: Joel Jaeggli <joelja@bogus.com>
Thread-Topic: Joel Jaeggli's Discuss on draft-ietf-bess-mvpn-extranet-06: (with DISCUSS and COMMENT)
Thread-Index: AQHRckZDW7tTttEaaEqPExBoDg17f59FqFOA
Date: Tue, 01 Mar 2016 22:43:31 +0000
Message-ID: <D2FB57DC.114103%aretana@cisco.com>
References: <20160228163705.24380.24145.idtracker@ietfa.amsl.com>
In-Reply-To: <20160228163705.24380.24145.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.61.212.27]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <49133C4241241342BF17C0A3C0B930EB@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/bess/PvkKUB1lFaimw_LAERzwa1aSz1o>
Cc: "draft-ietf-bess-mvpn-extranet@ietf.org" <draft-ietf-bess-mvpn-extranet@ietf.org>, "bess@ietf.org" <bess@ietf.org>, "bess-chairs@ietf.org" <bess-chairs@ietf.org>, "martin.vigoureux@alcatel-lucent.com" <martin.vigoureux@alcatel-lucent.com>, Eric C Rosen <erosen@juniper.net>, The IESG <iesg@ietf.org>
Subject: Re: [bess] Joel Jaeggli's Discuss on draft-ietf-bess-mvpn-extranet-06: (with DISCUSS and COMMENT)
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Mar 2016 22:43:35 -0000

On 2/28/16, 5:37 PM, "Joel Jaeggli" <joelja@bogus.com> wrote:

Joel:

Hi!  How are you?

...
>----------------------------------------------------------------------
>DISCUSS:
>----------------------------------------------------------------------
>
>After further discussion related to the ops dir review, I'm going to have
>to echo Benoit and the Opsdir reviewers concern.

I have to say that, as Eric, I am at a loss as to what specifically you
want to see in the document.  Please see my comments below related to the
OpsDir review text.


>----------------------------------------------------------------------
>COMMENT:
>----------------------------------------------------------------------
>
>Sue Hares performed the opsdir review. benoit holds the discuss for the
>points she raised.
>
>Status: Not ready,  three major concerns and two editorial nits:
>
>Major concerns:
>
>1)      Specification of the Extranet Source Extended Community and Extra
>Source extended Community

I think the authors took care of this already by making sure that 4.4
includes the text that Sue had proposed [1].

...
>2)      Why is there no Deployment considerations section?

This seems to be the sticking point.  What exactly are you looking for?

Please take a look at Sections 1.2. (Scope) and 1.3. (Clarification on Use
of Route Distinguishers) -- these are maybe not the best named sections,
but in them the authors lay out when this spec is useful: SSM and ASM
deployments (not Dense mode), calls out potential problems with BSR,
applicable to both PIM and BGP signaling, justified the use of a unique
VRF per RD.

Section 1.4. (Overview) gives some examples of potential deployments
("only some of its multicast C-sources be treated as extranet C-sources",
or "some of its extranet C-sources can transmit only to a certain set of
VPNs"), and it talks about the need for the SP to coordinate with the
customer during the provisioning process.

It seems to me that there's already a pretty good summary in those
sections, but they are not called "operational considerations"Š  What is
missing?  Do you want the above to be in a specific titled section, or
maybe there are other details you'd like to see -- if so, what are they?


A couple of days ago you raised a specific point [2]:

"...
there is eleborate discussion of the
requirement for one RD per VRF and then extranet seperation adds a twist
that.

   However, when Extranet Separation is used, some of
   the local-RD routes exported from the VRF will contain the extranet
   RD.  Details concerning the exported routes that contain the extranet
   RD can be found in Sections 4.1 and 7.3.
"

It sounds like you may want more clarity/details on parts of that.  What?



...
>3)      Is security section really a security section? It seems more like
>³do this policy² or this will fail.  It should get a stronger review from
>the security directorate

I am in fact not able to find a SecDir review.  However, the SEC AD did
put a DISCUSS on this document [3] and later cleared it [4] based on added
text.

Are there specific security concerns?

Thanks!

Alvaro.



[1] https://mailarchive.ietf.org/arch/msg/bess/h3H9joH90g2B1XplYi_H9QJaf6k
[2] https://mailarchive.ietf.org/arch/msg/bess/Gg4e8CvN5TpvhqmvUOCB4vRvlug
[3] https://mailarchive.ietf.org/arch/msg/bess/DBdwMh2Z3WE80NJxhA5qDsmlQwI
[4] https://mailarchive.ietf.org/arch/msg/bess/sjxLrpyGCCarO86xd5n617Q3fIk

v2.23.0 | Report a Bug | By Email