Re: [bess] Request for WG Adoption for draft-dunbar-bess-bgp-sdwan-usage-05
"Mankamana Mishra (mankamis)" <mankamis@cisco.com> Fri, 20 March 2020 23:37 UTC
Return-Path: <mankamis@cisco.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85FFD3A0F6D; Fri, 20 Mar 2020 16:37:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.499
X-Spam-Level:
X-Spam-Status: No, score=-9.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=bYrQnbiD; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=QWXylVLT
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kdTrLQ9GBA-X; Fri, 20 Mar 2020 16:37:55 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 941EA3A0F6B; Fri, 20 Mar 2020 16:37:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=82557; q=dns/txt; s=iport; t=1584747475; x=1585957075; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=JqRk9CHBTLXXEiYVblVS9fs/k+Rkq8nNLSOgN8XSkJ8=; b=bYrQnbiDDmCM611YF/ngH0iuEa/qrI/Zof+5hcGdY6ewnzc+XRrN1yhh uaj/gKS2tThzcGte0298RWmjchMrpgkdFabHgM5GBsilK4PzHp/atkWmg w2AhGH0Jf78hgYYWWv//0tHk8qfUgCEvboUoK4qZDE7/prKLENsGaiWmx Q=;
IronPort-PHdr: 9a23:uo558BQaizyRZet73QT+GMBRUdpsv++ubAcI9poqja5Pea2//pPkeVbS/uhpkESXBNfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH15g640NmhA4RsuMCEn1NvnvOikzGsdLUV5+13q6KkNSXs35Yg6arw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DqCQDMUnVe/5ldJa1cChwBAQEBAQcBAREBBAQBAYF7gSUvKScFbFggBAsqhBiBXoFnA4pvToFsJYlqjjKBQoEQA1QJAQEBDAEBIgsCBAEBgWeCXQIXgg0kOBMCAwEBCwEBBQEBAQIBBQRthVYMhWMBAQEBAxIICQQGEwEBJQQDDA8CAQgRAwEBAQkYAQYDAgICHwUMFAkIAQEEAREBIoJ/BAEBgX5NAy4BDqFzAoE5iGJ1fzOCfwEBBYEvARNBgysDCguCDAMGgTiFIIZyHRqBQT+BEScMFIFPfj5rGQGBFkkCAgEBGIEUAQcLASYDDwgBDQmCWzKCLI1YEiCBBoFjhXeKHY8ARAqCPIdYhQhKhRiEPB2CS4gqkGBEjQWBQYFPhzaCNpArAgQCBAUCDgEBBYFpIg1acXAVOyoBgkEJCj0YDY15JAwFBwuBBAEIgkOFFIVBdAIBAQGBJI1rAQE
X-IronPort-AV: E=Sophos;i="5.72,286,1580774400"; d="scan'208,217";a="463164211"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 20 Mar 2020 23:37:54 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by rcdn-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 02KNbs5E031561 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 20 Mar 2020 23:37:54 GMT
Received: from xhs-aln-002.cisco.com (173.37.135.119) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 20 Mar 2020 18:37:54 -0500
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 20 Mar 2020 18:37:53 -0500
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Fri, 20 Mar 2020 19:37:52 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YAkbPbUz2YJnonwj5T+MfQIkzUW15tbnqMBmt0YgpJyifWs/kBbph2f0OsZajl3EYMbJrx9DolQhpwYMRaGXiD1iQNn/lVwtluXJzJ20vmNeEA3AHq4Z++Yv/byvQqFN9uOKPBJmQjGKEVWGX5oWT0isplTRCQQSpzpgxyUq6vHD0o7zF8Ne3CMc+F7deyUHFxc607CYJsp4i8jPN3TwNRv1S3gB8H7aK9kuPp9NjMoqhG6ByYpryFKmNwg0aodSKxGxxUAHKpDneEvHD1ehrpTkwSQQsirE71YCcCQsQ4NfEYYn6sI7KqwunUmT/prGHKsCqXrMPeScNYP495L6GA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=JqRk9CHBTLXXEiYVblVS9fs/k+Rkq8nNLSOgN8XSkJ8=; b=dE94XrAi9BOk8zdpcxM/4e0PvSWMOgf5tkcP0ofnWjH40xW+EMyF7jLbkSAIiHNrhx04J8IJSVzM+6yBcTEDUZKnjUStvDth2a7hHVT/PQ4mXd9DEE8SzYEJxHl+ywh6P7gdpBn9Oq11dUgFsqt1e5rAPFHxbbhi1tVR9IXpfwWvfOB8RDeyhwtjDJ/mDoGq8dTs0gdCEIbE+lXy1OdRftoqlqhNWo/N+Nbw3ZFlSd19DgtO+pihYR0/uaMekxn0qWQ33O9+SoShBgzwiYBJ1J3DPsGrYeZzPkMQKFQr86+El+WS6BjwXLOK08eZzVQxH/Iuz8HaTbEDpUPKC9hGhw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JqRk9CHBTLXXEiYVblVS9fs/k+Rkq8nNLSOgN8XSkJ8=; b=QWXylVLTd+IM16EIzIZD/wb4+RMysEGxQUNTXOktLxymOQOy4qxOY9luYYCDJ9MwpAXHUKeoWhxy2P6W1w3eIaO87Bm+kFAFczNU3ozGEn6Wm/XV/hSt0IXuAL7nHUfJuQ1B7SCw2ZKqYx/vwMclz07Yv2UVg8ML5LNYKqutXyc=
Received: from SN6PR11MB2654.namprd11.prod.outlook.com (2603:10b6:805:54::31) by SN6PR11MB3325.namprd11.prod.outlook.com (2603:10b6:805:b7::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.20; Fri, 20 Mar 2020 23:37:52 +0000
Received: from SN6PR11MB2654.namprd11.prod.outlook.com ([fe80::49af:e9cb:d3fe:55c2]) by SN6PR11MB2654.namprd11.prod.outlook.com ([fe80::49af:e9cb:d3fe:55c2%3]) with mapi id 15.20.2814.025; Fri, 20 Mar 2020 23:37:51 +0000
From: "Mankamana Mishra (mankamis)" <mankamis@cisco.com>
To: Linda Dunbar <linda.dunbar@futurewei.com>, "bess-chairs@ietf.org" <bess-chairs@ietf.org>, "bess@ietf.org" <bess@ietf.org>
Thread-Topic: Request for WG Adoption for draft-dunbar-bess-bgp-sdwan-usage-05
Thread-Index: AdX+1HN/RHlZaYObSj621i4NGKQ7CQAAXIOA
Date: Fri, 20 Mar 2020 23:37:51 +0000
Message-ID: <04D992F3-434D-4706-8D69-DE42CC96B06E@cisco.com>
References: <MWHPR1301MB2096D60092C02E4512A9042685F50@MWHPR1301MB2096.namprd13.prod.outlook.com>
In-Reply-To: <MWHPR1301MB2096D60092C02E4512A9042685F50@MWHPR1301MB2096.namprd13.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.22.0.200209
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mankamis@cisco.com;
x-originating-ip: [2001:420:c0cc:1001::147]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f82d635d-3437-4a45-ea85-08d7cd27b4bd
x-ms-traffictypediagnostic: SN6PR11MB3325:
x-microsoft-antispam-prvs: <SN6PR11MB33257812F31049AF12EE4807DFF50@SN6PR11MB3325.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 03484C0ABF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(396003)(366004)(346002)(376002)(136003)(199004)(5660300002)(2906002)(71200400001)(6506007)(53546011)(66574012)(186003)(81166006)(66476007)(6512007)(8676002)(86362001)(36756003)(316002)(6486002)(81156014)(8936002)(76116006)(66946007)(110136005)(2616005)(66446008)(66556008)(966005)(33656002)(478600001)(64756008)(579004); DIR:OUT; SFP:1101; SCL:1; SRVR:SN6PR11MB3325; H:SN6PR11MB2654.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: V/EXKNQaF62ltQjn5+lv971bljgx1NHGcBENU55GcIlAJcKQ3q4QO7grNwLDuxFWrOMsMcfhvJGtm4qDVbh7dQSXQ/xRy7E0lFJvtN12Ci8TUlAJmZLaixQUZE1Rec9xgG0FNP35sjocuChxtio+7r5RmqhBf/oo8RfHpkUvpO/v+CNj9U+ZIoL9j0H4FgDJ7wycbsR5sTA1M9TZyrAHytrSG5Z+3evErIFRG/K966IeteP9FRtNMMNptje+uwwKwwz+4bPN2Tu18mip3qFCX6TRWUtPBJnpBZf817m2IqsWq03rx0B8oULds5Y+j/1yi6TgP1aH0+zO2YQohYf8o6v2HyFJRTneHxA3sVDVoVBWop/EVF8M49GD9GmRMcdug1C13p9n1LYV2nEBBH41YL7lNU/z9ZzjU4xrHo4IMYSnpHOe06oZsAXL1/bO0kbimEgWC+rT8eRR0NVgMND1wh92p0R/4LiHcLdQLEbY4Gzen2V6jRc9xYX3SPBzVdRZLJMt5agt2hQfO9PrTQQeZA==
x-ms-exchange-antispam-messagedata: 15nIzhATJTiJZbd1z3M5QsL05ZM7LDB3tRqsRVtgeGfs/P2k+9ouOHWl2fnH900uyu+I4b1tIU1eWv12+jjTgg1yuYkMMjDGh9MbxwvCRN4XxhNY/Piu1MT7d3KHYUcen5vERZ9M7cljB7YfHoQYRfRzbMI+W5t1UXbCN9usU5M=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_04D992F3434D47068D69DE42CC96B06Eciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: f82d635d-3437-4a45-ea85-08d7cd27b4bd
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Mar 2020 23:37:51.2210 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: LXJ1GLH4qfGGVG/fsFMsTisvxhNqsotNY2f5TVFO6hzYU4qZzESbU7c9II4QB7bED7fimPlxy3x020G+NylH/g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB3325
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.11, xch-rcd-001.cisco.com
X-Outbound-Node: rcdn-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/ZgFzFDg-QuzQzbFFSuZBLL-7YZI>
Subject: Re: [bess] Request for WG Adoption for draft-dunbar-bess-bgp-sdwan-usage-05
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Mar 2020 23:38:00 -0000
Its already in adoption queue. https://trac.ietf.org/trac/bess/wiki From: Linda Dunbar <linda.dunbar@futurewei.com> Date: Friday, March 20, 2020 at 9:50 AM To: "bess-chairs@ietf.org" <bess-chairs@ietf.org>, "bess@ietf.org" <bess@ietf.org> Subject: Request for WG Adoption for draft-dunbar-bess-bgp-sdwan-usage-05 Resent-From: <alias-bounces@ietf.org> Resent-To: <slitkows.ietf@gmail.com>, <matthew.bocci@nokia.com>, <mankamis@cisco.com> Resent-Date: Friday, March 20, 2020 at 9:50 AM Matthew and Stephane, We’ve had lots of discussion on the draft via the mailing list and the IETF 105, 106 . We have made changes to the draft to address comments from the discussion. Can you please call WG Adoption for draft-dunbar-bess-bgp-sdwan-usage-05? https://datatracker.ietf.org/doc/draft-dunbar-bess-bgp-sdwan-usage/ Thank you very much. Linda Dunbar From: Linda Dunbar Sent: Thursday, March 19, 2020 11:55 PM To: Huaimo Chen <huaimo.chen@futurewei.com>; idr@ietf.org Cc: bess@ietf.org Subject: RE: [Idr] FW: Is there any problem of using Private AS as "Identifier" to differentiate SD-WAN Segmentation for draft-dunbar-bess-bgp-sdwan-usage? Huaimo, Thank you very much for the suggestion. Do you mean using the similar approach as VPN Label carried by NLRI Path Attribute [RFC8277] for SDWAN Segmentation Identifier? If yes, the UPDATE message should not use the MPLS VPN SAFI (=128) to avoid confusion, right? Linda From: Huaimo Chen <huaimo.chen@futurewei.com<mailto:huaimo.chen@futurewei.com>> Sent: Thursday, March 19, 2020 6:45 PM To: Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>>; idr@ietf.org<mailto:idr@ietf.org> Cc: bess@ietf.org<mailto:bess@ietf.org> Subject: Re: [Idr] FW: Is there any problem of using Private AS as "Identifier" to differentiate SD-WAN Segmentation for draft-dunbar-bess-bgp-sdwan-usage? Hi Linda, It seems that a label may be used as an "Identifier" to differentiate SD-WAN Segmentation. Best Regards, Huaimo ________________________________ From: Idr <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>> on behalf of Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>> Sent: Thursday, March 19, 2020 1:22 PM To: idr@ietf.org<mailto:idr@ietf.org> <idr@ietf.org<mailto:idr@ietf.org>> Cc: bess@ietf.org<mailto:bess@ietf.org> <bess@ietf.org<mailto:bess@ietf.org>> Subject: [Idr] FW: Is there any problem of using Private AS as "Identifier" to differentiate SD-WAN Segmentation for draft-dunbar-bess-bgp-sdwan-usage? BGP Experts, Do you know if there is any problem of using Private AS as "Identifier" to differentiate SD-WAN Segmentation? Here is the discussion in BESS WG. Want to get IDR WG feedbacks for this question. Thank you. Linda From: Linda Dunbar Sent: Thursday, March 19, 2020 11:54 AM To: Najem, Basil <basil.najem@bell.ca<mailto:basil.najem@bell.ca>>; bess@ietf.org<mailto:bess@ietf.org> Cc: draft-dunbar-bess-bgp-sdwan-usage@ietf.org<mailto:draft-dunbar-bess-bgp-sdwan-usage@ietf.org> Subject: Is there any problem of using Private AS as "Identifier" to differentiate SD-WAN Segmentation for draft-dunbar-bess-bgp-sdwan-usage? Based on Basil’s comment on needing an identifier to differentiate SDWAN instances, I added a section to draft-dunbar-bess-bgp-sdwan-usage . Want to hear people’s feedback. 3.1 Requirements 3.1.1Supporting Multiple SDWAN Segmentations The term “network segmentation” is used extensively in SDWAN deployment. In general (and in this document), the “Network Segmentation” is referring to the process of dividing the network into logical sub-networks using isolation techniques on a forwarding device such as a switch, router, or firewall. For a homogeneous network, such as MPLS VPN or Layer 2 network, VRF or VLAN are used to separate network segments. As SDWAN is an overlay network arching over multiple types of networks, it is important to have distinct identifiers to differentiate SDWAN network instances (or segmentations). When different SDWAN network segments do not have their own assigned AS numbers, a very easy way is to use Private AS numbers, in the range of 64512 to 65535, to differentiate different SDWAN segmentations. When using BGP to control the SDWAN networks, the Private AS numbers are carried by the BGP UPDATE messages to their corresponding RRs. Greatly appreciate any feedback on this description. Is there any scenario that Private AS cannot be used? Thank you very much. Linda Dunbar From: Najem, Basil <basil.najem@bell.ca<mailto:basil.najem@bell.ca>> Sent: Friday, February 7, 2020 3:02 PM To: Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>>; bess@ietf.org<mailto:bess@ietf.org> Cc: draft-dunbar-bess-bgp-sdwan-usage@ietf.org<mailto:draft-dunbar-bess-bgp-sdwan-usage@ietf.org> Subject: RE: solicit feedback on draft-dunbar-bess-bgp-sdwan-usage description of using BGP UPDATE messages to achieve SD-WAN Application Based Segmentation Hi Linda; The SD-WAN Segment is part of the SD-WAN fabric; in other words, there could be more than one Segment over a single underlay depending on the design and the business requirements. Each Segment represents a single and an isolated L3 domain; therefore, I suggested that we may need to include the Segment ID in the BGP update messages in order to identify and build the routing the table for each Segment (based on the Segment ID). Hope this helps. Regards; Basil From: Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>> Sent: February-03-20 10:40 AM To: Najem, Basil <basil.najem@bell.ca<mailto:basil.najem@bell.ca>>; bess@ietf.org<mailto:bess@ietf.org> Cc: draft-dunbar-bess-bgp-sdwan-usage@ietf.org<mailto:draft-dunbar-bess-bgp-sdwan-usage@ietf.org> Subject: [EXT]RE: solicit feedback on draft-dunbar-bess-bgp-sdwan-usage description of using BGP UPDATE messages to achieve SD-WAN Application Based Segmentation Basil, Thank you very much for the comments. Your suggested wording change will be incorporated in the next revision. As for your suggestion of Segment and Segment ID of a SDWAN node (to be included in the BGP UPDATE), does the “Segment” mean the different Underlay? In the figure below, C-PE1 has 3 WAN ports: 2 to MPLS network and 1 to Public Internet. Do you mean C-PE1 has 3 WAN “segments”? If not, can you elaborate more? [cid:image001..png@01D5FDE3.587A47F0] Thanks, Linda From: Najem, Basil <basil.najem@bell.ca<mailto:basil.najem@bell.ca>> Sent: Sunday, February 02, 2020 5:48 PM To: Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>>; bess@ietf.org<mailto:bess@ietf.org> Cc: draft-dunbar-bess-bgp-sdwan-usage@ietf.org<mailto:draft-dunbar-bess-bgp-sdwan-usage@ietf.org> Subject: RE: solicit feedback on draft-dunbar-bess-bgp-sdwan-usage description of using BGP UPDATE messages to achieve SD-WAN Application Based Segmentation Hello Linda; I haven’t gone through the entire document; however, I have the following quick comments 1. Regarding the following paragraph: 1. Augment of transport, which refers to utilizing overlay paths over different underlay networks. Very often there are multiple parallel overlay paths between any two SDWAN edges, some of which are private networks over which traffic can traverse without encryption, others require encryption, e.g. over untrusted public networks. The traffic that traverses the privet networks can be either encrypted or unecrypted (in other words, the assumption that the traffic is NOT encrypted is not always correct). I would change the parpagaph to the following (for clarity): 1. Augment of transport, which refers to utilizing overlay paths over different underlay networks. Very often there are multiple parallel overlay paths between any two SDWAN edges, some of which are private networks over which traffic can traverse with or without encryption, others require encryption, e.g. over untrusted public networks. 1. Another thing that we need to discuss is the Segment ID; each Segment (at the SD-WAN Edge) MUST have an ID. The SD-WAN Policy will map the Application Flow to the Segment. Since the Segment is a “routing domain”, the BGP update will be exchanged with the memebers of a particular Segment. As such: Should we include the Segment ID as an attribute in the BGP update messages? Perhaps we need to further discuss this in details. Any feedback is welcomed and it’s highly appreciated. Regards; Basil From: Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>> Sent: January-31-20 5:17 PM To: bess@ietf.org<mailto:bess@ietf.org> Cc: draft-dunbar-bess-bgp-sdwan-usage@ietf.org<mailto:draft-dunbar-bess-bgp-sdwan-usage@ietf.org> Subject: [EXT]solicit feedback on draft-dunbar-bess-bgp-sdwan-usage description of using BGP UPDATE messages to achieve SD-WAN Application Based Segmentation BESS participants: “SDWAN” networks is characterized by: 1. Augment of transport, which refers to utilizing overlay paths over different underlay networks. Very often there are multiple parallel overlay paths between any two SDWAN edges, some of which are private networks over which traffic can traverse without encryption, others require encryption, e.g. over untrusted public networks. 2. Enable direct Internet access from remote sites, instead hauling all traffic to Corporate HQ for centralized policy control. 3. Some traffic are routed based on application IDs instead of based on destination IP addresses. https://datatracker.ietf.org/doc/draft-dunbar-bess-bgp-sdwan-usage/<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-dunbar-bess-bgp-sdwan-usage%2F&data=02%7C01%7Clinda.dunbar%40futurewei.com%7Caf554cc9ce6b44b8267608d7cc5f7fcb%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637202582862902790&sdata=FBCyAo0FjPczNS3BJsMOveEck0RbWEST7%2FSDolaeJVw%3D&reserved=0> describes examples of using BGP UPDATE messages to achieve the SDWAN Application Based Segmentation, assuming that the applications are assigned with unique IP addresses. In the Figure below, the following BGP Updates can be advertised to ensure that Payment Application only communicates with the Payment Gateway: [cid:image002..png@01D5FDE3.587A47F0] BGP UPDATE #1 from C-PE2 to RR for the RED P2P topology (only propagated to Payment GW node: - MP-NLRI Path Attribute: * 30.1.1.x/24 - Tunnel Encap Path Attribute * IPsec Attributes for PaymentGW ->C-PE2 BGP UPDATE #2 from C-PE2 to RR for the routes to be reached by Purple: - MP-NLRI Path Attribute: * 10.1.x.x * 12.4.x.x - TunnelEncap Path Attribute: * Any node to C-PE2 Your feedback is greatly appreciated. Thank you very much. Linda Dunbar ________________________________ External Email: Please use caution when opening links and attachments / Courriel externe: Soyez prudent avec les liens et documents joints ________________________________ External Email: Please use caution when opening links and attachments / Courriel externe: Soyez prudent avec les liens et documents joints
- [bess] Request for WG Adoption for draft-dunbar-b… Linda Dunbar
- Re: [bess] Request for WG Adoption for draft-dunb… Mankamana Mishra (mankamis)