Re: [bess] Queries and comments on draft-ietf-bess-bgp-sdwan-usage
Linda Dunbar <linda.dunbar@futurewei.com> Wed, 06 March 2024 20:22 UTC
Return-Path: <linda.dunbar@futurewei.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C988FC14F5E8; Wed, 6 Mar 2024 12:22:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.76
X-Spam-Level:
X-Spam-Status: No, score=-5.76 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Oa7dp_V3oPX4; Wed, 6 Mar 2024 12:22:06 -0800 (PST)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2100.outbound.protection.outlook.com [40.107.236.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CB67C14F5F9; Wed, 6 Mar 2024 12:21:37 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LQndeQUeBw3Zw5gHXLI4bx/0isvW6j4ckffT5fIM1GhKdFGdHusBdeVQtozVO1beTW1fPGD9xzvnQcaf9H5tva1m/abzv19mBObg9rR6/hUiEr1qj4NGzvewCKgKTklNlGDvCpqwMN/Mx3rDL8z0GreCw1Ymi23SyZ8URDpq+pMtqLqx8Scy27aJ+B8JXFMfJocT6jR62x1zgjcYg4JEdtLFnfu0VikyrpAAgrbb6wBCRqJr+mqLyhWKMZBoYTBiAEzaJui1S34bNr6HJau/40dSdyhQdI5Hi6ThF0DmR6kOWjVX8fYeqb+HwF6wFstUtsmR5vhWnCtncBhFOIL3sQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5jKQ7dl7383X1dOvvVedApCW9zsCcoAPtt0Oq4rIedg=; b=AfEbvhhuzFTlenvN5FR4H6kv373F5aQdTLyQr+vbPwstNu1HFFo4/101ckmZn8hQ4/yOzb6iMjKEy27NgAg7jzZtJcEYuuEX3l41te4ludvm4v8OsjeTWQ7PStyUMz3++J8Lr2pdBmSjfuqIX/RIW4zsnsoFfzq3CBuNKXRzplcBNZq6VszI5SaR1aGr6/L/pzXC3OaH5jGjC66st/Az9NvBS+vku5Zzj9FJ8xvfz5+wybdHvIdApI0jaIUib4pG+oKH2psR9qghUxJVw8kfLCHlDDEHRzOg59r37Zs0qLUjI3XTn+QPjFgeTiar/UXbz1iy0Ik+Rzihy4m9SjeJyQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5jKQ7dl7383X1dOvvVedApCW9zsCcoAPtt0Oq4rIedg=; b=VRQzLYzlFvSLFCHZQU3Vpo+iIL7Nf7sg2kGbN894DSyX5K/VtBhmgxDBtfPteaV3nqiUcQ3G/g+LCMaOSMWR2zMe+jeydIbNFrrsuOcMC07dnmdcrA+3d37cD1c/Lsiib6DL7I0GupB1zCjFs/2po9cGdWj13YUBOQEYc4Exbow=
Received: from CO1PR13MB4920.namprd13.prod.outlook.com (2603:10b6:303:f7::17) by SA0PR13MB3919.namprd13.prod.outlook.com (2603:10b6:806:71::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.24; Wed, 6 Mar 2024 20:21:33 +0000
Received: from CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::3964:b284:7035:fa48]) by CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::3964:b284:7035:fa48%7]) with mapi id 15.20.7339.035; Wed, 6 Mar 2024 20:21:33 +0000
From: Linda Dunbar <linda.dunbar@futurewei.com>
To: "Dikshit, Saumya" <saumya.dikshit@hpe.com>, "sajassi@gmail.com" <sajassi@gmail.com>, John E Drake <jdrake@juniper.net>, "basil.najem@bell.ca" <basil.najem@bell.ca>
CC: "bess-chairs@ietf.org" <bess-chairs@ietf.org>, "bess@ietf.org" <bess@ietf.org>
Thread-Topic: Queries and comments on draft-ietf-bess-bgp-sdwan-usage
Thread-Index: Adpvds7qlOURR1WrQ2uKNB+cBD1VTAAbB7Tg
Date: Wed, 06 Mar 2024 20:21:32 +0000
Message-ID: <CO1PR13MB49204D1956E2C6C4FC8ABCE585212@CO1PR13MB4920.namprd13.prod.outlook.com>
References: <SJ0PR84MB2110B2F233F98D6408B975E794212@SJ0PR84MB2110.NAMPRD84.PROD.OUTLOOK.COM>
In-Reply-To: <SJ0PR84MB2110B2F233F98D6408B975E794212@SJ0PR84MB2110.NAMPRD84.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=futurewei.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO1PR13MB4920:EE_|SA0PR13MB3919:EE_
x-ms-office365-filtering-correlation-id: c718bb12-0eb7-40db-ae84-08dc3e1b03e4
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0O8xvsGt292L9POE+UdTz/0AC9BDlY1SaFPqyEePj/aeU3/CwLjfqNZhYe0ZrkoPsQgBW8m7xbQg1j8LWfeWoDtY3g3Cd75Ox87xXgtOD8lwXoY2RT3Eo0uPgEIIBOyP2j1V3FLh7by6rw6vrQeh+VIu6gL5ic8lNpm0fzKW6Ieh89cExuOfJreoJImcdSEAG6zdg64qSYGGEGMh6TfYPax+u68+XTwzSqZKftZdcDkg74HOflTAuYiCOJR30W8yL+lpPA7QIwQfAS+Z6m00m+Q+lc1khry1eb+e7BIPTLzydroIchIKcBP3tjNxOX/2X735Yn4tnyYTTsLHA7p5on8hqWrGdfAQ+wdCM4F5KeSHwSPz4S30yd6QHOUltbh6IMSVxA9eV7w3/K8ohko1VnFc5MqNkSjHGrtOc9unaj7wMlLm6WbCtuHez/XeCKOnvOka7nC/xIrtiY7tSe5mVaIr1dl8OeDxSp/Ftgt1U5s0FsBWPQdNC8+AdRqPheIWuQRSJwFPvARTSr6faInFFicP7pD+OQrqwsPF4Sa7wqzuJjdeiXeWiFe7cbze4A5r7QjNX3O8F9RBiTFkkiNkL2/td1zrnb4GuI6pzjj/yonW4wVxVjaxpjrC6vGuClqUmTSrHkjsBazE+3Hy4WNKm8X5hAdCuMwXXl/wvfJuW8E=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR13MB4920.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: qoeYV5YoDWD6QETLtXd6KpQHNCw/fbMHdGIAiNNr/5IXe+XMQBW7b2VCNbrFCNds/4fA5t0BkGr1PlE+av6WD+4a6xFtvd6vQtjmAqjlqTDyRuL1gCx83iVpRTaicuy2vQnELCgt5xakjRkXhTgUX3fCcN5FFJm7t5B5XI8O9yrg5C+sFW5S2Bx/V0c+7iCguxJc1mhDXQINyDu+Kf7ANGFqe7JG7JuUR2/3tXUuvet4BgSErLxPqF+r25FnxZejS8tvoXdkvt8AwoEuza0dqd+SFYItsp/tEKEqBoOkyPzHmGSNop4iqzhMDVlurFBYkT+sbTqxGU4Sqw705/0bMkoErynDxSRPT7cgfnLM3vHuytD1gdynn99qchSzHJRi6GAwC7vE2uYJgkah/j/juhs0/lZIwDcTOB422M+Ob/ew7wGZnILXzAMx5ho6JZ3nUdsWIXjWQDu9e3WtWjx8mTKcR9YpUcV1HHhhuINblyNFlddOKB0UAcdKc8b1P8kI0Oel98TWwHzUUTGZRrG65LGT4B5dHrwNFmRwrMqxK0rLXpuAXEl64SXQzRgbL40qKyUs5eEotasLwevK7u782SpS5wORhriOe5uyajwCYLy0twQyufI/8MySTFjhE5dZz7j6/2kxWRuCZOat1yNhfvgVMKmZqNdTuuOWnaYUbmOTvpFPAP5YYVerGTi3PFeP+A3H5S6avDugpYqepuO1WF1J/7C1tp0lewmeqlQqyDqIF/ljzEeQQAvTzuo4SRfpWI0Lot5+sw8ta2WpaOePxNoGLy/XGZFIckRQD646v8whNq0cKabfxxivMCZXZh6ClSxy6V7A66YnbuDiPQxukRDKBfoc1KDf0occKNIC8eyRtGKIabHDAi3ocOzKto1oah5D4gp3FInm3IiMU0QhEzIHE6zu6FW7eIkFMLQh9v9eo+8TINkPV1Zom4nTeOKvNfmEs8h7arODtCGYKcEj6ECUfG4c1KCd9ZBp7QZcGVCinUu4Q+YFQ5QFiE6uShXYW0LqCokioxgaymQN21/B5yDP0lZOETVHxqOs7qna8uDyD4Jyk8Ca2FpMMLUrkItyEGRogPzQm0GHQOkoRCJopRaY8JrDn0oJGgZG+398FFyxZ3fP+AoV3lk/i2MfTnsN511kaqqLcwMuDwuWqWGgxHEhD5f3Oz4suWLt1kSCehR19FOjTAncs/jIPCJfwWc8NJ0/W/Yw7kWbX/2zYlx9Mdu7ci1rMUDO4U1A3x3FSwB7O8b9XHHePH1CRp8hfhZK16ck4EH6lVbXyKMxM1miUYPTg5fS/eyrxUoXBZBFI082+30Kuwcq9MHWjkNkiGayy2zDwA31dIYEnev1xkMxZkB3jbAPlZlNYdRobEpA8JGooe5HLQtxujIRTuW+llkd4QEoFlSQqUVeAT8Q/6G1Mjg3hj45nTxT1CwXVywJKxKLP/VLPgdX3Zhe88vKKs8RqRWQG/kS6OTM/YsJkpIAYBXqxui+NKSMrwK5IUiKdC6QLKTDycWoRGTcVzOHvfzgYP4TXoED+62KeNCVDwSLGlk0jFGlcol2g5A8TSfNoA7ZK09BqFf/0LoHv7tJg8BI
Content-Type: multipart/alternative; boundary="_000_CO1PR13MB49204D1956E2C6C4FC8ABCE585212CO1PR13MB4920namp_"
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR13MB4920.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c718bb12-0eb7-40db-ae84-08dc3e1b03e4
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Mar 2024 20:21:32.9884 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: yd84nJ+RVAjzpsRcOO3c2MNcfSdh8ilWVq/IgZ8D+R3kdHtyYAIb5KS7DKRYWKbg/IhzwSbDmDv5q5LJhLb3uQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR13MB3919
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/cBSyJCdgTAmlm6FYWpjDgHYjrmw>
Subject: Re: [bess] Queries and comments on draft-ietf-bess-bgp-sdwan-usage
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Mar 2024 20:22:09 -0000
Saumya, Thank you very much for reviewing the document and providing the comments. Please see the detailed resolutions to your comments below. Linda From: Dikshit, Saumya Sent: Sunday, March 3, 2024 5:14 PM To: Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>>; sajassi@gmail.com<mailto:sajassi@gmail.com>; John E Drake <jdrake@juniper.net<mailto:jdrake@juniper.net>>; basil.najem@bell.ca<mailto:basil.najem@bell.ca> Cc: bess-chairs@ietf.org<mailto:bess-chairs@ietf.org>; bess@ietf.org<mailto:bess@ietf.org> Subject: Queries and comments on draft-ietf-bess-bgp-sdwan-usage-20 Hello Authors of draft-ietf-bess-bgp-sdwan-usage, I have following comments/queries: >>> https://datatracker.ietf.org/doc/html/draft-ietf-bess-bgp-sdwan-usage-20#section-1: "over one or more underlay connectivity services by recognizing applications and determining forwarding" [SD] "Underlay" is being very generic ? it can be hierarchy of overlays on top of which "real security overlay is provisioned between the SD0WAN end points". I think it should be changed. [Linda] some underlay paths are provider VPN, some underlay paths are unsecure network. Over unsecure networks, IPsec tunnel needs to be established. It is out of the scope of this document to analyze the underlay details. Details of the various underlay can be found in the reference MEF70.1. >>> https://datatracker.ietf.org/doc/html/draft-ietf-bess-bgp-sdwan-usage-20#section-3.1.1 "As SD-WAN is an overlay network arching over multiple types of networks, MPLS L2VPN[RFC4761][RFC4762<https://datatracker.ietf.org/doc/html/rfc4762>]/L3VPN[RFC4364][RFC4659<https://datatracker.ietf.org/doc/html/rfc4659>] or pure L2 underlay can continue using the VPN ID (Virtual Private Network Identifier), VN-ID (Virtual Network Identifier), or VLAN (Virtual LAN) in the data plane to differentiate packets belonging to different SD-WAN VPNs. [SD] Why only native MPLS VPNs. EVPN based MPLS or over Vxlan fabric can also be extended over IPSec, or underlying MPLS underlay. [Linda] Yes, they can all go over IPsec tunnel, that is the Scenario #1 (Section 3.2). However IPsec requires extensive processing, that is why the draft has Scenario #2. >>> https://datatracker.ietf.org/doc/html/draft-ietf-bess-bgp-sdwan-usage-20#section-3.1.3 [SD] The section should explicitly mention, "dynamically provisioned policies based on evolving security threats and service provisioning" and also "dynamic segmentation" [Linda] What is the Dynamic Segmentation? Can you provide some wording to use? >>> https://datatracker.ietf.org/doc/html/draft-ietf-bess-bgp-sdwan-usage-20#section-3.1.5: "Each edge node informs the Route-Reflector (RR) [RFC4456<https://datatracker.ietf.org/doc/html/rfc4456>] on its interested SD-WAN VPNs. The RR only propagates the BGP UPDATE from an edge to others within the same SD-WAN VPN." [SD] Route-Reflector should be generalized to include Route-Servers in a over-the-WAN deployment of network fabrics. This may involve BGP instances deployments in different ASs (eBGP) [Linda] The wording has been changed to per AD review and comments: "Route-Reflector (RR) [RFC4456], as an integral part of the SD-WAN controller, has the policy governing communication among peers. The RR only propagates the BGP UPDATE from an edge to others within the same SD-WAN VPN." >>> https://datatracker.ietf.org/doc/html/draft-ietf-bess-bgp-sdwan-usage-20#section-3.1 [SD] there is not requirement "scope for optimization of client routes at the WAN Gateway in the control plane" as the CE device can be lowly scaled w.r.t to FIB/RIB tables and performance/convergence of control plane. This one is not specific to dataplane/traffic optimization [Linda] Interesting. Can you elaborate more? Is it related to using BGP as control plane for SD-WAN? >>> https://datatracker.ietf.org/doc/html/draft-ietf-bess-bgp-sdwan-usage-20#section-4.1 : Client Service Provisioning Model [SD] Aggregation/Summarization of routes is an integral part of client provisioning [Linda] Yes. Add your suggested wording. >>> https://datatracker.ietf.org/doc/html/draft-ietf-bess-bgp-sdwan-usage-20#section-5.1: Why BGP as Control Plane for SD-WAN? [SD] One organic reason is that BPG is a tcp based protocol and hence can easily align with TLS based security. [Linda] Very good point, add your suggested wording. Regards, Saumya.
- Re: [bess] Queries and comments on draft-ietf-bes… Dikshit, Saumya
- Re: [bess] Queries and comments on draft-ietf-bes… Linda Dunbar
- Re: [bess] Queries and comments on draft-ietf-bes… Dikshit, Saumya
- Re: [bess] Queries and comments on draft-ietf-bes… Dikshit, Saumya
- Re: [bess] Queries and comments on draft-ietf-bes… Dikshit, Saumya
- Re: [bess] Queries and comments on draft-ietf-bes… Dikshit, Saumya
- Re: [bess] Queries and comments on draft-ietf-bes… Linda Dunbar