IETF Logo Mail Archive

Re: [bess] Benoit Claise's Discuss on draft-ietf-bess-mvpn-extranet-04: (with DISCUSS and COMMENT)

Eric C Rosen <erosen@juniper.net> Mon, 21 December 2015 19:58 UTC

Return-Path: <erosen@juniper.net>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 955B31ACC7F; Mon, 21 Dec 2015 11:58:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.798
X-Spam-Level:
X-Spam-Status: No, score=0.798 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4uSZgALEQHna; Mon, 21 Dec 2015 11:58:46 -0800 (PST)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0126.outbound.protection.outlook.com [207.46.100.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A7751ACC72; Mon, 21 Dec 2015 11:58:46 -0800 (PST)
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=erosen@juniper.net;
Received: from [172.29.33.26] (66.129.241.10) by BLUPR0501MB2004.namprd05.prod.outlook.com (10.164.22.30) with Microsoft SMTP Server (TLS) id 15.1.361.13; Mon, 21 Dec 2015 19:58:40 +0000
To: Susan Hares <shares@ndzh.com>, 'Benoit Claise' <bclaise@cisco.com>, 'The IESG' <iesg@ietf.org>
References: <20151217133049.1038.44405.idtracker@ietfa.amsl.com> <56741869.5020505@juniper.net> <00af01d139c6$898fb720$9caf2560$@ndzh.com>
From: Eric C Rosen <erosen@juniper.net>
Message-ID: <567859EC.6030103@juniper.net>
Date: Mon, 21 Dec 2015 14:58:36 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <00af01d139c6$898fb720$9caf2560$@ndzh.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [66.129.241.10]
X-ClientProxiedBy: BY1PR18CA0023.namprd18.prod.outlook.com (25.162.126.33) To BLUPR0501MB2004.namprd05.prod.outlook.com (25.164.22.30)
X-Microsoft-Exchange-Diagnostics: 1; BLUPR0501MB2004; 2:YX8q2a/P7mZM9+1Jg4aWQFHE1yBXWxjXhumgMIhNJ5ZsHADyC3CQlmKcfnZn/JGQHzp0ZgDzUtWXY3xHbh59HrkjAFeER6iK2st8bJTcekiUbRfx5ZDtS+v+I9m1KL6lgEV9REBKk2hZkggq/A+LOg==; 3:PR4BMgysAu7SpSpM3rsHlACf4sTnskYbfe6PElVG+CkE374P6tZQPG7HQGasSvf1yuAA5ERnADqlxHBYMOyZrVwjsSmOiJEHCecmkHt73CKYZdBsIsZEAmdJ627h61mt; 25:1XFIFmjf1epzC/USXk3JCyP/LphoYvtsQ14ym/xor6iTsDGiv2lMNpNJ88udpR62saCYJwEExXGGeO4V2a0EFGUhLRjvZZDzSo7TTiTgcesf/RGSIbygrYBnjEdu9cZks4n0r3D0E9YylAmzXrSPEsrc86cGAnPPwVjLIf4xsW6pNs7uprThFE8lSfT59aCKzP/nsm0zWKvOq1Mw6725JHWrqgbwqEdb0chMlh3yz2Ih/XKFqRU92Rx16MCneVx93pMqd2AQAkfU6zN9vBxE/w==
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR0501MB2004;
X-Microsoft-Exchange-Diagnostics: 1; BLUPR0501MB2004; 20:eHko4aRveUN+g2/6MucudWfz9PRMR6SSyO2ju+GTJQetgkT06d6E/e6gt38dXID5Zvh9+9doIASozvm13ERHPbakcb95ofVBL8cCtjduWZRXKRhfP2HWbx/lGJ8sg/cUP7pEvUYyyl1HNfOALoioF9TKISPz2uyQHtEFT7wSygBwlSzVviwubdpOB0ddPCT16ceTViw3su8uRWnjz4pgbU6gYdvx6CokVmNZAh82DRFFXqAu7jdFPp5cB2y1CDkkBikVfkaDx/+jmpknk+SX1rEwkp+2AVCISOkTjcLxIWeuhx2dtpXrR54udFlapFyLVNsBsMIXuHTnlq7s1iQk1tyO/CGyb/OmziuRRHej7sDv39uUbV5k/nmHpHB6zsWxrL2pfsYLfW50JC19bGjWPFlXsFoeINwIJwGNSZXLCCG9c9JfTwn+p3Qjzwz9KrS28/5SvqxLK/Yx9J/mepEFeS0Ic9JVCNc0pi5lBy68+pLNGuIl/g/D03KQElKfuXP4; 4:SP5t6kg3xAPvHwTmeDrCgLsaIPR+aLH7BtW6eh9kJ3o3d8FroUc3PyQA5BzSH146z7XNuGx/ltSuCM0PnHrXVxcv8E3wnlXmDmg53PFK/n7vrR/fqGi8DYz4rUx3EkEOkSUOMhsBFF67jFJ1duz8J8o340BjKPVxzU6/f7RrCAc7EwpyZWaiQDAhIfyhcHK/gjxklNYdDvllwGZWacMA1mdFeBFu6kg3Rcd6UuV/FI/tmh8eSTOJifw9dFbPWVzRZx1avLQJuZD6mtV+6e46+dxQ9wevfBhXX8xl8dFPSat2Qchoeej834NyMILMJLn3Ql47b1KAkll8d7axDVeS2AaWvrGW9fvxBoQOcgBSyJOUcIqjfobyqbtOWAf49Gb3
X-Microsoft-Antispam-PRVS: <BLUPR0501MB20047012972A34CC2EFF4DD2D4E40@BLUPR0501MB2004.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(520078)(5005006)(8121501046)(3002001)(10201501046); SRVR:BLUPR0501MB2004; BCL:0; PCL:0; RULEID:; SRVR:BLUPR0501MB2004;
X-Forefront-PRVS: 079756C6B9
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6009001)(6049001)(189002)(76104003)(199003)(76176999)(189998001)(1096002)(586003)(5008740100001)(3846002)(99136001)(6116002)(86362001)(5001770100001)(59896002)(230700001)(5001960100002)(97736004)(50466002)(5004730100002)(105586002)(65816999)(80316001)(54356999)(50986999)(230783001)(2950100001)(106356001)(42186005)(77096005)(47776003)(83506001)(33656002)(87976001)(65956001)(92566002)(101416001)(40100003)(122386002)(81156007)(65806001)(36756003)(4001350100001)(66066001)(87266999)(64126003)(23676002); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR0501MB2004; H:[172.29.33.26]; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Received-SPF: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1;BLUPR0501MB2004;23:QxICKa9cz3INHRarW/qKf+qhMQuCq+U9TyFVows80o79qive4QLKegk5BahgAVTPFiP1yYFi9DMSpTfnXSn5e4v53jEZYQBJP2giEFMHM3wS6BrCQFccNelo4cp157AEVwY/f9ruVvjo9QxPz7CRKGTL5jk00QkGvc/mgLZKENJet19vGQTkqqMOUfKPeVjyKq+wbBEltkS9imwrZRg/KXTuOiRONCTMh5CjEDiDs97qHWOC9Oh/PjeDraYcPXWlgPOIe+4q2NimZJa921jgkg1UUU5fXgJf5FV0ZApMmIi9+vH1aQGLp3oPA/Sg6gRFqIrDva1f1D5mbGBhw4zo51PGSmtzxr99al8IABl+uV2mz83LsTR8rkvz7YCxU+lax9LAlUPjVQKc5CuOn0NIyzOFdqeMKNFxZIeCob6/VMUBTJ6OdsiFWl+DjTCVs0F0sv29KTw0R53n1KAzIPgNEmRl8cp8+AUPVVHXzZa3z83VgKY+u9Eoj/t+MMBKpessRxHO0I3rNAS1oZHVQplQBlAK480Go9Jp+KwCMmfeoGpVLYINr1Fl5AmyHIcVELMZqETEw2aNIwXGo+c1nU0ytL5saoTJ7ONGG3IxOS+9o6Oufg1b7qqNZqjnvbJOK1nmdLccO4iWesQhdrbN/8Knh/ZGuIDtqUIWFmOyIFzKTnwZsisWCpApsp0hMuDk4JSnDhUatpKiwyoEnOBOemEIW/E39M374v6cB5vQ1Vinrsmbx3apVYqSAx/kRniDzNw3eZyQ2yElY2qXRWO5klK0x0gwPh6an7Dqa2N0fRlCZWr/ERcf/ZPWulHsx/MmeiCaWv/QyUIfJOONZwaJSJ7z2Jh2nuFirl+BpCtthODsGgIxeesbbxoJUgYbwyJF3WK2G9QVr3yxJwnQiV8UdGN5Pz8zzVCDE+MI+mJbZKBSPj+3YYAdmsr0G4JvQfnR/td72i9ijmjJc1BWqrUb0mfj1OmnbUB1wnTffOYN9j3w/RqiAStCex/nK9Cofb14fJMgiw0fSIbqXl3M7Sa82MhMvwaEReBIsFENd5CRQnLpuEjkRFOA4iKWHRea4YwkdWxkz/AdfEIHYD9m7NOuVMWhGBqIwmPCoUliOzA9xJeDN4gDdkQK/BTTiRuxh8+C7EScp7W6q7vV1ckV+EUtuCV2AojDxSHPQA6phnDC8YddCARs3MdBL0u0mOgaNjLMC8EWc1Oa7Pr7y+Ua5Cw0cjg0rQ==
X-Microsoft-Exchange-Diagnostics: 1; BLUPR0501MB2004; 5:YMxQ4kOJxUFlMjpbFxms+7OiKnHAhIW7yfPJx8eelYOK/T4cuR36A8Gu6q962+EiDSC9qyI8Vi/uLXVQ3XUgUfajZitWoyg16ZddUC7Qsud/jc7CZHH0ryuCHiYHSywdjnvU0qCCicld0vJy+zWaxQ==; 24:OXCX/oVqjP1lx1bkP59477de/qaFYUqjFiUTS1+D1/RMfVH4m6YjLpsB9mwg27s3ROs96itRnLm9eF4gLmWl9J2CXL3GlLgzhnT2axFDUO8=
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Dec 2015 19:58:40.4407 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR0501MB2004
Archived-At: <http://mailarchive.ietf.org/arch/msg/bess/lMU5sBqGoddS6Ed7q60JFaoTrmk>
Cc: aretana@cisco.com, bess-chairs@ietf.org, draft-ietf-bess-mvpn-extranet@ietf.org, martin.vigoureux@alcatel-lucent.com, bess@ietf.org
Subject: Re: [bess] Benoit Claise's Discuss on draft-ietf-bess-mvpn-extranet-04: (with DISCUSS and COMMENT)
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Dec 2015 19:58:48 -0000

Sue,

With regard to the issues re extended communities, you say "I cannot 
tell from your description what fields exist or the values in these two 
communities".

Per RFC 4360, an EC consists of a type field, possibly a sub-type field, 
and a value field.  The two ECs are defined to be Transitive Opaque 
Extended Communities.  Per RFC 7153, the codepoint to place in the type 
field of a Transitive Opaque Extended Community can be found in the IANA 
registry "BGP Transitive Extended Community Types".  Also per RFC 7153, 
the codepoints to placed in the sub-type field of a Transitive Opaque 
Extended Community can be found in the IANA registry "Transitive Opaque 
Extended Community Sub-Types", and the document requests IANA to make 
these two sub-type assignments. The text of the extranet draft says, in 
both cases, that the value field is to be set to zero.  Thus the fields 
and values are already clearly specified.  However, I did neglect to add 
normative references to RFC 4360 and RFC 7153.

I will add normative references to both RFC 4360 and RFC 7153 to the 
sections defining the two new ECs.

I'll modify the text a bit to make it clearer that the value field of 
the ECs MUST be set to zero, MUST be left unchanged during propagation, 
and MUST be ignored upon reception.

With regard to deployment considerations ...

Sue> What is necessary for the OPS/NM directorate review is a summary 
deployment section to guide operations on deployment tools, tips, and 
constraints.

I am not aware of any IETF requirement to include such a section.

Sue> Management of OAM overlays is a necessary part of understanding a 
protocol which is based 50+ pages of rules.  Do you believe this 
protocol can operate without standard monitoring or provisioning tools?

Certainly the protocol can operate without standard tools.  Numerous 
deployments of Extranet MVPN have been operating for years without 
standard tools.  Whether provisioning and/or monitoring tools need to be 
standardized is orthogonal to anything in this document.

It might be nice for operators to have tools to verify whether their 
provisioning and their device configurations have been done correctly, 
but the design of such tools is certainly outside the scope of this 
document.

Sue> you indicate that if the rules/constraints in this complex overlay 
of rules are violated (p. 11, 12, 19), and especially p. 19 in section 
2.3.2 which indicates a priori knowledge, inability to detect.

Whenever a VPN is provisioned, there is a risk that provisioning errors 
will result in an unintended cross-connection of VPNs, which would 
create a security problem for the customers.  Extranet can be 
particularly tricky, as it intentionally cross-connects VPNs, but in a 
manner that is intended to be strictly limited by policy.  If one is 
connecting two VPNs that have overlapping address spaces, one has to be 
sure that the inter-VPN traffic isn't to/from the part of the address 
space that is in the overlap.  The draft discusses a lot of the corner 
cases, and a lot of the scenarios in which things can go wrong.  But it 
is not intended to be an "operator's guide to provisioning and 
configuring extranet MVPN."

With regard to section 2.3.2, the point is the following.  If one is 
deploying hardware that cannot implement the "discard multicast flows 
that are received on the wrong tunnel" procedures, then one has to 
provision the extranet to limit the ways in which multiple flows can be 
aggregated into a single tunnel.  Section 2.3.2 also points out that one 
cannot tell from inspection of the control messages whether this 
provisioning has been done correctly. Operators worried about whether 
their provisioning systems are up to the task may choose to deploy 
equipment that can do the "discard multicast flows from the wrong 
tunnel" procedures.

Sue> What is necessary for the OPS/NM directorate review is a summary 
deployment section to guide operations on deployment tools, tips, and 
constraints.  3+ paragraphs in 1 section.

I'm still perplexed about what you are asking for, or about what you 
think these "3 paragraphs" would say.  The draft has extensive 
discussion of deployment constraints.  There is no IETF requirement for 
a document of this sort to include a "tips and tools" section; that is 
clearly out of scope.

Eric

v2.23.0 | Report a Bug | By Email