Re: [bess] Benoit Claise's Discuss on draft-ietf-bess-mvpn-extranet-04: (with DISCUSS and COMMENT)
Eric C Rosen <erosen@juniper.net> Mon, 21 December 2015 19:58 UTC
Return-Path: <erosen@juniper.net>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 955B31ACC7F; Mon, 21 Dec 2015 11:58:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.798
X-Spam-Level:
X-Spam-Status: No, score=0.798 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4uSZgALEQHna; Mon, 21 Dec 2015 11:58:46 -0800 (PST)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0126.outbound.protection.outlook.com [207.46.100.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A7751ACC72; Mon, 21 Dec 2015 11:58:46 -0800 (PST)
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=erosen@juniper.net;
Received: from [172.29.33.26] (66.129.241.10) by BLUPR0501MB2004.namprd05.prod.outlook.com (10.164.22.30) with Microsoft SMTP Server (TLS) id 15.1.361.13; Mon, 21 Dec 2015 19:58:40 +0000
To: Susan Hares <shares@ndzh.com>, 'Benoit Claise' <bclaise@cisco.com>, 'The IESG' <iesg@ietf.org>
References: <20151217133049.1038.44405.idtracker@ietfa.amsl.com> <56741869.5020505@juniper.net> <00af01d139c6$898fb720$9caf2560$@ndzh.com>
From: Eric C Rosen <erosen@juniper.net>
Message-ID: <567859EC.6030103@juniper.net>
Date: Mon, 21 Dec 2015 14:58:36 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <00af01d139c6$898fb720$9caf2560$@ndzh.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [66.129.241.10]
X-ClientProxiedBy: BY1PR18CA0023.namprd18.prod.outlook.com (25.162.126.33) To BLUPR0501MB2004.namprd05.prod.outlook.com (25.164.22.30)
X-Microsoft-Exchange-Diagnostics: 1; BLUPR0501MB2004; 2:YX8q2a/P7mZM9+1Jg4aWQFHE1yBXWxjXhumgMIhNJ5ZsHADyC3CQlmKcfnZn/JGQHzp0ZgDzUtWXY3xHbh59HrkjAFeER6iK2st8bJTcekiUbRfx5ZDtS+v+I9m1KL6lgEV9REBKk2hZkggq/A+LOg==; 3:PR4BMgysAu7SpSpM3rsHlACf4sTnskYbfe6PElVG+CkE374P6tZQPG7HQGasSvf1yuAA5ERnADqlxHBYMOyZrVwjsSmOiJEHCecmkHt73CKYZdBsIsZEAmdJ627h61mt; 25:1XFIFmjf1epzC/USXk3JCyP/LphoYvtsQ14ym/xor6iTsDGiv2lMNpNJ88udpR62saCYJwEExXGGeO4V2a0EFGUhLRjvZZDzSo7TTiTgcesf/RGSIbygrYBnjEdu9cZks4n0r3D0E9YylAmzXrSPEsrc86cGAnPPwVjLIf4xsW6pNs7uprThFE8lSfT59aCKzP/nsm0zWKvOq1Mw6725JHWrqgbwqEdb0chMlh3yz2Ih/XKFqRU92Rx16MCneVx93pMqd2AQAkfU6zN9vBxE/w==
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR0501MB2004;
X-Microsoft-Exchange-Diagnostics: 1; BLUPR0501MB2004; 20:eHko4aRveUN+g2/6MucudWfz9PRMR6SSyO2ju+GTJQetgkT06d6E/e6gt38dXID5Zvh9+9doIASozvm13ERHPbakcb95ofVBL8cCtjduWZRXKRhfP2HWbx/lGJ8sg/cUP7pEvUYyyl1HNfOALoioF9TKISPz2uyQHtEFT7wSygBwlSzVviwubdpOB0ddPCT16ceTViw3su8uRWnjz4pgbU6gYdvx6CokVmNZAh82DRFFXqAu7jdFPp5cB2y1CDkkBikVfkaDx/+jmpknk+SX1rEwkp+2AVCISOkTjcLxIWeuhx2dtpXrR54udFlapFyLVNsBsMIXuHTnlq7s1iQk1tyO/CGyb/OmziuRRHej7sDv39uUbV5k/nmHpHB6zsWxrL2pfsYLfW50JC19bGjWPFlXsFoeINwIJwGNSZXLCCG9c9JfTwn+p3Qjzwz9KrS28/5SvqxLK/Yx9J/mepEFeS0Ic9JVCNc0pi5lBy68+pLNGuIl/g/D03KQElKfuXP4; 4:SP5t6kg3xAPvHwTmeDrCgLsaIPR+aLH7BtW6eh9kJ3o3d8FroUc3PyQA5BzSH146z7XNuGx/ltSuCM0PnHrXVxcv8E3wnlXmDmg53PFK/n7vrR/fqGi8DYz4rUx3EkEOkSUOMhsBFF67jFJ1duz8J8o340BjKPVxzU6/f7RrCAc7EwpyZWaiQDAhIfyhcHK/gjxklNYdDvllwGZWacMA1mdFeBFu6kg3Rcd6UuV/FI/tmh8eSTOJifw9dFbPWVzRZx1avLQJuZD6mtV+6e46+dxQ9wevfBhXX8xl8dFPSat2Qchoeej834NyMILMJLn3Ql47b1KAkll8d7axDVeS2AaWvrGW9fvxBoQOcgBSyJOUcIqjfobyqbtOWAf49Gb3
X-Microsoft-Antispam-PRVS: <BLUPR0501MB20047012972A34CC2EFF4DD2D4E40@BLUPR0501MB2004.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(520078)(5005006)(8121501046)(3002001)(10201501046); SRVR:BLUPR0501MB2004; BCL:0; PCL:0; RULEID:; SRVR:BLUPR0501MB2004;
X-Forefront-PRVS: 079756C6B9
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6009001)(6049001)(189002)(76104003)(199003)(76176999)(189998001)(1096002)(586003)(5008740100001)(3846002)(99136001)(6116002)(86362001)(5001770100001)(59896002)(230700001)(5001960100002)(97736004)(50466002)(5004730100002)(105586002)(65816999)(80316001)(54356999)(50986999)(230783001)(2950100001)(106356001)(42186005)(77096005)(47776003)(83506001)(33656002)(87976001)(65956001)(92566002)(101416001)(40100003)(122386002)(81156007)(65806001)(36756003)(4001350100001)(66066001)(87266999)(64126003)(23676002); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR0501MB2004; H:[172.29.33.26]; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Received-SPF: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1;BLUPR0501MB2004;23:QxICKa9cz3INHRarW/qKf+qhMQuCq+U9TyFVows80o79qive4QLKegk5BahgAVTPFiP1yYFi9DMSpTfnXSn5e4v53jEZYQBJP2giEFMHM3wS6BrCQFccNelo4cp157AEVwY/f9ruVvjo9QxPz7CRKGTL5jk00QkGvc/mgLZKENJet19vGQTkqqMOUfKPeVjyKq+wbBEltkS9imwrZRg/KXTuOiRONCTMh5CjEDiDs97qHWOC9Oh/PjeDraYcPXWlgPOIe+4q2NimZJa921jgkg1UUU5fXgJf5FV0ZApMmIi9+vH1aQGLp3oPA/Sg6gRFqIrDva1f1D5mbGBhw4zo51PGSmtzxr99al8IABl+uV2mz83LsTR8rkvz7YCxU+lax9LAlUPjVQKc5CuOn0NIyzOFdqeMKNFxZIeCob6/VMUBTJ6OdsiFWl+DjTCVs0F0sv29KTw0R53n1KAzIPgNEmRl8cp8+AUPVVHXzZa3z83VgKY+u9Eoj/t+MMBKpessRxHO0I3rNAS1oZHVQplQBlAK480Go9Jp+KwCMmfeoGpVLYINr1Fl5AmyHIcVELMZqETEw2aNIwXGo+c1nU0ytL5saoTJ7ONGG3IxOS+9o6Oufg1b7qqNZqjnvbJOK1nmdLccO4iWesQhdrbN/8Knh/ZGuIDtqUIWFmOyIFzKTnwZsisWCpApsp0hMuDk4JSnDhUatpKiwyoEnOBOemEIW/E39M374v6cB5vQ1Vinrsmbx3apVYqSAx/kRniDzNw3eZyQ2yElY2qXRWO5klK0x0gwPh6an7Dqa2N0fRlCZWr/ERcf/ZPWulHsx/MmeiCaWv/QyUIfJOONZwaJSJ7z2Jh2nuFirl+BpCtthODsGgIxeesbbxoJUgYbwyJF3WK2G9QVr3yxJwnQiV8UdGN5Pz8zzVCDE+MI+mJbZKBSPj+3YYAdmsr0G4JvQfnR/td72i9ijmjJc1BWqrUb0mfj1OmnbUB1wnTffOYN9j3w/RqiAStCex/nK9Cofb14fJMgiw0fSIbqXl3M7Sa82MhMvwaEReBIsFENd5CRQnLpuEjkRFOA4iKWHRea4YwkdWxkz/AdfEIHYD9m7NOuVMWhGBqIwmPCoUliOzA9xJeDN4gDdkQK/BTTiRuxh8+C7EScp7W6q7vV1ckV+EUtuCV2AojDxSHPQA6phnDC8YddCARs3MdBL0u0mOgaNjLMC8EWc1Oa7Pr7y+Ua5Cw0cjg0rQ==
X-Microsoft-Exchange-Diagnostics: 1; BLUPR0501MB2004; 5:YMxQ4kOJxUFlMjpbFxms+7OiKnHAhIW7yfPJx8eelYOK/T4cuR36A8Gu6q962+EiDSC9qyI8Vi/uLXVQ3XUgUfajZitWoyg16ZddUC7Qsud/jc7CZHH0ryuCHiYHSywdjnvU0qCCicld0vJy+zWaxQ==; 24:OXCX/oVqjP1lx1bkP59477de/qaFYUqjFiUTS1+D1/RMfVH4m6YjLpsB9mwg27s3ROs96itRnLm9eF4gLmWl9J2CXL3GlLgzhnT2axFDUO8=
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Dec 2015 19:58:40.4407 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR0501MB2004
Archived-At: <http://mailarchive.ietf.org/arch/msg/bess/lMU5sBqGoddS6Ed7q60JFaoTrmk>
Cc: aretana@cisco.com, bess-chairs@ietf.org, draft-ietf-bess-mvpn-extranet@ietf.org, martin.vigoureux@alcatel-lucent.com, bess@ietf.org
Subject: Re: [bess] Benoit Claise's Discuss on draft-ietf-bess-mvpn-extranet-04: (with DISCUSS and COMMENT)
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Dec 2015 19:58:48 -0000
Sue, With regard to the issues re extended communities, you say "I cannot tell from your description what fields exist or the values in these two communities". Per RFC 4360, an EC consists of a type field, possibly a sub-type field, and a value field. The two ECs are defined to be Transitive Opaque Extended Communities. Per RFC 7153, the codepoint to place in the type field of a Transitive Opaque Extended Community can be found in the IANA registry "BGP Transitive Extended Community Types". Also per RFC 7153, the codepoints to placed in the sub-type field of a Transitive Opaque Extended Community can be found in the IANA registry "Transitive Opaque Extended Community Sub-Types", and the document requests IANA to make these two sub-type assignments. The text of the extranet draft says, in both cases, that the value field is to be set to zero. Thus the fields and values are already clearly specified. However, I did neglect to add normative references to RFC 4360 and RFC 7153. I will add normative references to both RFC 4360 and RFC 7153 to the sections defining the two new ECs. I'll modify the text a bit to make it clearer that the value field of the ECs MUST be set to zero, MUST be left unchanged during propagation, and MUST be ignored upon reception. With regard to deployment considerations ... Sue> What is necessary for the OPS/NM directorate review is a summary deployment section to guide operations on deployment tools, tips, and constraints. I am not aware of any IETF requirement to include such a section. Sue> Management of OAM overlays is a necessary part of understanding a protocol which is based 50+ pages of rules. Do you believe this protocol can operate without standard monitoring or provisioning tools? Certainly the protocol can operate without standard tools. Numerous deployments of Extranet MVPN have been operating for years without standard tools. Whether provisioning and/or monitoring tools need to be standardized is orthogonal to anything in this document. It might be nice for operators to have tools to verify whether their provisioning and their device configurations have been done correctly, but the design of such tools is certainly outside the scope of this document. Sue> you indicate that if the rules/constraints in this complex overlay of rules are violated (p. 11, 12, 19), and especially p. 19 in section 2.3.2 which indicates a priori knowledge, inability to detect. Whenever a VPN is provisioned, there is a risk that provisioning errors will result in an unintended cross-connection of VPNs, which would create a security problem for the customers. Extranet can be particularly tricky, as it intentionally cross-connects VPNs, but in a manner that is intended to be strictly limited by policy. If one is connecting two VPNs that have overlapping address spaces, one has to be sure that the inter-VPN traffic isn't to/from the part of the address space that is in the overlap. The draft discusses a lot of the corner cases, and a lot of the scenarios in which things can go wrong. But it is not intended to be an "operator's guide to provisioning and configuring extranet MVPN." With regard to section 2.3.2, the point is the following. If one is deploying hardware that cannot implement the "discard multicast flows that are received on the wrong tunnel" procedures, then one has to provision the extranet to limit the ways in which multiple flows can be aggregated into a single tunnel. Section 2.3.2 also points out that one cannot tell from inspection of the control messages whether this provisioning has been done correctly. Operators worried about whether their provisioning systems are up to the task may choose to deploy equipment that can do the "discard multicast flows from the wrong tunnel" procedures. Sue> What is necessary for the OPS/NM directorate review is a summary deployment section to guide operations on deployment tools, tips, and constraints. 3+ paragraphs in 1 section. I'm still perplexed about what you are asking for, or about what you think these "3 paragraphs" would say. The draft has extensive discussion of deployment constraints. There is no IETF requirement for a document of this sort to include a "tips and tools" section; that is clearly out of scope. Eric
- [bess] Benoit Claise's Discuss on draft-ietf-bess… Benoit Claise
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Stephen Farrell
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Susan Hares
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Susan Hares
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Susan Hares
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Susan Hares
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Benoit Claise
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… joel jaeggli
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… joel jaeggli
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Eric C Rosen
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Martin Vigoureux
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Alvaro Retana (aretana)
- Re: [bess] Benoit Claise's Discuss on draft-ietf-… Susan Hares