Re: [bess] Paul Wouters' Discuss on draft-ietf-bess-bgp-sdwan-usage-20: (with DISCUSS)
Linda Dunbar <linda.dunbar@futurewei.com> Thu, 29 February 2024 15:18 UTC
Return-Path: <linda.dunbar@futurewei.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16169C14F686; Thu, 29 Feb 2024 07:18:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.76
X-Spam-Level:
X-Spam-Status: No, score=-5.76 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a3gJaNTTwHyO; Thu, 29 Feb 2024 07:18:01 -0800 (PST)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2100.outbound.protection.outlook.com [40.107.93.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1E16C14F600; Thu, 29 Feb 2024 07:18:00 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=f+0+4QUadJrWGEu8MajQ9kgXEW/lbU9LrGTjz89VAe+kHMi7scrEfBHtjgv4cdddx9+MdYn6tLwwzrOXsSD5sFmnn8pSRRdg2xXTL/Op1qryvQHqMzzwc2GBIGtd9jiV5mn/g0hpQXbdytMhwTjLWxkF4AR+YD4/2AIRM/I76/ba4huj4TZEgdy46cnJaUId071+facIqEFBBMLoeIN/6aaT93kp0kaSAx87PAWf1vSMrZolr9QrBg0loHdpKyvIVn9FhpMnCzlaAbEy15xxIEPRAt/TFBHyaLk0F9SWpE/Zy48rErc3/Aq3AJYjK8PM7N5t0KK1E0Qah9A/wg83IA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=f8iUPmuHqqwxn6FqQJTNiSuzyo8KjW5oxflpkArxDsY=; b=b1n73367QEresuFubNXUmKLR6iY99m77DjNuRH6v1E77okDT9wHC1uwG1PbTNf4xNft8faLGt6ft0Z0AGsZfOKUJzu5eWUryZCr7HRc8M5Olr0L4PF1EP/Zns2RK3j6h6lejB75NNCX4g8w8ZwzKo41AmpxRDaz3JS7uueMh2Ydx0svvAv/JV/jrwXMtIfXyTfWJoKcpN8YeTOqIJ2EhkItJwMxKrNk293/ilxifLPPXTt2fl5C4GKqZ4OtHD1WJFiZoHiz6jIVz7/KlpsSt8pAfFw7/Y0lhSTtPisfHEzJFz8PElL1RRq1hAMtPSkKWQeSSnIDun86iqb95BNjUqw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=f8iUPmuHqqwxn6FqQJTNiSuzyo8KjW5oxflpkArxDsY=; b=CMFhRNUrdtq+UTcVThxhgbRg81Q1zBOiSBrv6pSWvD3LBIpCHr1O3r0uMVIROShYGosVqbRzo8A08cPnzpOwRMj08UZfrKsQ3cia9AWMza6M9Ka3nwl1ZvD7l+cJnsXQIW82/bZJieRuSnblDtbKg+Yho/9zLWrSSuUtIiHqse0=
Received: from CO1PR13MB4920.namprd13.prod.outlook.com (2603:10b6:303:f7::17) by PH0PR13MB5700.namprd13.prod.outlook.com (2603:10b6:510:117::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.36; Thu, 29 Feb 2024 15:17:55 +0000
Received: from CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::3964:b284:7035:fa48]) by CO1PR13MB4920.namprd13.prod.outlook.com ([fe80::3964:b284:7035:fa48%6]) with mapi id 15.20.7316.039; Thu, 29 Feb 2024 15:17:54 +0000
From: Linda Dunbar <linda.dunbar@futurewei.com>
To: Paul Wouters <paul.wouters@aiven.io>, The IESG <iesg@ietf.org>
CC: "draft-ietf-bess-bgp-sdwan-usage@ietf.org" <draft-ietf-bess-bgp-sdwan-usage@ietf.org>, "bess-chairs@ietf.org" <bess-chairs@ietf.org>, "bess@ietf.org" <bess@ietf.org>, "matthew.bocci@nokia.com" <matthew.bocci@nokia.com>
Thread-Topic: Paul Wouters' Discuss on draft-ietf-bess-bgp-sdwan-usage-20: (with DISCUSS)
Thread-Index: AQHaax+4cWzS4lVPM0WEMlrBBPGWR7EhbI3Q
Date: Thu, 29 Feb 2024 15:17:54 +0000
Message-ID: <CO1PR13MB4920F22B5303C4E8C8309501855F2@CO1PR13MB4920.namprd13.prod.outlook.com>
References: <170921869010.21475.13536289125417352122@ietfa.amsl.com>
In-Reply-To: <170921869010.21475.13536289125417352122@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=futurewei.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO1PR13MB4920:EE_|PH0PR13MB5700:EE_
x-ms-office365-filtering-correlation-id: f9d0e889-c9cd-43f7-d80a-08dc39399a8f
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: G/3xfHiABQaYTjOavX09skvtcCy2KfLZTKfJj6l9TLOfyX8UsxcF4FLxcybzAgmM3JwBp4sEecDWBtlmBDE02sIgIt9ug8VhZ8U+noS3mWwodFaLoLnUpaupRSOvJ0c5VpoZdgypg2lIcPsaAHB+9VfS+KwxlT2OVg6YcisH1eKbxNpCxN4pF1HkMIhaVsx3fp8GRiqNci6qFjs8MX6h14XFWY7ipagtbM0vOplKoANBSItprQxKJLUjywc7o7hFz6yDlqH+G1QyQ9vghraPdb7hRzQV7kaTDF3TLADzZRKweghFphKQLZrA7qBCj+gdanuheSSbfQPOJlyP8yUIdZ1kVQjMwxSbixHdhCVzKMZlnqpD2MNWZT6G9mu0I2h9AAuIPZzW97n59hwssmAGPrWJlyieHMG/PyrbXrAaZdS+v8D+8uYENoIXJD+qMho78hbuEJr0VemOB4/U2eeCxGLGajV06j+vCWXtCMM3dqR4zVQWxEUy+O40duObEYoZ4xAys1kVSfxRBasb96+k0SSJiiFdbZsjbhNAeYxezZ6i9T6LC7M/aa+DBGLsoPEvOm2Bxs5PDvgXvaRL0svnoWWWV+HWZwGnl/FSPBja5wN5U/ZSEROHJWmv1g4Cusn4NRA/uxfEIAz8HYRnaxkWtWrV8slhZ2TBGhMDegY/Y3JUotydLuOKCCWbwtMFM5Uf1OUoltHloxobYROKnOioGxIaXoD6twyaJfHAcqGh6RY=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR13MB4920.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 7dyuQ8j9D8Ra0rfnGl+cLjhOw1gY2DMCXB01t/2Zrm73vCelB1l75EZmjtr2Zk8EmTKtjFKpT5gmam+LiO8cW+g/wDWZZNg3ANmExO5qTCFSYszvID0xX7wt99qouJ9XnSqGljBkfmN1hmOsAeGWXf/Z+yO7ns5iIERar3IxXbEobsOJxqSUiHlHRxWNo6jnB8dmJxcl2uTZTbUrPFB/RDgVfzPeTgmS+3XXuDgBiwli92ekmG2Uo62/UCHY30zhKfzWjqRqcKdMKDYxCI8ulWyrjwTycIF35zZbc0/5Vsoud6z8oKSd0eVrZjG2M4wqOvPaefppLQbpp2fWS7LcVgUKbFPLGH176whooZ5FRR0yydBgT3c3DsXHHlidqLt7xq+A65x9B3oe5MnT+gF5j/s2KVsg33Wi9VWh3B0oOiGKcD0hFVDKRDCIgUrRy+ZN8YwVcZyOVTDprBxu9L6v6TNvRXasgThM+9T8tKe0zGyWX/J+lRkbD5zXJ9cBiS41xt5x3+F5b5ixpSbMzeQkqZxmIAaDaVp2BiR5d+PU+NAKRu8ZEHWXhoF1D9HgBTx1X/21dvyx0gYDItIR/DxK4GynTTaHUksCSLhtttG9o5BCvVEGPoHf1iiiAU2gJHTZhTPk4Miru+BZmPwie6XpB67dDg+NkJ8l0eD57kAKSYSxP5N5wCNgTg6HZB6cHXe/W1BRVav07EYxt/cZ2jkJjYZ+YBi/nlB+2zcZOwt939Cp4fP1TNyW48EfmknhMhnz1zk4QiSt54aexhA6s0d9aPo1HtDZ0ELdU7fZdmuiIJIwjcw4YYkx6CCjMrjxAtihp/IflHwYdtaHEaWVXjazSPBXFjv5V7Zwo8gf0zuNLX20C3uqaLdvd5Pe5dGF3gglnEjg43dUuswzKm6vg5CGq6NeUyHDuEzxGqRYpaJFEMyGBoA0dr38udth6dMv4+8/kG7ZfoM4St0qKBXUcw0Nlc0D9p1JOKFoE1ygxKeqBrTKRB/iiRcZguNazO42MVwGN8uaSFL/2cbkEcC72yAZ7ehxTP83sIvBH8hu9kKGhxCiyS3mjsSG3iEva67+IpTg6sjpgjsatgbbzW7z3hIqJ9nHl+NCn7w/4ouUwlhK2KIs9/64hqJwTzmkAeNkB+UGj1njp22qpDaVc2VAw9yxW3Im5HViGAsvK3yzVB0yQtcfrpCpZuKvEgkf3ORORxgIEAcNLJRRBHXnn3E5Q9saCobFUjaxFjYrRHdD4+syqnCUDf5dfcKE9XDHEdWVh532OrbeDhMv/R9Z4Q26xMgz7Sb1GAkncyoyK2t8D29oVqK8DfFEITFMzotvA0P/NVooN3YEhw40k/mviO9ci4cOrLZEZ3a3lgMsGwi1yoCqI5Wch74bIimaDKYjKmZo1O8ftA1IP/5/gt0P0WzBCD8G8AgpZN9pXflcBJqimh03C/k0nzHtcMyBG1aq5cIroNjMkJlrU3WMJMagdg9mA1L8LtuEQaUhgtZx+QnYX4L7jgQmiUeeMr8bA7vth4DeaGMTDpB6OidDe8vXCkXLduaCqz0Ync6LFeB9MDvGYHr9BX0XYSw7lf2b7wsa1kNah3RX
Content-Type: multipart/related; boundary="_004_CO1PR13MB4920F22B5303C4E8C8309501855F2CO1PR13MB4920namp_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR13MB4920.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f9d0e889-c9cd-43f7-d80a-08dc39399a8f
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Feb 2024 15:17:54.8424 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: HphDgVHKimFGEeYXP7nADsQ8Z+KdJ6/cB4dUu21GXQcjp64UjmWbpEPynWOwkGyifL09VhZAc2cuRxuvU9YLuw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR13MB5700
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/q2VByncY2iwf-h52896dwg-kOig>
Subject: Re: [bess] Paul Wouters' Discuss on draft-ietf-bess-bgp-sdwan-usage-20: (with DISCUSS)
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Feb 2024 15:18:06 -0000
Paul,
The Section 7 Manageability Considerations states:
"BGP-controlled SD-WAN utilizes the BGP RR to facilitate the routes and underlay properties distribution among the authorized edge nodes. With RR having the preconfigured policies about the authorized peers, the peer-wise authentications of the IPsec IKE (Internet Key Exchange) are significantly simplified.
For SD-WAN Scenario#2 (Section 3.3) and the Scenario #3(Section 3.4) See the comments below for your discussion points"
The simplification was presented & discussed at the IPsecme WG session:
Linda
-----Original Message-----
From: Paul Wouters via Datatracker <noreply@ietf.org>
Sent: Thursday, February 29, 2024 8:58 AM
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-bess-bgp-sdwan-usage@ietf.org; bess-chairs@ietf.org; bess@ietf.org; matthew.bocci@nokia.com; matthew.bocci@nokia.com
Subject: Paul Wouters' Discuss on draft-ietf-bess-bgp-sdwan-usage-20: (with DISCUSS)
Paul Wouters has entered the following ballot position for
draft-ietf-bess-bgp-sdwan-usage-20: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)
Please refer to https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fabout%2Fgroups%2Fiesg%2Fstatements%2Fhandling-ballot-positions%2F&data=05%7C02%7Clinda.dunbar%40futurewei.com%7Cb79165667736489a310308dc3936d91c%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C638448154945648333%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=B1nB5qutb2DUBEjN4RQCTx5W4RTkRk9DE490SidD7%2FU%3D&reserved=0
for more information about how to handle DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-bess-bgp-sdwan-usage%2F&data=05%7C02%7Clinda.dunbar%40futurewei.com%7Cb79165667736489a310308dc3936d91c%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C638448154945656780%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=EYT1hvEHUqRHbQekTHxUJZTH2Rw0wMi%2FbR3VPLdpj9Q%3D&reserved=0
----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------
I support John's and Roman's DISCUSSes.
I am also a bit confused about using BGP as a authorization protocol (as per
3.1.5). A compromised node an always make up its routes to try and break out.
BGP doesn't stop that if one is willing to violate the BGP protocol. I would
not call BGP "well suited" for this. I also do not understand the argument that
BGP can be used to simplify IPsec configuration ? The Security Considerations
then seem to flip this around, saying IPsec can be used to secure this solution
of using BGP ?
- [bess] Paul Wouters' Discuss on draft-ietf-bess-b… Paul Wouters via Datatracker
- Re: [bess] Paul Wouters' Discuss on draft-ietf-be… Linda Dunbar