IETF Logo Mail Archive

[bess] Issue 1: IPSEC related drafts

"Susan Hares" <shares@ndzh.com> Mon, 10 June 2019 19:14 UTC

Return-Path: <shares@ndzh.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 302F31200BA; Mon, 10 Jun 2019 12:14:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.948
X-Spam-Level:
X-Spam-Status: No, score=0.948 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id teNe9-iO5JlZ; Mon, 10 Jun 2019 12:14:17 -0700 (PDT)
Received: from hickoryhill-consulting.com (50-245-122-100-static.hfc.comcastbusiness.net [50.245.122.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5429012000F; Mon, 10 Jun 2019 12:14:17 -0700 (PDT)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=174.25.175.69;
From: Susan Hares <shares@ndzh.com>
To: idr@ietf.org, bess@ietf.org
Date: Mon, 10 Jun 2019 15:14:11 -0400
Message-ID: <01a001d51fc0$b02c41d0$1084c570$@ndzh.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_01A1_01D51F9F.291AA1D0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdUfwKJr7eRm3WKaT1+xQCz89Eo0dw==
Content-Language: en-us
X-Antivirus: AVG (VPS 190610-6, 06/10/2019), Outbound message
X-Antivirus-Status: Not-Tested
X-Authenticated-User: skh@ndzh.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/tOH0c54v5bbIGsB6TKKH4lWwVy8>
Subject: [bess] Issue 1: IPSEC related drafts
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jun 2019 19:14:19 -0000

Greetings:

 

At IETF 104, we consider BGP VPNs supporting asking for TLVS in
draft-ietf-idr-tunnel-encaps.    After hearing all the discussion, the BESS,
IDR and I2RS WG chairs discussed what to do with the following 

 

Drafts considered: 

.         draft-sajassi-bess-secure-evpn-01.txt, 

.         draft-hujun-idr-bgp-ipsec-00.txt,

.         draft-dunbar-idr-sdwan-port-safi-01.txt 

relating drafts/ Supporting drafts: 

.         draft-carrell-ipsecme-controller-ike-00.txt

.         draft-ietf-i2nsf-sdn-ipsec-flow-protection-04.txt 

.         draft-ietf-idr-tunnel-encaps-12.txt 

Basic topologies:

                       Ipsec tunnels   

     [rtrA] -------------------- [rtrB]

         |     \                           /      |  

         |       \ -- RR1 -------/     | ipsec tunnels 

         |    / -----| |------\         |

     [rtrC]------------------- [rtrD]

 

 

The decision is that 

.         TLVs mechanisms for new TLVS related draft-ietf-idr-tunnel-encaps
should be moved to drafts with just the mechanisms.  

o   All three mechanisms could be included in the TLVs or portions.

o   The use case and the SA mechanisms can stay in BESS or IDR (depending on
what is appropriate). 

.         The RTG Chairs are not experts on Security associations, so that
we will try to schedule a unique session at IETF 105 where security experts
can help the RTG chairs (BESS, IDR) review the Security association
mechanisms.  

o   We'd love to have the second co-chair of I2NSF (Yoav NIR) and someone
from IPSECME.

o   We'll invite IPSEC experts. 

o   We encourage the authors of the 3 drafts to attend this session in IETF
105 and present their security-association mechanisms. 

.         The NLRI/SAFI in draft-dunbar-idr-sdwan-port-safi is unique and
can be requested as IDR or ISE draft. 

This email has two request: 

.         WG or authors please send any questions to Susan Hares, 

.         The IDR WG is encouraged to discuss requirements or needs in
preparation for the TLV selection, and 

.         Please help me secure 2 IPSEC experts to attend this session. 

 

Susan Hares

v2.23.0 | Report a Bug | By Email