IETF Logo Mail Archive

[bess] Re: Mohamed Boucadair's Discuss on draft-ietf-bess-bgp-sdwan-usage-31: (with DISCUSS and COMMENT)

Linda Dunbar <linda.dunbar@futurewei.com> Thu, 21 May 2026 01:23 UTC

Return-Path: <linda.dunbar@futurewei.com>
X-Original-To: bess@mail2.ietf.org
Delivered-To: bess@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id B2BAEF20EFEA; Wed, 20 May 2026 18:23:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1779326597; bh=XllwLfi+EMToLAjGSzB8f+nnEnNOjfpDrrgdLD0zBHE=; h=From:To:CC:Subject:Date:References:In-Reply-To; b=ij8TIVrFxfAC9PROtxej7OTsheC7DMNQ6jpGmrtu1rcW9PbTDMz14Eb3mgqNOybK9 xjmky0ZIbRsaOpET0mi/bkGrqKZ+arFOQjz173wqbTWuZG1Qm4GGGu8D6wUh2jL9g2 OHwRPbPRUj3+OghV6Hs9o8oHVVyZQBgvm9m6HcG8=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zUAoD8Oedemu; Wed, 20 May 2026 18:23:16 -0700 (PDT)
Received: from BN8PR05CU002.outbound.protection.outlook.com (mail-eastus2azon11021105.outbound.protection.outlook.com [52.101.57.105]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 746D1F20EFE2; Wed, 20 May 2026 18:23:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=X/xdX4KQ+9z/uARVoPDUM1yv+mOQjvtmPPuQknYfRSZICFlxxr27/SBignAnIGkVPtF/ZE/hKtqyTKjSH5lAUNqXEYIWLiXL0zQJB3Fl0yP3xDrvz4eyLnuRKwjOw+NOCLHmmFUthO/qRER7XxyRpYOIvvfkxsdT3YLjX74e6E0mI30UxDL6Bs6z4Huj89Q0bTwsUfUcyQoSxCJHJWTFrIGMrMweLTa/TbGPvw4whcECkfcfE+sjgd1w9nWIdJQEyYg5aGFgoZ5VPVKl3hdM850xP84v6wLgKNZQg4nzpLx1k7YlQXQI16ESdsVuQ8DfrRmqMF/s4HA5u96d51HLSQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DD5+kgqtaZZ9uLmy0qgTYNbzbrcClVJtPSO0rBW2TTQ=; b=VwZ94w3zhFKN0z+nLIvoG25XLObvCpOBUHKYTM0NfOjGr+4IMPkxtHMJB5n2Metftifref1gSU0MHM+FUsYq34fgH/pN+J4NP5aNRPc90Pm1Q8os9YO5bAUuC4hK/H33GFfpkrTagJBcmc31r0WgUCtWVD9Ons81w90JyGSnuz2vCXVN/3wiXg40XpmF6LcJTWuXzDiypytOu+xwW7FB4YjpzKp1EnO664I095ZS34jMrGc3zXXwk5XxxLMcvcqt5Or7h2O3yHPumDOWVLMcObBmrpqi7hDSx5dJProwHXNJhQBC0e+EKkVLPuO6e9YgLw+nulTOfuDvkiLLntxE4Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DD5+kgqtaZZ9uLmy0qgTYNbzbrcClVJtPSO0rBW2TTQ=; b=YfDBuYva2fnJxpAThJJ/zB3bPzXPaBPTEuxb3KAiy+vemPpLj7BBXANl1EatE14qO71BAdd0KVnSibKNAYQ/TzhVmyLaYP7nAEP/DQZLjE17YKTxedqhVczy+0Y9WJaATKIpAYoLHclCOuqx6NaqPZQT9lE8kdoelZs4KFmCOi0=
Received: from CO6PR13MB5355.namprd13.prod.outlook.com (2603:10b6:303:14b::19) by LV2PR13MB7689.namprd13.prod.outlook.com (2603:10b6:408:37b::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.48.15; Thu, 21 May 2026 01:23:05 +0000
Received: from CO6PR13MB5355.namprd13.prod.outlook.com ([fe80::71b0:1ae9:a849:7dec]) by CO6PR13MB5355.namprd13.prod.outlook.com ([fe80::71b0:1ae9:a849:7dec%5]) with mapi id 15.21.0071.005; Thu, 21 May 2026 01:23:04 +0000
From: Linda Dunbar <linda.dunbar@futurewei.com>
To: Mohamed Boucadair <mohamed.boucadair@orange.com>, The IESG <iesg@ietf.org>
Thread-Topic: Mohamed Boucadair's Discuss on draft-ietf-bess-bgp-sdwan-usage-31: (with DISCUSS and COMMENT)
Thread-Index: AQHc6C5eOV/kWOrfCUG9tsJyVQ+x+bYXVa1A
Date: Thu, 21 May 2026 01:23:04 +0000
Message-ID: <CO6PR13MB53551F5F195937B0303E21B4850E2@CO6PR13MB5355.namprd13.prod.outlook.com>
References: <177926380957.800349.16574341076825899026@dt-datatracker-7688897f84-l74h4>
In-Reply-To: <177926380957.800349.16574341076825899026@dt-datatracker-7688897f84-l74h4>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=futurewei.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO6PR13MB5355:EE_|LV2PR13MB7689:EE_
x-ms-office365-filtering-correlation-id: 08a7e6ee-5231-4aa9-2cb5-08deb6d781eb
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|10070799003|4133799003|18002099003|22082099003|56012099003|38070700021|3023799007|11063799006|6133799003|5023799004;
x-microsoft-antispam-message-info: wT6hoov4nAeFz8oILGJYgvJ1u4FdYYjYYBQs/XrYODRo4OodS2UhQMlrjethBeGj1frdCyRCEMAJYRk9vZMFvIAvJCNmzZBF3ScWofBekobL40N18qpqgdHcmDCf7Qy/RKqVvYoVTqrCxQaqosPrFQVCj+UYm+HSRtK2tPDbHz8Ok+5/b3d378MrIEtkbh5dTBSUseTuSv1XSXrxvhj09yY1kpwtpIqUxmEoDlYeEbzXKeHcpQFUbweafeTWS8PpC6sceASCul7/rTZj6i/f8qCliUei9xyHkpsfhNaVB6s82QMd1Kzptz+meQKnZYn/gdlAfEFazm3rs9omEt3x9f0a3ZP7xHOKt5yir6buQNjaNpSHChSVFyx1j6c0TY8plV3l8MbgXllIY+dfu9xROym4Q9QpD1g6kS0yWMLh/SpIuEZFw51JyEWoH0W5lGQdbe2cFaiF+70zkDdbd+vJmvRc2Nc9+aS5o9Wm96LGIl3PTFoCS8bfJp9tinI5fks15Z7IPBXAmk3AVuC2uU3YC7KG+GT4Cirl+yfhkMbPJ2DAYU6qPeNycnAQ6uACiUZDL9CjfPk2jsIxhdNbHY/ULn3r1e9G2V7BBQcbYMZcZzZy4oS33wT9IsNV7F6L8FQH1ljbYMEU6AP5nMJMn+8IBVFXVAosAueTLgBowr1HTwDYGGMe9Qfm/VUcmYKi+AsAlaruqjZj+QXCiZiRKeUeRWXdMke91pvubAS6RO8JoId2FjuEkqCuRTy5uaTZxHag
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO6PR13MB5355.namprd13.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(10070799003)(4133799003)(18002099003)(22082099003)(56012099003)(38070700021)(3023799007)(11063799006)(6133799003)(5023799004);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: w+10QG4C0cqTIAdsm5o86gDG8WPbwoBfvO4NuyM9XR0FOKtEMECF9g342woYWyHfypWjrVcK0UKQ/udHF+8ufmLBgjJSDp6qq6JQ3M2U2QsZy80REMb31PR6dIh9gusWakkw943oMjlZKcWbFgJU9NjTMV5CIpSPTEYUF9r6t3JLNB9KvJ5C0ancq+eyuk3AF00s+OVUd8lYx5cNLzIli4zIIhALbuvf8lv7IMmotYlnpxGgAR+IlHuvbtDGVNJiNcnKRdEpPhCxvyOUEMrET1I5FIxksI0ByBXmk76ldUi2GNlv0GdbAv4N0MGGkxze6QQKlQFQbMbU8trIRuxjl2+Jr3qV1s0MvvnzKElue2y1SHWglMPwW+qcKrlUKYC1CbphCPz5y+AZ7ahDGZ+zy3jHPevRuHRV4qI44KqrrWHWvQZhlzDcFixkVg4OaZBge7C1+A/sx9JHJDHJ1HrfKLpO9laZgDRFjiWPVEHMLB71oqOZ+FQ4lB9VmdSDGMe/Z5DMrmu1AM8PiimB4hd+qSWFsO9CC9/0RXOO1JDFnQOyDwB6dxjCzSmvNH9Cpad7sFim8+7sVKhVmKwln0BhrkpXhw8tK8+FfDv+48uPtgqTqY72+5Rbq0L4l/fBcYNfg1RNnO+FcuyigYeDQck3QC6u2ihSOkXKbTJqh1Ku2w7zBfjRLX0eIOZ+eHJeAKgxE9guVdqt9ZoMlJOznlCz8ZiOE/TCTtmiWgmpc33RKoOOj4gBLfPHS4+fQRNqgSATrn/c6O59OdmHeT9h6Gcu7eFYSwpQa4fh8p39l6/mVxPjFia+ZTLnSVh+8/IjVWyKFo/3ynwyfOXIwuDHbO49ZsJj6QJ1rIWHPwzaFH6zIn6YCPme2ZQ0b41kKH8kYVle2f5k+4CrZbZ4YNEYT7qp8bnK8FnFZoBxaDngXILZwEuFL8g2ptiyGhyVfmSsXYO5xZGQNxP3+p4ix5VsYmgzjzmTE9IrpuYkq8LaWGXg7Xx4or8cPQtXkH1o9jXxCtqehqqpk0dVPaYojNPhwF/dEuZ+am5ZWSklEc2PWv7dTMZ0j0QY78ZFVZQc8qvltZxJveJAaSNHPFZSnwWSbCLPUq8kneb4xPw3TKuOUyC5s0C+ZLZyopaX8AOm90ljoJowNbWu83UuLqV+lHTVeo81TkNOjctNmaFdMtI6SSJsrqN1p/NHqFSE5EDlh3hSvj0OyppJ+57RQdqzzbEW283eKrmwSLsF97llybaCSrQwzuGmN262n8PW0LNZlEt8xLELfkR8oW54L5H63//eQ8d2CbhjvMguzhkdzqiAzUlQSBBhuqFvPwTT2sKs2eVNEnzN+U9UtmcdlDRgW8P72rJENDZPWGmJMLIVAhslDBwdvDYfKQFnCAmkq+TKvKqXbXWNOmhKXnyo6BbyhdvarAUDuz3YdYrgseOYDic3hpvvzboKnVtYECUqmHhcgL3J+P9o4ur/6+0QZcT/LIRp9XMGFM2pwTf6xhaAuJzwC4vVy17i+l4tsdXspQPC3Y84n1J8uDRMoXoBQTLfsKo0P1ljBzep1fZoYy+6Dsiy2dz60L0DEd2RNALJwMhVIOa7s4BWNw4kdQVBeBJSMKLWnsVFJkE0LlJ96Lr6eJ5W5UTwjwUtCHrQhaCl7tytt7W9hQ18mEM8yr6s1CGurISptbmJ/gKH00acgbRe7kL5FCn8vClcjg6sPKi3Fb9bgcEz55lcB6XK4cyySWOuxz6HsSDffB5flW9aGoPnLjpb4LQ/Vj6bjtDgLnOOz9OsQddCBKWEPsb9Ugq2
x-ms-exchange-antispam-messagedata-1: nxtqA1eL549k3Q==
Content-Type: multipart/alternative; boundary="_000_CO6PR13MB53551F5F195937B0303E21B4850E2CO6PR13MB5355namp_"
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO6PR13MB5355.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 08a7e6ee-5231-4aa9-2cb5-08deb6d781eb
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 May 2026 01:23:04.6725 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: J7a0SEkgr3VjLNVQCsKeqMWeGhl04QDWOkF6pYRaAYLU2W7TJ/DClfCOhYHwlW24rqOYP9qBp0uodDlIHjXN0w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV2PR13MB7689
Message-ID-Hash: IO5JK3MM4BVCKICGVZG2QKM4J62RP3B5
X-Message-ID-Hash: IO5JK3MM4BVCKICGVZG2QKM4J62RP3B5
X-MailFrom: linda.dunbar@futurewei.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-bess.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "bess-chairs@ietf.org" <bess-chairs@ietf.org>, "bess@ietf.org" <bess@ietf.org>, "draft-ietf-bess-bgp-sdwan-usage@ietf.org" <draft-ietf-bess-bgp-sdwan-usage@ietf.org>, "matthew.bocci@nokia.com" <matthew.bocci@nokia.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [bess] Re: Mohamed Boucadair's Discuss on draft-ietf-bess-bgp-sdwan-usage-31: (with DISCUSS and COMMENT)
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/vSPIPXTbD9jLIN3judaqzVojQeA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Owner: <mailto:bess-owner@ietf.org>
List-Post: <mailto:bess@ietf.org>
List-Subscribe: <mailto:bess-join@ietf.org>
List-Unsubscribe: <mailto:bess-leave@ietf.org>

Med,

Thank you very much for the detailed comments. Please see below of our resolutions marked by [Linda].

Linda

-----Original Message-----
From: Mohamed Boucadair via Datatracker <noreply@ietf.org>
Sent: Wednesday, May 20, 2026 12:57 AM
To: The IESG <iesg@ietf.org>
Cc: bess-chairs@ietf.org; bess@ietf.org; draft-ietf-bess-bgp-sdwan-usage@ietf.org; matthew.bocci@nokia.com
Subject: Mohamed Boucadair's Discuss on draft-ietf-bess-bgp-sdwan-usage-31: (with DISCUSS and COMMENT)

Mohamed Boucadair has entered the following ballot position for
draft-ietf-bess-bgp-sdwan-usage-31: Discuss

When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)


Please refer to https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fabout%2Fgroups%2Fiesg%2Fstatements%2Fhandling-ballot-positions%2F&data=05%7C02%7Clinda.dunbar%40futurewei.com%7Cdc1da763088e42eb3e1d08deb6457e90%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C639148606773720781%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=V0vzxw%2BOjXg%2FsHHAmlUWv%2FwsVEQ9yZX2Df7swcdu%2FAo%3D&reserved=0
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-bess-bgp-sdwan-usage%2F&data=05%7C02%7Clinda.dunbar%40futurewei.com%7Cdc1da763088e42eb3e1d08deb6457e90%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C639148606773772088%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=yeWSOTAkezZlSU3dzOPaG9WGHD9gUJH0AhP5Xc9sUXI%3D&reserved=0



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

Hi Linda, Ali, John, Basil, and Sue,

Thank you for the effort put into this document.

Thanks to Luis Miguel Contreras for the detailed OPSDIR review and to the
authors for engaging and making changes.

Given the intended Informational status of the document, I will focus on high
level comments:

# Lack of clear reference deployment model

It is not clear to me which BGP sessions we are referring to nor why an underly
PE will be involved in arrangements with an external SD-WAN provider. SD-WAN
can be offered without coordination with PEs of underlying networks.

There are maybe deployment assumptions that are not called out it here.

Absent a clear deployment context, it is really hard (at least to me) to digest
what is stated in several sections (e.g., 3.1.1).

[Linda] The reference deployment models are described in the Scenario sections, specifically Sections 3.2, 3.3, and 3.4. Would the following wording change at the end of the first paragraph of Section 3 address your concern?

New:
      Sections 3.2, 3.3, and 3.4 describe potential SD-WAN deployment scenarios, which are further explored in subsequent sections to illustrate how the BGP control plane can be used to distribute reachability and policy information within SD-WAN overlay networks.

Old:
      These scenarios serve as examples that are further explored in subsequent sections to illustrate how the BGP control plane is used to distribute reachability and policy information within SD-WAN overlay networks.

## In the same vein, it is not clear to me whether this is documenting what is
deployed as suggested by this sentence?

CURRENT:
   By documenting how
   these mechanisms are used in SD-WAN deployments, this document
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   enables consistent interpretations and supports interoperability
   without defining new protocols.

Do you confirm that [SD-WAN-Discovery] in particular is implemented and
deployed as described in this document?

[Linda] Yes. the IDR implementation report for [SD-WAN-Discovery] is documented here: https://wiki.ietf.org/group/idr/implementations/draft-ietf-idr-sdwan-edge-discovery

Likewise, do you confirm that these are deployed today:

[Linda] I am afraid that I cannot comment on specific deployment status, as that may be confidential. The statement is intended as a requirement for the BGP-controlled SD-WAN model described in this document.


CURRENT:
   An SD-WAN edge must use a secure channel, such as TLS following
   BCP195[RFC9325] or Ipsec [RFC4301], to its designated RR for
   exchanging BGP UPDATE messages.

# Disconnect between the claimed scope vs. content

## The document deviates from the goal set (BGP-based control) and includes
tangential material (e.g., onboarding, forwarding, etc.). For example, how the
ZTP discussion is relevant here? Does it inform decisions about the BGP control
part? Idem for the onboarding.

For the forwarding part, is there any difference between how forwarding is done
with proprietary control plane vs. BGP?

Unless there are specifics, I suggest the main document to be trimmed to serve
its claimed purpose.

[Linda] Similar to EVPN usage/applicability documents such as RFC8388, some provisioning, onboarding, and forwarding context is included to explain how the BGP-distributed information is applied in actual service scenarios. The ZTP/onboarding discussion explains how an SD-WAN edge obtains the controller/RR information and secure connectivity needed before BGP UPDATEs can be exchanged. The forwarding sections illustrate how BGP-distributed reachability, tunnel attributes, Route Targets, and policy information are consumed by SD-WAN edges; they do not define a new forwarding architecture.

How about we trim the wording in the following way:
-       In Section 3.1.4, replace the detailed ZTP text with the following shorter text:
      "SD-WAN Zero-Touch Provisioning (ZTP) allows an SD-WAN edge to obtain initial configuration without manual intervention. In the context of this document, the relevant ZTP function is that the edge obtains the information needed to authenticate to the SD-WAN controller/RR and establish a secure channel for exchanging BGP UPDATE messages. Detailed ZTP mechanisms are outside the scope of this document."

-       In Section 6, replace the opening sentence:
      OLD:
      "This section describes how client traffic is forwarded in a BGP Controlled SD-WAN for the use cases described in Section 3."

      NEW:
      "This section briefly illustrates how BGP-distributed reachability, tunnel attributes, Route Targets, and policy information are used by SD-WAN edges when forwarding client traffic in the scenarios described in Section"

## Operational Challenges

CURRENT:
   Although BGP and IPsec are mature
   technologies, applying them to SD-WAN introduces challenges such
   as scalability, segmentation, and multi-homing.

Putting aside that it is not easy to find a single place which each of these
are discussed, the document includes inconsistent statements. For example, the
document concludes with the following after discussing BGP/IPsec:

   This model emphasizes simplicity and efficiency, leveraging
   centralized governance to mitigate risks while ensuring
   scalability and interoperability of the SD-WAN.

but the main body states:

     This approach may have
     scalability implications due to per-destination packet
     replication; optimization mechanisms are outside the scope of
     this document.

[Linda] The two uses of "scalability" refer to different aspects: the last sentence of the Security Consideration (i.e. "This model emphasizes simplicity and efficiency, ..") is intended to refer to the scalability of the BGP/RR-based control-plane distribution, while the multicast text refers to data-plane scalability implications caused by per-destination packet replication.

To make this distinction clearer, how about the following changes to the last sentence of the Security Considerations section:

OLD:
      "This model emphasizes simplicity and efficiency, leveraging centralized governance to mitigate risks while ensuring scalability and interoperability of the SD-WAN."

NEW:
      "This model emphasizes simplicity and efficiency, leveraging centralized governance to mitigate risks while supporting scalable control-plane distribution and interoperability of the SD-WAN."

## Also, it is not clear if the assessment is about BGP with [SD-WAN-Discovery]
or BGP without [SD-WAN-Discovery].

[Linda] The document is about using BGP for SD-WAN together with the SD-WAN-specific extensions described in [SD-WAN-Discovery]. That is why the document references [SD-WAN-Discovery] in multiple places. This draft describes the deployment scenarios and BGP usage, while [SD-WAN-Discovery] specifies the detailed BGP protocol extensions.


# Is really DPI required?
[Linda] No, the document does not require DPI, nor does it use the term DPI. The intent is to describe policy-based traffic classification and forwarding in SD-WAN deployments, which can be based on configured policies and packet/header information.

CURRENT:
   SD-WAN:     An overlay connectivity service that optimizes the
               transport of IP packets over one or more Underlay
               connectivity services by recognizing applications and
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
               determining forwarding behavior by applying policies
               to them [MEF-70.2].

I would avoid this wording as this smells like DPI function is mandatory, while
this can be basically about supplying classification rules (without having to
inspect user traffic payload).

[Linda] We were asked to include an official reference for SD-WAN, and the WG considered [MEF-70.2] to be the appropriate reference. The quoted wording comes from [MEF-70.2]. To avoid "smells like DPI", how about shortening the definition while keeping the reference to MEF-70.2:
      "SD-WAN: An overlay connectivity service that optimizes the transport of IP packets over one or more underlay connectivity services by forwarding them based on policies [MEF-70.2]."

# MEF, BGP, IPsec, and more are normative

[Linda] This document is an Informational usage document, following the model of usage/applicability documents such as RFC8388 for EVPN. It describes SD-WAN deployment scenarios and BGP usage, but does not define new BGP, IPsec, MEF, or IEEE protocol behavior. The cited documents are used as references for existing technologies and related specifications; therefore, we believe keeping them as Informative references is appropriate.


   RFC4271
   ..
   Software Defined Wide Area Network (SD-WAN), as described in
   [MEF70.2],
   ...
   The detailed BGP extensions used for
   SD-WAN edge discovery and attribute distribution are specified in
   [SD-WAN-Discovery].
   ...
   The SD-WAN client interface should support IPv4 and IPv6 addresses
   as well as Ethernet in accordance with the [IEEE802.3] standard.
   ...
   The client service at the SD-WAN edge must support the SD-WAN UNI
   service attributes outlined in Section 4 of [MEF 70.2].
   ...
   An SD-WAN edge must use a secure channel, such as TLS following
   BCP195[RFC9325] or Ipsec [RFC4301], to its designated RR for
   exchanging BGP UPDATE messages.


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

# I don't parse how IP prefix is a service.

CURRENT:
  Client service: A service (e.g., IP prefix or VLAN) attached to

[Linda] How about changing the wording to:
"Client service: A service attached to the client-facing interface of an SD-WAN edge, identified by associated reachability or attachment information, such as an IP prefix or VLAN."

# A device is physical

OLD:
   SD-WAN edge:   A device, either physical or virtual, that
               participates in the SD-WAN overlay network. These
               nodes advertise client routes to the SD-WAN Controller
               (e.g., BGP RR).

NEW:
   SD-WAN edge:   A functional entity, either physical or virtual, that
               participates in the SD-WAN overlay network. These
               nodes advertise client routes to the SD-WAN Controller
               (e.g., BGP RR).

[Linda] Thank you for the suggestion. Changed.

Cheers,
Med

v2.46.0 | Report a Bug | By Email | System Status