IETF Logo Mail Archive

Re: [bess] Benoit Claise's Discuss on draft-ietf-bess-mvpn-extranet-04: (with DISCUSS and COMMENT)

Eric C Rosen <erosen@juniper.net> Thu, 25 February 2016 21:25 UTC

Return-Path: <erosen@juniper.net>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B89B1B3599; Thu, 25 Feb 2016 13:25:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ytUiPuZj6dsL; Thu, 25 Feb 2016 13:25:48 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0742.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::742]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4EBD91B3593; Thu, 25 Feb 2016 13:25:46 -0800 (PST)
Authentication-Results: juniper.net; dkim=none (message not signed) header.d=none;juniper.net; dmarc=none action=none header.from=juniper.net;
Received: from [172.29.34.211] (66.129.241.11) by DM2PR05MB800.namprd05.prod.outlook.com (10.141.180.26) with Microsoft SMTP Server (TLS) id 15.1.409.15; Thu, 25 Feb 2016 21:25:23 +0000
To: joel jaeggli <joelja@bogus.com>, Benoit Claise <bclaise@cisco.com>, Susan Hares <shares@ndzh.com>, 'The IESG' <iesg@ietf.org>
References: <20151217133049.1038.44405.idtracker@ietfa.amsl.com> <56741869.5020505@juniper.net> <00af01d139c6$898fb720$9caf2560$@ndzh.com> <567859EC.6030103@juniper.net> <006101d13ce1$725cd650$571682f0$@ndzh.com> <56799F9F.4010907@juniper.net> <000d01d13d94$80868a10$81939e30$@ndzh.com> <56966A3D.4000708@juniper.net> <56A88FE9.7000505@cisco.com> <56A90DEF.2000701@juniper.net> <c44ca50f-ba9a-2c3b-3f54-9a4b2d8fd8cb@bogus.com>
From: Eric C Rosen <erosen@juniper.net>
Message-ID: <56CF713C.8010105@juniper.net>
Date: Thu, 25 Feb 2016 16:25:16 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <c44ca50f-ba9a-2c3b-3f54-9a4b2d8fd8cb@bogus.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [66.129.241.11]
X-ClientProxiedBy: BY2PR13CA0040.namprd13.prod.outlook.com (25.162.223.50) To DM2PR05MB800.namprd05.prod.outlook.com (10.141.180.26)
X-Microsoft-Exchange-Diagnostics: 1; DM2PR05MB800; 2:22c3zF3ji0zSVOU1kaedL9aiEeVKTHgw2J7x8gxaZDL+1ZYL7h296oJ+OdS5xZjAdVT9D9pKC7JMsNDGe9rtwuUaYtVBs28bzaLmlJ0WFWJHm4o1YGMDOJEkjb78YoG0ooYa6B5RtRmyh7b8VHgZvA==; 3:08ppNC2B6KOsNKBzvrG+S35TjkWBqvtttRyr6kFbRJZmu8bj2A9mXj+pC30GcesczgmJqrgrdBGoRHcPF5HYqpsV4BokD5tKrLzoByJtaErzugZNsGPUjK6QhN9g4SMG; 25:1714O002VRHUnPHxlOy97rekqLyCS/jMlACpk8tCxHK+HrEIk77pNr8kIZ/jA1osQ0+D/YHvaTh2W0BeiT2SOjvJQbKK2h2edJHHSXUOwBTIEfcBG6STsA6C7qZdTF21VvpB5ECYTFu6J9QAHOVfCHonyaFeTuujlErrOxaIJnUbob6LEiz1bpEC/+8ByskjxOpD/0IZeTeAoC1LWOmSz5fUEA/Ep1EASn1Y+Zo6Ag8kLV5DeLl8gLZFfLGoW62lg3CAI2bAcDZFhOnZkQxMi5Xx2IMoYXoPcv7uhwFPTFC0j5ingkPjYaBn84g8jZdLd3bZxXBXL+QsiXkg3jMkow==
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM2PR05MB800;
X-MS-Office365-Filtering-Correlation-Id: eb5b5591-133f-4678-7548-08d33e2a2cd6
X-LD-Processed: bea78b3c-4cdb-4130-854a-1d193232e5f4,ExtAddr
X-Microsoft-Exchange-Diagnostics: 1; DM2PR05MB800; 20:VokUcBomo33RvTSbJR7TAhxuFU5w/0y+wB7152f7EoO2gUCIXh4FTSSbTHZ9J6K3WzonvqZU7xfVdq8349noy2liSWzhzYGOJhS8Iu2XkvI3sdq1onBXr/3Yi4hna7zCz2eYpIeXWfzuxSC4iFSdC6dVYkj5zObxRCJDQRbM1ejMe5O/phzM4Ph54s02ReCBqzp+Ex+6UwwdefaEOZJnylm9CTZSljWdboRM6VqNYZd/9zJvpXRUNFBgK47atSV57YgGqI4bbjpDB3czmcaDg9XwBy0bSTO/+e6Xu76tEsCmAjqnHRgDVhDumJybd43A+3dITaYobgatLtFss9tJE9hcigillMIK7yFVDZmt66yxeBJNodR/tu/lzWgIctzha/9pgiJg4SOr2polMV39mvTpKvFMwmezWi26L2k1aiI65Jw3zooGLEmOtEBWXrTe2GYN1A2QbrqrtqhGZE4jIV+WyjFUjWfF4HgLvZyi5cTyjZJNWccGp+h9OFeU2wEa; 4:y1LNdXXV+tFibbmV0CisJr6rxaVjgNSqI+vTJykjg5ieagCgFTmHuNQ97Q47dmtEe2MfM39jaraKVolHaducuyIdVt8uWuYV+dgKKZktNgmkZjBPGBsdOSFizywxgtdWQIfvkbE1+eLvomql/7O9jIqsA4m2PW/03D9F34GT07KDDc2m6KsjYmRys4PWScXwwxNpXtvcm4dTiggbWxn324QDBlL0hcqFlzMDsHP9ggxVnjXXs3yYQkk+knfyqT9ibNXQzq82esFu48HjtFk+TaZAtKyGHdTUtC9Bpydtj1d6ENAhBwcis43gODAAaIY4z7jcOYuBpzOfv2iBl7q7SdzGEDUOAsgGnbIo/ATlMf4MXQjUmBAMcKOYJSYMnu2c
X-Microsoft-Antispam-PRVS: <DM2PR05MB800663F8974E9F698C5E554D4A60@DM2PR05MB800.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046); SRVR:DM2PR05MB800; BCL:0; PCL:0; RULEID:; SRVR:DM2PR05MB800;
X-Forefront-PRVS: 08635C03D4
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(6049001)(6009001)(377454003)(479174004)(24454002)(76176999)(54356999)(50986999)(33656002)(77096005)(5001770100001)(5008740100001)(64126003)(87266999)(6116002)(586003)(93886004)(23676002)(2906002)(3846002)(80316001)(66066001)(50466002)(83506001)(189998001)(4326007)(92566002)(5001960100002)(86362001)(230700001)(122386002)(230783001)(47776003)(65806001)(87976001)(40100003)(65816999)(5890100001)(4001350100001)(2950100001)(42186005)(5004730100002)(36756003)(1096002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR05MB800; H:[172.29.34.211]; FPR:; SPF:None; MLV:sfv; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1;DM2PR05MB800;23:gb2Kesp0YWJrwJw9I5f6+AhuP2swWLhSO8aihADHcMpfvFBgSev3uHpjgyCnUwEHpsMiewB/XFcWdXZTLlbO+nmZC5+gFmEFVzsvvVWjPE8AxjstrhPdQ2Y0ECYnLuEahFzNUPZkb0T586nE87SPJNhAizn9gBMtflsN0597pxWD6QbwFiFJFUrEO5wHQMZt1JXQ+Cgh+qhuLd3/ZlHk8aByDl5k2DJNJ6yLGGe+YXsSlC2Xo7wMT17JIottbxJw8VwGDjjLyumzr3MUArPkob/zQ7J6Dvt/BQE4KM+QEsa6IEIMse5coR6taWCDjl8SgHSmNNxzG8ClWkuuQcroD01/w1BMAIsj/R4I5K7cSHWpBs14ipafpTz+NCDpSpMEmh4gS36z1UYtrt8SccEX4xWcjaUlEide6pSh3whV5h/zFG/THsRpgZA6O7z6of2s4szbTkeGlnzLQY/qH1H4tbKDMHVh64MihQxr854oRmaKsScKm1ooCz8yDrFXimcXv6qox+x2ETRi3BAd8dSFBnaqyVnFr6CJPvB0/RLSx4bbRImGcDCqVsIwpzfHrlDQPAogn1fReC2F6/m7lWZnsGB4C6xNEJGfk0iVPnyFNQRTst8pZd54HOWU3YlBvd3GV2lXQSQ8qDDBknufTIWIDvgkHXXaNkfd+SQaN+BExsjZRpVsZxlMNwSzfbx3FUtufqZebt6jvCR5WAwXKXASwn6fl4+glpPknSabe5EUnEWB2J1dm3VMRE7FgzlHVc4qtvFuOd5AUKM/EdHqOA6PHVdMk5eu1Wt6K84WL7GvpJ8WfzPVpIfmLYR+mpLbvdEDxbVkBrloRgVuvMDbjn0ZYZn9hVb0hlwMBBTFj0NirQE0RMj6bEAg14DMXalSKqDmHoEI/z7mt/eCLoI5RvSzICJ/f4pOBQaQTa0bCw7/XbHU/tByqnQSnXb10CUIODjytWk8C7lfMg98Q8rm3t0fRiQ8uw0k9dIqZ6fK/mBTPm2tL67EgVSHAYen3TII17V1myXUFujcU5c+eiQVng5LsU/MBZNWopEtouJOjN4eLywWB/EaIKDB3Qr854e2oVj1k6Zo+R/61UvWn0rycCQzM4Nf9lfRo8193pwyJNdtynZpMLL223Zoky4RL5Nd+WSELuxvTNi6mHyodtsKB16LfB99cxPDVNFNxN00Gu7sTjk=
X-Microsoft-Exchange-Diagnostics: 1; DM2PR05MB800; 5:VMc3ioiC9CCpxpzv8M8wuZimUNje8S/b4zxS/6VrubVKM5o4vAS/+43IVrLgxXXFAbAjNBBpYQfbBbFBqc8HWBZd98pHt/GpIYv6HstrrkxaCh9jPhVjw94ak/5t0qoJJlwzSVZ2rkcGMyAyf4RgJA==; 24:iNsC4ICmm4PB+9vBqioqqO7tuVH8yLhgmTlvVKVCEcIFnDuzyaw8RTMfJjLgZR4osDKOMq1oYfwmhzOsdHNnbcAd635zGCx6GFgUjlOtXUE=
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2016 21:25:23.0703 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR05MB800
Archived-At: <http://mailarchive.ietf.org/arch/msg/bess/xCdsEOMpLiJ6lhZGfgjVPjdPvmo>
X-Mailman-Approved-At: Thu, 25 Feb 2016 14:24:31 -0800
Cc: draft-ietf-bess-mvpn-extranet@ietf.org, "'John G. Scudder'" <jgs@juniper.net>, aretana@cisco.com, bess-chairs@ietf.org, martin.vigoureux@alcatel-lucent.com, bess@ietf.org
Subject: Re: [bess] Benoit Claise's Discuss on draft-ietf-bess-mvpn-extranet-04: (with DISCUSS and COMMENT)
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2016 21:25:53 -0000

On 2/24/2016 6:14 PM, joel jaeggli wrote:
> Providing
> operational advice isn't in scope? Section 1.3 goes into detail to the
> point where it is hard to parse the application of route  distinguishers.
Anyone who understands the normative references will know what a Route 
Distinguisher is and what a VRF is.  The fundamental part of 
provisioning any RFC4364 VPN is to create the VRFs, and to provision 
each VRF with Route Distinguishers.

Section 1.3 states that, for the purposes of MVPN, two VRFs MUST NOT be 
configured with the same RD.

It further states that if the "extranet separation" feature is not 
required, every VRF MUST be configured with a single RD.  If the feature 
is required, every VRF MUST be configured with two RDs, one called the 
"default RD" and one called the "extranet RD".

In other words, that entire section specifies requirements that must be 
met by whatever process is used to provision the MVPN extranet. It also 
specifies reasons why these requirements are in place by mentioning some 
of the situations in which the protocols presuppose that these 
provisioning requirements are met.

I don't see what's missing.  I find it puzzling that a section whose 
whole purpose is to clarify the provisioning requirements (and the 
dependencies of the protocols on those requirements) would be held up as 
an example of how there are no operational considerations.

It's true that the section is more focused on providing a precise 
description of the provisioning requirements than on providing a 
tutorial or guide or "advice".  But the former is within the scope of 
the document and the latter is not.  After all, the purpose of this 
document is to specify the protocols and procedures that need to be 
implemented.  The purpose is not to define a service model or 
provisioning system.

> extranets are by the nature set up by two independent entities. one
> presumes both mutual cooridnation, and design efforts required to avoid
> collisions.
Extranet involves two VPNs, but the provisioning of the extranet is 
generally done by the single service provider that is providing both of 
those VPNs.  Thus the provisioning of an extranet generally does not 
require coordination between two independent entities.

It is possible that two independent providers will coordinate to provide 
an extranet, but it is also possible that two independent providers will 
coordinate to provide a single VPN, if that single VPN has sites 
attached to both providers.

For this reason, RFC4364 defines the Route Targets in such a way as to 
enable service providers to allocate globally unique Route Targets.   
The need for uniqueness of the Route Targets is not specific to extranet 
or to multicast, and is covered in the normative references.

> the concerns in 2.3.2
>
>     Section 3 of this document describes a procedure known as "extranet
>     separation".  When extranet separation is used, the ambiguity of
>     Section 2.1 is prevented.  However, the ambiguity of Section 2.2 is
>     not prevented by extranet separation.  Therefore, the use of extranet
>     separation is not a sufficient condition for avoiding the procedures
>     referenced in Section 2.3.1.  Extranet separation is, however,
>     implied by the policies discussed in this section (Section 2.3.2).
>
> so being prescriptive with respect to how these may be operated seems
> like it would be helpful.
The draft goes into excruciating detail about how to avoid address 
ambiguity when moving data between two VPNs that have overlapping 
address spaces.  It specifies a protocol-based mechanism ("discard from 
the wrong tunnel") allows you to determine which of two streams is the 
one you want, even if both streams use the same IP addresses.  It also 
specifies policies, for assigning multicast flows to tunnels, that can 
be used to avoid address ambiguity.

Again, I don't see what is lacking.
> Note that there is no requirement to have a separate "operational
> considerations" section.
> nor would that I think be necessary to address the concern.
>
Perhaps someone could explain to me exactly what is necessary to address 
the concern.

v2.23.0 | Report a Bug | By Email