Re: [bess] Queries and comments on draft-ietf-bess-bgp-sdwan-usage
"Dikshit, Saumya" <saumya.dikshit@hpe.com> Thu, 04 April 2024 03:32 UTC
Return-Path: <saumya.dikshit@hpe.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31D4EC14CF1C; Wed, 3 Apr 2024 20:32:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.172
X-Spam-Level:
X-Spam-Status: No, score=-7.172 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.08, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hpe.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aCZkCOhITJSm; Wed, 3 Apr 2024 20:32:11 -0700 (PDT)
Received: from mx0b-002e3701.pphosted.com (mx0b-002e3701.pphosted.com [148.163.143.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2028C14CF1B; Wed, 3 Apr 2024 20:32:10 -0700 (PDT)
Received: from pps.filterd (m0150244.ppops.net [127.0.0.1]) by mx0b-002e3701.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 4341kPLf002829; Thu, 4 Apr 2024 03:32:06 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=pps0720; bh=guV51m+OezD9FPFbNvO0Fcn28x4qb7tA9h9wHgry03s=; b=aP9pFE0y4s+W5g4twwTVAdeskfHP30J40bWehgwuiGNs9zqJCEl0GB+t8X7n8Uzk4kQ7 fEZMGAzCDzY1NS0foHeF+6dTmcsEBMDx50btdLTgGyqjFetXOmWkhJkpG7zSk6d2Y7Bv 5o/ixtAxSaq86QPMCfe57CenmcWEnOrijeBHs7l4JxOrcMlsOnKDK7q3NyalrjDzzNlH 3AOX64laqrowRH6ixOdTgh/6Wof8XTnwg8A9sRGFU1/GDMpApaVweV+KajwnLXE5Vy2v hn9PNykkEPaex03Uhdqykmo8TDIdtpfs6k5FUGrHwWrkIvvCPpWhVViQZOKCeKxtQObG 8Q==
Received: from p1lg14881.it.hpe.com ([16.230.97.202]) by mx0b-002e3701.pphosted.com (PPS) with ESMTPS id 3x9em6t7p9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 04 Apr 2024 03:32:05 +0000
Received: from p1wg14925.americas.hpqcorp.net (unknown [10.119.18.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by p1lg14881.it.hpe.com (Postfix) with ESMTPS id A448D8059C9; Thu, 4 Apr 2024 03:32:04 +0000 (UTC)
Received: from p1wg14927.americas.hpqcorp.net (10.119.18.117) by p1wg14925.americas.hpqcorp.net (10.119.18.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.42; Wed, 3 Apr 2024 15:31:07 -1200
Received: from p1wg14924.americas.hpqcorp.net (10.119.18.113) by p1wg14927.americas.hpqcorp.net (10.119.18.117) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.42; Wed, 3 Apr 2024 15:31:06 -1200
Received: from p1wg14919.americas.hpqcorp.net (16.230.19.122) by p1wg14924.americas.hpqcorp.net (10.119.18.113) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.42 via Frontend Transport; Wed, 3 Apr 2024 15:31:06 -1200
Received: from NAM04-BN8-obe.outbound.protection.outlook.com (192.58.206.35) by edge.it.hpe.com (16.230.19.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.42; Wed, 3 Apr 2024 15:31:05 -1200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Aq0tMUYbXid8AFUiIk3JMnnAt/4qDEaHT1TpkbDJaDmOChRa1Xv2tXyuTG4RaLTHh+Fm8baUhNRt93QT1K0S/aejXFagDj3Efy3zb7VV1FCE50SVY1Sl8LJb5ZzS63TAFbE6ZsD8hANf5tJaRZsFmeE4DQs69qG4ltcaMoU9eJ8r7hcnQ2dYfN3/epMvsdsb+lBZPIcbmRa21XJXUGP6VmmtB3YD40WRnCveEbqI0lJUnkYngimsyu0GB4rEHeixxe7MkagoMAQakWRxczwFuWUo4IBWFWmta0znQgI6GAwIJ+yrQxCUCNd+qRCPbQJg7QPqzqETt0Xau93Zyv5nig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=oov4i++2S2ufJdKYofcoY2Rfwfp6UoNBBfB6mX0he5o=; b=JeFI69OHUHGR4MFxkAAeRFoT/NxGIrtQ152GIqzC76umkG8hrL/4k7q4EO7yJm8/2b4re7D4X3xRnsHgPb2Ws7Bj6goriTH0Vazj+gV3YQqLZrLMEoLToSfmYMLgsOlLt8GiCQqPN//vC1w76YGpmr0Jc1bHZefwku6A/Hwfj+bCP/LZEfT1S8o9NR2uoVIraB31qeqKhiN0nKBVmOc6ozn8DWCg8+2npUSbuaZXqwKJXATMfnYwX+Ty36G3+ETHLFpS3gIwweGqVsOn86m4YTrnVy0qfSucG8ULq4ysUhWq4YFewmFpjkpjEhl0xKwHUiAU34EkKLWmZxELq6pQeg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=hpe.com; dmarc=pass action=none header.from=hpe.com; dkim=pass header.d=hpe.com; arc=none
Received: from SJ0PR84MB2110.NAMPRD84.PROD.OUTLOOK.COM (2603:10b6:a03:435::16) by PH7PR84MB1440.NAMPRD84.PROD.OUTLOOK.COM (2603:10b6:510:153::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7452.25; Thu, 4 Apr 2024 03:31:03 +0000
Received: from SJ0PR84MB2110.NAMPRD84.PROD.OUTLOOK.COM ([fe80::1886:d59f:a929:8023]) by SJ0PR84MB2110.NAMPRD84.PROD.OUTLOOK.COM ([fe80::1886:d59f:a929:8023%3]) with mapi id 15.20.7452.019; Thu, 4 Apr 2024 03:31:03 +0000
From: "Dikshit, Saumya" <saumya.dikshit@hpe.com>
To: Linda Dunbar <linda.dunbar@futurewei.com>, "sajassi@gmail.com" <sajassi@gmail.com>, John E Drake <jdrake@juniper.net>, "basil.najem@bell.ca" <basil.najem@bell.ca>
CC: "bess-chairs@ietf.org" <bess-chairs@ietf.org>, "bess@ietf.org" <bess@ietf.org>
Thread-Topic: Queries and comments on draft-ietf-bess-bgp-sdwan-usage
Thread-Index: Adpvds7qlOURR1WrQ2uKNB+cBD1VTAAbB7TgAC9DwPAAKaCjQAU+aGZg
Date: Thu, 04 Apr 2024 03:31:02 +0000
Message-ID: <SJ0PR84MB21100FE61CFD61F860CD4689943C2@SJ0PR84MB2110.NAMPRD84.PROD.OUTLOOK.COM>
References: <SJ0PR84MB2110B2F233F98D6408B975E794212@SJ0PR84MB2110.NAMPRD84.PROD.OUTLOOK.COM> <CO1PR13MB49204D1956E2C6C4FC8ABCE585212@CO1PR13MB4920.namprd13.prod.outlook.com> <SJ0PR84MB21105C6EFB4EB5C6C2CD5A3194272@SJ0PR84MB2110.NAMPRD84.PROD.OUTLOOK.COM> <SJ0PR84MB21105BD7332DFB24023149B294272@SJ0PR84MB2110.NAMPRD84.PROD.OUTLOOK.COM>
In-Reply-To: <SJ0PR84MB21105BD7332DFB24023149B294272@SJ0PR84MB2110.NAMPRD84.PROD.OUTLOOK.COM>
Accept-Language: en-IN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR84MB2110:EE_|PH7PR84MB1440:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: gcHgvozeAs4q8SphMAUjYoRTL3dWj3ckITzTSIStI7C+MDEN7BY7RUDYH9ljR7+HZ9Te3HoGWCC7fwwEKcJdzpy/M0LcOYu+bHb/hj9YI8CMB8XU+s/4OBLY6Ci7N+Ewp1r0YLmjWYsU4kcYsZY8abY1XyQZcxo5wI0yYKiLnSl+PHHo4g/5z+To+DCPW0M/1vsL3KNg6XJayETmRowf9qA7lM0cksWhiWjvr4ZRrYnULK2EvlD+8Xe/vW8UMpPf9BryEBgCg92Rw4sayqKM3qfxyLxlFttPaIIvikKgAiD3AXtAJsmYTjVGgCRlYgWbom+kc610+X8H/VJhM2pKNnrl0q6P/tgH3pusVsTeew+mnbdDrM7A/Mgd8u+QVf7UDcuybfscD8hhpjCz2KJ/Jic29YU+M37+JXRNph9VJi4CJtd/vNeDssRx2jERAyoB8BP6up7TYxhpMM+1GUnOaElESMHMoBVbRtg9oyixbdWw+VWRrr5H2RKTxNckmbqdVxV/R7ODCDeGQsEfXn9BSkH7SiTPVWyoclzlroa5YxGT/9NV6uGVIUpONsrnMYuTxuk7VRezflBSJX9tIJ7UU9fYuenXnfB5qGMVZtj6j/g=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR84MB2110.NAMPRD84.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(376005)(1800799015)(366007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 2nPWbj0EA+5uOPfVREJ4futtOjGEo+8XFl8MV6b85ycXBeCFSfbax2jP9NmNX//vPLvYAVkQxP0w2Cx25C3XvLds9WGOn+v1ZAayns5GpIDqZTI84LfKNAH4LH/nG9aQze2aMjd2hRMlPWtLKooiBgPbuhsyCS7dI0O98fJk/cus3P4wzQndwx8EaOqo1QYti87EjTdqCKdC4LD5NiN052oYlgnbhku6wrF9zHI/dpa6DZnQaOSX8LyylqXiFeRHYIqXYLoWX/rR33wUul1/nyCUmV0d8Uwsmkm8Q+CT9Okogkm7rUEcuC5qDugQ6UGn/HhbjPlLnAZSQz5KkouHZvN7SQ6DpJ4HJnlF9i9i06NFxSjRUBD7zi7cC4+/6qafjDGxP6wT1hjrO4Q2xV9Rn+d6v1Xc3XcrsvK7e1AKm64JiAdW+LfH9EgcjoP05O5fQU2EgKux8hVwYns3SDWPSrO6A2c+mQ+WUpbvTU4qSorFO+x3eUO/skmm7iM3+kpB3CysRJT/ZM+oKJhVwEkt3YrxoXWOd1TBNl11nroThQljaERq0I3HiWT2P63oZw/QvFhuygSHLZS7TLO+IxUJYQlDI7+qfLPi9kp8S0vuBZyMkcG9fRD3A+CulUKw2ermrLr5cofQJq4eLoTlME6bb6UmfTVzbErjOWpJdlqYMve5MGaVgHxcYsGf1DlxAkZvj/mn8F/UjHMRENlK9NcY49d3u0kwHHxbWnsLCHuAU/FUeobmdeQ9BF5kHrHgx1EheBXDctF+G+UnqKHsKX4eDML5tPhqmmyrhrS3pr6UNVNg5MjNBJ0C2FjLJDamz5HDcTsqOQM1w9Nxx1w0c3qF3GKTAu/9djNzhQUzSouuKjlJcRD1v39+kZNn+LwVxOrwMQXvjta/wguGkj6c747EhcnIW3fHts70+rrcnUmSwoGvFOlD2qEt74HTPux47awwwclVcLBAdUy+w2mvTz7H2K0SNHJtHXRC9++gDHOPFPHWJrnCa3qROJrMXQyyPViI15/CBsdO9ob9X/vr1zj8pKXvpomz8FlNOawjxgyGNlrsLzqRqQP1u9TdBk2Zr19/HKtWDBA4iizrH5wV8C/bAh0GN+OC/zuoU9yc5VCZRsXZSp2gK59dhNIu+mAnw3dvJg9osqcwuk0rDsBOx96mDqf2waBC0IhQbNVwCspwt4m7o9kXMSHWot7AzEwfZaAuW1AtUwCN26avr/A2BnR4Nc/f6XDcXwookDK5DW4cKVBBZ2ezlTgl3g6L2hkTt+Ti6UNujiUZKwXeMr444vEBZ30iLfBd+A/nncJYjFHipDvuihx1k+Mb2WE3EzunrIFu1Gy5DClLSjRdXGeDOQNZn+1Xs9usF3faHD+APPqewemkBVuwgYGG+Ee8CzWj9dTTXRoFXFXj/M8QfPpvvolq31/FAtAfEQIlbZLOe7iX1SjCYPXMU6enbMhnCLNJc0O4aPvIg+IXEeMBD+/KSCcbFEzObn8LnBsUfIvxWjqgdaGqgNOFEnRWsqAsxgrkjSziPhUs9FuykkRDDCQt0xT5u29ScQ6CU4qPtR3wGjBpecdSY9FxZlWAJV8yOLOBmqf0
Content-Type: multipart/alternative; boundary="_000_SJ0PR84MB21100FE61CFD61F860CD4689943C2SJ0PR84MB2110NAMP_"
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR84MB2110.NAMPRD84.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 49a3d8df-1678-4d2e-e897-08dc5457a77f
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Apr 2024 03:31:02.8804 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 105b2061-b669-4b31-92ac-24d304d195dc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 6sikWKgOknVoK+sVVqnKHoXiTfH9REco+4DVer3RZjAaMCOg0o3YMtDgNkph61oBDZnpC6xQTZdXDZVMcTSY2w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR84MB1440
X-OriginatorOrg: hpe.com
X-Proofpoint-ORIG-GUID: xwrbeb1nB9Zw_9G2SjV7dqYTJ2hSEcSb
X-Proofpoint-GUID: xwrbeb1nB9Zw_9G2SjV7dqYTJ2hSEcSb
X-Proofpoint-UnRewURL: 20 URL's were un-rewritten
MIME-Version: 1.0
X-HPE-SCL: -1
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-04-03_26,2024-04-03_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 mlxlogscore=999 phishscore=0 adultscore=0 malwarescore=0 suspectscore=0 priorityscore=1501 mlxscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2404010000 definitions=main-2404040022
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/zFKY-8KrJzLMufQvXSCnNlsZ3hc>
Subject: Re: [bess] Queries and comments on draft-ietf-bess-bgp-sdwan-usage
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2024 03:32:16 -0000
Hi Linda, If any of the below comments were addressed in the latest version of the draft. Regards, Saumya. From: Dikshit, Saumya Sent: Friday, March 8, 2024 4:22 PM To: Linda Dunbar <linda.dunbar@futurewei.com>; sajassi@gmail.com; John E Drake <jdrake@juniper.net>; basil.najem@bell.ca Cc: bess-chairs@ietf.org; bess@ietf.org Subject: RE: Queries and comments on draft-ietf-bess-bgp-sdwan-usage [Resending the email] Hi Linda, Thank you for responding. Please see in-line with tag [SD]. Regards. Saumya. From: Linda Dunbar [mailto:linda.dunbar@futurewei.com] Sent: Thursday, March 7, 2024 1:52 AM To: Dikshit, Saumya <saumya.dikshit@hpe.com<mailto:saumya.dikshit@hpe.com>>; sajassi@gmail.com<mailto:sajassi@gmail.com>; John E Drake <jdrake@juniper.net<mailto:jdrake@juniper.net>>; basil.najem@bell.ca<mailto:basil.najem@bell.ca> Cc: bess-chairs@ietf.org<mailto:bess-chairs@ietf.org>; bess@ietf.org<mailto:bess@ietf.org> Subject: RE: Queries and comments on draft-ietf-bess-bgp-sdwan-usage Saumya, Thank you very much for reviewing the document and providing the comments. Please see the detailed resolutions to your comments below. Linda From: Dikshit, Saumya Sent: Sunday, March 3, 2024 5:14 PM To: Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>>; sajassi@gmail.com<mailto:sajassi@gmail.com>; John E Drake <jdrake@juniper.net<mailto:jdrake@juniper.net>>; basil.najem@bell.ca<mailto:basil.najem@bell.ca> Cc: bess-chairs@ietf.org<mailto:bess-chairs@ietf.org>; bess@ietf.org<mailto:bess@ietf.org> Subject: Queries and comments on draft-ietf-bess-bgp-sdwan-usage-20 Hello Authors of draft-ietf-bess-bgp-sdwan-usage, I have following comments/queries: >>> https://datatracker.ietf.org/doc/html/draft-ietf-bess-bgp-sdwan-usage-20#section-1<https://datatracker.ietf.org/doc/html/draft-ietf-bess-bgp-sdwan-usage-20#section-1>: "over one or more underlay connectivity services by recognizing applications and determining forwarding" [SD] "Underlay" is being very generic ? it can be hierarchy of overlays on top of which "real security overlay is provisioned between the SD0WAN end points". I think it should be changed. [Linda] some underlay paths are provider VPN, some underlay paths are unsecure network. Over unsecure networks, IPsec tunnel needs to be established. It is out of the scope of this document to analyze the underlay details. Details of the various underlay can be found in the reference MEF70.1. [SD] I agree with you that this is not the right placeholder for analyzing underlay paths. My intention was to analyze them in detail in perspective of SD-WAN and qualify them as secure/unsecure as that's the core motive of this literature. >>> https://datatracker.ietf.org/doc/html/draft-ietf-bess-bgp-sdwan-usage-20#section-3.1.1<https://datatracker.ietf.org/doc/html/draft-ietf-bess-bgp-sdwan-usage-20#section-3.1.1> "As SD-WAN is an overlay network arching over multiple types of networks, MPLS L2VPN[RFC4761][RFC4762<https://datatracker.ietf.org/doc/html/rfc4762>]/L3VPN[RFC4364][RFC4659<https://datatracker.ietf.org/doc/html/rfc4659>] or pure L2 underlay can continue using the VPN ID (Virtual Private Network Identifier), VN-ID (Virtual Network Identifier), or VLAN (Virtual LAN) in the data plane to differentiate packets belonging to different SD-WAN VPNs. [SD] Why only native MPLS VPNs. EVPN based MPLS or over Vxlan fabric can also be extended over IPSec, or underlying MPLS underlay. [Linda] Yes, they can all go over IPsec tunnel, that is the Scenario #1 (Section 3.2). However IPsec requires extensive processing, that is why the draft has Scenario #2. [SD] Can we add an explicit reference to EVPN as well in this section. >>> https://datatracker.ietf.org/doc/html/draft-ietf-bess-bgp-sdwan-usage-20#section-3.1.3<https://datatracker.ietf.org/doc/html/draft-ietf-bess-bgp-sdwan-usage-20#section-3.1.3> [SD] The section should explicitly mention, "dynamically provisioned policies based on evolving security threats and service provisioning" and also "dynamic segmentation" [Linda] What is the Dynamic Segmentation? Can you provide some wording to use? [SD] * Dynamic segmentation is another term for unified role based access and policies for clients in typical campus/enterprise network. * "Dynamically provisioned policies" is different than "dynamic segmentation". The idea is to leveraging RR to dynamically update/precolate the policies to SD-WAN end-points, by reacting to new security updates (fabric management inputs) without bringing down the BGP sessions. The dynamic inferences are out of scope of this document. This can be some analytics tool or Policy manager sitting behind the RR and doing the needful. An extension to what WAN optimization can in the data path. >>> https://datatracker.ietf.org/doc/html/draft-ietf-bess-bgp-sdwan-usage-20#section-3.1.5<https://datatracker.ietf.org/doc/html/draft-ietf-bess-bgp-sdwan-usage-20#section-3.1.5>: "Each edge node informs the Route-Reflector (RR) [RFC4456<https://datatracker.ietf.org/doc/html/rfc4456>] on its interested SD-WAN VPNs. The RR only propagates the BGP UPDATE from an edge to others within the same SD-WAN VPN." [SD] Route-Reflector should be generalized to include Route-Servers in a over-the-WAN deployment of network fabrics. This may involve BGP instances deployments in different ASs (eBGP) [Linda] The wording has been changed to per AD review and comments: "Route-Reflector (RR) [RFC4456], as an integral part of the SD-WAN controller, has the policy governing communication among peers. The RR only propagates the BGP UPDATE from an edge to others within the same SD-WAN VPN." [SD] * Not sure if (inter-AS on SD-WAN end points) cases were overlooked, as RFC4456 is specific to ibgp deployments. * Whereas sites/branches/fabrics can be provisioned disparately with different AS across geographies. * Propagation/relaying of NLRIs by RR is an integral part of optimizing the Control plane optimization in intra-AS BGP deployments to avoid full mesh via hub-spoke modelling. o This is generalized via Route Server Concept, which can do the needful for inter-AS route relaying between two SD-WAN end points. >>> https://datatracker.ietf.org/doc/html/draft-ietf-bess-bgp-sdwan-usage-20#section-3.1<https://datatracker.ietf.org/doc/html/draft-ietf-bess-bgp-sdwan-usage-20#section-3.1> [SD] there is not requirement "scope for optimization of client routes at the WAN Gateway in the control plane" as the CE device can be lowly scaled w.r.t to FIB/RIB tables and performance/convergence of control plane. This one is not specific to dataplane/traffic optimization [Linda] Interesting. Can you elaborate more? Is it related to using BGP as control plane for SD-WAN? [SD] Yes, this is specific to BGP control plane when SD-WAN device is leveraged as site/fabric/branch border. It can be a handoff point between EVPN and L3VPN solutions with same or different underlying fabrics (MPLS all the way or Vxlan + MPLS). In either case, ot can be achieved via route filtering, default routes for vrf stretch and vlan stretch in the tenant space. >>> https://datatracker.ietf.org/doc/html/draft-ietf-bess-bgp-sdwan-usage-20#section-4.1<https://datatracker.ietf.org/doc/html/draft-ietf-bess-bgp-sdwan-usage-20#section-4.1> : Client Service Provisioning Model [SD] Aggregation/Summarization of routes is an integral part of client provisioning [Linda] Yes. Add your suggested wording. [SD] The client prefixes which are not overlapping between sites/fabric/branches; aggregation and summarization techniques can help scale down the number of NLRIs exchanged in BGP UPDATE messages. >>> https://datatracker.ietf.org/doc/html/draft-ietf-bess-bgp-sdwan-usage-20#section-5.1<https://datatracker.ietf.org/doc/html/draft-ietf-bess-bgp-sdwan-usage-20#section-5.1>: Why BGP as Control Plane for SD-WAN? [SD] One organic reason is that BPG is a tcp based protocol and hence can easily align with TLS based security. [Linda] Very good point, add your suggested wording. [SD] BGP is a TCP transport protocol, and as TLS (Transport Layer Security) was design to work on top of resilient and reliable transport; TCP is a naturalized choice for the same. Hence BGP can leverage TLS as a security wrapper for sessions between RR and SD-WAN devices. Regards, Saumya.
- Re: [bess] Queries and comments on draft-ietf-bes… Dikshit, Saumya
- Re: [bess] Queries and comments on draft-ietf-bes… Linda Dunbar
- Re: [bess] Queries and comments on draft-ietf-bes… Dikshit, Saumya
- Re: [bess] Queries and comments on draft-ietf-bes… Dikshit, Saumya
- Re: [bess] Queries and comments on draft-ietf-bes… Dikshit, Saumya
- Re: [bess] Queries and comments on draft-ietf-bes… Dikshit, Saumya
- Re: [bess] Queries and comments on draft-ietf-bes… Linda Dunbar