[I2nsf] Policy distributed by the controller
Linda Dunbar <linda.dunbar@huawei.com> Fri, 18 January 2019 22:53 UTC
Return-Path: <linda.dunbar@huawei.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B58713144C; Fri, 18 Jan 2019 14:53:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c9anM_N3456d; Fri, 18 Jan 2019 14:52:59 -0800 (PST)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4367E12872C; Fri, 18 Jan 2019 14:52:59 -0800 (PST)
Received: from lhreml705-cah.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 7A4399868BFAED8D6288; Fri, 18 Jan 2019 22:52:56 +0000 (GMT)
Received: from SJCEML703-CHM.china.huawei.com (10.208.112.39) by lhreml705-cah.china.huawei.com (10.201.108.46) with Microsoft SMTP Server (TLS) id 14.3.408.0; Fri, 18 Jan 2019 22:52:56 +0000
Received: from SJCEML521-MBS.china.huawei.com ([169.254.2.237]) by SJCEML703-CHM.china.huawei.com ([169.254.5.133]) with mapi id 14.03.0415.000; Fri, 18 Jan 2019 14:52:51 -0800
From: Linda Dunbar <linda.dunbar@huawei.com>
To: "draft-carrel-ipsecme-controller-ike@ietf.org" <draft-carrel-ipsecme-controller-ike@ietf.org>, "David Carrel (carrel)" <carrel@cisco.com>, "Brian Weis (bew)" <bew@cisco.com>
CC: "i2nsf@ietf.org" <i2nsf@ietf.org>, "ipsec@ietf.org WG" <ipsec@ietf.org>
Thread-Topic: Policy distributed by the controller
Thread-Index: AdSveXpiKSjwHSmpRJuy2uzBIUTadA==
Date: Fri, 18 Jan 2019 22:52:50 +0000
Message-ID: <4A95BA014132FF49AE685FAB4B9F17F66B24D4A1@sjceml521-mbs.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.192.11.80]
Content-Type: multipart/alternative; boundary="_000_4A95BA014132FF49AE685FAB4B9F17F66B24D4A1sjceml521mbschi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/KSw1a0__FwKDb_4JOvE3WHSuwKc>
Subject: [I2nsf] Policy distributed by the controller
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jan 2019 22:53:02 -0000
Dave and Brian, The first sentence of the Section 6 of draft-carrel-ipsecme-controller-ike-00 states that IPsec device distributes to a controller the associated policy to create IPsec. In a SD-WAN deployment with Controller Managed IPsec, i.e. all SD-WAN edges being controlled by the Controller (which includes the "IPsec Configuration Server"), can we eliminate the step for Devices to "choose the correct policy" and to distribute DIM? Basically eliminate the step of requiring SD-WAN edges to distribute the IKEv2 payloads of [ID, [N(INITIAL_CONTACT),] KE, Ni]? Thanks, Linda Dunbar
- [I2nsf] Policy distributed by the controller Linda Dunbar