[I2nsf] IPSec attributes that can be controlled by SDN controller ( was RE: Slides for Wednesday's meeting
Linda Dunbar <linda.dunbar@huawei.com> Wed, 06 September 2017 14:30 UTC
Return-Path: <linda.dunbar@huawei.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78B7A132C2B for <i2nsf@ietfa.amsl.com>; Wed, 6 Sep 2017 07:30:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O0J4hLz-Nk-w for <i2nsf@ietfa.amsl.com>; Wed, 6 Sep 2017 07:30:21 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F2AD132A8E for <i2nsf@ietf.org>; Wed, 6 Sep 2017 07:30:20 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml706-cah.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DOA27920; Wed, 06 Sep 2017 14:30:18 +0000 (GMT)
Received: from SJCEML701-CHM.china.huawei.com (10.208.112.40) by lhreml706-cah.china.huawei.com (10.201.108.47) with Microsoft SMTP Server (TLS) id 14.3.301.0; Wed, 6 Sep 2017 15:30:17 +0100
Received: from SJCEML702-CHM.china.huawei.com ([169.254.4.148]) by SJCEML701-CHM.china.huawei.com ([169.254.3.191]) with mapi id 14.03.0301.000; Wed, 6 Sep 2017 07:30:11 -0700
From: Linda Dunbar <linda.dunbar@huawei.com>
To: Tero Kivinen <kivinen@iki.fi>, Yoav Nir <ynir.ietf@gmail.com>
CC: Paul Wouters <paul@nohats.ca>, Gabriel Lopez <gabilm@um.es>, Rafa Marin-Lopez <rafa@um.es>, "i2nsf@ietf.org" <i2nsf@ietf.org>
Thread-Topic: IPSec attributes that can be controlled by SDN controller ( was RE: Slides for Wednesday's meeting
Thread-Index: AdMnHJ7yhqisTG+QQseTE5uvjGx7lQ==
Date: Wed, 06 Sep 2017 14:30:10 +0000
Message-ID: <4A95BA014132FF49AE685FAB4B9F17F65946F337@SJCEML702-CHM.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.47.89.77]
Content-Type: multipart/alternative; boundary="_000_4A95BA014132FF49AE685FAB4B9F17F65946F337SJCEML702CHMchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020202.59B0067B.0022, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.4.148, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 592e51c14daf56512107f08d4e11672f
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/QekbfBtn4QY0xTog8lpVW3z_Q9I>
Subject: [I2nsf] IPSec attributes that can be controlled by SDN controller ( was RE: Slides for Wednesday's meeting
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Sep 2017 14:30:24 -0000
Tero,
At IETF 99 Friday breakfast, we discussed the draft-abad-i2nsf-sdn-ipsec-flow-protection-03, you stated:
- It is OK for external controller to manage SPD, PAD distribution, and manage IKE distribution, but
- It is a problem for external controller to manage SAD (Security Association Distribution) because both end points of one IPsec tunnel need to maintain the same SAD. During reboot, controller might lose track of the SAD on either end points.
My question: who can manage the SAD (Security Association Distribution) if two devices are not collocated?
Linda
-----Original Message-----
From: Tero Kivinen [mailto:kivinen@iki.fi]
Sent: Tuesday, September 05, 2017 7:38 AM
To: Yoav Nir <ynir.ietf@gmail.com>
Cc: Paul Wouters <paul@nohats.ca>; Gabriel Lopez <gabilm@um.es>; Rafa Marin-Lopez <rafa@um.es>; Linda Dunbar <linda.dunbar@huawei.com>
Subject: Slides for Wednesday's meeting
Yoav Nir writes:
> If you'd like to present some slides at Wednesday's meeting, please
> send them to us. PDF, PPT, PPTX, KEY, or ODP are all acceptable, but
> all will be converted to PDF. We will present using Webex, but some
> participants may have low bandwidth and prefer to download the slides.
>
> They will be posted to the meeting material page:
> https://datatracker.ietf.org/meeting/interim-2017-i2nsf-01/session/i2n
> sf
I quickly wrote something, but as I have been quite busy after I got back from eclipse [1] trip, I did not have too much time to prepare for the presentation, so I hope this what I managed to create is enough. On the other hand I think there was only 5 minutes for me, so ...
- [I2nsf] IPSec attributes that can be controlled b… Linda Dunbar