[Idr] Using BGP signaling to achieve IPsec Tunnel configuration

Robert Raszuk <robert@raszuk.net> Tue, 02 April 2019 08:37 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D84B12009A for <idr@ietfa.amsl.com>; Tue, 2 Apr 2019 01:37:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MV_KhlSxGeHP for <idr@ietfa.amsl.com>; Tue, 2 Apr 2019 01:37:14 -0700 (PDT)
Received: from mail-qt1-x835.google.com (mail-qt1-x835.google.com [IPv6:2607:f8b0:4864:20::835]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDBE8120094 for <idr@ietf.org>; Tue, 2 Apr 2019 01:37:13 -0700 (PDT)
Received: by mail-qt1-x835.google.com with SMTP id h39so14273119qte.2 for <idr@ietf.org>; Tue, 02 Apr 2019 01:37:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:from:date:message-id:subject:to; bh=kESPVGgTt5LUWbhucrUQImModemHPLcTrUc68YBqsqU=; b=Z5+CnoXo47eJjPA2cMDC9i2J579rhX63YtAbTLy4zNnIva9WdfkpRpxedcPdEv8xyK O4KrjvADquAoHvIXEDI4QoDjt4wT9gsRT7rE37j01E29K9R0aODkHMkJjquCFzqsbtHk 1v8GczlJtloIu5Q7CBvKBcb4kE2YH9bBvhNa83YudrSGNmc/pD1IYwDpRgA2K7owMz1p iB7TvNwqaV6ByuYa5kdliYYkv3rj30Z/B/loJapDjmLCUJEQW2vdUCqAHLhp+nClvpFh 22K+vZ2JY64dUCbWrHutO9bAVOng5QXcXOU4eI3zW7r26VhAE/wSwmFb0IE/ny9SSIda pDxw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=kESPVGgTt5LUWbhucrUQImModemHPLcTrUc68YBqsqU=; b=eYfBfkwE8wkhKlsRrLjOnoYG1nWbAzD1ep+Y+5gg0VXrehjYJzL3UMsT4oQ4VFY6YQ 4IXeAnJ+ibmhAMW41bBNXJ4izVfO/nJcxno4agg4UeFcEjZP+/Nbt4uh8tSHJO1zTeVp AASLBteGMb1rIkKuuWwrNj22JGKted3aq4ifjmRcKYPSSZhdHI1yvruydKIpeQ3Mt4Fu eQ+Bp4pNwoNfhWK6lG/BOpyfyV7o8Rlv4WWNfrVZN/nUtRTFUFjBCnFp5vUmetuo1M/H kiPjbBae/byPkx/sVQRQZHUA1CbJphUz6wdTJlBiM6I2MZOcFDNQ1tH8p9kMH15XRjMi lsKg==
X-Gm-Message-State: APjAAAWCzuGVGW06KYvS2Slcq+RKbClj6bBcf7XlYJ2qTHNAnAvmFlgX t3KBuVYo644yaJElCHhOg9JCh7NTDqaDjoVclVodXKoK+w4=
X-Google-Smtp-Source: APXvYqwu7bnJRy4wzMwJUVoL9xxJbsogUXSvl5Y+iAT+htggsUvNEZBINl1lsxOKX42+OZQeBussfE3fVjsK0JbM4fs=
X-Received: by 2002:ac8:1638:: with SMTP id p53mr55433426qtj.257.1554194232629; Tue, 02 Apr 2019 01:37:12 -0700 (PDT)
MIME-Version: 1.0
From: Robert Raszuk <robert@raszuk.net>
Date: Tue, 2 Apr 2019 10:37:02 +0200
Message-ID: <CAOj+MMG9zM0iXNja00vOxgs_yirf_spABRJT++Cxwio+y15F8w@mail.gmail.com>
To: "idr@ietf. org" <idr@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000025f5240585880b0b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/1uyP_FEEVyOm1YZFHWthtHsWjtk>
Subject: [Idr] Using BGP signaling to achieve IPsec Tunnel configuration
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2019 08:37:17 -0000

/* resending to IDR due to bounce */

Hi Frank,

This draft does not talk about distributing any security related
parameters. Maybe the name is a bit confusing as for some it means to be
IPSec related.

We have discussed the draft in Prague and agreed to also extend it with
other types of secure encap.

I have not discussed it with other authors but perhaps a much proper name
and clearly less controversial would be:
*draft-hujun-idr-encrypted-transport-autodiscovery* or
*draft-hujun-idr-eta* (for
short) or something along those lines to reflect what this work is really
about and how it differs from other proposals.

Thx,
R.

On Tue, Apr 2, 2019 at 3:52 AM Xialiang (Frank, Network Standard & Patent
Dept) <frank.xialiang@huawei.com> wrote:

> Hi Jun,
>
> My personal view is no matter which use cases (SDN-based or BGP-based) you
> are for, the basic goal is to configure/distribute the IPSec parameters
> between the associated peers, for next step IKEv2 session negotiation. That
> is why all these related drafts should be aligned in certain way.
>
>
>
> B.R.
>
> Frank
>