Re: [Idr] Questions to draft-hujun-idr-bgp-ipsec-transport-mode-00.txt

Linda Dunbar <linda.dunbar@futurewei.com> Sun, 17 November 2019 12:52 UTC

Return-Path: <linda.dunbar@futurewei.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FE181200F9 for <idr@ietfa.amsl.com>; Sun, 17 Nov 2019 04:52:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dz85wpfFjNnP for <idr@ietfa.amsl.com>; Sun, 17 Nov 2019 04:52:25 -0800 (PST)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on0709.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe45::709]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 897521200CD for <idr@ietf.org>; Sun, 17 Nov 2019 04:52:25 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LSxeSnDG2yzQ1pOxTeIe/t+6oLuWYYRRZ+317Wi+j9hW95lZDs6OhzD+BMIBXP7SW65wUKs/mUb0FxnKbiImej7ihAHtlP/Oo+BOkEjzZLMWcffRPY8mUiIphvlryPHdkXGjTFvjf4E880RwoiRXVSHHqpWSgglSpDAqqlBHFdyYj2pvzl4ShXbu9z4YFL4ZjHeo94u091hLGT3o8QBQClwCHixa/JfnsHhLw0Up37ANjWwJ8D2Aah7WqKEemgMSvHAFnR7ONy13g1DnudWQPxqKWYAqJtzzGHn0xuOUARpJBKb9+S5LS2oWUVAuDHk1MgP0GzkEwWhJc4UrG3y9Ag==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1X3ZPb3UFxGsAM0Nbb4a51IAFb7ArMED+1IQqO3bZGY=; b=CEjG1t5Bqj/JZnwlqzbx+eOp6K1rBm1vuqGhMbdvHWZcS4J+9uMGaec6a82OaE25sF0EBoGswj0i11kS3sCdveapwjcvWyynfzDiRhqIEyk9UYaUsVGbCNRWzlIGdWKU7BrFvqts18HRnJy2w1KEd+bXxuKMnQHp9ENC/xuo5kd4g389JiiZRaITvh8dzPJHOX3JFNpdN9sretOC9MjQr4hUPka4iZ6ccZJ5xyE0p42Il8PbaqTa9u17/Pzx2Acogdd6g68pHlpMMLVQ4on6oAmil4+ADg4eLpU2jPsn4zykNjssBx5kFEv8HQme0D7up2GgtXTvtWHM12o6D4ueYw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1X3ZPb3UFxGsAM0Nbb4a51IAFb7ArMED+1IQqO3bZGY=; b=OsUIX0Wy+cNGdERbz7YFhOP76dNDEmiwdItTKRZHvKhQ9ZsISghfsxd6u2OaZn4K5ag+fqr0X6qM03ZZFwTW5hk5NXyHOD2SvGw+3H2lDN7LZAl0rPl57eF4NwbG7+20QKtubcAqYax9KxhyTXRYWcYUWIzOWDjG2mfd+SSaw6Q=
Received: from BN8PR13MB2628.namprd13.prod.outlook.com (20.178.219.10) by BN8PR13MB2897.namprd13.prod.outlook.com (20.178.220.161) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.10; Sun, 17 Nov 2019 12:52:21 +0000
Received: from BN8PR13MB2628.namprd13.prod.outlook.com ([fe80::a89e:acd9:3ed9:998d]) by BN8PR13MB2628.namprd13.prod.outlook.com ([fe80::a89e:acd9:3ed9:998d%6]) with mapi id 15.20.2474.012; Sun, 17 Nov 2019 12:52:21 +0000
From: Linda Dunbar <linda.dunbar@futurewei.com>
To: Linda Dunbar <linda.dunbar@futurewei.com>, "Hu, Jun (Nokia - US/Mountain View)" <jun.hu@nokia.com>, "idr@ietf.org" <idr@ietf.org>
CC: 'Paul Wouters' <paul@nohats.ca>, 'Benjamin Kaduk' <kaduk@mit.edu>, Susan Hares <shares@ndzh.com>
Thread-Topic: [Idr] Questions to draft-hujun-idr-bgp-ipsec-transport-mode-00.txt
Thread-Index: AQHVnUXZgCeybJ267UWEFeTc21+GZg==
Date: Sun, 17 Nov 2019 12:52:20 +0000
Message-ID: <BN8PR13MB26280D084B8C786505DCA0EF85720@BN8PR13MB2628.namprd13.prod.outlook.com>
References: <BN8PR13MB26282ECD078CCDC78208E15385720@BN8PR13MB2628.namprd13.prod.outlook.com>
In-Reply-To: <BN8PR13MB26282ECD078CCDC78208E15385720@BN8PR13MB2628.namprd13.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=linda.dunbar@futurewei.com;
x-originating-ip: [31.133.157.149]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7704e9a2-8435-4dae-1dd0-08d76b5cfc6e
x-ms-traffictypediagnostic: BN8PR13MB2897:|BN8PR13MB2897:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <BN8PR13MB289764B8F25B992FE3744A7985720@BN8PR13MB2897.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-forefront-prvs: 02243C58C6
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(346002)(376002)(39840400004)(136003)(396003)(13464003)(199004)(189003)(76176011)(99286004)(6436002)(66574012)(8676002)(52536014)(30864003)(81156014)(45080400002)(966005)(81166006)(5660300002)(2501003)(2940100002)(66066001)(4326008)(6506007)(66476007)(76116006)(33656002)(6116002)(66556008)(14454004)(3846002)(66946007)(26005)(66446008)(296002)(316002)(102836004)(8936002)(110136005)(54906003)(186003)(86362001)(7736002)(6246003)(4001150100001)(25786009)(229853002)(64756008)(446003)(74316002)(11346002)(305945005)(6306002)(2906002)(7696005)(9686003)(486006)(55016002)(476003)(14444005)(5024004)(256004)(44832011)(71190400001)(71200400001)(478600001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN8PR13MB2897; H:BN8PR13MB2628.namprd13.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: futurewei.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 5nvlPFxkUJObhj9U1QKf05XaJYTNYqEy5rcyOU+z5ePzkUhdz3A5DP4Y/OFgiPGE9zex/Esv2YjMa5D9MLTZVC0vKrBmWyozEsLEHXGNUSPk7obiQO/GcGSeGLtukFGW2HT/Ke+bFq4kxHQz8yfKGp7U7LvjHMpdZ/5y5sBbV6/blbALxWjgr9VhhtWo6eCSbwP4AQ37b2qRK9dfDBHTsvihQ/hr/oqeL2yiDCPmDwXGxlFsBd1frkISQkSBJVF+Vpy2FguAMaSE2HKbMU4FclQFCSx6IExJrD5UfesaZ64gIrWGYIeiMTVHy8J6qhUs+oy3aO8Ur6XyVLObpHMO830oMK2cKtyxiAZabpkSqFzMW9tKaxtgolb83SoFYGztEBCYM7eFMIQDAfptqF9Hd61hQuz99H7vM6lTUV14lktahFfj6/J+AGQt28cekyM7
Content-Type: multipart/alternative; boundary="_000_BN8PR13MB26280D084B8C786505DCA0EF85720BN8PR13MB2628namp_"
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7704e9a2-8435-4dae-1dd0-08d76b5cfc6e
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Nov 2019 12:52:21.0863 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Z7mfdiXJppN3R4RHMOQvVSzl+pAsVWxDPsKuNkuf04624/QI83y/ToWt9fYbSD7bN3N2BeWGkymVkeHeoYLb/w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR13MB2897
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/7X7ILRug8RFLUPZwxNlaNCJ_PKE>
Subject: Re: [Idr] Questions to draft-hujun-idr-bgp-ipsec-transport-mode-00.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Nov 2019 12:52:28 -0000

Jun,

In addition, if the network has 4 routers, R1, R2, R3 and R4. Does the Update from R1 include all the <Local- Remote> pairs in each single UPDATE?

i.e. when R1 sends out the UPDATE for the Subnet A attached to R1, the UPDATE from R1 has to include
        Local subnet A <-> remote subnet B on R2
      Local subnet A <-> remote subnet D on R3
      Local subnet A <-> remote subnet F on R4


Is it correct? If there are 100 nodes in the network, the UPDATE message has to include 100 pairs?

Linda

-----Original Message-----
From: Idr <idr-bounces@ietf.org> On Behalf Of Linda Dunbar
Sent: Sunday, November 17, 2019 8:32 PM
To: Hu, Jun (Nokia - US/Mountain View) <jun.hu@nokia.com>om>; idr@ietf.org
Cc: 'Paul Wouters' <paul@nohats.ca>ca>; 'Benjamin Kaduk' <kaduk@mit.edu>du>; Susan Hares <shares@ndzh.com>
Subject: [Idr] Questions to draft-hujun-idr-bgp-ipsec-transport-mode-00.txt

Jun,

I have some questions on your draft:

Figure 4: does R1 use Subnet A in NLRI? And have Tunnel-Encap with more detailed description on SubnetA<->SubnetB  & SubnetA<->Subnet C?

How does R1 need to know that Subnet A and Subnet B needs to communicate ahead of time?

Linda


-----Original Message-----
From: Idr <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>> On Behalf Of Hu, Jun (Nokia - US/Mountain View)
Sent: Friday, October 11, 2019 6:46 AM
To: idr@ietf.org<mailto:idr@ietf.org>
Cc: 'Paul Wouters' <paul@nohats.ca<mailto:paul@nohats.ca>>; 'Benjamin Kaduk' <kaduk@mit.edu<mailto:kaduk@mit.edu>>; Susan Hares <shares@ndzh.com<mailto:shares@ndzh.com>>
Subject: [Idr] FW: New Version Notification for draft-hujun-idr-bgp-ipsec-transport-mode-00.txt

Hi,
Here is a new draft for using BGP to provision IPsec transport mode protected tunnel config; this draft is in companion with draft-hujun-idr-bgp-ipsec-01 (Ipsec tunnel mode) to provide a complete solution of using BGP provision IPsec config.

Review and comment will be appreciated.

-----Original Message-----
From: internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>>
Sent: Thursday, October 10, 2019 3:41 PM
To: Hu, Jun (Nokia - US/Mountain View) <jun.hu@nokia.com<mailto:jun.hu@nokia.com>>; Hu, Jun (Nokia - US/Mountain View) <jun.hu@nokia.com<mailto:jun.hu@nokia.com>>
Subject: New Version Notification for draft-hujun-idr-bgp-ipsec-transport-mode-00.txt


A new version of I-D, draft-hujun-idr-bgp-ipsec-transport-mode-00.txt
has been successfully submitted by Hu Jun and posted to the IETF repository.

Name:           draft-hujun-idr-bgp-ipsec-transport-mode
Revision:       00
Title:          BGP Provisioned IPsec Transport Mode Protected Tunnel Configuration
Document date:  2019-10-10
Group:          Individual Submission
Pages:          7
URL:            https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Finternet-drafts%2Fdraft-hujun-idr-bgp-ipsec-transport-mode-00.txt&amp;data=02%7C01%7Clinda.dunbar%40futurewei.com%7Cdb93469d32784754e52008d76b5a3300%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637095907488703369&amp;sdata=L%2Bq8Gmm6svj7vUgwQqWCHqx6ex2MefKRN1U58vFwJ%2Fg%3D&amp;reserved=0
Status:         https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-hujun-idr-bgp-ipsec-transport-mode%2F&amp;data=02%7C01%7Clinda.dunbar%40futurewei.com%7Cdb93469d32784754e52008d76b5a3300%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637095907488703369&amp;sdata=fdGi7esvdmdejiZQ6s1ZjAauLjdtzETi4BXAC8664Ss%3D&amp;reserved=0
Htmlized:       https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-hujun-idr-bgp-ipsec-transport-mode-00&amp;data=02%7C01%7Clinda.dunbar%40futurewei.com%7Cdb93469d32784754e52008d76b5a3300%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637095907488703369&amp;sdata=5GCI9uiTuLRbdNSvjT48mpbe1IxTWT8sXPm6qzkRaIE%3D&amp;reserved=0
Htmlized:       https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-hujun-idr-bgp-ipsec-transport-mode&amp;data=02%7C01%7Clinda.dunbar%40futurewei.com%7Cdb93469d32784754e52008d76b5a3300%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637095907488713364&amp;sdata=G3azT0TBfD9NmSvJ%2B%2BBaNCA70SFMM%2BEqrvX2IjTIef8%3D&amp;reserved=0


Abstract:
   This document defines a method of using BGP to advertise IPsec
   transport mode protected tunnel (like GRE tunnel with IPsec transport
   mode protection) configuration along with NLRI, based on
   [I-D.ietf-idr-tunnel-encaps] and [I-D.hujun-idr-bgp-ipsec].




Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fidr&amp;data=02%7C01%7Clinda.dunbar%40futurewei.com%7Cdb93469d32784754e52008d76b5a3300%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637095907488713364&amp;sdata=5lz3DyKGqJb2asfcfarFXUtZptUy1XpsnAMsv6Rycic%3D&amp;reserved=0

_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fidr&amp;data=02%7C01%7Clinda.dunbar%40futurewei.com%7Cdb93469d32784754e52008d76b5a3300%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637095907488713364&amp;sdata=5lz3DyKGqJb2asfcfarFXUtZptUy1XpsnAMsv6Rycic%3D&amp;reserved=0