[Idr] recap my questions and issues raised during IDR Thurs session for draft-ietf-idr-tunnel-encaps-11
Linda Dunbar <linda.dunbar@huawei.com> Thu, 28 March 2019 13:52 UTC
Return-Path: <linda.dunbar@huawei.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 997DC120466; Thu, 28 Mar 2019 06:52:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Br4Mx5U3KZCK; Thu, 28 Mar 2019 06:52:29 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 871781204A9; Thu, 28 Mar 2019 06:52:28 -0700 (PDT)
Received: from LHREML714-CAH.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id ACC80959650798395EC6; Thu, 28 Mar 2019 13:52:26 +0000 (GMT)
Received: from SJCEML702-CHM.china.huawei.com (10.208.112.38) by LHREML714-CAH.china.huawei.com (10.201.108.37) with Microsoft SMTP Server (TLS) id 14.3.408.0; Thu, 28 Mar 2019 13:52:25 +0000
Received: from SJCEML521-MBS.china.huawei.com ([169.254.2.5]) by SJCEML702-CHM.china.huawei.com ([169.254.4.253]) with mapi id 14.03.0439.000; Thu, 28 Mar 2019 06:52:21 -0700
From: Linda Dunbar <linda.dunbar@huawei.com>
To: idr wg <idr@ietf.org>, "draft-ietf-idr-tunnel-encaps@ietf.org" <draft-ietf-idr-tunnel-encaps@ietf.org>
Thread-Topic: recap my questions and issues raised during IDR Thurs session for draft-ietf-idr-tunnel-encaps-11
Thread-Index: AdTla1nnHU6FSbZ4QO2XZvQIoIn6YA==
Date: Thu, 28 Mar 2019 13:52:20 +0000
Message-ID: <4A95BA014132FF49AE685FAB4B9F17F66B33E1CA@sjceml521-mbs.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.220.70.227]
Content-Type: multipart/related; boundary="_004_4A95BA014132FF49AE685FAB4B9F17F66B33E1CAsjceml521mbschi_"; type="multipart/alternative"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/DFj4eZO5S9lboysWIn5GygDyRv8>
Subject: [Idr] recap my questions and issues raised during IDR Thurs session for draft-ietf-idr-tunnel-encaps-11
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2019 13:52:41 -0000
Just want to reiterate my questions and issues I raised during IDR Thurs session for draft-ietf-idr-tunnel-encaps-11, to make it easier for the authors to address them in the next revision (I have sent the questions multiple times on the IDR mailing list, but no one responded): 1. When a client route can egress multiple egress ports (each with different IP addresses), does the Tunnel-Encap allow multiple "Remote-endpoint" SubTLV to be attached one UPDATE? 2. Section 3.1 Page 10: The last paragraph states that if "Remote-Endpoint sub-TLV contains address is valid but not reachable, and the containing TLV is NOT be malformed ..". Why a address not reachable is considered as "Not Malformed"? 3. In RFC5512, the BGP speaker indicates the originating Interface address in the NLRI (section 3): [cid:image001.png@01D4E575.D3039A30] draft-ietf-idr-tunnel-encaps-11 no longer has the BGP speaker originating the update. Is it intended? If Yes, does it mean that it allows a third party (which could be malicious entity) to inject routes on behalf of a legitimate router (but RFC5512 doesn't)? Why add this scenario? How to address the security threats introduced? If it is a conscious decision, should have some text to explain why and how to mitigate the security threats introduced. Thanks, Linda Dunbar
- [Idr] recap my questions and issues raised during… Linda Dunbar
- Re: [Idr] recap my questions and issues raised du… Keyur Patel