IETF Logo Mail Archive

[Idr] soliciting feedback for draft-dunbar-idr-sdwan-port-safi, which specifies a new NLRI for SDWAN edge to advertise its WAN ports properties

Linda Dunbar <linda.dunbar@futurewei.com> Thu, 27 June 2019 23:34 UTC

Return-Path: <linda.dunbar@futurewei.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 422A312004E for <idr@ietfa.amsl.com>; Thu, 27 Jun 2019 16:34:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zEt8bBqHMP09 for <idr@ietfa.amsl.com>; Thu, 27 Jun 2019 16:34:23 -0700 (PDT)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-eopbgr760129.outbound.protection.outlook.com [40.107.76.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73E5312003F for <idr@ietf.org>; Thu, 27 Jun 2019 16:34:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=L09ar/lRUkgR23yUIpTSchrMe4VyqLCjjG791li1Y3Y=; b=F9YvNPuGnkljK+ShIJsEhtHHy+jbW4sIB6gra9PwUuw+KIHJ1m2zr6ZKjyKE3mzE0gE2WqqDzn0LX0dzz9i4d6FAhSN82YFUB8yeU467cwyvvX3CmgsVfCuiRLBsn3uyAPDZnDILNmiB1w/9xJN71RjaY4s5uoJaUiIP7Vs5MmI=
Received: from MN2PR13MB3582.namprd13.prod.outlook.com (10.255.238.139) by MN2PR13MB3312.namprd13.prod.outlook.com (10.255.86.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.9; Thu, 27 Jun 2019 23:34:20 +0000
Received: from MN2PR13MB3582.namprd13.prod.outlook.com ([fe80::a8cd:e9ef:5219:67ea]) by MN2PR13MB3582.namprd13.prod.outlook.com ([fe80::a8cd:e9ef:5219:67ea%6]) with mapi id 15.20.2032.012; Thu, 27 Jun 2019 23:34:20 +0000
From: Linda Dunbar <linda.dunbar@futurewei.com>
To: "idr@ietf.org" <idr@ietf.org>
Thread-Topic: soliciting feedback for draft-dunbar-idr-sdwan-port-safi, which specifies a new NLRI for SDWAN edge to advertise its WAN ports properties
Thread-Index: AdUtPjQZBxvBfPhSTlipZ74SwoimTQ==
Date: Thu, 27 Jun 2019 23:34:20 +0000
Message-ID: <MN2PR13MB35827C9D8B4F6E09577D7A7185FD0@MN2PR13MB3582.namprd13.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=linda.dunbar@futurewei.com;
x-originating-ip: [12.111.81.80]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4438c574-0758-4d7e-c683-08d6fb57fa94
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MN2PR13MB3312;
x-ms-traffictypediagnostic: MN2PR13MB3312:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <MN2PR13MB331207393ACD1476BBA5F49085FD0@MN2PR13MB3312.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 008184426E
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(346002)(366004)(136003)(396003)(376002)(39850400004)(189003)(199004)(2351001)(7736002)(33656002)(74316002)(2906002)(81156014)(8676002)(8936002)(81166006)(1730700003)(68736007)(86362001)(26005)(6506007)(102836004)(186003)(52536014)(316002)(5660300002)(478600001)(66476007)(64756008)(66446008)(66556008)(66946007)(73956011)(25786009)(66574012)(76116006)(66066001)(7696005)(790700001)(6116002)(3846002)(6916009)(71200400001)(71190400001)(54896002)(2501003)(6436002)(236005)(5640700003)(5024004)(99286004)(14444005)(476003)(966005)(9686003)(6306002)(606006)(55016002)(256004)(44832011)(4743002)(14454004)(53936002)(486006); DIR:OUT; SFP:1102; SCL:1; SRVR:MN2PR13MB3312; H:MN2PR13MB3582.namprd13.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: futurewei.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: mXd+vQHfiBCr1Gu1BJC6GWIzMB7uyk1jHj2tPANLPSG8NaR9CgHIq13VdZ9tEU6C5bqUh+fZ+Y5rD1hDlM1gqZA04a1pY5aoUuEngTMIbJXxfwnfI4EzIIo/KWtzCrPNurm7VzVJOE6I5vSiJipzPZ17hIekm1OGfEz/cF2twBJiZ2xFqQBtyJPBA2t7ZsW6Zj83mm6VYERoixiB3Dyy8nFl/ePYZRoa/Du1lgMVb6pRdPhoKmb9KWFmjWUkbhBd5cIk8pGRwlueP4bsi8haMzV+F1dTHojOxGCtzZUir5nD+EvWCFx9BUMaVwdvzT1sL5FVkI8zZWLHNMhGjP5Stt25p76kbTIZ7BLp9Uzd9WrMNg8eQPl8TxW6XQAwEzHyNaXvCAP2yb3M4fRWWR9JCK6zUIlMerUBsv2zBl7d/RI=
Content-Type: multipart/alternative; boundary="_000_MN2PR13MB35827C9D8B4F6E09577D7A7185FD0MN2PR13MB3582namp_"
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4438c574-0758-4d7e-c683-08d6fb57fa94
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jun 2019 23:34:20.2935 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ldunbar@futurewei.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR13MB3312
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/mQn7SGwyuwsg1FIfShN-E2ZQ95M>
Subject: [Idr] soliciting feedback for draft-dunbar-idr-sdwan-port-safi, which specifies a new NLRI for SDWAN edge to advertise its WAN ports properties
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jun 2019 23:34:26 -0000

IDR Experts:

We would love to hear your feedback, criticism, or suggestion for https://datatracker.ietf.org/doc/draft-dunbar-idr-sdwan-port-safi/

The document specifies a new BGP NLRI and SAFI for advertising WAN ports properties of a SDWAN edge node. SDWAN edge node's WAN ports may face untrusted networks, such as the public internet, may get assigned IP addresses from the Internet Service Providers (ISPs), may get assigned dynamic IP addresses via DHCP, or may have private addresses (e.g. inside third party Cloud DCs). Packets forwarded through those SDWAN WAN ports might need to be encrypted (depending on the user policies) or need to go through NAT. SDWAN edge nodes need to propagate those WAN ports properties to the peers who are authorized to communicate across different types of underlay networks including the untrusted networks.

Many people have suggested using the SAFI/NLRI used by draft-ietf-idr-tunnel-encaps-12. Here is why Tunnel-Encap is not enough:


  *   Tunnel-Encap draft describes how to construct a BGP UPDATE messages that advertise endpoints' tunnel encapsulation capability and the respective attached client routes, so that the receivers of the BGP UPDATE can establish appropriate tunnels with the endpoints for the client routes. Tunnel-encap has a "Remote endpoint subTLV" for controller to advertise a node's encapsulation capabilities.   The receivers of the Tunnel UPDATE would construct the encapsulation header with the Outer Destination Address equal to the address carried in the "Remote Endpoint sub-TLV".
  *   The Tunnel-Encap draft doesn't cover the SDWAN Edge WAN ports properties advertisement propagation, especially over untrusted networks.
  *   The addresses advertised by Tunnel-Encap UPDATE are the addresses of client routes reachable via the advertised encapsulation headers. The Address Family for the WAN ports of SDWAN Edge is totally different address family. The goal is to register the WAN port properties to its respective controller. Therefore, it is cleaner, less processing on receivers for implementation, and less error prone to have a different NLRI for WAN ports properties registration than re-using client route NLRI.

Greatly appreciate feedback and criticisms.

Thank you
Linda

v2.23.0 | Report a Bug | By Email