Re: [Idr] Questions to draft-hujun-idr-bgp-ipsec-01

"Hu, Jun (Nokia - US/Mountain View)" <jun.hu@nokia.com> Mon, 18 November 2019 15:50 UTC

Return-Path: <jun.hu@nokia.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7CB112093D for <idr@ietfa.amsl.com>; Mon, 18 Nov 2019 07:50:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l68RMSSJXpnF for <idr@ietfa.amsl.com>; Mon, 18 Nov 2019 07:50:37 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60121.outbound.protection.outlook.com [40.107.6.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFD351200CD for <idr@ietf.org>; Mon, 18 Nov 2019 07:50:36 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FK7xIjWSMU+443Th+mluMbu5/m4p+KTd+zP17ifAfeve2jre7GmWZ5DjS+yesoBchA8KxSe0JSJF3+2+6FNPq8hMb2DEg9ShiYsj301ecVfJ4mc+rfCaR/mZ/oJvJoq4HNWx/T7/Meicxb+RStxBVVIDpV/K/CL9v9jIy1mhqhis7bYt5WoItUhBk3304R0pNuMcUIe+/h3lHE7zT1Jm7qj3EKM4s0POKp2Cb83PqNBgN6bPM/8qz3bAxp9qB0AUfrZvSAcC/t0oAXXRmyopX/OSvDXlbYgwxaq6xOC5p4BlMSWFsG+PQmi5S01LCkuM5yNWSu07AGYPYwUpWJ0nDQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=goEyF9RM9bPuKiTcLu/hLJIsNLf6NuQpAQ6pEqcbNAc=; b=OJ1SqNd3HILEhjwR2qmaRsLjl21Zu0w3TQ3Dfz6IgUK6SPiFmOe8XvsUkD0bt0wQymgCZ2g/j1apkwyzpTSmpRt266Izpf32hYU2Vg6dgxmt92u380q5BqdLAk0euROwdrJXQAaq0x+26uSHXn4PjcynGMqnO38MQ8moJJH5X1+g8XmE2JuPeL3sYlzSQ6PtYeA2TZm87AnGeRV8pmBxY+OUvr9/DbAqU35+NOUusjU+H7uMrdl4ejykW1HI1cM4GSs+j3OWsw36NrdQyQvdVisyFFuYx/22/HULuVx5Qho+TM2bOkkdRUEF1wCIh2XcV4R1rrGFJ1Xk7frPc7QTFw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=goEyF9RM9bPuKiTcLu/hLJIsNLf6NuQpAQ6pEqcbNAc=; b=Lk21bi+AIiMrRpUCPbaIlD05wGKh9rNi1UCvt3deYWI0hLb2B9veWvwLy7r25oeAWzC0FMfZ981ng4BbiSO3LosCGsIV0d2VJjTJ2Lss/aWoJoLqxWVBh4VBNTPZFx/ZKzoExh+FfkA475uPYWUSwSVoSxwjHwppqkDQs02N9wk=
Received: from AM5PR0701MB2353.eurprd07.prod.outlook.com (10.169.150.18) by AM5PR0701MB2916.eurprd07.prod.outlook.com (10.168.155.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.13; Mon, 18 Nov 2019 15:50:34 +0000
Received: from AM5PR0701MB2353.eurprd07.prod.outlook.com ([fe80::c00:ee6e:9763:f843]) by AM5PR0701MB2353.eurprd07.prod.outlook.com ([fe80::c00:ee6e:9763:f843%7]) with mapi id 15.20.2474.015; Mon, 18 Nov 2019 15:50:34 +0000
From: "Hu, Jun (Nokia - US/Mountain View)" <jun.hu@nokia.com>
To: Linda Dunbar <linda.dunbar@futurewei.com>, "idr@ietf.org" <idr@ietf.org>
CC: 'Paul Wouters' <paul@nohats.ca>, 'Benjamin Kaduk' <kaduk@mit.edu>, Susan Hares <shares@ndzh.com>
Thread-Topic: [Idr] Questions to draft-hujun-idr-bgp-ipsec-01
Thread-Index: AdWdq4agBSHNADxdRYaohM9zMtNHXQAeskCQ
Date: Mon, 18 Nov 2019 15:50:34 +0000
Message-ID: <AM5PR0701MB2353ECAC55211574BE09AFD9954D0@AM5PR0701MB2353.eurprd07.prod.outlook.com>
References: <BN8PR13MB2628920F76CEC28231169333854D0@BN8PR13MB2628.namprd13.prod.outlook.com>
In-Reply-To: <BN8PR13MB2628920F76CEC28231169333854D0@BN8PR13MB2628.namprd13.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jun.hu@nokia.com;
x-originating-ip: [116.247.127.123]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: d60ad2e8-9b4e-42e2-4878-08d76c3f0c86
x-ms-traffictypediagnostic: AM5PR0701MB2916:
x-ms-exchange-purlcount: 5
x-microsoft-antispam-prvs: <AM5PR0701MB291629ED8355A98E58CDDA47954D0@AM5PR0701MB2916.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0225B0D5BC
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(136003)(39860400002)(396003)(366004)(376002)(189003)(199004)(13464003)(2501003)(316002)(99286004)(446003)(45080400002)(11346002)(8676002)(81166006)(966005)(66066001)(14454004)(186003)(486006)(476003)(71200400001)(6306002)(54896002)(55016002)(33656002)(6436002)(71190400001)(9686003)(236005)(6506007)(478600001)(53546011)(4001150100001)(81156014)(6246003)(76116006)(66446008)(66476007)(4326008)(66946007)(64756008)(66556008)(6116002)(790700001)(102836004)(52536014)(3846002)(606006)(2906002)(7736002)(76176011)(66574012)(5660300002)(110136005)(74316002)(26005)(8936002)(25786009)(5024004)(14444005)(256004)(54906003)(229853002)(7696005)(86362001); DIR:OUT; SFP:1102; SCL:1; SRVR:AM5PR0701MB2916; H:AM5PR0701MB2353.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: QC73hj63Hp34PEzfGF8BR6574Y98NXtTn0vrZ0mLzcmioezsyR+WC/mCKeBZYC27jgvPbB+sble3io2prvKEmDxcRCveyK8irZTRiJcEjdoVHa23g63bgmw7g8AF4/shQNL4Ni8r+1L0R9X0CqnxX6mWwtpZpVUaX4W+9ihniDiq48lf0bs2PEluKLt6+bzfCzHxvHFT7OYouoqEOJZnaDyK3BV7ILTYXG8SasPdyVHesHJK9b+6SkhISz0GLv0mUAt3c2oD1lbD4Y+1kTMz75xYL2zCzdg+S1h92wjnrxwR4ppRKKelr4IP7N1SORu2uv75v/k/niPWp0SwmDrtzVDr6/Luo0ievqy/rEzQReAOSrv7MPVpVXON6YVV8q09ntBHPr4F1Be9sxPe1lbzHlbB6smaEk7Dgz3XGUhb90tts1EEOoJAFugmGNAHe29oZi1hL0RadTyMiOZ+iwMK5hbPtcuDiPkscBcZJJGmlGM=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM5PR0701MB2353ECAC55211574BE09AFD9954D0AM5PR0701MB2353_"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d60ad2e8-9b4e-42e2-4878-08d76c3f0c86
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Nov 2019 15:50:34.4531 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: PqSl8A2eWi+LpCLGYGnpPGZOmWW9pFDxTgL4hpRFfwOjoBmnYv4odSELImPjw13tH9zWx1aBhAwxMm8FDkpIXw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5PR0701MB2916
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/OFNA6uJDIrBp6q2nZ6fHbFsjyUs>
Subject: Re: [Idr] Questions to draft-hujun-idr-bgp-ipsec-01
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Nov 2019 15:50:41 -0000

My comments in line

From: Linda Dunbar <linda.dunbar@futurewei.com>
Sent: Monday, November 18, 2019 9:13 AM
To: Hu, Jun (Nokia - US/Mountain View) <jun.hu@nokia.com>om>; idr@ietf.org
Cc: 'Paul Wouters' <paul@nohats.ca>ca>; 'Benjamin Kaduk' <kaduk@mit.edu>du>; Susan Hares <shares@ndzh.com>
Subject: RE: [Idr] Questions to draft-hujun-idr-bgp-ipsec-01

Jun,
Thank you very much for the answers.  Yes, the questions are to draft-hujun-idr-bgp-ipsec-01.

Here are more questions:

  *   If I want to find the least set of information for a node to propagate for IPsec tunnels to a set of nodes, can I use "Next Hop" field in the MP-NLRI for the Local Tunnel Endpoint? So the Tunnel-Encap Path Attribute doesn't have to include the "Local Tunnel Endpoint Address" subTLV
[Hu Jun] since my draft is just an extension of draft-ietf-idr-tunnel-encaps, so following text in section 3.1 of draft-ietf-idr-tunnel-encaps applies here:

"   There is one special case: the Tunnel Endpoint sub-TLV MAY have a
   value field whose Address Family subfield contains 0.  This means
   that the tunnel's egress endpoint is the UPDATE's BGP next hop.  If
   the Address Family subfield contains 0, the Address subfield is
   omitted, and the Autonomous System number field is set to 0
"

  *   What is the difference between "Private Routing Instance" and "Child SA Traffic" selection? Can they be the same?
[Hu Jun] private routing instance is the same routing instance where NLRI or local/remote prefix sub-TLV belongs to

  *   Can the "Private Routing Instance" be listed as Routes in the MP-NLRI  Path Attribute?
[Hu Jun] private routing instance is not really a route, it is the route target of a MP-NLRI

  *   Under what circumstance that you will need "Public routing instance"?   especially, for a network with set of CPEs in one customer AS running as Overlay and the routing instance is locally significant to the Customer domain.
[Hu Jun] in case where your clear traffic is forwarded in a routing instance different than the encapsulated IPsec traffic is forwarded in; for example, in enterprise VPN use case, the private routing instance could be enterprise's intranet, while encapsulated IPsec packet could be forwarded in public internet

Thank you.

Linda
From: Hu, Jun (Nokia - US/Mountain View) <jun.hu@nokia.com<mailto:jun.hu@nokia.com>>
Sent: Monday, November 18, 2019 8:13 AM
To: Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>>; idr@ietf.org<mailto:idr@ietf.org>
Cc: 'Paul Wouters' <paul@nohats.ca<mailto:paul@nohats.ca>>; 'Benjamin Kaduk' <kaduk@mit.edu<mailto:kaduk@mit.edu>>; Susan Hares <shares@ndzh.com<mailto:shares@ndzh.com>>
Subject: RE: [Idr] Questions to draft-hujun-idr-bgp-ipsec-transport-mode-00.txt

Hi Linda,
I assume your questions are really about draft-hujun-idr-bgp-ipsec-01? since draft-hujun-idr-bgp-ipsec-transport-mode-00 doesn't have figure 4;
"Figure 4: does R1 use Subnet A in NLRI? And have Tunnel-Encap with more detailed description on SubnetA<->SubnetB  & SubnetA<->Subnet C? "
 Yes, R1 will advertise subnet-A in NLRI; not sure I understand your 2nd part of the question, but section 2.1 of draft-hujun-idr-bgp-ipsec-01 defines local/remote prefix sub-TLV (NLRI could be used for local prefix)

"How does R1 need to know that Subnet A and Subnet B needs to communicate ahead of time? "
This depends on use case, in this example, both R1 and R2 belong to same admin domain, so this kind of thing could be planned ahead; in other use case, if the remote prefix is not known or user want same Ipsec config for all remote prefix, then an all-zero prefix could be used in remote prefix sub-TLV


"In addition, if the network has 4 routers, R1, R2, R3 and R4. Does the Update from R1 include all the <Local- Remote> pairs in each single UPDATE?

i.e. when R1 sends out the UPDATE for the Subnet A attached to R1, the UPDATE from R1 has to include
        Local subnet A <-> remote subnet B on R2
Local subnet A <-> remote subnet D on R3
Local subnet A <-> remote subnet F on R4


Is it correct? If there are 100 nodes in the network, the UPDATE message has to include 100 pairs?
"
As explained above, it could be done this way, but not necessary; it really depends on granularity user case needs





From: Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>>
Sent: Sunday, November 17, 2019 8:52 PM
To: Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>>; Hu, Jun (Nokia - US/Mountain View) <jun.hu@nokia.com<mailto:jun.hu@nokia.com>>; idr@ietf.org<mailto:idr@ietf.org>
Cc: 'Paul Wouters' <paul@nohats.ca<mailto:paul@nohats.ca>>; 'Benjamin Kaduk' <kaduk@mit.edu<mailto:kaduk@mit.edu>>; Susan Hares <shares@ndzh.com<mailto:shares@ndzh.com>>
Subject: RE: [Idr] Questions to draft-hujun-idr-bgp-ipsec-transport-mode-00.txt

Jun,

In addition, if the network has 4 routers, R1, R2, R3 and R4. Does the Update from R1 include all the <Local- Remote> pairs in each single UPDATE?

i.e. when R1 sends out the UPDATE for the Subnet A attached to R1, the UPDATE from R1 has to include
        Local subnet A <-> remote subnet B on R2
Local subnet A <-> remote subnet D on R3
Local subnet A <-> remote subnet F on R4


Is it correct? If there are 100 nodes in the network, the UPDATE message has to include 100 pairs?

Linda

-----Original Message-----
From: Idr <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>> On Behalf Of Linda Dunbar
Sent: Sunday, November 17, 2019 8:32 PM
To: Hu, Jun (Nokia - US/Mountain View) <jun.hu@nokia.com<mailto:jun.hu@nokia.com>>; idr@ietf.org<mailto:idr@ietf.org>
Cc: 'Paul Wouters' <paul@nohats.ca<mailto:paul@nohats.ca>>; 'Benjamin Kaduk' <kaduk@mit.edu<mailto:kaduk@mit.edu>>; Susan Hares <shares@ndzh.com<mailto:shares@ndzh.com>>
Subject: [Idr] Questions to draft-hujun-idr-bgp-ipsec-transport-mode-00.txt

Jun,

I have some questions on your draft:

Figure 4: does R1 use Subnet A in NLRI? And have Tunnel-Encap with more detailed description on SubnetA<->SubnetB  & SubnetA<->Subnet C?

How does R1 need to know that Subnet A and Subnet B needs to communicate ahead of time?

Linda


-----Original Message-----
From: Idr <idr-bounces@ietf.org<mailto:idr-bounces@ietf.org>> On Behalf Of Hu, Jun (Nokia - US/Mountain View)
Sent: Friday, October 11, 2019 6:46 AM
To: idr@ietf.org<mailto:idr@ietf.org>
Cc: 'Paul Wouters' <paul@nohats.ca<mailto:paul@nohats.ca>>; 'Benjamin Kaduk' <kaduk@mit.edu<mailto:kaduk@mit.edu>>; Susan Hares <shares@ndzh.com<mailto:shares@ndzh.com>>
Subject: [Idr] FW: New Version Notification for draft-hujun-idr-bgp-ipsec-transport-mode-00.txt

Hi,
Here is a new draft for using BGP to provision IPsec transport mode protected tunnel config; this draft is in companion with draft-hujun-idr-bgp-ipsec-01 (Ipsec tunnel mode) to provide a complete solution of using BGP provision IPsec config.

Review and comment will be appreciated.

-----Original Message-----
From: internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>>
Sent: Thursday, October 10, 2019 3:41 PM
To: Hu, Jun (Nokia - US/Mountain View) <jun.hu@nokia.com<mailto:jun.hu@nokia.com>>; Hu, Jun (Nokia - US/Mountain View) <jun.hu@nokia.com<mailto:jun.hu@nokia.com>>
Subject: New Version Notification for draft-hujun-idr-bgp-ipsec-transport-mode-00.txt


A new version of I-D, draft-hujun-idr-bgp-ipsec-transport-mode-00.txt
has been successfully submitted by Hu Jun and posted to the IETF repository.

Name:           draft-hujun-idr-bgp-ipsec-transport-mode
Revision:       00
Title:          BGP Provisioned IPsec Transport Mode Protected Tunnel Configuration
Document date:  2019-10-10
Group:          Individual Submission
Pages:          7
URL:            https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Finternet-drafts%2Fdraft-hujun-idr-bgp-ipsec-transport-mode-00.txt&amp;data=02%7C01%7Clinda.dunbar%40futurewei.com%7Cdb93469d32784754e52008d76b5a3300%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637095907488703369&amp;sdata=L%2Bq8Gmm6svj7vUgwQqWCHqx6ex2MefKRN1U58vFwJ%2Fg%3D&amp;reserved=0<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Finternet-drafts%2Fdraft-hujun-idr-bgp-ipsec-transport-mode-00.txt&data=02%7C01%7Clinda.dunbar%40futurewei.com%7C4bd1f219e66a4162ea8108d76bbc11c9%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637096327822610357&sdata=eOAU9X%2FzfcMoahs%2FotSsufznlK5uN%2FfnurGcGc7aVcg%3D&reserved=0>
Status:         https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-hujun-idr-bgp-ipsec-transport-mode%2F&amp;data=02%7C01%7Clinda.dunbar%40futurewei.com%7Cdb93469d32784754e52008d76b5a3300%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637095907488703369&amp;sdata=fdGi7esvdmdejiZQ6s1ZjAauLjdtzETi4BXAC8664Ss%3D&amp;reserved=0<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-hujun-idr-bgp-ipsec-transport-mode%2F&data=02%7C01%7Clinda.dunbar%40futurewei.com%7C4bd1f219e66a4162ea8108d76bbc11c9%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637096327822610357&sdata=Q%2B7xt%2B2fKBKCUEogNk4FRCprASbiasTwo8UPoJaE6%2FA%3D&reserved=0>
Htmlized:       https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-hujun-idr-bgp-ipsec-transport-mode-00&amp;data=02%7C01%7Clinda.dunbar%40futurewei.com%7Cdb93469d32784754e52008d76b5a3300%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637095907488703369&amp;sdata=5GCI9uiTuLRbdNSvjT48mpbe1IxTWT8sXPm6qzkRaIE%3D&amp;reserved=0<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-hujun-idr-bgp-ipsec-transport-mode-00&data=02%7C01%7Clinda.dunbar%40futurewei.com%7C4bd1f219e66a4162ea8108d76bbc11c9%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637096327822620352&sdata=9jeVZbLjEcC1gVDv5yxTAd9Ygi4ao9hi5GT2zeaAqco%3D&reserved=0>
Htmlized:       https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-hujun-idr-bgp-ipsec-transport-mode&amp;data=02%7C01%7Clinda.dunbar%40futurewei.com%7Cdb93469d32784754e52008d76b5a3300%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637095907488713364&amp;sdata=G3azT0TBfD9NmSvJ%2B%2BBaNCA70SFMM%2BEqrvX2IjTIef8%3D&amp;reserved=0<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-hujun-idr-bgp-ipsec-transport-mode&data=02%7C01%7Clinda.dunbar%40futurewei.com%7C4bd1f219e66a4162ea8108d76bbc11c9%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637096327822620352&sdata=Ngxrm2VPjxe%2FuFVjOmmfyb%2BO1m6wfrAktnXqZE8vtp8%3D&reserved=0>


Abstract:
   This document defines a method of using BGP to advertise IPsec
   transport mode protected tunnel (like GRE tunnel with IPsec transport
   mode protection) configuration along with NLRI, based on
   [I-D.ietf-idr-tunnel-encaps] and [I-D.hujun-idr-bgp-ipsec].




Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fidr&amp;data=02%7C01%7Clinda.dunbar%40futurewei.com%7Cdb93469d32784754e52008d76b5a3300%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637095907488713364&amp;sdata=5lz3DyKGqJb2asfcfarFXUtZptUy1XpsnAMsv6Rycic%3D&amp;reserved=0<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fidr&data=02%7C01%7Clinda.dunbar%40futurewei.com%7C4bd1f219e66a4162ea8108d76bbc11c9%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637096327822630345&sdata=15nN9cU3KVLHUlU1OtYTBuiowhTuAIDyrohCrCQJgRs%3D&reserved=0>

_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fidr&amp;data=02%7C01%7Clinda.dunbar%40futurewei.com%7Cdb93469d32784754e52008d76b5a3300%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637095907488713364&amp;sdata=5lz3DyKGqJb2asfcfarFXUtZptUy1XpsnAMsv6Rycic%3D&amp;reserved=0<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fidr&data=02%7C01%7Clinda.dunbar%40futurewei.com%7C4bd1f219e66a4162ea8108d76bbc11c9%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637096327822630345&sdata=15nN9cU3KVLHUlU1OtYTBuiowhTuAIDyrohCrCQJgRs%3D&reserved=0>