Re: [Idr] Issue 1: IPSEC related drafts

Paul Wouters <paul@nohats.ca> Tue, 11 June 2019 20:07 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F1FB1200B7; Tue, 11 Jun 2019 13:07:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qeJWLEWmkk_j; Tue, 11 Jun 2019 13:07:06 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00CD9120059; Tue, 11 Jun 2019 13:07:05 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 45NgyH1zfKzDnV; Tue, 11 Jun 2019 22:07:03 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1560283623; bh=V1ADI/I6yADNxqYL7E1bFGFDXhF3sSEd4YOCFvGdUwA=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=XgE5LO58TljpzreXuOzzeGib5Wf6kn6gqRQHjIp9RJF9AG7KcrD+G8QqAKKzppkGj 9rNM4Fn5zP1qvSKJToGWcId0S3fAwCXT67R6Ci+fde96h2MYPsxiiPhxjy9NU+U0zQ X4ONM6ZipjQ9jArXte5ZdmPpIgCedMT0ils772co=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id ebkEKPebI01L; Tue, 11 Jun 2019 22:07:01 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Tue, 11 Jun 2019 22:07:00 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 8851A4A46E2; Tue, 11 Jun 2019 16:06:59 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 8851A4A46E2
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 7AFBA44D99CA; Tue, 11 Jun 2019 16:06:59 -0400 (EDT)
Date: Tue, 11 Jun 2019 16:06:59 -0400 (EDT)
From: Paul Wouters <paul@nohats.ca>
To: "Hu, Jun (Nokia - US/Mountain View)" <jun.hu@nokia.com>
cc: Linda Dunbar <ldunbar@futurewei.com>, Susan Hares <shares@ndzh.com>, "idr@ietf.org" <idr@ietf.org>, "bess@ietf.org" <bess@ietf.org>, Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <AM5PR0701MB235391CF7F5DD5688DCE22A895ED0@AM5PR0701MB2353.eurprd07.prod.outlook.com>
Message-ID: <alpine.LRH.2.21.1906111605060.23168@bofh.nohats.ca>
References: <01a001d51fc0$b02c41d0$1084c570$@ndzh.com> <MN2PR13MB3582C79ACE494B5E3EF572B5A9130@MN2PR13MB3582.namprd13.prod.outlook.com> <AM5PR0701MB235391CF7F5DD5688DCE22A895ED0@AM5PR0701MB2353.eurprd07.prod.outlook.com>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-7; format=flowed
Content-Transfer-Encoding: 8BIT
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/QKPmJP1AZ8a-Z7m3xJhl19THWUk>
Subject: Re: [Idr] Issue 1: IPSEC related drafts
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jun 2019 20:07:08 -0000

On Tue, 11 Jun 2019, Hu, Jun (Nokia - US/Mountain View) wrote:

I'll be at IETF105, so as long as there is no conflict I can attend a
meeting, whether WG or side meeting. I'll have to read up on some of
these documents though to ensure I understand the items for discussion.

Paul

> From: Idr <idr-bounces@ietf.org> On Behalf Of Susan Hares
> Sent: Monday, June 10, 2019 2:14 PM
> To: idr@ietf.org; bess@ietf.org
> Subject: [Idr] Issue 1: IPSEC related drafts
> 
>  
> 
> Greetings:
> 
>  
> 
> At IETF 104, we consider BGP VPNs supporting asking for TLVS in draft-ietf-idr-tunnel-encaps.    After hearing all the discussion, the BESS, IDR and
> I2RS WG chairs discussed what to do with the following
> 
>  
> 
> Drafts considered:
>
>  *  draft-sajassi-bess-secure-evpn-01.txt,
>  *  draft-hujun-idr-bgp-ipsec-00.txt,
>  *  draft-dunbar-idr-sdwan-port-safi-01.txt
> 
> relating drafts/ Supporting drafts:
>
>  *  draft-carrell-ipsecme-controller-ike-00.txt
>  *  draft-ietf-i2nsf-sdn-ipsec-flow-protection-04.txt
>  *  draft-ietf-idr-tunnel-encaps-12.txt
> 
> Basic topologies:
> 
>                        Ipsec tunnels  
> 
>      [rtrA] -------------------- [rtrB]
> 
>          |     \                           /      | 
> 
>          |       \ -- RR1 -------/     | ipsec tunnels
> 
>          |    / -----| |------\         |
> 
>      [rtrC]------------------- [rtrD]
> 
>  
> 
>  
> 
> The decision is that
>
>  *  TLVs mechanisms for new TLVS related draft-ietf-idr-tunnel-encaps should be moved to drafts with just the mechanisms. 
>      +  All three mechanisms could be included in the TLVs or portions.
>      +  The use case and the SA mechanisms can stay in BESS or IDR (depending on what is appropriate).
>  *  The RTG Chairs are not experts on Security associations, so that we will try to schedule a unique session at IETF 105 where security experts can
>     help the RTG chairs (BESS, IDR) review the Security association mechanisms. 
>      +  We’d love to have the second co-chair of I2NSF (Yoav NIR) and someone from IPSECME.
>      +  We’ll invite IPSEC experts.
>      +  We encourage the authors of the 3 drafts to attend this session in IETF 105 and present their security-association mechanisms.
>  *  The NLRI/SAFI in draft-dunbar-idr-sdwan-port-safi is unique and can be requested as IDR or ISE draft.
> 
> This email has two request:
>
>  *  WG or authors please send any questions to Susan Hares,
>  *  The IDR WG is encouraged to discuss requirements or needs in preparation for the TLV selection, and
>  *  Please help me secure 2 IPSEC experts to attend this session.
> 
>  
> 
> Susan Hares
> 
>  
> 
> 
>