IETF Logo Mail Archive

[Idr] Using BGP to advertise SD-WAN tunnels end point's private IPv6 addresses. (was registering tunnel types

Linda Dunbar <linda.dunbar@huawei.com> Sun, 04 November 2018 06:13 UTC

Return-Path: <linda.dunbar@huawei.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BFD7130DEC; Sat, 3 Nov 2018 23:13:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9OvjPeTHPaRD; Sat, 3 Nov 2018 23:13:35 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45D46130DE5; Sat, 3 Nov 2018 23:13:35 -0700 (PDT)
Received: from lhreml705-cah.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 2E7D6D9574455; Sun, 4 Nov 2018 06:13:32 +0000 (GMT)
Received: from SJCEML703-CHM.china.huawei.com (10.208.112.39) by lhreml705-cah.china.huawei.com (10.201.108.46) with Microsoft SMTP Server (TLS) id 14.3.408.0; Sun, 4 Nov 2018 06:13:32 +0000
Received: from SJCEML521-MBS.china.huawei.com ([169.254.2.103]) by SJCEML703-CHM.china.huawei.com ([169.254.5.104]) with mapi id 14.03.0415.000; Sat, 3 Nov 2018 23:13:30 -0700
From: Linda Dunbar <linda.dunbar@huawei.com>
To: tom petch <ietfc@btconnect.com>, Joel Jaeggli <joelja@bogus.com>, "idr@ietf.org" <idr@ietf.org>
CC: "ipv6@ietf.org" <ipv6@ietf.org>, "int-area@ietf.org" <int-area@ietf.org>
Thread-Topic: Using BGP to advertise SD-WAN tunnels end point's private IPv6 addresses. (was registering tunnel types
Thread-Index: AdR0BGE++Z0BF4I3RCC8M7+3nc3iHQ==
Date: Sun, 04 Nov 2018 06:13:29 +0000
Message-ID: <4A95BA014132FF49AE685FAB4B9F17F66B18249E@sjceml521-mbs.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.126.170.160]
Content-Type: multipart/alternative; boundary="_000_4A95BA014132FF49AE685FAB4B9F17F66B18249Esjceml521mbschi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/UmS6oQkyMyDKDyxycP7pX4wCShU>
Subject: [Idr] Using BGP to advertise SD-WAN tunnels end point's private IPv6 addresses. (was registering tunnel types
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Nov 2018 06:13:40 -0000

https://datatracker.ietf.org/doc/draft-dunbar-idr-bgp-sdwan-overlay-ext/  specifies a new BGP SAFI (=74) in order to advertise a SD-WAN edge node’s capabilities in establishing SD-WAN overlay tunnels with other SD-WAN nodes through third party untrusted networks.

Since a SD-WAN end point might use IPv6 private address, which is translated to IPv4 public address via NAT,  want to get IPv6 group & Inter Area WG feedback on the subTLV proposed in the draft:

EncapsExt sub-TLV is for describing additional information about the SD-WAN tunnel end-points, such as NAT property. A SD-WAN edge node can inquire STUN (Session Traversal of UDP Through Network Address Translation RFC 3489) Server to get the NAT property, the public IP address and the Public Port number to pass to peers.

     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |EncapExt Type  |  EncapExt subTLV Length       |I|O|R|R|R|R|R|R|
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | NAT Type      |  Encap-Type   |Trans networkID|     RD ID     |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                Private  IP Address                            |
            32-bits for IPv4, 128-bits for Ipv6
                    ~~~~~~~~~~~~
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                Private  Port                                  |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                Public IP                                      |
            32-bits for IPv4, 128-bits for Ipv6
                    ~~~~~~~~~~~~
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                Public Port                                    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Where:
o       EncapExt Type: indicate it is the EncapExt SubTLV.
o       EncapExt subTLV Length: the length of the subTLVE.
o       Flags:
o       I bit: if set to 0, indicate the private address is IPv4. If set to 1, it indicates the private address is IPv6.
o       O bit: if set to 0, indicate the public address is IPv4. If set to 1, it indicates the public address is IPv6.
o       R bits: reserved for future use. Must be set to 0 now.

o       NAT Type:without NAT; 1:1 static NAT; Full Cone; Restricted Cone; Port Restricted Cone; or Symmetric
o       Encap Type:SD-WAN tunnel encapsulation types, such as IPsec+GRE, IPsec+VxLAN, IPsec without GRE, GRE (when tunnel is over secure underlay network)
o       Transport Network ID:Central Controller assign a global unique ID to each transport network;
o       RD ID:Routing Domain ID,Need to be global unique.
o       Private IP:The local IP address of the tunnel end-point;
o       Private Port:used by Remote SD-WAN node for establishing IPsec to this specific port.
o       Public IP:The IP address after the NAT.
o       Public Port:The Port after the NAT.


Thank you very much for feedback.

Linda Dunbar


-----Original Message-----
From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of tom petch
Sent: Friday, November 02, 2018 11:26 PM
To: Joel Jaeggli <joelja@bogus.com>
Cc: ipv6@ietf.org
Subject: Re: registering tunnel types

---- Original Message -----
From: "Joel Jaeggli" <joelja@bogus.com<mailto:joelja@bogus.com>>
To: "tom petch" <ietfc@btconnect.com<mailto:ietfc@btconnect.com>>
Cc: <mohamed.boucadair@orange.com<mailto:mohamed.boucadair@orange.com>>; <ipv6@ietf.org<mailto:ipv6@ietf.org>>; "Alexandre Petrescu" <alexandre.petrescu@gmail.com<mailto:alexandre.petrescu@gmail.com>>
Sent: Tuesday, October 30, 2018 8:23 PM

> On Oct 30, 2018, at 05:07, tom petch <ietfc@btconnect.com<mailto:ietfc@btconnect.com>> wrote:
>>
>
> Alex
>
> I agree, at least in part; tunnels and interfaces are different
animals
> and it is unfortunate that they were conflated in SMI.
>
> I was surprised that NETMOD had not produced a YANG module for tunnels
> but it seems that there has been no need for the past decade.  That
> said, I think that it is a good idea to have one.  Whether or not it
> should mirror the Tunnel MIB I find more debatable.

It’s not entirely obvious to me that netted / netconfig would be where the tunnel models were produced.

They tend if fact to be produced by the tunnel protocol maintainers e.g.
l3sm/l2sm/ccamp and so on. The management tools for a product tend to be developed itself in my experience.

<tp>

Joel

My concern is that something that cuts across a number of IETF WG should get adequate review.  The YANG interface module was much discussed in the netmod WG, with an existing MIB as guidance, before becoming an RFC.

The proposed YANG tunnel module, which borrows the concepts of the interface module, that additions should be made by the Tunnel MIB Designated Expert to a registry and then propagated to the Tunnel MIB and the Tunnel YANG module, has not been discussed in any WG.  The proposal, as I mentioned before, has been added to the I-D after IETF Last Call has been completed so appears to me to be the work of one individual, without any review; the I-D lists seven editors, six of whom appear to be absent.  TheWG mailing list seems devoid of any discussion.

I believe that the IETF succeeds because of peer review, and I struggle to see that here.

Tom Petch

> My own homework came across other IP in IP varieties which do not
> appear.
>
> Tom Petch
>
>
>>
>> Alex
>>
>>>
>>> If you need a new value or if you have a question about a given
> interface tunnel type, please follow the guidelines in the url cited
> above. All this is out of the scope of draft-ietf-softwire-yang.
>>>
>>> Cheers,
>>> Med
>>>
>>>> -----Message d'origine-----
>>>> De : ipv6 [mailto:ipv6-bounces@ietf.org] De la part de Alexandre
> Petrescu
>>>> Envoyé : jeudi 25 octobre 2018 09:54 À : ipv6@ietf.org<mailto:ipv6@ietf.org> Objet : Re:
>>>> registering tunnel types
>>>>
>>>> Are:
>>>> -IPv6 in UDPv4 and
>>>> -IPv6 in IPv6 as used by openvpn;
>>>>
>>>> covered by the list below?
>>>>
>>>> These are a few tunnelling mechanisms I use routinely.
>>>>
>>>> Existing identity 6tofour should be deprecated, if that means 6to4,
>>>> which is deprecated.
>>>>
>>>> Existing identity iphttps has a version number for IP?
>>>>
>>>> Alex
>>>>
>>>> Le 24/10/2018 à 17:57, tom petch a écrit :
>>>>> draft-ietf-softwire-yang
>>>>> completed IETF Last Call two weeks ago and, since then, has
> acquired a
>>>>> YANG module that defines tunnel types, as listed below.  It is
> intended
>>>>> to be a IANA-maintained module and so changes to the list of
> tunnels
>>>>> will not require a reissue of the softwires RFC-to-be.  At the
> same
>>>>> time, getting it right first time never did any harm so if anyone
> can
>>>>> think of any missing, or can think of other places where there
> might be
>>>>> other tunnels lurking, now would be a good time to mention it.
>>>>>
>>>>> It is based on RFC4087 Tunnel MIB (which created an SMI Textual
>>>>> Convention that went up to Teredo) so tunnels from that vintage
> are
>>>>> likely well catered for.  softwires is not where I would have
> first
>>>>> looked for tunnel types, but it has a certain logic to it.
>>>>>
>>>>>       identity  other
>>>>>
>>>>>       identity direct
>>>>>
>>>>>       identity gre
>>>>>
>>>>>       identity minimal
>>>>>
>>>>>       identity l2tp
>>>>>
>>>>>       identity pptp
>>>>>
>>>>>       identity l2f
>>>>>
>>>>>       identity udp
>>>>>
>>>>>       identity atmp
>>>>>
>>>>>       identity msdp
>>>>>
>>>>>       identity sixtofour
>>>>>
>>>>>       identity sixoverfour
>>>>>
>>>>>       identity isatap
>>>>>
>>>>>       identity teredo
>>>>>
>>>>>       identity iphttps
>>>>>
>>>>>       identity softwiremesh
>>>>>
>>>>>       identity dslite
>>>>>
>>>>>       identity  aplusp
>>>>>
>>>>> Tom Petch
>>>>>
>>
>>>> -------------------------------------------------------------------
-
>>>>> IETF IPv6 working group mailing list ipv6@ietf.org<mailto:ipv6@ietf.org> Administrative
>>>>> Requests:
> https://www.ietf.org/mailman/listinfo/ipv6
>>
>>>> -------------------------------------------------------------------
-
>>>>>
>>>>
>>
>>> --------------------------------------------------------------------
>>>> IETF IPv6 working group mailing list ipv6@ietf.org<mailto:ipv6@ietf.org> Administrative
>>>> Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>
>>> --------------------------------------------------------------------
>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org<mailto:ipv6@ietf.org>
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org<mailto:ipv6@ietf.org> <mailto:ipv6@ietf.org>
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
<https://www.ietf.org/mailman/listinfo/ipv6>
> --------------------------------------------------------------------


--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org<mailto:ipv6@ietf.org>
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email