Re: [Idr] WG Adoption call for draft-hao-idr-flowspec-evpn (1/19/2015 to 2/2/2015

Haoweiguo <haoweiguo@huawei.com> Wed, 21 January 2015 02:30 UTC

Return-Path: <haoweiguo@huawei.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC1FC1A0161 for <idr@ietfa.amsl.com>; Tue, 20 Jan 2015 18:30:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.761
X-Spam-Level:
X-Spam-Status: No, score=-1.761 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pxAS4gnp3X1s for <idr@ietfa.amsl.com>; Tue, 20 Jan 2015 18:30:24 -0800 (PST)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A9C51A0158 for <idr@ietf.org>; Tue, 20 Jan 2015 18:30:22 -0800 (PST)
Received: from 172.18.7.190 (EHLO lhreml405-hub.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BRO35025; Wed, 21 Jan 2015 02:30:21 +0000 (GMT)
Received: from NKGEML408-HUB.china.huawei.com (10.98.56.39) by lhreml405-hub.china.huawei.com (10.201.5.242) with Microsoft SMTP Server (TLS) id 14.3.158.1; Wed, 21 Jan 2015 02:30:19 +0000
Received: from NKGEML501-MBS.china.huawei.com ([169.254.2.146]) by nkgeml408-hub.china.huawei.com ([10.98.56.39]) with mapi id 14.03.0158.001; Wed, 21 Jan 2015 10:30:10 +0800
From: Haoweiguo <haoweiguo@huawei.com>
To: Susan Hares <shares@ndzh.com>, "'Smith, Donald'" <Donald.Smith@CenturyLink.com>, Zhuangshunwan <zhuangshunwan@huawei.com>, 'idr wg' <idr@ietf.org>
Thread-Topic: [Idr] WG Adoption call for draft-hao-idr-flowspec-evpn (1/19/2015 to 2/2/2015
Thread-Index: AdA0BQzsQKwqq1HRQreIR6xvWbabDgAe9n2gABBQaxP//47VAIABL3Zv
Date: Wed, 21 Jan 2015 02:30:09 +0000
Message-ID: <DD5FC8DE455C3348B94340C0AB5517334F83FC0A@nkgeml501-mbs.china.huawei.com>
References: <04fa01d03405$483d92a0$d8b8b7e0$@ndzh.com>, <000d01d03481$afed1480$0fc73d80$@com> <68EFACB32CF4464298EA2779B058889D24C85828@PDDCWMBXEX503.ctl.intranet>, <02c101d034cc$a2690a30$e73b1e90$@ndzh.com>
In-Reply-To: <02c101d034cc$a2690a30$e73b1e90$@ndzh.com>
Accept-Language: en-US, zh-CN
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.135.23.94]
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/cYr7h_RDF2by3TDKScdlGQIKvM8>
Cc: "draft-hao-idr-flowspec-evpn.all@tools.ietf.org" <draft-hao-idr-flowspec-evpn.all@tools.ietf.org>, "'John G. Scudder'" <jgs@bgp.nu>
Subject: Re: [Idr] WG Adoption call for draft-hao-idr-flowspec-evpn (1/19/2015 to 2/2/2015
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jan 2015 02:30:30 -0000

Hi Donald,

Thanks for your great comments. The layer 2 flowspec deployment in layer 2 VPN network is similar to layer 3 flowspec. The following is the typical deployment scenario.

Attacker--------Router A-----Router B-------Router C----Traffic analyzer
             AS 100       |                    AS200

The procedures:
1. Traffic are sampled on Router C and Router D using netstream like method, then the traffic is sent to the traffic analyzer.
2. When the traffic analyzer detects exceptional traffic relying on rules defined in beforehand, the analyzer constructs BGP flowspec routes automatically, then it sends the
flowspec routes to peer Router C.  
3. Then router C  transmits the flowspec routes to ingress PE of Router B.
4. Router B converts the flowspec routes to local ACL rules, downloads the ACL rules to chipset for traffic filtering.

Your further complementary usecases and deployment mode are welcomed.

As for security issue, would you like to give some detail suggestions?

Thanks,
weiguo
________________________________________
From: Idr [idr-bounces@ietf.org] on behalf of Susan Hares [shares@ndzh.com]
Sent: Wednesday, January 21, 2015 0:17
To: 'Smith, Donald'; Zhuangshunwan; 'idr wg'
Cc: draft-hao-idr-flowspec-evpn.all@tools.ietf.org; 'John G. Scudder'
Subject: Re: [Idr] WG Adoption call for draft-hao-idr-flowspec-evpn (1/19/2015 to 2/2/2015

Donald:

I hope that service providers will comment on the list on the usefulness of
this draft.   If you have suggestions on improving the security
considerations, please send these to the list during the WG adoption call.

Sue

-----Original Message-----
From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of Smith, Donald
Sent: Tuesday, January 20, 2015 10:23 AM
To: Zhuangshunwan; 'Susan Hares'; 'idr wg'
Cc: draft-hao-idr-flowspec-evpn.all@tools.ietf.org; 'John G. Scudder'
Subject: Re: [Idr] WG Adoption call for draft-hao-idr-flowspec-evpn
(1/19/2015 to 2/2/2015

So far all the "support" responses re from Huawei ( single vendor support)
engineers.

When will the intended status be decided?

Intended RFC status:Unknown

The draft itself at first review appears to be pretty good. I didn't see any
large technical issues with it (yet:)

I am considering how an ISP would use this or if they would.

"Please comment on the usefulness of the draft in deployments and on the
technical pros/cons of the draft." so I look forward to use cases or other
descriptions of how/when people would use this.

I think the security considerations should probably match what other
flow-spec drafts have said.
Currently it is very weak and probably inaccurate.

I will withhold support for now. But also don't object to adoption by this
wg!



(coffee != sleep) & (!coffee == sleep)
 Donald.Smith@centurylink.com



From: Idr [idr-bounces@ietf.org] on behalf of Zhuangshunwan
[zhuangshunwan@huawei.com]
Sent: Tuesday, January 20, 2015 12:21 AM
To: 'Susan Hares'; 'idr wg'
Cc: 'John G. Scudder'
Subject: Re: [Idr] WG Adoption call for draft-hao-idr-flowspec-evpn
(1/19/2015 to 2/2/2015


Support as co-author and not aware any IPR regarding this document.

Thanks,
Shunwan


发件人: Idr [mailto:idr-bounces@ietf.org] 代表 Susan Hares
发送时间: 2015年1月20日 0:31
收件人: idr wg
抄送: 'John G. Scudder'
主题: [Idr] WG Adoption call for draft-hao-idr-flowspec-evpn (1/19/2015 to
2/2/2015


This is to begin a 2 week adoption call for draft-hao-idr-flowspec-evpn.
Please comment on the usefulness of the draft in deployments and on the
technical pros/cons of the draft.  In your comments please include:
“support” or “no support” indicate.  Authors should indicate if any IPR
exists for this draft.

The draft can be found at:

http://datatracker.ietf.org/doc/draft-hao-idr-flowspec-evpn

Sue Hares
This communication is the property of CenturyLink and may contain
confidential or privileged information. Unauthorized use of this
communication is strictly prohibited and may be unlawful. If you have
received this communication in error, please immediately notify the sender
by reply e-mail and destroy all copies of the communication and any
attachments.
_______________________________________________
Idr mailing list
Idr@ietf.org
https://www.ietf.org/mailman/listinfo/idr

_______________________________________________
Idr mailing list
Idr@ietf.org
https://www.ietf.org/mailman/listinfo/idr