[Idr] questions about RFC5566 BGP IPsec Tunnel Encapsulation Attribute

Linda Dunbar <linda.dunbar@futurewei.com> Fri, 03 April 2020 23:34 UTC

Return-Path: <linda.dunbar@futurewei.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C77C63A0FD1 for <idr@ietfa.amsl.com>; Fri, 3 Apr 2020 16:34:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.088
X-Spam-Level:
X-Spam-Status: No, score=-2.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GjwOu8PHV8lc for <idr@ietfa.amsl.com>; Fri, 3 Apr 2020 16:34:08 -0700 (PDT)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2109.outbound.protection.outlook.com [40.107.236.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 423503A0FCE for <idr@ietf.org>; Fri, 3 Apr 2020 16:34:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ng3iykp5OdRKo+eez4w6LccmMgTjTj/c1qL1mqIDCK9g4QtFlSdgupBmC0YsBHUqvYVuIzgmdeiwQJYZWHMG6PnMTI6abeKo6pMXA4mNqjpchev3noC1E+86905SgnI+GCJIo+ChCFqdEKkZJ8ZUAZv6GQacPzn7GSUPHxYE1akbvh5Sm9N/ZFCLMPvJLSyOT4vnWRYTeHhqsljcD5a3Lxu/Wp8EF7DLH4iwdVWOGQyRaRSoYtAaDf7sLUg08uhC0P1wOpuXOzrJgJ/CsVGuQBl/6BWrv4MY0gK7VJTZkvRjddAhBYHFpUdhw7GtLjbrkJjPWsX/L3jNeIYzkTDNRA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DZLZRLBFU+zcFlgYfYgKg6J4UHXKCb3DN4EK/VWL7Uo=; b=ifiGRkq1oNLg9k0wB/NZH9y2NNkq6GXrjGeU+ZMsNkJewZDhpSO+3gkxRhBCz6bY6K974Mw57FqWVDrc4dBAAolTiilHE1nSMgD490qTex9gvzehfril1kjd90t5SeQpX7N5b/fxh5biKa5MaSINid078HgR+IFW/iVo28AnXxfHM+Xnz4/Jy0zK0JaV73ZHd0yFjafeWflhta8qXiLNqdSITsQiQzVjn8KIswkr3KMZdtW26XM8goVzbZiBkmqQz/HET2FLv1PqNez8YyzCthS1AXImk9/Z8nwnz82ig9OQWp8bmZVmZnEYnPwexcpOZSpjpk8aUWcXfqoIkmA3EA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DZLZRLBFU+zcFlgYfYgKg6J4UHXKCb3DN4EK/VWL7Uo=; b=FhA68VjtPYEpRPNFXsKNM9/y+3OuVvi2vSDzmuojcCzq+a+h3huuhjFnRYt/gm5HQWPtT+t/7r/lB9r2YFs/wAJ3DcmRellhq3uHPVra99lKpUY0U5rWoaHeXVfD44Y2ymeTItpa6X/Eh6adMu8qXf/Wny4jxydEQp7mJhvozRs=
Received: from MWHPR1301MB2096.namprd13.prod.outlook.com (2603:10b6:301:34::35) by MWHPR1301MB2127.namprd13.prod.outlook.com (2603:10b6:301:31::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.14; Fri, 3 Apr 2020 23:34:00 +0000
Received: from MWHPR1301MB2096.namprd13.prod.outlook.com ([fe80::a934:b942:156f:d945]) by MWHPR1301MB2096.namprd13.prod.outlook.com ([fe80::a934:b942:156f:d945%3]) with mapi id 15.20.2878.014; Fri, 3 Apr 2020 23:34:00 +0000
From: Linda Dunbar <linda.dunbar@futurewei.com>
To: Lou Berger <lberger@labn.net>, 'IDR List' <idr@ietf.org>
Thread-Topic: questions about RFC5566 BGP IPsec Tunnel Encapsulation Attribute
Thread-Index: AdYKDrwYA6vOulqiTbiMLggEnmqCDw==
Date: Fri, 3 Apr 2020 23:34:00 +0000
Message-ID: <MWHPR1301MB20962C76678D4278BAE9A25085C70@MWHPR1301MB2096.namprd13.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=linda.dunbar@futurewei.com;
x-originating-ip: [2605:6000:1526:d41e:f8f2:b132:58a2:62db]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b0d4b4fe-bc60-4a79-8c10-08d7d8277ca9
x-ms-traffictypediagnostic: MWHPR1301MB2127:
x-microsoft-antispam-prvs: <MWHPR1301MB2127F77CB3D9F201BE45A97F85C70@MWHPR1301MB2127.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0362BF9FDB
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR1301MB2096.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10019020)(4636009)(346002)(366004)(136003)(376002)(396003)(39850400004)(478600001)(44832011)(86362001)(66556008)(52536014)(8936002)(33656002)(81156014)(7696005)(5660300002)(186003)(110136005)(2906002)(8676002)(81166006)(316002)(55016002)(76116006)(66446008)(66476007)(64756008)(9686003)(66946007)(4744005)(71200400001)(6506007); DIR:OUT; SFP:1102;
received-spf: None (protection.outlook.com: futurewei.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: TGKTE46F9c7pYNDB1YS0QftnTmv1DndIzpOKcrWKtIUPIl03432casky6Ng5W6M2bu8ol6DiyDQaeorHio011DA5aE4UyyediCN+cOD/ML9MZDbhfZf8VYhnlbzimRBMbrnulN/YZ7Rp2A2R/6zALl9Vtm6Esc1QzJ3NZrbGS7oMbYioB/o/V4XdDgliDT5sIas0N+K6Xa3zVCmLZKIIVjoztt6vfm3UX0D1kmi07ZuZZ3G9rIcbc17ICSspNkcYpu1rH+CKzJMRteoTIDdPqhLpGwr6qVmOrtmC7/ZIXnpW7bzdxTYq2iMYqgFX2xD/DO8HLO7mS5NRioAraA1LnEGFygHO8ZyFGBDDc3zJO8uS8Fdqy37BEwAUB08nhUP3r8VYHx9YunqESXSyZAm/zFSS6LajT2abxGF2iVjVlURajS4x/ewKenuUyfeVs2EB
x-ms-exchange-antispam-messagedata: sFXI3nTXqlMtdL2iOXvns+twYeKPfdeH8HmJeqKJtqYQTXNQnEV1chYQ6/l0Y+zkVjqNSH5JjyPoXJ47lEef7O9TlT4a0rQ1amDxCCC+MK/rsZ5CUapcKXZeKVdRNMk5MlVRoTPCdVY5h5I0L9jSRFL7aFoHiG7ZoQVCKhoTHaCax2JjZVuNu2/So506G5CYQUO1lDJIL4gBX+PUC/EdwA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MWHPR1301MB20962C76678D4278BAE9A25085C70MWHPR1301MB2096_"
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b0d4b4fe-bc60-4a79-8c10-08d7d8277ca9
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2020 23:34:00.1505 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 6SNcBnBmeIfk4Vd/aMIiAH+zgq3AXDkxeN6Pl5iE6JxeyzUGfkeu5ppt4sAfMsxzza84Anxon10tC/K6Vu5LGw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR1301MB2127
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/wZWWHXTAjy43MVRL169725OqXh8>
Subject: [Idr] questions about RFC5566 BGP IPsec Tunnel Encapsulation Attribute
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2020 23:34:16 -0000

Lou,

Since you are the first author to RFC 5566  BGP IPsec Tunnel Encapsulation Attribute, hope you (or anyone who knows the answer) can answer some questions I have about the draft.

Section 3 states that if R1 receives an Encapsulation SAFI update from R2, R1 must initiate IPsec SA to R2 for all traffic with R2 as the nexthop.

My question is that the UPDATE from R2 may be propagated to many nodes, do all those receivers have to initiate the IPSec SA with R2?
I would image all those nodes that need to establish IPsec SA with R2 should be configured by their administer, isn't it? How can a node trust another node to initiate an IPsec SA?

Thank you very much.
Linda Dunbar