Re: [Idr] status - incremental 4/8/2020 -

[Linda Dunbar <linda.dunbar@futurewei.com>]

For the Draft-hujun-idr-bgp-ipsec & draft-hujun-idr-bgp-ipsec-transport-mode waiting for WG adoption, I hope the authors can  answer my questions (attached) which were sent last week. In particular:


  1.  Does  draft-hujun-idr-bgp-ipsec-02 assume that IKEv2 still running between IPsec peers?


  1.  Does receiving the IPsec BGP UPDATE triggers a node to start the  IKEv2 with the speaker without any configuration from the administer? If Node B can only establish IPsec IKEv2 with another node C, does it matter if the Node B receives or not receives the BGP update from the C?
  2.  How does the BGP UPDATE ease the IPsec configuration? Does  it ease the configuration on the BGP UPDATE speaker? Or does it ease the configuration of the receiver?
  3.  How to differentiate  Public Routing Instances?
If the payload packet within the IPsec tunnel are simple IP forwarding, is there still "Private Routing Instances"?


  1.  On Page 3, the draft states that only "Local Tunnel Endpoint address, Public Routing Instance and CHILD SA traffic selector address range" are advertised by the BGP.
Is the Local Tunnel Endpoint address same as the LOOPBACK address of the node? Or can be a specific Ingress or egress port of the node sending out the BGP UPDATE?


Thank you very much.

Linda Dunbar


From: Idr <idr-bounces@ietf.org> On Behalf Of Susan Hares
Sent: Wednesday, April 8, 2020 7:37 AM
To: idr@ietf.org
Subject: [Idr] status - incremental 4/8/2020 -

IDR WG:

A little status to read with your coffee this morning.   We have an interim at 13:00 UTC (9:00 EDT,  6:00 PDT, 21:00 Bejing time)

Please let me know if I've missed any updates.

Cheers, Sue

---------
At IESG in IETF LC
1) draft-ietf-idr-rfc5575bis-19.txt -
    Shepherd: John Scudder
    Status:  IETF LC ended, IESG telechat: 4/15
    IESG Publication request: 7/9/2019
   2  AD Reviews [8/2-9/10/2019, [1/17-1/23/2020]

2) draft-ietf-idr-bgp-ls-segment-routing-msd-08.txt
     [Shepherd: Susan Hares]
     Status:  3rd round of AD revisions
     IESG Publication requested:  10/15/2019

     IETF WG LC:  6 days

--------------
AD review - authors need to respond
1) draft-ietf-idr-tunnel-encaps-14<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-idr-tunnel-encaps%2F&data=02%7C01%7Clinda.dunbar%40futurewei.com%7C435c81989b484cc4b36e08d7dbb9a0fd%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637219462629089078&sdata=bbY8QsY3BjyYZ3kRMAAyotniLSklUtXjskdGXA7FasY%3D&reserved=0> - sent to IESG
[Waiting 47 days]

2) draft-ietf-idr-capabilities-registry-change-05.txt
[Waiting 57 days]
------------
WG past WG LC - stuck  waiting for implementation reports on wiki
[reported to have 2 implementations, but no details on wiki]

1) draft-ietf-idr-ext-opt-param
2) draft-idr-eag-distribution-09.txt
---------
Drafts stuck post WG LC - waiting for minor edits
1) draft-ietf-idr-rfc8203bis.05.txt  -
----
Flow specification drafts in WG LC

1) Draft-ietf-idr-flow-spec-v6-10.txt
   Status: restarted [4/8 to 4/22]
   Status: IESG desires, but is it ready?
   Needed:  implementation reports

2) draft-ietf-idr-bgp-flowspec-oid-11<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-idr-bgp-flowspec-oid%2F&data=02%7C01%7Clinda.dunbar%40futurewei.com%7C435c81989b484cc4b36e08d7dbb9a0fd%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637219462629089078&sdata=1FHbWhfNi%2FZMqmS3xeslLMVZH3rgYUyxgLv%2FJMS4Wxg%3D&reserved=0>
    Status:  3/13/ to 4/13
    Status: light response, please comment
    Authors:  Please fill out implementation report

-----------
WG Adoption calls:

   1) Draft-hujun-idr-bgp-ipsec
       WG adoption:  3/30-4/13
        Shepherd: Susan Hares
        Comment: only 1 response, heading toward "no consensus"

2) draft-hujun-idr-bgp-ipsec-transport-mode
     WG Adoption: 3/30 - 4/13
      Shepherd: Susan Hares
     Comment: only 1 response, heading toward "no consensus"

3) draft-li-idr-sr-policy-path-mtu-03.txt
    WG adoption: 3/30 - 4/13
     Shepherd: Susan Hares
    Comment: Positive response: Heading toward WG Adoption

Request for input:
----------------------
draft-scharf-tcpm-yang-tcp-04

Proposed WG LC drafts for flow-specification that were on hold:
-------------------------------------------
[Authors should contact chairs]

1)  draft-ietf-idr-flowspec-interfaceset-05 -
WG notes indicated this might go ahead without flow-specification v2

2) draft-ietf-idr-flowspec-path-redirect-10 -
WG discussion needs to occur on whether flowspecification


Proposed WG LCs (3/30 and 4/8)
----------------
1) draft-ietf-idr-bgp-open-policy-08 - on hold pending  revision -09
2)  draft-ietf-idr-flowspec-l2vpn-13 - in slides for 4/8


Proposed Adoption calls
-----------------------
draft-cl-idr-bgp-ext-com-registry-udpate-00.txt

--- Begin Message ---

Jun,

Need a few clarify questions for your draft.


  1.  Does  draft-hujun-idr-bgp-ipsec-02 assume that IKEv2 still running between IPsec peers?


  1.  Does receiving the IPsec BGP UPDATE triggers a node to start the  IKEv2 with the speaker without any configuration from the administer? If Node B can only establish IPsec IKEv2 with another node C, does it matter if the Node B receives or not receives the BGP update from the C?
  2.  How does the BGP UPDATE ease the IPsec configuration? Does  it ease the configuration on the BGP UPDATE speaker? Or does it ease the configuration of the receiver?
  3.  How to differentiate  Public Routing Instances?
If the payload packet within the IPsec tunnel are simple IP forwarding, is there still "Private Routing Instances"?


  1.  On Page 3, the draft states that only "Local Tunnel Endpoint address, Public Routing Instance and CHILD SA traffic selector address range" are advertised by the BGP.
Is the Local Tunnel Endpoint address same as the LOOPBACK address of the node? Or can be a specific Ingress or egress port of the node sending out the BGP UPDATE?


Thank you very much.

Linda Dunbar

From: Idr <idr-bounces@ietf.org> On Behalf Of Susan Hares
Sent: Monday, March 30, 2020 7:07 AM
To: 'IDR List' <idr@ietf.org>
Subject: [Idr] 2 Week WG adoption call draft-hujun-idr-bgp-ipsec-02.txt and draft-hujun-idr-bgp-ipsec-transport-mode-00 (3/30 to 4/13/2020

This begins a 2 week WG adoption call for  two drafts BGP provisioned IPSEC infrastructure

1) draft-hujun-idr-bgp-ipsec-02.txt:
BGP Provisioned IPSEC Tunnel Configuration

https://datatracker.ietf.org/doc/draft-hujun-idr-bgp-ipsec/<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-hujun-idr-bgp-ipsec%2F&data=02%7C01%7Clinda.dunbar%40futurewei.com%7Cdb1e68b21c294ff7e40f08d7d4a2e5e4%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637211668440594288&sdata=HRHfVUUOy0a1ofnIzfTM4zsBqzZCGEhyMEopPdtEdyI%3D&reserved=0>

2) draft-hujun-idr-bgp-ipsec-transport-mode-00.txt:
BGP Provisioned IPsec Transport Mode Protected Tunnel Configuration

https://datatracker.ietf.org/doc/draft-hujun-idr-bgp-ipsec-transport-mode/<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-hujun-idr-bgp-ipsec-transport-mode%2F&data=02%7C01%7Clinda.dunbar%40futurewei.com%7Cdb1e68b21c294ff7e40f08d7d4a2e5e4%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637211668440604245&sdata=XROXZN5YTy5GQEToYyAkFNHx71%2B%2FXnln1QJjMzeRQ6I%3D&reserved=0>

These drafts were presented at IETF 104 and IETF 105.
At IETF 105, there was a detailed discussion on the security issues.
After IETF 105, the author modified his draft to take care of the
Issues mentioned.

Discussion during the WG Adoption should examine:
1) Has this draft addressed the necessary security issues to
    be adopted as IDR WG draft?

2) Is this useful generic IPSEC functionality for networks?

   The EVPN related to IPSEC continues in BESS.
   This draft is considered here as a general feature.

3) Are there any deployments of this draft?


Stay safe and healthy... Sue

--- End Message ---