Re: [Idr] FW: New Version Notification for draft-hujun-idr-bgp-ipsec-01.txt

"Susan Hares" <> Thu, 12 September 2019 18:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B41FB120872 for <>; Thu, 12 Sep 2019 11:42:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.948
X-Spam-Status: No, score=0.948 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9vsQ16oOUZhJ for <>; Thu, 12 Sep 2019 11:42:46 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CEA7D1208CA for <>; Thu, 12 Sep 2019 11:42:45 -0700 (PDT)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=;
From: Susan Hares <>
To: "'Hu, Jun (Nokia - US/Mountain View)'" <>,
Cc: 'Paul Wouters' <>, 'Benjamin Kaduk' <>
References: <> <>
In-Reply-To: <>
Date: Thu, 12 Sep 2019 14:42:29 -0400
Message-ID: <017f01d56999$d4bc7150$7e3553f0$>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQH+49VFXssmM4s95TbYsGRG/XJ9dAEItrpYps0l4dA=
Content-Language: en-us
X-Antivirus: AVG (VPS 190911-2, 09/11/2019), Outbound message
X-Antivirus-Status: Not-Tested
Archived-At: <>
Subject: Re: [Idr] FW: New Version Notification for draft-hujun-idr-bgp-ipsec-01.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 12 Sep 2019 18:42:54 -0000


Thank you for update.  I look forward to seeing your separate draft that
deals with IPsec transport mode protecting tunnel. 

Should I wait for the second draft to make comments on your initial draft? 


-----Original Message-----
From: Idr [] On Behalf Of Hu, Jun (Nokia -
US/Mountain View)
Sent: Thursday, September 5, 2019 1:32 PM
Cc: Paul Wouters; Benjamin Kaduk
Subject: [Idr] FW: New Version Notification for

I have posted an update of my draft, following are the updates, should
address the comments I have received so far,  review and comment are
And regard IPsec transport mode protecting tunnel, like GRE with IPsec
transport mode, requires quite different design from IPsec tunnel mode, and
since it is not really tunnel stack/nest, so current ietf-idr-tunnel-encaps
doesn't have mechanism to cover such case, I plan to submit a separate draft
for Ipsec transport mode protecting tunnel;

      *  replaces color sub-TLV with a new IPsec configuration tag sub-
      *  add rule on selecting TLV when there multiple feasible TLVs in
         Section 3
      *  change crypto used in example of Section 3
      *  change title from "BGP Signaled IPsec Tunnel Configuration" to
         "BGP Provisioned IPsec Tunnel Configuration"
      *  Add a Section 4.2 on some operation specifics
      *  add more content in Section 6
      *  add specification of number of time each new sub-TLV allowed in
         a given tunnel TLV
      *  add clarification in Section 1 to clarify IPsec tunnel
         means IPsec tunnel mode
      *  traffic selector protocol and port range now come from tag
         mapped configuration

-----Original Message-----
From: <> 
Sent: Wednesday, September 4, 2019 10:37 PM
To: Hu, Jun (Nokia - US/Mountain View) <>; Hu, Jun (Nokia -
US/Mountain View) <>
Subject: New Version Notification for draft-hujun-idr-bgp-ipsec-01.txt

A new version of I-D, draft-hujun-idr-bgp-ipsec-01.txt has been successfully
submitted by Hu Jun and posted to the IETF repository.

Name:		draft-hujun-idr-bgp-ipsec
Revision:	01
Title:		BGP Provisioned IPsec Tunnel Configuration
Document date:	2019-09-04
Group:		Individual Submission
Pages:		15

   This document defines a method of using BGP to provide IPsec tunnel
   configuration along with NLRI, it uses and extends tunnel
   encapsulation attribute as specified in [I-D.ietf-idr-tunnel-encaps]
   for IPsec tunnel.


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at

The IETF Secretariat

Idr mailing list