IETF Logo Mail Archive

Re: [Int-area] Some thoughts on draft-yong-intarea-inter-sites-over-tunnels

Joe Touch <touch@isi.edu> Tue, 06 December 2016 19:12 UTC

Return-Path: <touch@isi.edu>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D9AB129B06 for <int-area@ietfa.amsl.com>; Tue, 6 Dec 2016 11:12:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.796
X-Spam-Level:
X-Spam-Status: No, score=-9.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-2.896] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9G_MiN9QME43 for <int-area@ietfa.amsl.com>; Tue, 6 Dec 2016 11:12:51 -0800 (PST)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3B3D129B09 for <int-area@ietf.org>; Tue, 6 Dec 2016 11:11:22 -0800 (PST)
Received: from [192.168.1.189] (cpe-172-250-251-17.socal.res.rr.com [172.250.251.17]) (authenticated bits=0) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id uB6JAXkR028171 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 6 Dec 2016 11:10:35 -0800 (PST)
To: "Templin, Fred L" <Fred.L.Templin@boeing.com>, Lucy yong <lucy.yong@huawei.com>, Brian E Carpenter <brian.e.carpenter@gmail.com>, "int-area@ietf.org" <int-area@ietf.org>
References: <2a8ef418-91dc-b0c5-1384-203b4fde3830@gmail.com> <d4e08982-03f8-fe5e-0c67-aa5cd7f26275@isi.edu> <e4096f9729474e00915432aa5c3af300@XCH15-06-08.nw.nos.boeing.com> <b82247d0-5221-ad60-3c4f-6e3287ef1fa9@isi.edu> <f54cd95a4f974ca189e2b3fb24864b97@XCH15-06-08.nw.nos.boeing.com> <a3f0ade1-2145-ee28-31cf-d5a4878b507c@isi.edu> <1707aa63f4e4424e85a8933a79b43dfe@XCH15-06-08.nw.nos.boeing.com> <982c4212-34cb-21f1-c8a8-a23df18d5c30@isi.edu> <1ced07df7e8c453f8c0821363bc5604e@XCH15-06-08.nw.nos.boeing.com> <137debc3-eb11-5c13-884e-d8f6598e8ec9@isi.edu> <30ad1018463746b3b7ef5d864abc9ff3@XCH15-06-08.nw.nos.boeing.com> <e23fc6bd-c95d-9d38-74e1-c040bffe653f@isi.edu> <25503919e279426eb5fd827acf14d9c4@XCH15-06-08.nw.nos.boeing.com> <ceaf3563-ec86-8fe0-f67d-f50e9b9586ae@isi.edu> <05616d07ab3f420a8c0bd5556837d788@XCH15-06-08.nw.nos.boeing.com> <de82e183-f6dd-b872-eb21-981d57218a81@isi.edu> <a5713afee0f84c008e080f730350ed93@XCH15-06-08.nw.nos.boeing.com>
From: Joe Touch <touch@isi.edu>
Message-ID: <f69d6b1f-19fa-cb8d-f319-a18f7130bee6@isi.edu>
Date: Tue, 06 Dec 2016 11:10:33 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <a5713afee0f84c008e080f730350ed93@XCH15-06-08.nw.nos.boeing.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/GoIUiqQsQ70FlEbc06kFntWItbE>
Subject: Re: [Int-area] Some thoughts on draft-yong-intarea-inter-sites-over-tunnels
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Dec 2016 19:12:53 -0000

Fred,

First, we are violently agreeing that subnet redirect works only where
source addresses cannot be spoofed. The problem is that this is not the
typical case, so it's not a generic solution IMO.

On the general architecture point:


On 12/6/2016 11:04 AM, Templin, Fred L wrote:
> ...
>> The X-Bone works too, and didn't need any of that specialized code
>> above.
> Has X-Bone carried forward into modern implementations?
Its model for IPsec transport + IPIP tunnels is used in commercial routers.

It doesn't require new code anywhere, though - it has been compatible
with OS-X, FreeBSD, and Linux for nearly 20 years.

And its model is the basis of the tunnel draft.

We can continue to do things the hard way, needing new code and
mechanism, or the easy way that does not. I prefer the easy way.

Joe

v2.23.0 | Report a Bug | By Email