Re: [IPsec] Is there any drafts or RFCs on solutions to RFC 7018 Auto-Discovery VPN Problem Statement and Requirements?
Praveen Sathyanarayan <praveenys@juniper.net> Mon, 18 May 2020 17:16 UTC
Return-Path: <praveenys@juniper.net>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D2AF3A0912 for <ipsec@ietfa.amsl.com>; Mon, 18 May 2020 10:16:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.199
X-Spam-Level:
X-Spam-Status: No, score=-0.199 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=CYcda6FL; dkim=pass (1024-bit key) header.d=juniper.net header.b=ZkJks0tX
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ART1WGlrtS89 for <ipsec@ietfa.amsl.com>; Mon, 18 May 2020 10:15:58 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A35193A0911 for <ipsec@ietf.org>; Mon, 18 May 2020 10:15:58 -0700 (PDT)
Received: from pps.filterd (m0108162.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 04IHDOrs026525; Mon, 18 May 2020 10:15:53 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=IZLdk5WeiU2GkAnF3XOK6iMYSeIvcN63GE/BenY3aLg=; b=CYcda6FLDx2A5yndsg/EU5EfXWi2H7/K+odhE+jxkJV32P36BoxFPeF5ZH6JBPZwTDYZ eo1tGInH4NqAWQv6tDRmiN+X3nfr9Q78iofCT3ey6vFGruk+jQxCGILpXCgGpFLiYOMK T+7UFSS5YiqsGU7kPhpNAuye/pxf2eQ13uiqhl9Ftz1qXauppe/ahA9WhA4SOYLFsgoo PTgoaSqcELwHCXM36wrzTLtN5dg2iyzMiaLTyOf4WAXOqmiYLMeYxb5KI8o5dUE95lBs VOos+2eVIAl/Pjv65yUvfZ+Ki5IvS7s/rV+Lr3eSry/V0LPEEtGZ6dNeqVNzxW5oEkDQ pw==
Received: from nam12-bn8-obe.outbound.protection.outlook.com (mail-bn8nam12lp2171.outbound.protection.outlook.com [104.47.55.171]) by mx0b-00273201.pphosted.com with ESMTP id 312yxfj7ss-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 18 May 2020 10:15:52 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BvMVcxMX/IKgwBVp91r3aVibMcpMyCVVv86MEw35sw8R5vzvse8j9Am6CoUC4GXYNq+pz+bQbgCVXFqEqMxiInQQpPzwUFn8mifS4irBZZGwPS3QvdxJXks+OoH2COsjgvBKF3wU0CYN4NNL2k7pIiBrzGr3OBWFgjBtOKcljPkur0XS71wW4ISvovBhxCSpj1Ruhid56u4fs/rPEPi8ahfZ2aOZpYaPe2aiYwadNgqS2LDzUHk198KBHejxt64eYHJa+OCneHB7lMezxLTdL2e5LMAtuofQmz5jfV8VHgwDBFs4NWCiPBVN+eoJmZ9ze6nX4xvlJhf6DDCuBJKw9g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IZLdk5WeiU2GkAnF3XOK6iMYSeIvcN63GE/BenY3aLg=; b=anE5blPYyFTCgvAzOKHOH828GBtqiknOiZouds+P/3uGIFCbh6b8HObZMdoLF0mzozXdqFGA234q8Cu8I3rdTrux7rDF0yz213cCy2ButEixH3NNzi/wJLvacsRtzVmIXkOdPFkvxnw+fD3SkKi8z/cAJRT+1bsOwJ/zpMuYAjrNbuOc8dG+QkCuvkXvEDhRx90IAEyW9GU/cFnKr+SzH++J6xAS0i7thsuZu82WEf7ZbEMQL+LBwGMWOCuoe9s/McMkyTkDZ1CHq1ptzw82+Ay27IEu+8i+yGt3XG4jMGmiZ6kJL7ii6Tk2+Odm4Y5Mna0e9OBm4zxOXQ7oZOS5gQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IZLdk5WeiU2GkAnF3XOK6iMYSeIvcN63GE/BenY3aLg=; b=ZkJks0tXuIQFLROSeAlNqff053GLvAMuc/G+EaXjya6pjK7miT/BR9hRyrLDtqvziL9Rt/b8GlLbwcSNXzCvfz5vThYsDMlClgX2ihdFMeCn7reQybnciH4qkWYSojHf3SpGQg5qT1Ex+TkvttQ/vIkWDXXIiGUzHoBJ1Zn4fvk=
Received: from DM6PR05MB5465.namprd05.prod.outlook.com (2603:10b6:5:5c::29) by DM6PR05MB4875.namprd05.prod.outlook.com (2603:10b6:5:13::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.11; Mon, 18 May 2020 17:15:49 +0000
Received: from DM6PR05MB5465.namprd05.prod.outlook.com ([fe80::7d2e:8687:3116:3574]) by DM6PR05MB5465.namprd05.prod.outlook.com ([fe80::7d2e:8687:3116:3574%6]) with mapi id 15.20.3021.013; Mon, 18 May 2020 17:15:49 +0000
From: Praveen Sathyanarayan <praveenys@juniper.net>
To: Linda Dunbar <linda.dunbar@futurewei.com>, "ipsec@ietf.org WG" <ipsec@ietf.org>
Thread-Topic: Is there any drafts or RFCs on solutions to RFC 7018 Auto-Discovery VPN Problem Statement and Requirements?
Thread-Index: AdYtNxBY7rsPEhAvSSaEorpChh0soAAAL8iY
Date: Mon, 18 May 2020 17:15:49 +0000
Message-ID: <DM6PR05MB54655481A4501309A522A567A5B80@DM6PR05MB5465.namprd05.prod.outlook.com>
References: <SN6PR13MB233450103D13365702E14D7A85B80@SN6PR13MB2334.namprd13.prod.outlook.com>
In-Reply-To: <SN6PR13MB233450103D13365702E14D7A85B80@SN6PR13MB2334.namprd13.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=True; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2020-05-18T17:15:49.140Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=Juniper Business Use Only; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=0; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard;
authentication-results: futurewei.com; dkim=none (message not signed) header.d=none;futurewei.com; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [66.129.242.10]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: caffdc44-1cd3-47bc-314f-08d7fb4f1c96
x-ms-traffictypediagnostic: DM6PR05MB4875:
x-microsoft-antispam-prvs: <DM6PR05MB48757ABC04081E6DF85A2C58A5B80@DM6PR05MB4875.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-forefront-prvs: 04073E895A
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9GwXDBuIlfel2yaFsozbzADRIJ9AtwD0IdIpWYTGZryIqXBimN1s5OpY3Bd8vCG3NzIyyVu0QzUzv/c+njEykid2TVArxihty5NkuX5B6FT1xx3gOKTsAQHGW4INgQ40AN5E4vfJcfRtRaHyltGnmwxkDPh1iymXjeDWdMMrEkDWcps39Z0+z37WUsONHanjX+pl8jCfRcnmjOGaW9uUaqsrYSliT8o9J+oaxGjnC3hFBJauYmSLp9BIKZWga1+e585GgjHg2cbN5qt/3+Zw4i8e2UrT2X0WocGfkPznscioq5nu8YUy3lxS85cUjgv4eVVor8gcl6CM8EBlCj4AhZ/HVUV1k2INRuwxZgQiekXdFun12HL/4DYwOW+v8Z3u8MlWMrsq6xaEpz6vWENdVQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR05MB5465.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(396003)(376002)(366004)(346002)(136003)(19627405001)(53546011)(6506007)(52536014)(33656002)(86362001)(71200400001)(5660300002)(2906002)(110136005)(4744005)(316002)(966005)(19627235002)(66446008)(66476007)(91956017)(76116006)(66946007)(66556008)(64756008)(55016002)(166002)(478600001)(7696005)(186003)(8936002)(8676002)(26005)(9686003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: 7wRufu13BO5/hrsgUEmTbwuhYmp8QtYJHYujrHH+9j9N1Q22zCQoKO8mNjbtHm8BkKPuFNc6EbfcRGeWrsAALA0r1dv5FOuYkQCwXW6sw85EtRS0Q0Jeh8BoN5Z3xLW1+DE6BFKcbH19QqT1+XzrtsMRsnZZVP43ChRkq/F0tsUn3SQJg6hXQoU94BKZnE5rzjCfE7XatqL8qSAKBYSGI/Z+Q7mLMyKvtMPZijpyAbEXZzL0nvET1Pzj2pxguM2IWztJNXJrpReFBtyvK7bWwbjjWPqqq90krRhLgP9tCYgmuFmTKbrpokRHIYWJZ3259gAnvTovRnLh+Lkn7lr7XCQHL+LP5PsIs+wgFAxwVuGlHeW9pLFP8b3OOacjTRgzgTEoDpy+LAGB/SqFVuezE1QROfTSqHbOTfqgWn+iG6Q8EG28535mF95h/lRJk5vSc2+zdv+rnl0K0Qcj5KpgnywHkEeZ6kmm7GkVmDHJMIo=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM6PR05MB54655481A4501309A522A567A5B80DM6PR05MB5465namp_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: caffdc44-1cd3-47bc-314f-08d7fb4f1c96
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 May 2020 17:15:49.5488 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: w0qa63DlN1zVH52wTMC7WVoy8W3vpXD+g0DIfBSHiVxI+iF8yU4TQWhigMuiBlBmhRy93dK1sVUKRJNivZ+LQg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR05MB4875
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.676 definitions=2020-05-18_06:2020-05-15, 2020-05-18 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 lowpriorityscore=0 priorityscore=1501 adultscore=0 mlxlogscore=999 cotscore=-2147483648 impostorscore=0 bulkscore=0 clxscore=1011 phishscore=0 mlxscore=0 spamscore=0 suspectscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2005180144
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/jkLh84N8-sI7_j_SP0kuDbfsT4A>
Subject: Re: [IPsec] Is there any drafts or RFCs on solutions to RFC 7018 Auto-Discovery VPN Problem Statement and Requirements?
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 May 2020 17:16:01 -0000
Hi Linda, We published the following draft for AutoDiscovery VPN. It is already implemented by Juniper and other major vendors. https://tools.ietf.org/html/draft-sathyanarayan-ipsecme-advpn-03 Thanks, Praveen ________________________________ From: IPsec <ipsec-bounces@ietf.org> on behalf of Linda Dunbar <linda.dunbar@futurewei.com> Sent: Monday, May 18, 2020 10:12 AM To: ipsec@ietf.org WG <ipsec@ietf.org> Subject: [IPsec] Is there any drafts or RFCs on solutions to RFC 7018 Auto-Discovery VPN Problem Statement and Requirements? [External Email. Be cautious of content] We are experiencing the problems described in RFC 7018 (Auto-Discovery VPN Problem Statement and Requirements), i.e. the problem of enabling a large number of peers (primarily Gateway) to communicate directly using IPsec to protect the traffic between them. Is there any drafts describing the solutions to the problems identified by RFC7018? Thank you very much, Linda Dunbar Juniper Business Use Only
- [IPsec] Is there any drafts or RFCs on solutions … Linda Dunbar
- Re: [IPsec] Is there any drafts or RFCs on soluti… Praveen Sathyanarayan
- Re: [IPsec] Is there any drafts or RFCs on soluti… vishwas.ietf
- Re: [IPsec] Is there any drafts or RFCs on soluti… Linda Dunbar
- Re: [IPsec] Is there any drafts or RFCs on soluti… Paul Wouters
- Re: [IPsec] Is there any drafts or RFCs on soluti… Linda Dunbar
- Re: [IPsec] Is there any drafts or RFCs on soluti… Valery Smyslov