[L1vpn] Your Discusses and Comments on draft-ietf-l1vpn-basic-mode-04.txt
"Adrian Farrel" <adrian@olddog.co.uk> Wed, 28 May 2008 08:32 UTC
Return-Path: <l1vpn-bounces@ietf.org>
X-Original-To: l1vpn-archive@megatron.ietf.org
Delivered-To: ietfarch-l1vpn-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ABB943A6C77; Wed, 28 May 2008 01:32:35 -0700 (PDT)
X-Original-To: l1vpn@core3.amsl.com
Delivered-To: l1vpn@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AA6613A6A6D for <l1vpn@core3.amsl.com>; Tue, 27 May 2008 11:08:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.641
X-Spam-Level: *
X-Spam-Status: No, score=1.641 tagged_above=-999 required=5 tests=[AWL=0.739, BAYES_00=-2.599, J_CHICKENPOX_13=0.6, J_CHICKENPOX_14=0.6, MANGLED_LIST=2.3, STOX_REPLY_TYPE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iWk65Fnem7po for <l1vpn@core3.amsl.com>; Tue, 27 May 2008 11:08:07 -0700 (PDT)
Received: from asmtp2.iomartmail.com (asmtp2.iomartmail.com [62.128.201.249]) by core3.amsl.com (Postfix) with ESMTP id 4C9D33A6A13 for <l1vpn@ietf.org>; Tue, 27 May 2008 11:08:07 -0700 (PDT)
Received: from asmtp2.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp2.iomartmail.com (8.12.11.20060308/8.12.8) with ESMTP id m4RI822i032460; Tue, 27 May 2008 19:08:05 +0100
Received: from your029b8cecfe (dsl-sp-81-140-15-32.in-addr.broadbandscope.com [81.140.15.32]) (authenticated bits=0) by asmtp2.iomartmail.com (8.12.11.20060308/8.12.11) with ESMTP id m4RI7x0I032436; Tue, 27 May 2008 19:08:02 +0100
Message-ID: <040901c8c024$98ae1400$9001010a@your029b8cecfe>
From: Adrian Farrel <adrian@olddog.co.uk>
To: Pasi.Eronen@nokia.com, Russ Housley <housley@vigilsec.com>, tim.polk@nist.gov, Ronald Bonica <rbonica@juniper.net>
Date: Tue, 27 May 2008 19:05:30 +0100
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
X-Mailman-Approved-At: Wed, 28 May 2008 01:32:35 -0700
Cc: l1vpn@ietf.org, Yakov Rekhter <yakov@juniper.net>, dward@cisco.com
Subject: [L1vpn] Your Discusses and Comments on draft-ietf-l1vpn-basic-mode-04.txt
X-BeenThere: l1vpn@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Adrian Farrel <adrian@olddog.co.uk>
List-Id: Layer 1 Virtual Private Networks <l1vpn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/l1vpn>, <mailto:l1vpn-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/l1vpn>
List-Post: <mailto:l1vpn@ietf.org>
List-Help: <mailto:l1vpn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l1vpn>, <mailto:l1vpn-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: l1vpn-bounces@ietf.org
Errors-To: l1vpn-bounces@ietf.org
Hi, Thank you for your Discusses and Comments during IESG review of draft-ietf-l1vpn-basic-mode-04.txt The authors have updated the I-D to address the issues you raised according to various email exchanges we had with you. The -05 version has been posted. Below, please find your notes together with pointers to the resolutions. We hope that those of you with Discusses can now clear them (You should be able to find a diff at http://tools.ietf.org/wg/l1vpn/draft-ietf-l1vpn-basic-mode/) Thanks, Adrian === Pasi Eronen - Discuss > As noted by Charlie Kaufman's and Sandy Murphy's SecDir reviews: the > security considerations text is very sparse. At the very least, it > should point to the (much more extensive) security considerations in > RFC 4847 and draft-ietf-l1vpn-applicability-basic-mode-05, and briefly > describe the existing security mechanisms (e.g. GMPLS/RSVP-TE) that > can be used to address those concerns. References to RFC 4847 and draft-ietf-l1vpn-applicability-basic-mode-05 have been added to the top of Section 5. A paragraph pointing to all of the prior art for GMPLS control plane security has been added together with a reference to draft-ietf-mpls-mpls-and-gmpls-security-framework that covers the wider security environment. A significant re-write of the security section converts it from a single paragraph to five paragraphs. > In Section 4.1.2, something more should be said about the L1VPN > globally unique identifiers, and in particular, who selects them and > how global uniqueness is ensured (or is uniqueness within a service > provider sufficient?), and how they're encoded (e.g. the format here > doesn't match the VPN Identifier defined in RFC 2685). A piece of text has been added to 4.1.2 to say... The globally unique identifiers are under control of network providers. Uniqueness within a service provider administrative domain is sufficient for basic mode operation. In the case of multiple provider networks which is beyond the scope of this document, the globally unique identifier need only be unique and consistent between the those providers. Text already exists in the section to describe the encoding. The L1VPN identify is identical to the VPN Index defined in RFC 2685. Other elements of the VPN identifier (i.e. the OUI) defined in RFC 2685 are not applicable to Basic Mode L1VPNs. > Section 4.1.2 needs a reference to a document that defines the CPI AFI > values. Pointer to [L1VPN-BGP-AD] has been added. === Pasi Eronen - Comment > The document could perhaps use a slightly longer explanation of how > the PE, when it receives a RSVP message, determines which L1VPN it's > associated with (since apparently the RSVP messages are not > necessarily sent over the CE-PE link identified by CPI/PPI, and the > L1VPN is not uniquely identified by CE-CC-Addr/PE-CC-Addr). Clarification has been added to section 3.3. > Sandy's SecDir review also identified a number of places that > would benefit from some clarification of the text, and provided > editorial comments that should be taken into acccount. We believe we have addressed these through email discussion and updates to the I-D. === Russ Housley - Comment > There has been a dialogue between Sandy Murphy and Adrian Farrel that > was begun by Sandy's SecDir Review. The Security Considerations in > this document are very sparse, saying essentially that because the > matching of customer channels to provider ports is assumed to be done > correctly and out of band there are no security considerations. > However, the dialogue between Sandy and Adrian shows that there is > actually more to say. > > I support the DISCUSS position that Pasi has entered ... Discussions with Sandy were very helpful. Updates made to several areas of the I-D and considerable updates to the Security section. === Tim Polk - Comment > Note that I support Pasi's discuss wrt security considerations. Security section updated. > One nit: > > s 4.1, 1st sentence > s/there/their/ Got it. === Ron Bonica - Comment > In Section 1, you say: > > As with L3VPNs, there are protocol options to be made with auto-discovery. > > Did you mean protocol choices? Changed to "choices" > In Setion 2, you say: > > Since the mechanisms specified in this document > use GMPLS as the signaling mechanism, and since GMPLS applies to > both SONET/SDH (TDM) and Lambda Switch Capable (LSC) interfaces, it > results that L1VPN services include (but are not restricted) to > Lambda Switch Capable or TDM-based equipment. > > Did you mean "it follows that"? Changed === Ron Bonica - Comment > In Section 3.1, you say > > Is is further REQUIRED that each L1VPN customer have its own addressing > realm. > > Does this mean that a customer cannot use globally routable address space? > If so, why? Sentence now reads... It is further REQUIRED that each L1VPN customer have its own addressing realm with complete freedom to use private or public addresses === _______________________________________________ L1vpn mailing list L1vpn@ietf.org https://www.ietf.org/mailman/listinfo/l1vpn
- [L1vpn] Your Discusses and Comments on draft-ietf… Adrian Farrel
- Re: [L1vpn] Your Discusses and Comments on draft-… Pasi.Eronen
- Re: [L1vpn] Your Discusses and Comments on draft-… Adrian Farrel