IETF Logo Mail Archive

Re: [L2tpext] [nvo3] New Version Notification for draft-fan-l2tp-vp-01.txt

"Carlos Pignataro (cpignata)" <cpignata@cisco.com> Fri, 11 April 2014 12:29 UTC

Return-Path: <cpignata@cisco.com>
X-Original-To: l2tpext@ietfa.amsl.com
Delivered-To: l2tpext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE8BA1A0167; Fri, 11 Apr 2014 05:29:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.772
X-Spam-Level:
X-Spam-Status: No, score=-14.772 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YH1EelozHr3P; Fri, 11 Apr 2014 05:29:41 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) by ietfa.amsl.com (Postfix) with ESMTP id 632341A00FD; Fri, 11 Apr 2014 05:29:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=34409; q=dns/txt; s=iport; t=1397219380; x=1398428980; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=AVL4xtQ1XE8IeWuR9t4jvXUM7g1ZN9biNsHgooCow2c=; b=IF9MQHMvKgbmCwlOcyRLsoMoxFcVQOSovf6fJ+IodJ6hT9T1peekT0h4 0WsT2oLM7zutX50bFdzjM1pnWsYJpMzLTYP793MXWwb4LGDLKy2L0JFqT JxUzEUlVUU8w92zI9z+Kju11g01deApF4SxBXijEVfIK0WKvvLd3joMoU s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AnEFAO3eR1OtJA2D/2dsb2JhbABZgkJEO1EGu1aBP4ZkUYEbFnSCJQEBAQQBAQFrBAUCDAQCAQgRBAEBIQEGBycLFAkIAgQOBQmHcwgFzBEXjhVTBAYBBgODG4EUBJRzg22BNZENgzGBakE
X-IronPort-AV: E=Sophos; i="4.97,841,1389744000"; d="scan'208,217"; a="316780054"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by rcdn-iport-1.cisco.com with ESMTP; 11 Apr 2014 12:29:39 +0000
Received: from xhc-aln-x05.cisco.com (xhc-aln-x05.cisco.com [173.36.12.79]) by alln-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id s3BCTd9Z003298 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 11 Apr 2014 12:29:39 GMT
Received: from xmb-aln-x02.cisco.com ([169.254.5.99]) by xhc-aln-x05.cisco.com ([173.36.12.79]) with mapi id 14.03.0123.003; Fri, 11 Apr 2014 07:29:39 -0500
From: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
To: "Xialiang (Frank)" <frank.xialiang@huawei.com>
Thread-Topic: [L2tpext] [nvo3] New Version Notification for draft-fan-l2tp-vp-01.txt
Thread-Index: AQHPVW0pcy4KQg49x0ifU8sA9B1saZsMrGGA
Date: Fri, 11 Apr 2014 12:29:38 +0000
Message-ID: <088D92B9-1E8F-4382-9798-6B57A94B3FA4@cisco.com>
References: <20140410032205.30725.83163.idtracker@ietfa.amsl.com> <C02846B1344F344EB4FAA6FA7AF481F10F3E29D0@SZXEMA502-MBS.china.huawei.com> <CA+mtBx9r75d3bkk4FeHWXjPMwfetr97rBuxWoubDsx=_Y_RZ0g@mail.gmail.com> <1045434E-F6BE-444E-8E28-B2DCCE1B0A35@cisco.com> <C02846B1344F344EB4FAA6FA7AF481F10F3E2C07@SZXEMA502-MBS.china.huawei.com>
In-Reply-To: <C02846B1344F344EB4FAA6FA7AF481F10F3E2C07@SZXEMA502-MBS.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.117.115.51]
Content-Type: multipart/alternative; boundary="_000_088D92B91E8F438297986B57A94B3FA4ciscocom_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/l2tpext/7_teEegzRaqvxSJhvfY8rlUjung
Cc: "l2tpext@ietf.org" <l2tpext@ietf.org>, Namgon Kim <ng.kim@kt.com>, Fanduoliang <fanduoliang@huawei.com>, "nvo3@ietf.org" <nvo3@ietf.org>, Zehn Cao <zehn.cao@gmail.com>, Tom Herbert <therbert@google.com>
Subject: Re: [L2tpext] [nvo3] New Version Notification for draft-fan-l2tp-vp-01.txt
X-BeenThere: l2tpext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Layer Two Tunneling Protocol Extensions <l2tpext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/l2tpext/>
List-Post: <mailto:l2tpext@ietf.org>
List-Help: <mailto:l2tpext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Apr 2014 12:29:47 -0000

Frank,

Please see inline.

On Apr 11, 2014, at 6:01 AM, Xialiang (Frank) <frank.xialiang@huawei.com<mailto:frank.xialiang@huawei.com>> wrote:

Hi Tom, Carlos,
Thanks for your comments, please see my response inline:

B.R.
Frank

From: nvo3 [mailto:nvo3-bounces@ietf.org] On Behalf Of Carlos Pignataro (cpignata)
Sent: Friday, April 11, 2014 1:09 AM
To: Tom Herbert
Cc: l2tpext@ietf.org<mailto:l2tpext@ietf.org>; Namgon Kim; Fanduoliang; nvo3@ietf.org<mailto:nvo3@ietf.org>; Xialiang (Frank); Zehn Cao
Subject: Re: [nvo3] New Version Notification for draft-fan-l2tp-vp-01.txt

Frank, Tom,

Please find some additional comments inline, L2TPExt chair hat off.

On Apr 10, 2014, at 11:46 AM, Tom Herbert <therbert@google.com<mailto:therbert@google.com>> wrote:


On Wed, Apr 9, 2014 at 8:37 PM, Xialiang (Frank)
<frank.xialiang@huawei.com<mailto:frank.xialiang@huawei.com>> wrote:

Hi folks,
We have updated the L2TP-VP version -01 draft.
In the new version draft, we add the motivation of this draft and modification to the format of L2TP-VP header.
Welcome your comments and suggestions!
Hi Frank,

Thanks for posting. A few comments:

- This is so dramatically different from L2TP I wonder if it can still
honestly be called L2TP. Have you implemented this? How much of L2TP
stack can be leveraged?
- "Session ID is changed to a 31-bit field"-- doesn't this break L2TP then?
[Frank] : The main differences we’ve made are:
1.       Session ID is changed to 31-bit: that’s because we need the most significant bit for differentiating  L2TPv3 packets with L2TP-VP packets in data plane. The only disadvantage is to limit the session ID scope for existing L2TPv3 protocol to < 2 ^ 31, but that scope is large enough to be used for L2TPv3 session in practice;
2.       We reuse first 32 bit of cookie field to the TNI, the left 32 bit is still used for cookie field. This indeed limit the cookie mechanism’s capability. In next version of the draft, we will solve this problem.
Except the above, we do not change anything of L2TPv3.

I will say that both things are a non-starter. You can appreciate it's not only 31 vs 32 bits. As it was already pointed out, you cannot differentiate an L2TPv3 packet with the MSB set. Regarding the cookie, please read RFC 3931 on the discussion of 32 vs. 64 bits.

Best,

Carlos.

What we currently do is to reuse L2TPv3 for multi-tenant network scenarios, but keep its implementation separating from existed L2TPv3 implementation in data plane clearly.

These two bullet points are critical. A "profile" of protocol is a constrained subset of it, within an applicability context. What this document shows is not a profile.

The most-significant bit of the Session ID being used for something else ("Modified bit") has two implications:

  1.  This is not a profile, it's an attempt to redefine L2TPv3.
  2.  This non-profile draft describes a non-backwards compatible protocol. Meaning, L2TPv3's Session ID allows for Session IDs with the MSB set. Consequently, a packet cannot be differentiated between L2TPv3 and this other protocol (which is not a profile).
  3.  It breaks L2TPv3.

OK, I lied, three (or possibly more) implications :-)

The remaining points are subordinate to this high-order bit (no pun intended).
[Frank] : I think we can consider the relationship between L2TP-VP and L2TPv3 as the same thing of relationship between MPLS-TP and MPLS.


- "Type field"-- I suspect this is meant to be an EtherType value.
Please be explicit about this.
- To get hashing (for ECMP, RSS, etc.) in the network we'd almost
certainly use L2TP over UDP, so L2TP-VP should probably have a format
defined for use with UDP.

There's also hashing for L2TPv3 directly over IP (e.g., RFC 5640)
[Frank] : Agree with all your comments. In current draft, we only specifies L2TP-VP over IP. We indeed have considered L2TP-VP over UDP and can add this part of content in next version if necessary.

Thanks,

Carlos.


- Even with Type field, this still suffers from the same problem L2TP
has that network devices won't be able to parse the packet beyond the
L2TP header (the cookie field makes the header variable length). This
eliminates the ability to implement the protocol with LRO for
instance. I suggest you take four or five bits from reserved section
for header length to resolve this (see example in GUE).
[Frank] : good comments. Will consider it~~

- Cookie mechanism is an advantage over VXLAN and nvgre I believe, but
why limit it to 32 bits? 64 bits is much stronger, and at some point
we might even want 128 bits to do strong authentication.

Some more general questions applicable to this and some other proposals.

- "TNI field"-- this seems to use the same 24 bit left shifted format
of nvgre and VXLAN. I still don't see the rationale for this! Why
can't the full 32 bit field be allocated for vni? A large deployment
will be using various levels of hierarchical allocation and possibly
obfuscation of vni (TNI). The nvo3 requirements on this are vague
("100's of thousands of virtual networks"), but they clearly don't
expect this the VNI to be a simple flat space either.
[Frank] : It’s an issue existing a long time. I have no personal preference on it. It totally depends on real requirement.



- "Outer Ethernet Header"-- showing the outer Ethernet header in L3
encapsulations examples is not necessary, use of Ethernet is not a
requirement, and this is potentially very misleading. For instance,
the outer Ethernet FCS does *not* protect the packet end to end in an
L3 routed network. Personally, I think it would be more illustrative
to show the IP packet in the inner Ethernet frame instead to see how
its alignment is affected.
[Frank] : Actually, It’s only a encapsulation example. But your comment is right. We will correct in the next version. Thanks!


Thanks,
Tom


B.R.
Frank


-----Original Message-----
From: internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> [mailto:internet-drafts@ietf.org]
Sent: Thursday, April 10, 2014 11:22 AM
To: Xialiang (Frank); Zhen Cao; Fanduoliang; Zehn Cao; Namgon Kim; Namgon
Kim; Fanduoliang; Xialiang (Frank)
Subject: New Version Notification for draft-fan-l2tp-vp-01.txt


A new version of I-D, draft-fan-l2tp-vp-01.txt has been successfully submitted
by Liang Xia and posted to the IETF repository.

Name:         draft-fan-l2tp-vp
Revision:     01
Title:                L2TP-VP: Layer Two Tunneling Protocol - Virtualization Profile
Document date:        2014-04-10
Group:                Individual Submission
Pages:                9
URL:
http://www.ietf.org/internet-drafts/draft-fan-l2tp-vp-01.txt
Status:         https://datatracker.ietf.org/doc/draft-fan-l2tp-vp/
Htmlized:       http://tools.ietf.org/html/draft-fan-l2tp-vp-01
Diff:           http://www.ietf.org/rfcdiff?url2=draft-fan-l2tp-vp-01

Abstract:
  This document describes Layer Two Tunneling Protocol (L2TP)'s
  virtualization profile (L2TP-VP), which reuses session header of L2TP
  data message to securely support overlay networks for multiple
  tenants, and simplifies tunnel setup by disabling all kinds of L2TP
  control messages.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org/>.

The IETF Secretariat

_______________________________________________
nvo3 mailing list
nvo3@ietf.org<mailto:nvo3@ietf.org>
https://www.ietf.org/mailman/listinfo/nvo3

_______________________________________________
nvo3 mailing list
nvo3@ietf.org<mailto:nvo3@ietf.org>
https://www.ietf.org/mailman/listinfo/nvo3

_______________________________________________
L2tpext mailing list
L2tpext@ietf.org<mailto:L2tpext@ietf.org>
https://www.ietf.org/mailman/listinfo/l2tpext

v2.23.0 | Report a Bug | By Email