[L2tpext] Review of Keyed IPv6 Tunnel [draft-mkonstan-keyed-ipv6-tunnel-00]
"Carlos Pignataro (cpignata)" <cpignata@cisco.com> Thu, 15 August 2013 20:13 UTC
Return-Path: <cpignata@cisco.com>
X-Original-To: l2tpext@ietfa.amsl.com
Delivered-To: l2tpext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C11111E8187 for <l2tpext@ietfa.amsl.com>; Thu, 15 Aug 2013 13:13:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.499
X-Spam-Level:
X-Spam-Status: No, score=-110.499 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O4-2uWACpF98 for <l2tpext@ietfa.amsl.com>; Thu, 15 Aug 2013 13:13:16 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) by ietfa.amsl.com (Postfix) with ESMTP id D5DE911E8177 for <l2tpext@ietf.org>; Thu, 15 Aug 2013 13:13:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4569; q=dns/txt; s=iport; t=1376597596; x=1377807196; h=from:to:cc:subject:date:message-id:mime-version; bh=Oag/mOEg7ZNy34iVQ217967ttVqdI6KKuKSJZmj5jAM=; b=gEdIDIOntiAez4qXo21NbRbwOLepztqJEkwvU7chzEiAvqR/jCiy9F5i zOpHE+vdx+6n+Fsf5xPxjPjdW/C39Tl8HBMNaWEyF84tKyINJpBl2jxtr OruT26+h2yw44GRG7ZJPXrDozu8P5NkF6RXCkI2xI7BVa4ly1PVRuZfHB o=;
X-Files: signature.asc : 203
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgIFADc1DVKtJXG9/2dsb2JhbABbgwY1UL8UgSEWdIImAQICbAgFEgEqVicEAQ0NBogCDLoKkB8xgyJ3A5AWgS6HTZAlgxuCKg
X-IronPort-AV: E=Sophos; i="4.89,887,1367971200"; d="asc'?scan'208"; a="247673512"
Received: from rcdn-core2-2.cisco.com ([173.37.113.189]) by rcdn-iport-1.cisco.com with ESMTP; 15 Aug 2013 20:13:14 +0000
Received: from xhc-rcd-x01.cisco.com (xhc-rcd-x01.cisco.com [173.37.183.75]) by rcdn-core2-2.cisco.com (8.14.5/8.14.5) with ESMTP id r7FKDEf9019788 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 15 Aug 2013 20:13:14 GMT
Received: from xmb-aln-x02.cisco.com ([169.254.5.110]) by xhc-rcd-x01.cisco.com ([173.37.183.75]) with mapi id 14.02.0318.004; Thu, 15 Aug 2013 15:13:13 -0500
From: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
To: Rainer Schatzmayr <rainer.schatzmayr@telekom.de>, "Giles Heron (giheron)" <giheron@cisco.com>, "Maciek Konstantynowicz (mkonstan)" <mkonstan@cisco.com>, "Mark Townsley (townsley)" <townsley@cisco.com>
Thread-Topic: Review of Keyed IPv6 Tunnel [draft-mkonstan-keyed-ipv6-tunnel-00]
Thread-Index: AQHOmfPeEQoToIMJ/kS6DdAWrCffYw==
Date: Thu, 15 Aug 2013 20:13:12 +0000
Message-ID: <95067C434CE250468B77282634C96ED322E0E780@xmb-aln-x02.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.117.115.50]
Content-Type: multipart/signed; boundary="Apple-Mail=_6A69C123-3236-4121-9A99-214D845BB6A9"; protocol="application/pgp-signature"; micalg="pgp-sha1"
MIME-Version: 1.0
Cc: "pwe3-chairs@tools.ietf.org" <pwe3-chairs@tools.ietf.org>, "l2tpext@ietf.org" <l2tpext@ietf.org>
Subject: [L2tpext] Review of Keyed IPv6 Tunnel [draft-mkonstan-keyed-ipv6-tunnel-00]
X-BeenThere: l2tpext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Layer Two Tunneling Protocol Extensions <l2tpext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/l2tpext>
List-Post: <mailto:l2tpext@ietf.org>
List-Help: <mailto:l2tpext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Aug 2013 20:13:21 -0000
Hi, Rainer, Giles, Maciek, Mark, After the presentation of this draft in Berlin at the PWE3 meeting (with thanks to the PWE3 chairs!) available at http://tools.ietf.org/agenda/87/slides/slides-87-pwe3-2.pdf, I wanted to provide some review comments with the chair hat off. I hope these are useful and clear, they are prefaced with "CMP" http://tools.ietf.org/html/draft-mkonstan-keyed-ipv6-tunnel-00 Network Working Group R. Schatzmayr Internet-Draft Deutsche Telekom AG Intended status: Informational G. Heron, Ed. CMP: I do not think that the intended status of this document should be Informational, as you are proposing protocol changes. Abstract This document describes a simple L2 Ethernet over IPv6 tunnel encapsulation with mandatory 64-bit authentication key for connecting L2 Ethernet attachment circuits identified by IPv6 addresses. The encapsulation is based on L2TPv3 over IP. and 3. 64-bit Authentication Key All packets MUST carry a 64-bit authentication key in the L2TPv3 CMP: a cookie does not provide an authentication key. It is a simple context lookup check. 1. Introduction CMP: It might be useful to mention in the introduction that there is precedence with proposals to do away with the session id lookup when considered redundant, as for example with draft-ietf-l2tpext-l2tphc. 2. Static 1:1 Mapping Without a Control Plane Use of the L2TPv3 Control Plane is optional. When the control plane is not used, local configuration creates a one-to-one mapping between the access-side L2 attachment circuit and the IP address used in the network-side IPv6 encapsulation. CMP: I am not sure I understand how it would work *with* the L2TPv3 Control Plane. Instead of saying that it is optional, I would say that it is out of scope or similar, and this behavior is specified for static sessions only. Optional means it can be used, and they you would have to say "how" (which new AVPs, etc). Further, circuit monitoring is performed using Ethernet OAM mechanisms (802.1ag and/or Y.1731). CMP: Why Ethernet OAM and not L2TPv3/PW OAM? e.g., [RFC 5085]. In the event that an IPv6 address used in L2TPv3 does not directly correspond to one and only one attachment circuit on both sides of the L2TPv3 tunnel, the Session ID may be used for additional granularity. This allows for other addressing schemes that may require additional bits beyond those which can fit in the IPv6 header address field. CMP: Assuming there are some gains in processing the session context from the IPv6 address instead of the session id, which could be described, is that lost with this last paragraph? Why have both? 4. Encapsulation o Session ID. In the "Static 1:1 mapping" case described in Section 2, the IPv6 address resolves to an L2TPv3 session immediately, thus the Session ID may be ignored upon receipt. For compatibility with other tunnel termination platforms supporting only 2-stage resolution (IPv6 Address + Session ID), this specification recommends supporting explicit configuration of Session ID to any value other than zero. For cases where both tunnel endpoints support one-stage resolution (IPv6 Address only), this specification recommends setting the Session ID to all ones for easy identification in case of troubleshooting. CMP: Could you add that it is non-zero? 8.2. Informative References [RFC1700] Reynolds, J. and J. Postel, "Assigned Numbers", RFC 1700, October 1994. CMP: THis reference is not cited in the doc, please remove. Thanks, -- Carlos.
- [L2tpext] Review of Keyed IPv6 Tunnel [draft-mkon… Carlos Pignataro (cpignata)
- Re: [L2tpext] Review of Keyed IPv6 Tunnel [draft-… Maciek Konstantynowicz (mkonstan)
- Re: [L2tpext] Review of Keyed IPv6 Tunnel [draft-… Carlos Pignataro (cpignata)
- Re: [L2tpext] Review of Keyed IPv6 Tunnel [draft-… Maciek Konstantynowicz (mkonstan)
- Re: [L2tpext] Review of Keyed IPv6 Tunnel [draft-… Carlos Pignataro (cpignata)