IETF Logo Mail Archive

[L2tpext] Review of Keyed IPv6 Tunnel [draft-mkonstan-keyed-ipv6-tunnel-00]

"Carlos Pignataro (cpignata)" <cpignata@cisco.com> Thu, 15 August 2013 20:13 UTC

Return-Path: <cpignata@cisco.com>
X-Original-To: l2tpext@ietfa.amsl.com
Delivered-To: l2tpext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C11111E8187 for <l2tpext@ietfa.amsl.com>; Thu, 15 Aug 2013 13:13:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.499
X-Spam-Level:
X-Spam-Status: No, score=-110.499 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O4-2uWACpF98 for <l2tpext@ietfa.amsl.com>; Thu, 15 Aug 2013 13:13:16 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) by ietfa.amsl.com (Postfix) with ESMTP id D5DE911E8177 for <l2tpext@ietf.org>; Thu, 15 Aug 2013 13:13:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4569; q=dns/txt; s=iport; t=1376597596; x=1377807196; h=from:to:cc:subject:date:message-id:mime-version; bh=Oag/mOEg7ZNy34iVQ217967ttVqdI6KKuKSJZmj5jAM=; b=gEdIDIOntiAez4qXo21NbRbwOLepztqJEkwvU7chzEiAvqR/jCiy9F5i zOpHE+vdx+6n+Fsf5xPxjPjdW/C39Tl8HBMNaWEyF84tKyINJpBl2jxtr OruT26+h2yw44GRG7ZJPXrDozu8P5NkF6RXCkI2xI7BVa4ly1PVRuZfHB o=;
X-Files: signature.asc : 203
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgIFADc1DVKtJXG9/2dsb2JhbABbgwY1UL8UgSEWdIImAQICbAgFEgEqVicEAQ0NBogCDLoKkB8xgyJ3A5AWgS6HTZAlgxuCKg
X-IronPort-AV: E=Sophos; i="4.89,887,1367971200"; d="asc'?scan'208"; a="247673512"
Received: from rcdn-core2-2.cisco.com ([173.37.113.189]) by rcdn-iport-1.cisco.com with ESMTP; 15 Aug 2013 20:13:14 +0000
Received: from xhc-rcd-x01.cisco.com (xhc-rcd-x01.cisco.com [173.37.183.75]) by rcdn-core2-2.cisco.com (8.14.5/8.14.5) with ESMTP id r7FKDEf9019788 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 15 Aug 2013 20:13:14 GMT
Received: from xmb-aln-x02.cisco.com ([169.254.5.110]) by xhc-rcd-x01.cisco.com ([173.37.183.75]) with mapi id 14.02.0318.004; Thu, 15 Aug 2013 15:13:13 -0500
From: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
To: Rainer Schatzmayr <rainer.schatzmayr@telekom.de>, "Giles Heron (giheron)" <giheron@cisco.com>, "Maciek Konstantynowicz (mkonstan)" <mkonstan@cisco.com>, "Mark Townsley (townsley)" <townsley@cisco.com>
Thread-Topic: Review of Keyed IPv6 Tunnel [draft-mkonstan-keyed-ipv6-tunnel-00]
Thread-Index: AQHOmfPeEQoToIMJ/kS6DdAWrCffYw==
Date: Thu, 15 Aug 2013 20:13:12 +0000
Message-ID: <95067C434CE250468B77282634C96ED322E0E780@xmb-aln-x02.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.117.115.50]
Content-Type: multipart/signed; boundary="Apple-Mail=_6A69C123-3236-4121-9A99-214D845BB6A9"; protocol="application/pgp-signature"; micalg="pgp-sha1"
MIME-Version: 1.0
Cc: "pwe3-chairs@tools.ietf.org" <pwe3-chairs@tools.ietf.org>, "l2tpext@ietf.org" <l2tpext@ietf.org>
Subject: [L2tpext] Review of Keyed IPv6 Tunnel [draft-mkonstan-keyed-ipv6-tunnel-00]
X-BeenThere: l2tpext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Layer Two Tunneling Protocol Extensions <l2tpext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/l2tpext>
List-Post: <mailto:l2tpext@ietf.org>
List-Help: <mailto:l2tpext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Aug 2013 20:13:21 -0000

Hi, Rainer, Giles, Maciek, Mark,

After the presentation of this draft in Berlin at the PWE3 meeting (with thanks to the PWE3 chairs!) available at http://tools.ietf.org/agenda/87/slides/slides-87-pwe3-2.pdf, I wanted to provide some review comments with the chair hat off. 

I hope these are useful and clear, they are prefaced with "CMP"


http://tools.ietf.org/html/draft-mkonstan-keyed-ipv6-tunnel-00

Network Working Group                                      R. Schatzmayr
Internet-Draft                                       Deutsche Telekom AG
Intended status: Informational                             G. Heron, Ed.

CMP: I do not think that the intended status of this document should be Informational, as you are proposing protocol changes.


Abstract

   This document describes a simple L2 Ethernet over IPv6 tunnel
   encapsulation with mandatory 64-bit authentication key for connecting
   L2 Ethernet attachment circuits identified by IPv6 addresses.  The
   encapsulation is based on L2TPv3 over IP.

and 

3.  64-bit Authentication Key

   All packets MUST carry a 64-bit authentication key in the L2TPv3

CMP: a cookie does not provide an authentication key. It is a simple context lookup check.

1.  Introduction

CMP: It might be useful to mention in the introduction that there is precedence with proposals to do away with the session id lookup when considered redundant, as for example with draft-ietf-l2tpext-l2tphc.


2.  Static 1:1 Mapping Without a Control Plane

   Use of the L2TPv3 Control Plane is optional.  When the control plane
   is not used, local configuration creates a one-to-one mapping between
   the access-side L2 attachment circuit and the IP address used in the
   network-side IPv6 encapsulation.

CMP: I am not sure I understand how it would work *with* the L2TPv3 Control Plane. Instead of saying that it is optional, I would say that it is out of scope or similar, and this behavior is specified for static sessions only. Optional means it can be used, and they you would have to say "how" (which new AVPs, etc).

   Further, circuit monitoring is
   performed using Ethernet OAM mechanisms (802.1ag and/or Y.1731).

CMP: Why Ethernet OAM and not L2TPv3/PW OAM? e.g., [RFC 5085].

   In the event that an IPv6 address used in L2TPv3 does not directly
   correspond to one and only one attachment circuit on both sides of
   the L2TPv3 tunnel, the Session ID may be used for additional
   granularity.  This allows for other addressing schemes that may
   require additional bits beyond those which can fit in the IPv6 header
   address field.

CMP: Assuming there are some gains in processing the session context from the IPv6 address instead of the session id, which could be described, is that lost with this last paragraph? Why have both?


4.  Encapsulation

   o  Session ID.  In the "Static 1:1 mapping" case described in
      Section 2, the IPv6 address resolves to an L2TPv3 session
      immediately, thus the Session ID may be ignored upon receipt.  For
      compatibility with other tunnel termination platforms supporting
      only 2-stage resolution (IPv6 Address + Session ID), this
      specification recommends supporting explicit configuration of
      Session ID to any value other than zero.  For cases where both
      tunnel endpoints support one-stage resolution (IPv6 Address only),
      this specification recommends setting the Session ID to all ones
      for easy identification in case of troubleshooting.

CMP: Could you add that it is non-zero?

8.2.  Informative References



   [RFC1700]  Reynolds, J. and J. Postel, "Assigned Numbers", RFC 1700,
              October 1994.

CMP: THis reference is not cited in the doc, please remove.


Thanks,

-- Carlos.

v2.23.0 | Report a Bug | By Email