Re: [L2tpext] Comments on l2tpv3-yang-model: Covering keyed-v6-tunnel?
Qi Sun <sunqi.csnet.thu@gmail.com> Fri, 30 January 2015 10:46 UTC
Return-Path: <sunqi.csnet.thu@gmail.com>
X-Original-To: l2tpext@ietfa.amsl.com
Delivered-To: l2tpext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 799AA1A8ABA for <l2tpext@ietfa.amsl.com>; Fri, 30 Jan 2015 02:46:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.599
X-Spam-Level:
X-Spam-Status: No, score=-0.599 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yWE_U8B02TaK for <l2tpext@ietfa.amsl.com>; Fri, 30 Jan 2015 02:46:33 -0800 (PST)
Received: from mail-ie0-x22e.google.com (mail-ie0-x22e.google.com [IPv6:2607:f8b0:4001:c03::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8115C1A8AB3 for <l2tpext@ietf.org>; Fri, 30 Jan 2015 02:46:33 -0800 (PST)
Received: by mail-ie0-f174.google.com with SMTP id vy18so2542938iec.5 for <l2tpext@ietf.org>; Fri, 30 Jan 2015 02:46:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=y7x/GYcC9Kj7dkrDumRYcwQ2WhMlvmPIozdzH4aLyr8=; b=N3WubpBEk9xWrtln2GVyn7vSxHMU7iv7rP7gxJUCCqBKPWD8AMqctm2ebpoRqKaEHv iJCMeYA10yfjyKFUB9BC645h/lcSfj3o9/q+vzLQdSPb+tauCZGFTQ4nI0lHW6al5TA9 MMDxiiBDKVtoTTmzpdvhIk5c71NxsBv+DAPwOSf2oe9senIleoB+R2vtFuwi8CwExzIl sSlLToaJmyo6oRCfnDvIjsvVMVkxr7Utny+u8iiAyl3h+BQ5VTqcaneYbwvIlQHPEvu3 3/z5uajKZ/rDj45nTLSg12cKZGOiPondRkovc/w5pTis1WXsE1bXMG+uxAH3P6Fids4V /STQ==
MIME-Version: 1.0
X-Received: by 10.50.111.10 with SMTP id ie10mr1857578igb.15.1422614792754; Fri, 30 Jan 2015 02:46:32 -0800 (PST)
Received: by 10.64.115.226 with HTTP; Fri, 30 Jan 2015 02:46:32 -0800 (PST)
In-Reply-To: <4BE66EF7-6936-4FED-BD68-4D88A5B1543C@gmail.com>
References: <16AF5805-BD81-49E4-A49E-6E8C696B07B8@gmail.com> <8AE0F17B87264D4CAC7DE0AA6C406F457CE97C31@nkgeml506-mbx.china.huawei.com> <446EC7DF-6FB7-422B-8355-9171AD2ACC13@gmail.com> <8AE0F17B87264D4CAC7DE0AA6C406F457CE99369@nkgeml506-mbx.china.huawei.com> <0AC612BA-5C9A-42F4-98B4-CB831772BEE5@gmail.com> <8AE0F17B87264D4CAC7DE0AA6C406F457CE9A8E0@nkgeml506-mbx.china.huawei.com> <4BE66EF7-6936-4FED-BD68-4D88A5B1543C@gmail.com>
Date: Fri, 30 Jan 2015 11:46:32 +0100
Message-ID: <CAAtO+X=cZWF72=ywF6Pu1AJrJk8H+aVf7733H856y7s24wrEcw@mail.gmail.com>
From: Qi Sun <sunqi.csnet.thu@gmail.com>
To: "Liubing (Leo)" <leo.liubing@huawei.com>
Content-Type: multipart/alternative; boundary="089e0149c0545fdcdd050ddc515c"
Archived-At: <http://mailarchive.ietf.org/arch/msg/l2tpext/IASnRwspT0r0TvfQT0sYyHBFfbs>
Cc: "draft-shen-l2tpext-l2tpv3-yang-model@tools.ietf.org" <draft-shen-l2tpext-l2tpv3-yang-model@tools.ietf.org>, "l2tpext@ietf.org" <l2tpext@ietf.org>
Subject: Re: [L2tpext] Comments on l2tpv3-yang-model: Covering keyed-v6-tunnel?
X-BeenThere: l2tpext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Layer Two Tunneling Protocol Extensions <l2tpext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/l2tpext/>
List-Post: <mailto:l2tpext@ietf.org>
List-Help: <mailto:l2tpext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jan 2015 10:46:36 -0000
Hi Bing, Some further replies. Please see inline. Thanks. On Fri, Jan 23, 2015 at 12:37 PM, Qi Sun <sunqi.csnet.thu@gmail.com> wrote: > > > [Qi] One thing you might miss in the current YANG model is that, the > Local session ID should be a list instead of a node. I think it should look > like this: > [Bing3] If supporting multiple sessions per tunnel, it should be a list. > ... > +--rw localCookies > | +--rw localCookie* [cookieName] > | +--rw cookieName enumeration // "new"/“old" > | +--rw cookieLength enumeration // 4, 8 > | +--rw localHighCookie hexBinary > | +--rw localLowCookie hexBinary > … > > (Actually, for keyed-v6-tunnel, the cookieLength is always 8 octets.) > [Bing3] It’s true if the static tunnel object is defined dedicated for > keyed-ipv6-tunnel, but then the above mentioned Local session ID should be > a node? > > > [Qi] Yes, the Local Session ID should be a node, since it’s “one session > per tunnel” as you mentioned earlier. > [Qi] I was wrong here. As described in the keyed-v6-tunnel draft ( https://tools.ietf.org/html/draft-ietf-l2tpext-keyed-ipv6-tunnel-01#section-3 , the last paragraph): <quote> The value of the cookie MUST be able to be changed at any time in a manner that does not drop any legitimate tunneled packets - i.e. the receiver must be willing to accept both "old" and "new" cookie values during a change of cookie value. Cookie values SHOULD be changed periodically. </quote> I think as a general point for static tunnel mode, this is necessary for security reasons. So the localCookies should be a list (with only two items at a time, old and new), instead of being a node. Sorry for the confusion. > > > Here is the reference for this design: > > https://tools.ietf.org/html/draft-ietf-l2tpext-keyed-ipv6-tunnel-01#section-3 , > the last paragraph. > > I can help to provide some text about the keyed-v6-tunnel, if you like. > [Bing3] That would be good, thanks in advance. > > Here is the suggested text: 1. Section 1, Introduction [OLD] This document defines a YANG [RFC6020] [RFC6021] data model for L2TPv3 tunnels. [NEW] This document defines a YANG [RFC6020] data model for L2TPv3 tunnels [RFC3931], which also covers the management for the Keyed IPv6 Tunnel mechanism [I.D.ietf-l2tpext-keyed-ipv6-tunnel]. //AND, add normal references to both RFC3931 and I.D.ietf-l2tpext-keyed-ipv6-tunnel 2. Section 3.2, l2tpv3TunnelInstances I suggest to add two subsections to this section, describing the automatic tunnel mode and the static tunnel mode, respectively. [NEW] 3.2.1 Automatic tunnel mode L2TPv3 tunnels defined in [RFC3931] are dynamically built, with the Session ID and Cookie dynamically assigned.Tunnel instances working in this mode only need to be configured with the ctrlName refering to related control instances. 3.2.2 Static tunnel mode In the static tunnel mode, the layer 2 attachment circuits are identified through IP addresses. The Session IDs and Cookie are pre-configured so that the parameters in the control plan are not needed for tunnels establishment. The Keyed IPv6 tunnel [I.D.ietf-l2tpext-keyed-ipv6-tunnel] describes such a mechanism. The static mode is designed to manage L2TPv3 tunnel instances following [I.D.ietf-l2tpext-keyed-ipv6-tunnel]. In this mode, tunnel instances are configured to be "one session per tunnel". The Cookie length SHOULD be 64-bit and the Local Cookie is a list so that the tunnel endpoint can accept both "old" and "new" cookies during a change of cookie value [I.D.ietf-l2tpext-keyed-ipv6-tunnel-01#section-4]. //DISCUSS: Would it be reasonable to retrieve the Session ID and Cookie as operational state parameters both in the aotu and static mode? If so, then a separate "state" subtree should include these parameters despite of the modes. //NOTE: The text should be updated according to the evolving of the YANG model. Hope it helps. And please feel free to re-edit the text if there is any issue there. Best Regards, Qi
- [L2tpext] Comments on l2tpv3-yang-model: Covering… Qi Sun
- Re: [L2tpext] Comments on l2tpv3-yang-model: Cove… Liubing (Leo)
- Re: [L2tpext] Comments on l2tpv3-yang-model: Cove… Qi Sun
- Re: [L2tpext] Comments on l2tpv3-yang-model: Cove… Liubing (Leo)
- Re: [L2tpext] Comments on l2tpv3-yang-model: Cove… Qi Sun
- Re: [L2tpext] Comments on l2tpv3-yang-model: Cove… Liubing (Leo)
- Re: [L2tpext] Comments on l2tpv3-yang-model: Cove… Qi Sun
- Re: [L2tpext] Comments on l2tpv3-yang-model: Cove… Liubing (Leo)
- Re: [L2tpext] Comments on l2tpv3-yang-model: Cove… Qi Sun
- Re: [L2tpext] Comments on l2tpv3-yang-model: Cove… Liubing (Leo)
- Re: [L2tpext] Comments on l2tpv3-yang-model: Cove… Qi Sun