IETF Logo Mail Archive

Re: [L2tpext] Comments on l2tpv3-yang-model: Covering keyed-v6-tunnel?

Qi Sun <sunqi.csnet.thu@gmail.com> Fri, 30 January 2015 10:46 UTC

Return-Path: <sunqi.csnet.thu@gmail.com>
X-Original-To: l2tpext@ietfa.amsl.com
Delivered-To: l2tpext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 799AA1A8ABA for <l2tpext@ietfa.amsl.com>; Fri, 30 Jan 2015 02:46:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.599
X-Spam-Level:
X-Spam-Status: No, score=-0.599 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yWE_U8B02TaK for <l2tpext@ietfa.amsl.com>; Fri, 30 Jan 2015 02:46:33 -0800 (PST)
Received: from mail-ie0-x22e.google.com (mail-ie0-x22e.google.com [IPv6:2607:f8b0:4001:c03::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8115C1A8AB3 for <l2tpext@ietf.org>; Fri, 30 Jan 2015 02:46:33 -0800 (PST)
Received: by mail-ie0-f174.google.com with SMTP id vy18so2542938iec.5 for <l2tpext@ietf.org>; Fri, 30 Jan 2015 02:46:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=y7x/GYcC9Kj7dkrDumRYcwQ2WhMlvmPIozdzH4aLyr8=; b=N3WubpBEk9xWrtln2GVyn7vSxHMU7iv7rP7gxJUCCqBKPWD8AMqctm2ebpoRqKaEHv iJCMeYA10yfjyKFUB9BC645h/lcSfj3o9/q+vzLQdSPb+tauCZGFTQ4nI0lHW6al5TA9 MMDxiiBDKVtoTTmzpdvhIk5c71NxsBv+DAPwOSf2oe9senIleoB+R2vtFuwi8CwExzIl sSlLToaJmyo6oRCfnDvIjsvVMVkxr7Utny+u8iiAyl3h+BQ5VTqcaneYbwvIlQHPEvu3 3/z5uajKZ/rDj45nTLSg12cKZGOiPondRkovc/w5pTis1WXsE1bXMG+uxAH3P6Fids4V /STQ==
MIME-Version: 1.0
X-Received: by 10.50.111.10 with SMTP id ie10mr1857578igb.15.1422614792754; Fri, 30 Jan 2015 02:46:32 -0800 (PST)
Received: by 10.64.115.226 with HTTP; Fri, 30 Jan 2015 02:46:32 -0800 (PST)
In-Reply-To: <4BE66EF7-6936-4FED-BD68-4D88A5B1543C@gmail.com>
References: <16AF5805-BD81-49E4-A49E-6E8C696B07B8@gmail.com> <8AE0F17B87264D4CAC7DE0AA6C406F457CE97C31@nkgeml506-mbx.china.huawei.com> <446EC7DF-6FB7-422B-8355-9171AD2ACC13@gmail.com> <8AE0F17B87264D4CAC7DE0AA6C406F457CE99369@nkgeml506-mbx.china.huawei.com> <0AC612BA-5C9A-42F4-98B4-CB831772BEE5@gmail.com> <8AE0F17B87264D4CAC7DE0AA6C406F457CE9A8E0@nkgeml506-mbx.china.huawei.com> <4BE66EF7-6936-4FED-BD68-4D88A5B1543C@gmail.com>
Date: Fri, 30 Jan 2015 11:46:32 +0100
Message-ID: <CAAtO+X=cZWF72=ywF6Pu1AJrJk8H+aVf7733H856y7s24wrEcw@mail.gmail.com>
From: Qi Sun <sunqi.csnet.thu@gmail.com>
To: "Liubing (Leo)" <leo.liubing@huawei.com>
Content-Type: multipart/alternative; boundary="089e0149c0545fdcdd050ddc515c"
Archived-At: <http://mailarchive.ietf.org/arch/msg/l2tpext/IASnRwspT0r0TvfQT0sYyHBFfbs>
Cc: "draft-shen-l2tpext-l2tpv3-yang-model@tools.ietf.org" <draft-shen-l2tpext-l2tpv3-yang-model@tools.ietf.org>, "l2tpext@ietf.org" <l2tpext@ietf.org>
Subject: Re: [L2tpext] Comments on l2tpv3-yang-model: Covering keyed-v6-tunnel?
X-BeenThere: l2tpext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Layer Two Tunneling Protocol Extensions <l2tpext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/l2tpext/>
List-Post: <mailto:l2tpext@ietf.org>
List-Help: <mailto:l2tpext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jan 2015 10:46:36 -0000

Hi Bing,

Some further replies. Please see inline. Thanks.


On Fri, Jan 23, 2015 at 12:37 PM, Qi Sun <sunqi.csnet.thu@gmail.com> wrote:

>
>
>  [Qi] One thing you might miss in the current YANG model is that, the
> Local session ID should be a list instead of a node. I think it should look
> like this:
>  [Bing3] If supporting multiple sessions per tunnel, it should be a list.
>            ...
>            +--rw localCookies
>           |  +--rw localCookie* [cookieName]
>           |     +--rw cookieName            enumeration // "new"/“old"
>            |     +--rw cookieLength           enumeration // 4, 8
>           |     +--rw localHighCookie       hexBinary
>           |     +--rw localLowCookie        hexBinary
>           …
>
>  (Actually, for keyed-v6-tunnel, the cookieLength is always 8 octets.)
> [Bing3] It’s true if the static tunnel object is defined dedicated for
> keyed-ipv6-tunnel, but then the above mentioned Local session ID should be
> a node?
>
>
> [Qi] Yes, the Local Session ID should be a node, since it’s “one session
> per tunnel” as you mentioned earlier.
>

[Qi] I was wrong here. As described in the keyed-v6-tunnel draft (
https://tools.ietf.org/html/draft-ietf-l2tpext-keyed-ipv6-tunnel-01#section-3 ,
the last paragraph):
<quote>
   The value of the cookie MUST be
   able to be changed at any time in a manner that does not drop any
   legitimate tunneled packets - i.e. the receiver must be willing to
   accept both "old" and "new" cookie values during a change of cookie
   value.  Cookie values SHOULD be changed periodically.
</quote>
I think as a general point for static tunnel mode, this is necessary for
security reasons. So the localCookies should be a list (with only two items
at a time, old and new), instead of being a node.

Sorry for the confusion.



>
>
>  Here is the reference for this design:
>
> https://tools.ietf.org/html/draft-ietf-l2tpext-keyed-ipv6-tunnel-01#section-3 ,
> the last paragraph.
>
>  I can help to provide some text about the keyed-v6-tunnel, if you like.
> [Bing3] That would be good, thanks in advance.
>
> Here is the suggested text:

1. Section 1, Introduction
[OLD]
   This document defines a YANG [RFC6020] [RFC6021] data model for
   L2TPv3 tunnels.
[NEW]
   This document defines a YANG [RFC6020] data model for L2TPv3
   tunnels [RFC3931], which also covers the management for the Keyed
   IPv6 Tunnel mechanism [I.D.ietf-l2tpext-keyed-ipv6-tunnel].

//AND, add normal references to both RFC3931 and
I.D.ietf-l2tpext-keyed-ipv6-tunnel

2. Section 3.2, l2tpv3TunnelInstances
I suggest to add two subsections to this section, describing the automatic
tunnel mode and the
static tunnel mode, respectively.
[NEW]
3.2.1 Automatic tunnel mode
    L2TPv3 tunnels defined in [RFC3931] are dynamically built, with the
Session ID
    and Cookie dynamically assigned.Tunnel instances working in this mode
    only need to be configured with the ctrlName refering to related
control instances.
3.2.2 Static tunnel mode
    In the static tunnel mode, the layer 2 attachment circuits are
identified through
    IP addresses. The Session IDs and Cookie are pre-configured so that the
parameters
    in the control plan are not needed for tunnels establishment. The Keyed
IPv6 tunnel
    [I.D.ietf-l2tpext-keyed-ipv6-tunnel] describes such a mechanism. The
static
    mode is designed to manage L2TPv3 tunnel instances following
    [I.D.ietf-l2tpext-keyed-ipv6-tunnel]. In this mode, tunnel instances
are configured
    to be "one session per tunnel". The Cookie length SHOULD be 64-bit and
the
    Local Cookie is a list so that the tunnel endpoint can accept both
"old" and
    "new" cookies during a change of cookie value
    [I.D.ietf-l2tpext-keyed-ipv6-tunnel-01#section-4].


//DISCUSS: Would it be reasonable to retrieve the Session ID and Cookie as
operational
state parameters both in the aotu and static mode? If so, then a separate
"state" subtree
should include these parameters despite of the modes.

//NOTE: The text should be updated according to the evolving of the YANG
model.

Hope it helps. And please feel free to re-edit the text if there is any
issue there.

Best Regards,
Qi

v2.23.0 | Report a Bug | By Email