IETF Logo Mail Archive

Re: [L2tpext] 6MAN cross-wg review: draft-ietf-l2tpext-keyed-ipv6-tunnel-01

Karsten Thomann <karsten_thomann@linfre.de> Thu, 22 January 2015 14:54 UTC

Return-Path: <karsten_thomann@linfre.de>
X-Original-To: l2tpext@ietfa.amsl.com
Delivered-To: l2tpext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCBDB1A1AA6; Thu, 22 Jan 2015 06:54:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.561
X-Spam-Level:
X-Spam-Status: No, score=-1.561 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3TCnFa2eA-Tj; Thu, 22 Jan 2015 06:54:10 -0800 (PST)
Received: from linfre.de (linfre.de [83.151.26.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 477051A1A9D; Thu, 22 Jan 2015 06:54:10 -0800 (PST)
Received: from e7240.linfre (109.47.0.244) by linfreserv.linfre (Axigen) with (ECDHE-RSA-AES256-SHA encrypted) ESMTPSA id 13A85A; Thu, 22 Jan 2015 15:54:00 +0100
From: Karsten Thomann <karsten_thomann@linfre.de>
To: Ole Troan <otroan@employees.org>
Date: Thu, 22 Jan 2015 15:50:19 +0100
Message-ID: <24947916.dqx4YFu3F7@e7240.linfre>
User-Agent: KMail/4.14.3 (Linux/3.17.1-52.g5c4d099-desktop; KDE/4.14.3; x86_64; ; )
In-Reply-To: <68C9F850-89F5-4759-9FD0-1A00B33DDD46@employees.org>
References: <232077E7-7135-41E8-B0DB-C786F8C410CA@employees.org> <1816705.A9t7GNQOdE@linne> <68C9F850-89F5-4759-9FD0-1A00B33DDD46@employees.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="nextPart4694497.5cCDmNZOi8"
Content-Transfer-Encoding: 7bit
X-AXIGEN-DK-Result: No records
DomainKey-Status: no signature
X-AxigenSpam-Level: 5
Archived-At: <http://mailarchive.ietf.org/arch/msg/l2tpext/O4pAfp1oJmYIW4sgYUnt5wifqSw>
Cc: 6man WG <ipv6@ietf.org>, l2tpext@ietf.org, l2tpext-chairs@tools.ietf.org
Subject: Re: [L2tpext] 6MAN cross-wg review: draft-ietf-l2tpext-keyed-ipv6-tunnel-01
X-BeenThere: l2tpext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Layer Two Tunneling Protocol Extensions <l2tpext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/l2tpext/>
List-Post: <mailto:l2tpext@ietf.org>
List-Help: <mailto:l2tpext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jan 2015 14:54:13 -0000

Hi,

my comments about the draft:
1. As far as I know the IETF processes this must be a standards track draft 
instead of a informational, as it not only simplifies the tunnels like 
removing the control plane, but uses MUST where the L2TPv3 RFC only set 
it as optional (e.g. Cookie).

2. In my opinion the terms key, cookie and authentication key for the 
required 64bit cookie should be cleaned up, as the terms have in some 
context of the rfc the same meaning

3. Why is the explicit value for the hop limit mentioned? In my opinion it 
should be lower, or are there any implementations which really use that 
value as a default? Should be rewritten to something without a fixed hop 
limit

4. Is there any reason to not use src + dst ip for all cases instead to only 
use it for the case that the local ip is used for more than one tunnel?
I think every device should know from which IPs it receives packets for a 
specific local l2tp ip as the cookie must be configured and should be 
unique per tunnel.

5. I didn't understand the meaning of the last sentence:
   o  Payload.  The customer data, with s-tag or s-tag/c-tag removed.
      As noted above preamble and FCS are stripped before encapsulation.
      A new FCS will be added at each hop when the IP packet is
      transmitted.
There is no relation between the routing of the l2tp packet and the 
payload FCS, as there is no FCS in the payload.
6. I'm not sure if it should be added to the security considerations section, 
but in RFC 3931 it is mentioned that there are no checksums for the 
packets as ipv6 and l2tp have none. I know it was especially mentioned for 
the control packets, but it also applies to all other packets with payload.

Regards
Karsten


Am Dienstag, 13. Januar 2015, 09:59:28 schrieb Ole Troan:
> Thanks Karsten, I look forward to your review.
> 
> Best regards,
> Ole
> 
> > On 12 Jan 2015, at 12:52 , Karsten Thomann 
<karsten_thomann@linfre.de>
> > wrote:
> > 
> > As Jinmai already wrote, I can volunteer, but only under the same
> > constrains, as I have no prior experience with reviews.
> > 
> > Some comments:
> > I know it is also written in RFC4719, but why was "or" used at "Ethernet
> > frame, without the preamble or frame check sequence (FCS)". At the
> > payload section is "and" used...
> > "As noted above preamble and FCS are stripped before 
encapsulation."
> > 
> > As already written by Jinmai, the hop limit is with 255 as a default
> > setting a bit high, a default of 64 should be high enough for nearly all
> > cases.
> > 
> > Kind regards
> > Karsten
> > 
> > Am Dienstag, 6. Januar 2015, 12:14:14 schrieb Ole Troan:
> > > Hi,
> > > 
> > > The chairs of l2tpext have asked for a 6man review of:
> > > 
> > > Title: Keyed IPv6 Tunnel
> > > https://tools.ietf.org/html/draft-ietf-l2tpext-keyed-ipv6-tunnel-01
> > > 
> > > Can we get a couple of volunteers please? As well as any other 
comments
> > > to
> > > the lists are welcome of course. Please keep l2tpext@ietf.org in CC.
> > > 
> > > Best regards,
> > > Ole
> > > 
> > > --------------------------------------------------------------------
> > > IETF IPv6 working group mailing list
> > > ipv6@ietf.org
> > > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > > --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email