Re: [L2tpext] Review of Keyed IPv6 Tunnel [draft-mkonstan-keyed-ipv6-tunnel-00]
"Maciek Konstantynowicz (mkonstan)" <mkonstan@cisco.com> Wed, 16 October 2013 22:03 UTC
Return-Path: <mkonstan@cisco.com>
X-Original-To: l2tpext@ietfa.amsl.com
Delivered-To: l2tpext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10B2A11E82CA for <l2tpext@ietfa.amsl.com>; Wed, 16 Oct 2013 15:03:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Io1JC2m6NsJe for <l2tpext@ietfa.amsl.com>; Wed, 16 Oct 2013 15:02:47 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) by ietfa.amsl.com (Postfix) with ESMTP id 868C111E8213 for <l2tpext@ietf.org>; Wed, 16 Oct 2013 15:02:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5273; q=dns/txt; s=iport; t=1381960964; x=1383170564; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=cFO8OiGxBmiOO13KZ9qJ0uBROughXXpL5T87iXKDMrU=; b=ZFfu+EtJhpevS4rTrIbyIuqAHoF2Zd1uzgtMUvx/ecwm+4yhSCg50bp1 83aNLUAkyvGTrxICf8hjoYGlm3krVY8qKEfGTqnVjpv8LqNYAyKXPi0YY Xh6BhMESc3H/f2HsS1fL8prUG5SJba7CMS9P3rxD1j7oA/nwOYJBdL4wx c=;
X-IronPort-AV: E=Sophos;i="4.93,509,1378857600"; d="scan'208";a="273024713"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-6.cisco.com with ESMTP; 16 Oct 2013 22:02:44 +0000
Received: from xhc-aln-x09.cisco.com (xhc-aln-x09.cisco.com [173.36.12.83]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id r9GM2iJS015511 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 16 Oct 2013 22:02:44 GMT
Received: from xmb-rcd-x06.cisco.com ([169.254.6.250]) by xhc-aln-x09.cisco.com ([173.36.12.83]) with mapi id 14.02.0318.004; Wed, 16 Oct 2013 17:02:43 -0500
From: "Maciek Konstantynowicz (mkonstan)" <mkonstan@cisco.com>
To: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
Thread-Topic: Review of Keyed IPv6 Tunnel [draft-mkonstan-keyed-ipv6-tunnel-00]
Thread-Index: AQHOyrtw5a015OQscUOKZg/mloPb3Q==
Date: Wed, 16 Oct 2013 22:02:42 +0000
Message-ID: <96EE5A5F6E4E6448B2AC953A71A9739B2A750D26@xmb-rcd-x06.cisco.com>
References: <95067C434CE250468B77282634C96ED322E0E780@xmb-aln-x02.cisco.com>
In-Reply-To: <95067C434CE250468B77282634C96ED322E0E780@xmb-aln-x02.cisco.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.61.107.234]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <E212B56D1B28AC439B0D9EEE0236150C@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Maciek Konstantynowicz <maciek@cisco.com>, "Giles Heron (giheron)" <giheron@cisco.com>, "l2tpext@ietf.org" <l2tpext@ietf.org>, Rainer Schatzmayr <rainer.schatzmayr@telekom.de>, "Mark Townsley (townsley)" <townsley@cisco.com>, "pwe3-chairs@tools.ietf.org" <pwe3-chairs@tools.ietf.org>
Subject: Re: [L2tpext] Review of Keyed IPv6 Tunnel [draft-mkonstan-keyed-ipv6-tunnel-00]
X-BeenThere: l2tpext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Layer Two Tunneling Protocol Extensions <l2tpext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/l2tpext>
List-Post: <mailto:l2tpext@ietf.org>
List-Help: <mailto:l2tpext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 22:03:00 -0000
Carlos, Sorry, took a while to get back to you.. Many thanks for your comments. See inline. On 15 Aug 2013, at 21:13, Carlos Pignataro (cpignata) wrote: > Hi, Rainer, Giles, Maciek, Mark, > > After the presentation of this draft in Berlin at the PWE3 meeting (with thanks to the PWE3 chairs!) available at http://tools.ietf.org/agenda/87/slides/slides-87-pwe3-2.pdf, I wanted to provide some review comments with the chair hat off. > > I hope these are useful and clear, they are prefaced with "CMP" All useful and clear - thanks for your review ! > > > http://tools.ietf.org/html/draft-mkonstan-keyed-ipv6-tunnel-00 > > Network Working Group R. Schatzmayr > Internet-Draft Deutsche Telekom AG > Intended status: Informational G. Heron, Ed. > > CMP: I do not think that the intended status of this document should be Informational, as you are proposing protocol changes. > > > Abstract > > This document describes a simple L2 Ethernet over IPv6 tunnel > encapsulation with mandatory 64-bit authentication key for connecting > L2 Ethernet attachment circuits identified by IPv6 addresses. The > encapsulation is based on L2TPv3 over IP. > > and > > 3. 64-bit Authentication Key > > All packets MUST carry a 64-bit authentication key in the L2TPv3 > > CMP: a cookie does not provide an authentication key. It is a simple context lookup check. Indeed the key in the cookie field is used for additional context check and to prevent spoofing and brute-force insertion attacks in line with RFC3931. Will correct the current text and align with RFC3931. > > 1. Introduction > > CMP: It might be useful to mention in the introduction that there is precedence with proposals to do away with the session id lookup when considered redundant, as for example with draft-ietf-l2tpext-l2tphc. Agree. Will add reference to draft-ietf-l2tpext-l2tphc. > > > 2. Static 1:1 Mapping Without a Control Plane > > Use of the L2TPv3 Control Plane is optional. When the control plane > is not used, local configuration creates a one-to-one mapping between > the access-side L2 attachment circuit and the IP address used in the > network-side IPv6 encapsulation. > > CMP: I am not sure I understand how it would work *with* the L2TPv3 Control Plane. Instead of saying that it is optional, I would say that it is out of scope or similar, and this behavior is specified for static sessions only. Optional means it can be used, and they you would have to say "how" (which new AVPs, etc). Agree. The intention here is to use static tunnels mapping. Will update draft text accordingly. > > Further, circuit monitoring is > performed using Ethernet OAM mechanisms (802.1ag and/or Y.1731). > > CMP: Why Ethernet OAM and not L2TPv3/PW OAM? e.g., [RFC 5085]. Based on feedback from network operators to keep things simple and universal, with consistent tooling :) Most / all implementations of L2TPv3 / PW support Ethernet OAM with maintenance points at the tunnel endpoints, so it makes sense to use it to provide actual payload based connectivity verification. Transport connectivity verification is achieved using IPv6 toolset. > > In the event that an IPv6 address used in L2TPv3 does not directly > correspond to one and only one attachment circuit on both sides of > the L2TPv3 tunnel, the Session ID may be used for additional > granularity. This allows for other addressing schemes that may > require additional bits beyond those which can fit in the IPv6 header > address field. > > CMP: Assuming there are some gains in processing the session context from the IPv6 address instead of the session id, which could be described, is that lost with this last paragraph? Why have both? The idea here was to provide compatibility with existing RFC3931 implementations. > > > 4. Encapsulation > > o Session ID. In the "Static 1:1 mapping" case described in > Section 2, the IPv6 address resolves to an L2TPv3 session > immediately, thus the Session ID may be ignored upon receipt. For > compatibility with other tunnel termination platforms supporting > only 2-stage resolution (IPv6 Address + Session ID), this > specification recommends supporting explicit configuration of > Session ID to any value other than zero. For cases where both > tunnel endpoints support one-stage resolution (IPv6 Address only), > this specification recommends setting the Session ID to all ones > for easy identification in case of troubleshooting. > > CMP: Could you add that it is non-zero? Yes, will add. > > 8.2. Informative References > > > > [RFC1700] Reynolds, J. and J. Postel, "Assigned Numbers", RFC 1700, > October 1994. > > CMP: THis reference is not cited in the doc, please remove. Yes, will remove the reference. Thanks, Maciek. > > > Thanks, > > -- Carlos. > > >
- [L2tpext] Review of Keyed IPv6 Tunnel [draft-mkon… Carlos Pignataro (cpignata)
- Re: [L2tpext] Review of Keyed IPv6 Tunnel [draft-… Maciek Konstantynowicz (mkonstan)
- Re: [L2tpext] Review of Keyed IPv6 Tunnel [draft-… Carlos Pignataro (cpignata)
- Re: [L2tpext] Review of Keyed IPv6 Tunnel [draft-… Maciek Konstantynowicz (mkonstan)
- Re: [L2tpext] Review of Keyed IPv6 Tunnel [draft-… Carlos Pignataro (cpignata)