draft-mjsraman-l2vpn-vpls-tictoc-label-hop-00.txt ...
Robert Raszuk <robert@raszuk.net> Sat, 07 July 2012 12:39 UTC
Return-Path: <robert@raszuk.net>
X-Original-To: l2vpn@ietfa.amsl.com
Delivered-To: l2vpn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74F3021F860F for <l2vpn@ietfa.amsl.com>; Sat, 7 Jul 2012 05:39:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.569
X-Spam-Level:
X-Spam-Status: No, score=-2.569 tagged_above=-999 required=5 tests=[AWL=0.030, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uueI4kSQuF9w for <l2vpn@ietfa.amsl.com>; Sat, 7 Jul 2012 05:39:38 -0700 (PDT)
Received: from mail1310.opentransfer.com (mail1310.opentransfer.com [76.162.254.103]) by ietfa.amsl.com (Postfix) with ESMTP id 877CE21F8596 for <l2vpn@ietf.org>; Sat, 7 Jul 2012 05:39:38 -0700 (PDT)
Received: (qmail 2593 invoked by uid 399); 7 Jul 2012 12:39:57 -0000
Received: from unknown (HELO ?192.168.1.91?) (pbs:robert@raszuk.net@83.31.236.50) by mail1310.opentransfer.com with ESMTPM; 7 Jul 2012 12:39:57 -0000
X-Originating-IP: 83.31.236.50
Message-ID: <4FF82E1C.6000009@raszuk.net>
Date: Sat, 07 Jul 2012 14:39:56 +0200
From: Robert Raszuk <robert@raszuk.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
MIME-Version: 1.0
To: "l2vpn@ietf.org" <l2vpn@ietf.org>
Subject: draft-mjsraman-l2vpn-vpls-tictoc-label-hop-00.txt ...
References: <CAH==cJxPgNGa5Dwc_r8OFc1-+L7uu1+5fFVrwqvjQwT=GvdbFw@mail.gmail.com> <14C7F4F06DB5814AB0DE29716C4F6D6702DF2171E9@FRMRSSXCHMBSB1.dc-m.alcatel-lucent.com> <CAH==cJyuY+Pj5zk-1WD1jd8M9xSst2iTpwii+p0O+VLDy++DHw@mail.gmail.com>
In-Reply-To: <CAH==cJyuY+Pj5zk-1WD1jd8M9xSst2iTpwii+p0O+VLDy++DHw@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-BeenThere: l2vpn@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: robert@raszuk.net
List-Id: <l2vpn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l2vpn>, <mailto:l2vpn-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/l2vpn>
List-Post: <mailto:l2vpn@ietf.org>
List-Help: <mailto:l2vpn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l2vpn>, <mailto:l2vpn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Jul 2012 12:39:39 -0000
I have read the draft-mjsraman-l2vpn-vpls-tictoc-label-hop-00.txt. It proposed an interesting solution to apply algorithmically computed VPN lable (for L2VPNs, but also possible for L3VPN) where inter-as option C is used. However I have a fundamental question .. from who the draft is protecting the inter-as service ? Who other then participating ISPs can spoof a value of VPN label ? If the solution is protecting from ISPs itself then I think it does not help at all as corresponding ISPs/SPs still have full access to their PEs and could inject packets to VPN sites at will. Moreover main issue with option C is not security (at least for the last 10+ years). Main issue with option C and MPLS is that participating providers need to inject into each other's network all of their participating PE's /32 addresses so the end to end MPLS LSP can be build. Originally that was recommended to be done by mutual redistribution to the IGP .. now the general recommendation is to use labeled BGP (both IBGP and EBGP). So fundamental question to the authors ... who is the potential attacker/spoofer this draft is aiming to protect from ? Best regards, R.
- draft-mjsraman-l2vpn-vpls-tictoc-label-hop-00.txt… Robert Raszuk
- EVPN: MAC age Jakob Heitz
- RE: EVPN: MAC age Henderickx, Wim (Wim)
- RE: EVPN: MAC age Alexander Vainshtein
- Re: EVPN: MAC age Henderickx, Wim (Wim)
- RE: EVPN: MAC age Alexander Vainshtein
- Re: EVPN: MAC age Lizhong Jin
- Re: EVPN: MAC age Henderickx, Wim (Wim)
- Re: EVPN: MAC age Lizhong Jin
- Re: draft-mjsraman-l2vpn-vpls-tictoc-label-hop-00… Jakob Heitz