IETF Logo Mail Archive

Re: [L3sm] Feedback on draft-ietf-l3sm-l3vpn-service-model

Kristian Larsson <kristian@spritelink.net> Wed, 20 April 2016 16:09 UTC

Return-Path: <kristian@spritelink.net>
X-Original-To: l3sm@ietfa.amsl.com
Delivered-To: l3sm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CA8112D777 for <l3sm@ietfa.amsl.com>; Wed, 20 Apr 2016 09:09:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.897
X-Spam-Level:
X-Spam-Status: No, score=-2.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SGAeJVwZbL6j for <l3sm@ietfa.amsl.com>; Wed, 20 Apr 2016 09:09:12 -0700 (PDT)
Received: from Mail2.SpriteLink.NET (Mail2.SpriteLink.NET [195.182.5.83]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44DD612D71E for <l3sm@ietf.org>; Wed, 20 Apr 2016 09:09:12 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by Mail2.SpriteLink.NET (Postfix) with ESMTP id EAB12261846 for <l3sm@ietf.org>; Wed, 20 Apr 2016 18:09:10 +0200 (CEST)
X-Virus-Scanned: amavisd-new at SpriteLink.NET
Received: from Mail2.SpriteLink.NET ([195.182.5.83]) by localhost (Mail2.SpriteLink.NET [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bWxJXlTRTMKt for <l3sm@ietf.org>; Wed, 20 Apr 2016 18:09:08 +0200 (CEST)
Received: from Kristians-MacBook-Pro.local (h-161-130.a515.priv.bahnhof.se [155.4.161.130]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: kristian@spritelink.net) by Mail2.SpriteLink.NET (Postfix) with ESMTPSA id 1D33626180E for <l3sm@ietf.org>; Wed, 20 Apr 2016 18:09:08 +0200 (CEST)
To: l3sm@ietf.org
References: <5714BA5A.2030701@cisco.com> <010a01d199e0$ea800ec0$bf802c40$@kddi.com> <28630_1461051228_5715DF5C_28630_192_1_9E32478DFA9976438E7A22F69B08FF921BB05850@OPEXCLILMA4.corporate.adroot.infra.ftgroup> <5715E4F4.6090303@spritelink.net> <15600_1461060809_571604C9_15600_294_1_9E32478DFA9976438E7A22F69B08FF921BB059BF@OPEXCLILMA4.corporate.adroot.infra.ftgroup> <57161D24.6060300@spritelink.net> <9842_1461068224_571621C0_9842_459_1_9E32478DFA9976438E7A22F69B08FF921BB05AA2@OPEXCLILMA4.corporate.adroot.infra.ftgroup> <57164239.4010603@spritelink.net> <7690_1461138142_571732DD_7690_114_1_9E32478DFA9976438E7A22F69B08FF921BB05D3C@OPEXCLILMA4.corporate.adroot.infra.ftgroup>
From: Kristian Larsson <kristian@spritelink.net>
Message-ID: <5717A9A3.3000609@spritelink.net>
Date: Wed, 20 Apr 2016 18:09:07 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.7.1
MIME-Version: 1.0
In-Reply-To: <7690_1461138142_571732DD_7690_114_1_9E32478DFA9976438E7A22F69B08FF921BB05D3C@OPEXCLILMA4.corporate.adroot.infra.ftgroup>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/l3sm/3pq2LPFK7bWrxcQaxr0ZD3rFKv0>
Subject: Re: [L3sm] Feedback on draft-ietf-l3sm-l3vpn-service-model
X-BeenThere: l3sm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: L3VPN Service YANG Model discussion group <l3sm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l3sm>, <mailto:l3sm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/l3sm/>
List-Post: <mailto:l3sm@ietf.org>
List-Help: <mailto:l3sm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l3sm>, <mailto:l3sm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Apr 2016 16:09:15 -0000

If the authentication container is purely for augmentation I don't think 
we need a "security" if-feature on the security container, instead I 
would opt for an "encryption" if-feature on the encryption container. If 
someone supports authentication then it will be augmented by another 
model and the lack of such model is a clear indicator that no 
authentication is supported.

As an native v6 only network I would like to see an if-feature for ipv4 :)

    kll



On 20/04/16 09:42, stephane.litkowski@orange.com wrote:
>> What is authentication used for? Seems to be an empty container.
>
> We do not spend a lot of time on security part, so there is some adjustment to do.
> The idea of authentication container was in case customer using an authenticated access type (PPP for example) and then could provide its own password.
> The container was for the moment here just for augmentation purpose. But we can keep it, remove it, add more in, depending on feedback.
>
> Thx
>
>
> -----Original Message-----
> From: Kristian Larsson [mailto:kristian@spritelink.net]
> Sent: Tuesday, April 19, 2016 16:36
> To: LITKOWSKI Stephane OBS/OINIS; Ogaki, Kenichi; 'Benoit Claise'; l3sm@ietf.org
> Cc: Martin.Adams@telekom.de; 'Mikael Abrahamsson'; 'Ian Farrer'; 'Zoric, Sladjana'
> Subject: Re: [L3sm] Feedback on draft-ietf-l3sm-l3vpn-service-model
>
>
>
> On 19/04/16 14:17, stephane.litkowski@orange.com wrote:
>> Hi,
>>
>> We will not support all containers of the model but most of them.
>>
>> Now in term of model usage, two main usages :
>> - customer is using a portal to order the services, in this case there
>> is no need to advertise any deviation, as the REST or Netconf client
>> is  also managed by the provider (client is the portal)
>> - Provider opens API to customers :
>> 	- customer is able to use directly L3SM using REST or Netconf : deviations need to be advertised.
>
> Right, I agree. I'm convinced the first model, with a pretty web UI will be the main interface but I'm hoping that the second model will gain some traction as well. With more FOSS tools around NC/RC/YANG it certainly could and why not eliminate one step of weakly modeled data.
> Often the customer has an internal structure for what they want, like addresses of all satellite offices, which they then convert to Excel and send to the provider who will convert it to something else. This model could remove those weakly modeled steps.
>
>
>> You will find attached a quick exercise (so I probably missed some) on what could be the features in the model tree. Features are identified between {}.
>> For some identities, we would need features : YANG 1.1 needed.
>> Just to start the discussion.
>
> Good start, I actually began looking at this but you were much faster.
> We have made almost the exact same choices :)
>
> What is authentication used for? Seems to be an empty container.
>
>      kll
>
>
>> -----Original Message-----
>> From: Kristian Larsson [mailto:kristian@spritelink.net]
>> Sent: Tuesday, April 19, 2016 13:57
>> To: LITKOWSKI Stephane OBS/OINIS; Ogaki, Kenichi; 'Benoit Claise';
>> l3sm@ietf.org
>> Cc: Martin.Adams@telekom.de; 'Mikael Abrahamsson'; 'Ian Farrer'; 'Zoric, Sladjana'
>> Subject: Re: [L3sm] Feedback on draft-ietf-l3sm-l3vpn-service-model
>>
>>
>>
>> On 19/04/16 12:13, stephane.litkowski@orange.com wrote:
>>> The main issue with features is to define what should be a feature ,
>>> and what is in the base and I'm afraid that we could fall in infinite
>>> discussions.
>>
>> Okay, sure, I can see how that is a non-trivial discussion but it's certainly not an impossible one. Instead you are advocating for the extreme opposite and not have any if-features at all, which results in a model so big that I will have to spend more time writing a deviation file for it than it would take me to write a new model. Okay, I'm exaggerating a bit but virtually all providers will define a deviation which I think means the model is fundamentally broken. Having deviations shouldn't be the normal state.
>>
>> Does Orange support all those PE-CE protocols? Do you do encryption?
>> Will you not have any deviations?
>>
>> Kind regards,
>>       Kristian.
>>
>> ______________________________________________________________________
>> ___________________________________________________
>>
>> Ce message et ses pieces jointes peuvent contenir des informations
>> confidentielles ou privilegiees et ne doivent donc pas etre diffuses,
>> exploites ou copies sans autorisation. Si vous avez recu ce message
>> par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>>
>> This message and its attachments may contain confidential or
>> privileged information that may be protected by law; they should not be distributed, used or copied without authorisation.
>> If you have received this email in error, please notify the sender and delete this message and its attachments.
>> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
>> Thank you.
>>
>
> _________________________________________________________________________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
>
> _______________________________________________
> L3sm mailing list
> L3sm@ietf.org
> https://www.ietf.org/mailman/listinfo/l3sm
>

v2.39.1 | Report a Bug | By Email | System Status