IETF Logo Mail Archive

Re: draft-ietf-l3vpn-gre-ip-2547-04.txt

Robert Raszuk <raszuk@cisco.com> Mon, 01 August 2005 08:44 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DzVud-00037l-72; Mon, 01 Aug 2005 04:44:43 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DzVub-00037g-A0 for l3vpn@megatron.ietf.org; Mon, 01 Aug 2005 04:44:41 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA05787 for <l3vpn@ietf.org>; Mon, 1 Aug 2005 04:44:39 -0400 (EDT)
Received: from sj-iport-5.cisco.com ([171.68.10.87]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1DzWQq-0004gE-Al for l3vpn@ietf.org; Mon, 01 Aug 2005 05:18:00 -0400
Received: from sj-core-3.cisco.com (171.68.223.137) by sj-iport-5.cisco.com with ESMTP; 01 Aug 2005 01:44:32 -0700
X-IronPort-AV: i="3.95,156,1120460400"; d="scan'208"; a="201823783:sNHT34023744"
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id j718iG73004550; Mon, 1 Aug 2005 01:44:29 -0700 (PDT)
Received: from xfe-sjc-211.amer.cisco.com ([171.70.151.174]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 1 Aug 2005 01:43:49 -0700
Received: from [10.21.144.107] ([10.21.144.107]) by xfe-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 1 Aug 2005 01:43:48 -0700
Message-ID: <42EDE0C1.6070902@cisco.com>
Date: Mon, 01 Aug 2005 01:43:45 -0700
From: Robert Raszuk <raszuk@cisco.com>
Organization: Signature: http://www.employees.org/~raszuk/sig/
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Ron Bonica <rbonica@juniper.net>
References: <42EA8107.1010104@cisco.com> <42EA8FF9.6020708@cisco.com> <42EA94E7.30103@cisco.com> <42EDAC8E.7050208@juniper.net>
In-Reply-To: <42EDAC8E.7050208@juniper.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 01 Aug 2005 08:43:48.0798 (UTC) FILETIME=[22BB7DE0:01C59675]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 31b28e25e9d13a22020d8b7aedc9832c
Content-Transfer-Encoding: 7bit
Cc: l3vpn@ietf.org, Scott Wainner <swainner@cisco.com>
Subject: Re: draft-ietf-l3vpn-gre-ip-2547-04.txt
X-BeenThere: l3vpn@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: raszuk@cisco.com
List-Id: l3vpn.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/l3vpn>, <mailto:l3vpn-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:l3vpn@ietf.org>
List-Help: <mailto:l3vpn-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/l3vpn>, <mailto:l3vpn-request@ietf.org?subject=subscribe>
Sender: l3vpn-bounces@ietf.org
Errors-To: l3vpn-bounces@ietf.org

Hi Ron,

Draft-ietf-l3vpn-gre-ip-2547-04 just specifies the encapsulation options 
assuming peers are manually configured. IMHO the day already came long 
time back (the moment we started to give ability for single side tunnel 
provisioning) to require automated way for peers to know what the other 
end is capable of decapsulating.

In that light draft-ietf-l3vpn-gre-ip-2547-04 does not seems like easy 
to deploy in large scale today making it an incomplete spec.

Cheers,
R.


> Scott, Robert,
> 
> Can we agree for now that draft-ietf-l3vpn-gre-ip-2547-04 is OK as is,
> and that we can save the discussion below for the day when we address
> automated signaling?
> 
>                              Ron
> 
> 
> Scott Wainner wrote:
> 
>>
>>
>> Robert Raszuk wrote:
>>
>>> Scott,
>>>
>>> The question is valid and the automated solution to the problem has 
>>> been proposed many times :)
>>>
>>> Just for the reference please look at the below draft:
>>>
>>> http://community.roxen.com/developers/idocs/drafts/draft-raggarwa-ppvpn-tunnel-encap-sig-01.html 
>>
>>
>>
>>
>>
>>
>> or alternatively ..
>> http://www.ietf.org/internet-drafts/draft-nalawade-kapoor-tunnel-safi-03.txt 
>>
>>
>> Nevertheless, something must be signaled by the egress PE.
>>
>>>
>>>
>>> Before we finalize the automated way the provisioning tools are 
>>> responsible for selecting the encapsulation of choice.
>>
>>
>>
>> Certainly, a provisioning tool could specify the use of GRE, IP, or 
>> LSP encap; however, it would have to be done on a per peer basis.
>>
>> In addition,  a distinct tunnel end-point cannot be distinguished from 
>> the Next Hop address without reverting back to statically configuring 
>> IP tunnel end-points.
>>
>> Seems these requirements defeat the purpose of the draft.
>>
>> Scott
>>
>>>
>>>
>>> Cheers,
>>> R.
>>>
>>>
>>>
>>>> In reviewing draft-ietf-l3vpn-gre-ip-2547-04.txt, I noted the 
>>>> following that requires some clarification:
>>>>
>>>>> 4.1  MPLS-in-IP/MPLS-in-GRE Encapsulation by Ingress PE
>>>>>
>>>>>   The following description is not meant to specify an implementation
>>>>>   strategy; any implementation procedure which produces the same 
>>>>> result
>>>>>   is acceptable.
>>>>>
>>>>>   When an ingress PE router receives a packet from a CE router, it
>>>>>   looks up the packet's destination IP address in a VRF that is
>>>>>   associated with packet's ingress attachment circuit.  This enables
>>>>>   the (ingress) PE router to find a VPN-IP route.  The VPN-IP route
>>>>>   will have an associated VPN route label and an associated BGP Next
>>>>>   Hop. The label is pushed on the packet.  Then an IP (or IP+GRE)
>>>>>   encapsulation header is prepended to the packet, creating an
>>>>>   MPLS-in-IP (or MPLS-in-GRE) encapsulated packet.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> It appears that the ingress PE can choose to use MPLS-in-IP or MPLS-in-
>>>> GRE implying that the egress MUST be able to perform both forms of
>>>> decapsulation.  If the egress PE can only perform one form of 
>>>> decapsulation,
>>>> how does the ingress PE determine which form of encapsulation is 
>>>> preferred
>>>> or required?
>>>>
>>>>                                                       The IP source
>>>>
>>>>>   address field of the encapsulation header will be an address of the
>>>>>   ingress PE router itself.  The IP destination address field of the
>>>>>   encapsulation header will contain the value of the associated BGP
>>>>>   Next Hop; this will be an IP address of the egress PE router.  QoS
>>>>>   information can be copied from the VPN packet to the GRE/IP tunnel
>>>>>   header so that required forwarding behaviors can be maintained at
>>>>>   each hop along the forwarding path.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>   The effect is to dynamically create an IP (or GRE) tunnel between 
>>>>> the
>>>>>   ingress and egress PE routers.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Presumably, the ingress PE and/or egress PE are also capable of 
>>>> forwarding
>>>> packets via label switched paths (either between themselves or to other
>>>> PE's or ASBR's).  In a mixed environment, its conceivable that two PE's
>>>> could only communicate via GRE or IP while a third could use an LSP 
>>>> to the
>>>> one or the other PE.   What means does the ingress PE use to determine
>>>> that the LSP should be used verses the GRE or IP encap?
>>>>
>>>>>                                     No apriori configuration of the
>>>>>   remote tunnel endpoints is needed.  Note that these tunnels SHOULD
>>>>>   NOT be IGP-visible links, and routing adjacencies SHOULD NOT be
>>>>>   supported across these tunnel.  Note also that the set of remote
>>>>>   tunnel endpoints is not known in advance, but is learned dynamically
>>>>>   via the BGP distribution of VPN-IP routes.  The IP address of the
>>>>>   remote tunnel endpoints is carried in the Network Address of the 
>>>>> Next
>>>>>   Hop field of the MP_REACH_NLRI BGP attribute [4]
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> This model assumes that the Network Address of the Next Hop field is 
>>>> the
>>>> destination tunnel address.  This may or may not be true.  The provider
>>>> may in fact want the externally accessible tunnel address to be 
>>>> distinct
>>>> from the Next Hop address for a variety of reasons including security,
>>>> transitive tunnels, etc.  How does the egress PE indicate to the 
>>>> ingress
>>>> PE that the tunnel should NOT be built to the Next Hop address, but to
>>>> a designated tunnel address assigned on the egress PE?  Likewise, how
>>>> does an ASBR determine that traffic to prefixes to a peer ASBR should
>>>> not be tunneled while prefixes to a peer PE should be tunneled.
>>>>
>>>> Seems that some form of signaling is required which is not defined 
>>>> in this
>>>> draft.
>>>>
>>>> Scott Wainner
>>>>
>>>>
>>>>
>>>> Message: 1
>>>> Date: Fri, 22 Jul 2005 17:31:30 -0700 (PDT)
>>>> From: Rick Wilder <rick@rhwilder.net>
>>>> Subject: draft-ietf-l3vpn-gre-ip-2547-04.txt.
>>>> To: l3vpn@ietf.org
>>>> Message-ID: <20050723003130.30954.qmail@web308.biz.mail.mud.yahoo.com>
>>>> Content-Type: text/plain; charset="iso-8859-1"
>>>>
>>>> L3VPN participants,
>>>>
>>>>
>>>> This begins a two-week last call for comments on 
>>>> draft-ietf-l3vpn-gre-ip-2547-04.txt.
>>>>
>>>> Rick
>>>>
>>>>
>>>>
>>>
>>>
>>
>

v2.23.0 | Report a Bug | By Email