Re: [lisp] draft-farinacci-lisp-crypto-01 - Call for WG Adoption

Fabio Maino <> Fri, 05 December 2014 21:45 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 9CCA11AD939 for <>; Fri, 5 Dec 2014 13:45:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id d3HiR15nz29I for <>; Fri, 5 Dec 2014 13:45:19 -0800 (PST)
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 42B0B1A1A4F for <>; Fri, 5 Dec 2014 13:45:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=2829; q=dns/txt; s=iport; t=1417815919; x=1419025519; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=JhvrbOJelzatkn7y+M89ez6V4+5QHxJLpLplkQyIk08=; b=Ql0m8elamV/sBBcp32n99et7RjcC/G5O9WNpDhi69M0ggbX5BwXj0zc5 FOjUjBC9WzFG+8DqL9c0UDVzK6efhQdAFG1X3LIutxJqI/dWo4e0hiDZt vSi+J+NOtlfmXwGI6pCG2ZFnY9eueM0U+tJZChg0XL6yGsSuSufXY9OV0 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.07,525,1413244800"; d="scan'208";a="374860239"
Received: from ([]) by with ESMTP; 05 Dec 2014 21:45:18 +0000
Received: from [] ([]) by (8.14.5/8.14.5) with ESMTP id sB5LjHbE006298; Fri, 5 Dec 2014 21:45:18 GMT
Message-ID: <>
Date: Fri, 05 Dec 2014 13:45:28 -0800
From: Fabio Maino <>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Dino Farinacci <>
References: <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [lisp] draft-farinacci-lisp-crypto-01 - Call for WG Adoption
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 05 Dec 2014 21:45:20 -0000

On 12/5/14, 9:36 AM, Dino Farinacci wrote:
>> Hi Dino,
>> I have no problems with the control plane part. An encap with multiprotocol support would allow to do IPsec encap before LISP encap, and could be used with the unauthenticated DH mechanism that you propose.
> Well draft-farinacci-lisp-crypto-01 with LISP-SEC can give you an authenticated DH mechanism as well.

yes, but the DH mechanism itself is unauthenticated.

>> I do really think that the LISP WG should not miss the encap debate, and drive the transition to a format that
> Well I think we should monitor it but also not get distracted by it.
> The LISP WG has a control-plane that others may use. We should create laser focus on control-plane features and scale. The latter being most important.

agree: focus on CP scale and flexibility, as LISP may play a role in 
interconnecting the different controlling domains you mention below.

>> lends itself to the various use cases that are being envisioned (and that IMO should become the main focus of the WG asap). There's quite a broad support behind VXLAN-GPE, and LISP-GPE is an opportunity for LISP to
> There is broad support among other data center encapsulations as well. The point is being focused mostly on data center and not holistically.
>> capitalize on that support and maintain some backward compatibility with the current LISP encap and features.
> The marketplace is confused about overlays right now in the data center. It is the vendors that are confusing matters by having (1) so many data-planes that can't interoperate in a multi-vendor network, and (2) coupled with separate and vertical control-planes that also don't interoperate with each other.

That's where LISP (and GPE IMO) can play a role: we have already seen 
vendors (unfortunately) proposing the use of VXLAN outside of the DC. 
The capability that people would like to see on top of VXLAN (or other 
overlays) for the DC are not very different from what would be needed 
outside of the DC. LISP is possibly one of the largest deployed overlay 
outside of DC today: this group should drive the extension of the encap 
(as well as of the control plane, if needed) to address various LISP use 

I think that's why many of us have kept bringing use cases to the 
attention of the WG, and would like to see the group focusing on that now.

> The risk is that operators may give up on overlays because the vendor community is all over the place. Or simply just roll their own with properitary SDN controller solutions.

In my experience when customers see the benefit of overlays (LISP in my 
case) they tend jump on it... but you know this way better than me :-) 
It's our responsibility as a WG to clear up the confusion about 


> Dino