[MBONED] Fwd: Re: [pim] PIM and IPsec experience
Stig Venaas <stig@venaas.com> Tue, 10 March 2015 16:55 UTC
Return-Path: <stig@venaas.com>
X-Original-To: mboned@ietfa.amsl.com
Delivered-To: mboned@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7E481A7005 for <mboned@ietfa.amsl.com>; Tue, 10 Mar 2015 09:55:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9LnUu7wkexoz for <mboned@ietfa.amsl.com>; Tue, 10 Mar 2015 09:55:28 -0700 (PDT)
Received: from mail-pa0-f41.google.com (mail-pa0-f41.google.com [209.85.220.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 305741A6FF9 for <mboned@ietf.org>; Tue, 10 Mar 2015 09:55:15 -0700 (PDT)
Received: by pablj1 with SMTP id lj1so3640713pab.10 for <mboned@ietf.org>; Tue, 10 Mar 2015 09:55:15 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type; bh=XOoZ8ukrNcbSFlj0q9+jYzABYLQ3WL77gnot8HKNkAw=; b=XfQIVkK0ZLycGT0IAMYi4fbjY6pbSEMSgltn+7rvFArkK8U3V8ceaPfN3roo+gyNuQ RXOMoV2xY6roKRgsA1BuOGNr3AUhxJK80W+hm3tGOFEfrzemrj0FbKSDyDqTlecIm6jr 9zod642esUTgChqtiyfIDc4W5kskcGwjuQ9xpkDfXw9Dsy4EjHDBGKRuwbUYwYH5VSY+ UPd4tWLPskLysv1teo9YhIV5Dk9q4/LivkjMu6SjTxgDa5rleYWYTaL4GD5aPePakq+m /DdQy8KVgpCROSPVQQDM7vg54HR5ZD8113BtJm8wmE+PD8PnKLm0AgSGbobg1D0MalBu cJQw==
X-Gm-Message-State: ALoCoQnIKoY47ks3rIXvsaH1MQZVevgqGo0CvcywG0FtpsfoJd6X+QrmWAbpX2JT81UxfO42Wk5G
X-Received: by 10.67.24.35 with SMTP id if3mr67069968pad.99.1426006515197; Tue, 10 Mar 2015 09:55:15 -0700 (PDT)
Received: from [10.154.37.74] (128-107-239-235.cisco.com. [128.107.239.235]) by mx.google.com with ESMTPSA id dr5sm1857790pdb.48.2015.03.10.09.55.12 for <mboned@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 Mar 2015 09:55:13 -0700 (PDT)
Message-ID: <54FF21D7.7040201@venaas.com>
Date: Tue, 10 Mar 2015 09:54:47 -0700
From: Stig Venaas <stig@venaas.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: "mboned@ietf.org" <mboned@ietf.org>
References: <54FF1C54.3030106@innovationslab.net>
In-Reply-To: <54FF1C54.3030106@innovationslab.net>
X-Forwarded-Message-Id: <54FF1C54.3030106@innovationslab.net>
Content-Type: multipart/mixed; boundary="------------010201090904000802010701"
Archived-At: <http://mailarchive.ietf.org/arch/msg/mboned/NP4UIiWIsEit2HUNfuE70VlAH-k>
Subject: [MBONED] Fwd: Re: [pim] PIM and IPsec experience
X-BeenThere: mboned@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Mail List for the Mboned Working Group <mboned.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mboned>, <mailto:mboned-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mboned/>
List-Post: <mailto:mboned@ietf.org>
List-Help: <mailto:mboned-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mboned>, <mailto:mboned-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2015 16:55:35 -0000
Dear mboned, are you aware of deployments of PIM-SM using IPsec? In particular deployments using a mix of PIM-SM implementations. Stig -------- Forwarded Message -------- Subject: Re: [pim] PIM and IPsec experience Date: Tue, 10 Mar 2015 12:31:16 -0400 From: Brian Haberman <brian@innovationslab.net> To: pim@ietf.org All, On 3/10/15 12:23 PM, Jeffrey (Zhaohui) Zhang wrote: > Lab testing can provide data on interoperability, but what about deployment experiences? Deployment experience is key. RFC 6410 describes the four conditions for advancing a specification to Internet Standard. (1) There are at least two independent interoperating implementations with widespread deployment and successful operational experience. (2) There are no errata against the specification that would cause a new implementation to fail to interoperate with deployed ones. (3) There are no unused features in the specification that greatly increase implementation complexity. (4) If the technology required to implement the specification requires patented or otherwise controlled technology, then the set of implementations must demonstrate at least two independent, separate and successful uses of the licensing process. Point (1) needs to be documented and that includes deployment experience. Regards, Brian > >> -----Original Message----- >> From: William Atwood [mailto:william.atwood@concordia.ca] >> Sent: Tuesday, March 10, 2015 12:16 PM >> To: pim@ietf.org; draft-ietf-pim-rfc4601bis@ietf.org >> Subject: Re: [pim] PIM and IPsec experience >> >> Stig, >> >> At Concordia, as part of the work supporting the development specified >> in RFC 5796, we did a series of tests. >> >> 1) Two and three "soft" routers (Linux boxes running XORP) for the "same >> key for everyone" and "separate keys for each sender" cases. >> >> 2) Two and three Cisco 2811 routers for the same two cases, except that >> we could not run the "three-router, separate keys case for each sender" >> case due to a limitation in the Cisco command line interface for manual >> keying. >> >> 3) Inter-operation of a XORP router and a Cisco 2811, for both the >> "same-key" and the "separate key" cases, with one XORP router and one >> Cisco router. (The "three-router, separate keys" case was not tried, >> for the reasons given above.) >> >> 4) Inter-operation of a XORP router and a Cisco 2911. >> >> AH was used in all the tests. >> >> Since the establishment of the IPsec parameters is _completely_ >> independent of the PIM-SM code, I expect that it would not be difficult >> to demonstrate inter-operation with ESP. I would be willing to provide >> the manpower to do this. >> >> The above establishes the existence of two independent inter-operating >> implementations. If I can find someone to loan me a suitable router >> from another company (with IPsec enabled), I expect that it would not be >> hard to demonstrate inter-operation with a third implementation, for >> both AH and ESP. (I would be willing to provide the manpower to do this.) >> >> Bill >> >> >> On 09/03/2015 8:10 PM, Stig Venaas wrote: >>> Hi >>> >>> As part of making RFC 4601 an Internet Standard we would like to know to >>> what extent there is experience with AH interoperability. Has anyone >>> conducted tests or are aware of deployments with multiple >>> implementations? What about ESP? >>> >>> It would also be interesting to know about deployments using IPsec, >>> even if just a single implementation is involved. No need to name >>> particular deployments, but it would be nice to get some idea how >>> common it is. >>> >>> Stig >>> >>> _______________________________________________ >>> pim mailing list >>> pim@ietf.org >>> https://www.ietf.org/mailman/listinfo/pim >> >> -- >> Dr. J.W. Atwood, Eng. tel: +1 (514) 848-2424 x3046 >> Distinguished Professor Emeritus fax: +1 (514) 848-2830 >> Department of Computer Science >> and Software Engineering >> Concordia University EV 3.185 email:william.atwood@concordia.ca >> 1455 de Maisonneuve Blvd. West http://users.encs.concordia.ca/~bill >> Montreal, Quebec Canada H3G 1M8 > > _______________________________________________ > pim mailing list > pim@ietf.org > https://www.ietf.org/mailman/listinfo/pim >
- [MBONED] Fwd: Re: [pim] PIM and IPsec experience Stig Venaas