Re: [nvo3] New Version Notification for draft-fan-l2tp-vp-01.txt
"Anton Ivanov (antivano)" <antivano@cisco.com> Fri, 11 April 2014 10:46 UTC
Return-Path: <antivano@cisco.com>
X-Original-To: nvo3@ietfa.amsl.com
Delivered-To: nvo3@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B87241A0488 for <nvo3@ietfa.amsl.com>; Fri, 11 Apr 2014 03:46:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.772
X-Spam-Level:
X-Spam-Status: No, score=-9.772 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pIJAHBXRGvjd for <nvo3@ietfa.amsl.com>; Fri, 11 Apr 2014 03:46:48 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) by ietfa.amsl.com (Postfix) with ESMTP id 064C91A0225 for <nvo3@ietf.org>; Fri, 11 Apr 2014 03:46:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=33814; q=dns/txt; s=iport; t=1397213207; x=1398422807; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=ordF9a2XzfprN8Q0TYYrs96aDQvhaiHYFe6pBw57CXQ=; b=dmmtI9wynP0eswghW4o38EGE5P1ZuEFMaf5fHXnVaASdCaDYf/57cQrO NbFlpYZynwGp2da/k2EQWEsgqsR2QRrW9IlwaobmfO1u7fVbS538LF6+o k0cOJFb6bek6dSWHjYgZnwCymKxYgK7OhvTcueKynYC45L4VuPy6MxmNN c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AkIFAEPHR1OtJV2a/2dsb2JhbABZgkJEO1EGvRSHNYEcFnSCJQEBAQQBAQEqQQQFAQ0EAgEIEQQBAQoWAQEGBwkDAgECARULFAkIAgQNBgICBYdzCAXMAheOFV0BBoQyBJRzg22BNZENgzGBakE
X-IronPort-AV: E=Sophos; i="4.97,841,1389744000"; d="scan'208,217"; a="34914637"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by alln-iport-1.cisco.com with ESMTP; 11 Apr 2014 10:46:45 +0000
Received: from xhc-rcd-x02.cisco.com (xhc-rcd-x02.cisco.com [173.37.183.76]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id s3BAkjTU015300 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <nvo3@ietf.org>; Fri, 11 Apr 2014 10:46:45 GMT
Received: from xmb-aln-x12.cisco.com ([169.254.7.118]) by xhc-rcd-x02.cisco.com ([173.37.183.76]) with mapi id 14.03.0123.003; Fri, 11 Apr 2014 05:46:45 -0500
From: "Anton Ivanov (antivano)" <antivano@cisco.com>
To: "nvo3@ietf.org" <nvo3@ietf.org>
Thread-Topic: [nvo3] New Version Notification for draft-fan-l2tp-vp-01.txt
Thread-Index: AQHPVXNUgFJsTZiO4kCwcAr8wni8Kg==
Date: Fri, 11 Apr 2014 10:46:44 +0000
Message-ID: <5347C7FF.8010606@cisco.com>
References: <20140410032205.30725.83163.idtracker@ietfa.amsl.com> <C02846B1344F344EB4FAA6FA7AF481F10F3E29D0@SZXEMA502-MBS.china.huawei.com> <CA+mtBx9r75d3bkk4FeHWXjPMwfetr97rBuxWoubDsx=_Y_RZ0g@mail.gmail.com> <1045434E-F6BE-444E-8E28-B2DCCE1B0A35@cisco.com> <C02846B1344F344EB4FAA6FA7AF481F10F3E2C07@SZXEMA502-MBS.china.huawei.com>
In-Reply-To: <C02846B1344F344EB4FAA6FA7AF481F10F3E2C07@SZXEMA502-MBS.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131103 Icedove/17.0.10
x-originating-ip: [10.61.82.33]
Content-Type: multipart/alternative; boundary="_000_5347C7FF8010606ciscocom_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/nvo3/oe4_4qO4obGx_64pfDv3V8XNm1s
Subject: Re: [nvo3] New Version Notification for draft-fan-l2tp-vp-01.txt
X-BeenThere: nvo3@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Network Virtualization Overlays \(NVO3\) Working Group" <nvo3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3>, <mailto:nvo3-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nvo3/>
List-Post: <mailto:nvo3@ietf.org>
List-Help: <mailto:nvo3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3>, <mailto:nvo3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Apr 2014 10:46:52 -0000
On 11/04/14 11:01, Xialiang (Frank) wrote:
Hi Tom, Carlos,
Thanks for your comments, please see my response inline:
B.R.
Frank
From: nvo3 [mailto:nvo3-bounces@ietf.org] On Behalf Of Carlos Pignataro (cpignata)
Sent: Friday, April 11, 2014 1:09 AM
To: Tom Herbert
Cc: l2tpext@ietf.org<mailto:l2tpext@ietf.org>; Namgon Kim; Fanduoliang; nvo3@ietf.org<mailto:nvo3@ietf.org>; Xialiang (Frank); Zehn Cao
Subject: Re: [nvo3] New Version Notification for draft-fan-l2tp-vp-01.txt
Frank, Tom,
Please find some additional comments inline, L2TPExt chair hat off.
On Apr 10, 2014, at 11:46 AM, Tom Herbert <therbert@google.com<mailto:therbert@google.com>> wrote:
On Wed, Apr 9, 2014 at 8:37 PM, Xialiang (Frank)
<frank.xialiang@huawei.com<mailto:frank.xialiang@huawei.com>> wrote:
Hi folks,
We have updated the L2TP-VP version -01 draft.
In the new version draft, we add the motivation of this draft and modification to the format of L2TP-VP header.
Welcome your comments and suggestions!
Hi Frank,
Thanks for posting. A few comments:
- This is so dramatically different from L2TP I wonder if it can still
honestly be called L2TP. Have you implemented this? How much of L2TP
stack can be leveraged?
- "Session ID is changed to a 31-bit field"-- doesn't this break L2TP then?
[Frank] : The main differences we’ve made are:
1. Session ID is changed to 31-bit: that’s because we need the most significant bit for differentiating L2TPv3 packets with L2TP-VP packets in data plane. The only disadvantage is to limit the session ID scope for existing L2TPv3 protocol to < 2 ^ 31, but that scope is large enough to be used for L2TPv3 session in practice;
So half of l2tpv3 sessions will be misinterpreted as L2TP-VP. Sheer genius...
2. We reuse first 32 bit of cookie field to the TNI, the left 32 bit is still used for cookie field. This indeed limit the cookie mechanism’s capability. In next version of the draft, we will solve this problem.
Except the above, we do not change anything of L2TPv3. What we currently do is to reuse L2TPv3 for multi-tenant network scenarios, but keep its implementation separating from existed L2TPv3 implementation in data plane clearly.
These two bullet points are critical. A "profile" of protocol is a constrained subset of it, within an applicability context. What this document shows is not a profile.
The most-significant bit of the Session ID being used for something else ("Modified bit") has two implications:
1. This is not a profile, it's an attempt to redefine L2TPv3.
2. This non-profile draft describes a non-backwards compatible protocol. Meaning, L2TPv3's Session ID allows for Session IDs with the MSB set. Consequently, a packet cannot be differentiated between L2TPv3 and this other protocol (which is not a profile).
3. It breaks L2TPv3.
OK, I lied, three (or possibly more) implications :-)
The remaining points are subordinate to this high-order bit (no pun intended).
[Frank] : I think we can consider the relationship between L2TP-VP and L2TPv3 as the same thing of relationship between MPLS-TP and MPLS.
That was not a trully "wonderful" relationship so if we will start with _THAT_ relationship as a model and it did not get us anywhere in terms of resolving the differences. Should we assume that your goal is once again to introduce a protocol orthogonal to the overall consensus which breaks things for everyone else and everybody besides you refuses to deploy?
If that is the intention we might as well stop here. That abuse of IETF process should never ever be allowed to repeat itself.
- "Type field"-- I suspect this is meant to be an EtherType value.
Please be explicit about this.
- To get hashing (for ECMP, RSS, etc.) in the network we'd almost
certainly use L2TP over UDP, so L2TP-VP should probably have a format
defined for use with UDP.
There's also hashing for L2TPv3 directly over IP (e.g., RFC 5640)
[Frank] : Agree with all your comments. In current draft, we only specifies L2TP-VP over IP. We indeed have considered L2TP-VP over UDP and can add this part of content in next version if necessary.
You do not need to specify anything here. You can just offset yourself and stick the extra fields between a _STANDARD_ L2TPv3 header and the payload. Due to L2TPv3 not specifying an Ethertype in the header you can offset the data by as much as you wish and stick in there whatever you wish. It will still be fully compatible and will be supported at some backward compatibility level by any implementation which has an offset parameter. That is pretty much all of them nowdays.
In any case, as we already have a reference implementation for use of L2TPv3 as a virtualization protocol enqueued for inclusion in kvm-qemu 2.1, containers in Linux above 3.3 and UML (TBA, current versions are 3.3+) please specify how you interoperate versus existing code which in the process of being deployed.
Hint - you do not.
A.
Thanks,
Carlos.
- Even with Type field, this still suffers from the same problem L2TP
has that network devices won't be able to parse the packet beyond the
L2TP header (the cookie field makes the header variable length). This
eliminates the ability to implement the protocol with LRO for
instance. I suggest you take four or five bits from reserved section
for header length to resolve this (see example in GUE).
[Frank] : good comments. Will consider it~~
- Cookie mechanism is an advantage over VXLAN and nvgre I believe, but
why limit it to 32 bits? 64 bits is much stronger, and at some point
we might even want 128 bits to do strong authentication.
Some more general questions applicable to this and some other proposals.
- "TNI field"-- this seems to use the same 24 bit left shifted format
of nvgre and VXLAN. I still don't see the rationale for this! Why
can't the full 32 bit field be allocated for vni? A large deployment
will be using various levels of hierarchical allocation and possibly
obfuscation of vni (TNI). The nvo3 requirements on this are vague
("100's of thousands of virtual networks"), but they clearly don't
expect this the VNI to be a simple flat space either.
[Frank] : It’s an issue existing a long time. I have no personal preference on it. It totally depends on real requirement.
- "Outer Ethernet Header"-- showing the outer Ethernet header in L3
encapsulations examples is not necessary, use of Ethernet is not a
requirement, and this is potentially very misleading. For instance,
the outer Ethernet FCS does *not* protect the packet end to end in an
L3 routed network. Personally, I think it would be more illustrative
to show the IP packet in the inner Ethernet frame instead to see how
its alignment is affected.
[Frank] : Actually, It’s only a encapsulation example. But your comment is right. We will correct in the next version. Thanks!
Thanks,
Tom
B.R.
Frank
-----Original Message-----
From: internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> [mailto:internet-drafts@ietf.org]
Sent: Thursday, April 10, 2014 11:22 AM
To: Xialiang (Frank); Zhen Cao; Fanduoliang; Zehn Cao; Namgon Kim; Namgon
Kim; Fanduoliang; Xialiang (Frank)
Subject: New Version Notification for draft-fan-l2tp-vp-01.txt
A new version of I-D, draft-fan-l2tp-vp-01.txt has been successfully submitted
by Liang Xia and posted to the IETF repository.
Name: draft-fan-l2tp-vp
Revision: 01
Title: L2TP-VP: Layer Two Tunneling Protocol - Virtualization Profile
Document date: 2014-04-10
Group: Individual Submission
Pages: 9
URL:
http://www.ietf.org/internet-drafts/draft-fan-l2tp-vp-01.txt
Status: https://datatracker.ietf.org/doc/draft-fan-l2tp-vp/
Htmlized: http://tools.ietf.org/html/draft-fan-l2tp-vp-01
Diff: http://www.ietf.org/rfcdiff?url2=draft-fan-l2tp-vp-01
Abstract:
This document describes Layer Two Tunneling Protocol (L2TP)'s
virtualization profile (L2TP-VP), which reuses session header of L2TP
data message to securely support overlay networks for multiple
tenants, and simplifies tunnel setup by disabling all kinds of L2TP
control messages.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
_______________________________________________
nvo3 mailing list
nvo3@ietf.org<mailto:nvo3@ietf.org>
https://www.ietf.org/mailman/listinfo/nvo3
_______________________________________________
nvo3 mailing list
nvo3@ietf.org<mailto:nvo3@ietf.org>
https://www.ietf.org/mailman/listinfo/nvo3
_______________________________________________
nvo3 mailing list
nvo3@ietf.org<mailto:nvo3@ietf.org>
https://www.ietf.org/mailman/listinfo/nvo3
- Re: [nvo3] New Version Notification for draft-fan… Xialiang (Frank)
- Re: [nvo3] New Version Notification for draft-fan… Tom Herbert
- Re: [nvo3] New Version Notification for draft-fan… Carlos Pignataro (cpignata)
- Re: [nvo3] New Version Notification for draft-fan… Tom Herbert
- Re: [nvo3] [L2tpext] New Version Notification for… Carlos Pignataro (cpignata)
- Re: [nvo3] [L2tpext] New Version Notification for… Tom Herbert
- Re: [nvo3] New Version Notification for draft-fan… Xialiang (Frank)
- Re: [nvo3] New Version Notification for draft-fan… Xialiang (Frank)
- Re: [nvo3] New Version Notification for draft-fan… Anton Ivanov (antivano)
- Re: [nvo3] [L2tpext] New Version Notification for… Carlos Pignataro (cpignata)
- Re: [nvo3] New Version Notification for draft-fan… Tom Herbert
- Re: [nvo3] New Version Notification for draft-fan… Anton Ivanov (antivano)