IETF Logo Mail Archive

Re: [OPSAWG] Seeking discussion on "Alternate Tunnel Encapsulation for Data Frames in CAPWAP"

"Rajesh Pazhyannur (rpazhyan)" <rpazhyan@cisco.com> Wed, 30 October 2013 05:32 UTC

Return-Path: <rpazhyan@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43E7B21F9FAC for <opsawg@ietfa.amsl.com>; Tue, 29 Oct 2013 22:32:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.598
X-Spam-Level:
X-Spam-Status: No, score=-10.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZcR+zRWqcYFl for <opsawg@ietfa.amsl.com>; Tue, 29 Oct 2013 22:32:26 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) by ietfa.amsl.com (Postfix) with ESMTP id 0457A11E820C for <opsawg@ietf.org>; Tue, 29 Oct 2013 22:32:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=31589; q=dns/txt; s=iport; t=1383111146; x=1384320746; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=DRBJKIOPRq6aDecVrKiROFkvNwcoZD2GmYht58u5r2I=; b=fSJ4s/A7dQajb9VJYxz2WEJ8vLAQgyZPUUf6CRmpGGXWN1AiIOg+sMqa RoIlOmDTvZVUKAq/o933PCT8Gzv8A6NeQ0KBJFeB3vJDFaOnV09pgwoKf noukuTIXt0kMmm7RwrR3DVx1V4nOdLcI1KE9LjIhgvA6kNH8t6pe4xRq3 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhsHALOYcFKtJXG//2dsb2JhbABZgkNEOFStE4loiEeBIxZ0giUBAQEELVwCAQgRAQMBAQsWAQYHMhQDBggBAQQBEggTh2wNumWPHjcBBoMZgQ0DmTmQWoFogT6CKg
X-IronPort-AV: E=Sophos; i="4.93,599,1378857600"; d="scan'208,217"; a="278401924"
Received: from rcdn-core2-4.cisco.com ([173.37.113.191]) by rcdn-iport-4.cisco.com with ESMTP; 30 Oct 2013 05:32:24 +0000
Received: from xhc-aln-x05.cisco.com (xhc-aln-x05.cisco.com [173.36.12.79]) by rcdn-core2-4.cisco.com (8.14.5/8.14.5) with ESMTP id r9U5WOkR014136 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 30 Oct 2013 05:32:24 GMT
Received: from xmb-aln-x09.cisco.com ([169.254.4.202]) by xhc-aln-x05.cisco.com ([173.36.12.79]) with mapi id 14.02.0318.004; Wed, 30 Oct 2013 00:32:24 -0500
From: "Rajesh Pazhyannur (rpazhyan)" <rpazhyan@cisco.com>
To: "Romascanu, Dan (Dan)" <dromasca@avaya.com>, "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: [OPSAWG] Seeking discussion on "Alternate Tunnel Encapsulation for Data Frames in CAPWAP"
Thread-Index: Ac7SqIs8II5D0brnRoyCTVQ6wZ7WWACEPwywAB31AxA=
Date: Wed, 30 Oct 2013 05:32:23 +0000
Message-ID: <4ED2E36A22261145861BAB2C24088B4320ED1291@xmb-aln-x09.cisco.com>
References: <4ED2E36A22261145861BAB2C24088B4320ED015B@xmb-aln-x09.cisco.com> <9904FB1B0159DA42B0B887B7FA8119CA1291C9C0@AZ-FFEXMB04.global.avaya.com>
In-Reply-To: <9904FB1B0159DA42B0B887B7FA8119CA1291C9C0@AZ-FFEXMB04.global.avaya.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.21.71.89]
Content-Type: multipart/alternative; boundary="_000_4ED2E36A22261145861BAB2C24088B4320ED1291xmbalnx09ciscoc_"
MIME-Version: 1.0
Subject: Re: [OPSAWG] Seeking discussion on "Alternate Tunnel Encapsulation for Data Frames in CAPWAP"
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsawg>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2013 05:32:31 -0000

Dan

Thanks for the review.  Really appreciate it.
Some immediate comments and we can follow up more live at the meeting next week.

Regards

Rajesh



-          If tunneling using the new modes described in this document is going to be possible to endpoints different from the AC, is it expected for these endpoints to run all the discovery and advertising protocols?



No, we don't expect to run the discovery and advertising protocols. We do plan to update the draft with an additional message element that will be sent by the AC to the WTP that will contain information about how the WTP can establish a tunnel (e.g., IP addresses, shared secret required if any, etc). Additionally, a number of tunneling protocols being considered like L2TPv3, PMIPv6 have their own control protocol to setup and tear down tunnels. The AC, simply, assists in providing the WTP with configuration information to initiate the control signaling.



-          This seems to be a change from the traditional CAPWAP architecture that may have scalability and security implications - at least this needs to be prompted and discussed.



I don't think we are necessarily changing the CAPWAP architecture. This was the key feedback we received on the last draft. As a result, we have kept the CAPWAP architecture almost intact.  As far as the AC is concerned, the WTP behaves almost identical to a local bridging is concerned, in the sense that the AC will not see any user traffic. The difference however is that traffic is not locally bridged but actually tunneled to a different endpoint. If you think about it, a WTP can do this (without any changes to CAPWAP) and the AC-WTP interaction would work just fine. The reason to suggest the changes in the draft is that given the AC is configuring all the WTP parameters, it would be quite useful to extend CAPWAP to configure the alternate/additional tunnel parameter.



On the security front, note that the CAPWAP data channel encryption is optional. Currently, our position is that if user traffic needs to be secured then it can be handled via additional mechanism like IPSec. For example, L2TP, PMIPv6/GRE all provide  for an additional IPSec encapsulation.



At this point the document does not even mention that it updates RFC 5415 and RFC 5416.

Yes, noted.  We will address it.


-          What is the advantage of tunneling non-management data frames using the new encapsulation modes vs. bridging them using the local bridging mode in RFC 5416? The document needs to explain this.


         I had hoped to provide the motivation for this in Section 1 (especially via the figures 1 and 2). Perhaps I can be more descriptive in the next version.
The main motivation is to separate the AC from the entity that handles the user traffic tunnels as well enable one of multitude of tunneling protocols for user traffic. There is still a requirement to tunnel and as result, local bridging is not an easy option. The options are either tunneled to AC or as we propose, tunnel to a different element.

-          Why does the document take the approach of defining a new alternate tunnel encapsulation message? Would it not be possible to define new values in the Tunnel Mode enumeration defined in Section 6.1 of RFC 5416?

    Tunnel modes as defined today define tunnels between the WTP and AC. In the current draft, we are proposing an additional tunnel between tunnel and an endpoint other than AC. Also, the tunnel mode is being used to indicate that the user traffic is *not* being tunneled to the AC. So all in all, it seemed easier to define a new element rather than reuse/overload an existing one.



From: Romascanu, Dan (Dan) [mailto:dromasca@avaya.com]
Sent: Tuesday, October 29, 2013 8:26 AM
To: Rajesh Pazhyannur (rpazhyan); opsawg@ietf.org
Subject: RE: [OPSAWG] Seeking discussion on "Alternate Tunnel Encapsulation for Data Frames in CAPWAP"

Hi,

I read the I-D and I have some clarification questions:


-          If tunneling using the new modes described in this document is going to be possible to endpoints different from the AC, is it expected for these endpoints to run all the discovery and advertising protocols? This seems to be a change from the traditional CAPWAP architecture that may have scalability and security implications - at least this needs to be prompted and discussed. At this point the document does not even mention that it updates RFC 5415 and RFC 5416.

-          What is the advantage of tunneling non-management data frames using the new encapsulation modes vs. bridging them using the local bridging mode in RFC 5416? The document needs to explain this.

-          Why does the document take the approach of defining a new alternate tunnel encapsulation message? Would it not be possible to define new values in the Tunnel Mode enumeration defined in Section 6.1 of RFC 5416?

Thanks and Regards,

Dan


From: opsawg-bounces@ietf.org<mailto:opsawg-bounces@ietf.org> [mailto:opsawg-bounces@ietf.org] On Behalf Of Rajesh Pazhyannur (rpazhyan)
Sent: Sunday, October 27, 2013 2:08 AM
To: opsawg@ietf.org<mailto:opsawg@ietf.org>
Subject: [OPSAWG] Seeking discussion on "Alternate Tunnel Encapsulation for Data Frames in CAPWAP"

Hello

We have resubmitted a new version of the draft titled "Alternate Tunnel Encapsulation for Data Frames in CAPWAP", http://datatracker.ietf.org/doc/draft-zhang-opsawg-capwap-cds/.
The previous version was titled: "Separation of CAPWAP Control and Data Plane: Scenarios, Requirements and Solutions". Based on discussion in the last IETF, we reworked the draft.

The draft provides a reason for the need for WTP to have additional tunnel (beyond CAPWAP) encapsulations for user traffic. It enables a WTP to advertise the capability to support such alternate tunnel encapsulation and the AC to configure such tunnel encapsulation on the WTP.  The alternate tunnel encapsulation allows 1) the WTP to tunnel non-management data frames to an endpoint different from the AC and 2) allows the WTP to tunnel using one of many known ecapsulation types such as IP-IP, IP-GRE, CAPWAP.

We would like to get it adopted as a working group item and would like feedback on whether we are on track.

Regards

Rajesh

v2.23.0 | Report a Bug | By Email