Re: [OPSAWG] Erik Kline's No Objection on draft-ietf-opsawg-vpn-common-10: (with COMMENT)

mohamed.boucadair@orange.com Tue, 21 September 2021 05:27 UTC

From: mohamed.boucadair@orange.com
To: Erik Kline <ek.ietf@gmail.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-opsawg-vpn-common@ietf.org" <draft-ietf-opsawg-vpn-common@ietf.org>, "opsawg-chairs@ietf.org" <opsawg-chairs@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>, "adrian@olddog.co.uk" <adrian@olddog.co.uk>
Thread-Topic: Erik Kline's No Objection on draft-ietf-opsawg-vpn-common-10: (with COMMENT)
Thread-Index: AQHXrn571KoSWD1SHkaoH32k9OJMgKut8xQQ
Date: Tue, 21 Sep 2021 05:27:37 +0000
Message-ID: <30415_1632202059_61496D4B_30415_466_3_787AE7BB302AE849A7480A190F8B933035409F74@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <163218362535.15862.5860338168774782471@ietfa.amsl.com>
In-Reply-To: <163218362535.15862.5860338168774782471@ietfa.amsl.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/x92FBzM-RVYLNpek9vsiTsUJIt0>
Subject: Re: [OPSAWG] Erik Kline's No Objection on draft-ietf-opsawg-vpn-common-10: (with COMMENT)
Precedence: list

Hi Erik, all, 

Thank you for the review. 

Cheers,
Med

> -----Message d'origine-----
> De : Erik Kline via Datatracker [mailto:noreply@ietf.org]
> Envoyé : mardi 21 septembre 2021 02:20
> À : The IESG <iesg@ietf.org>
> Cc : draft-ietf-opsawg-vpn-common@ietf.org; opsawg-chairs@ietf.org;
> opsawg@ietf.org; adrian@olddog.co.uk; adrian@olddog.co.uk
> Objet : Erik Kline's No Objection on draft-ietf-opsawg-vpn-common-10:
> (with COMMENT)
> 
> Erik Kline has entered the following ballot position for
> draft-ietf-opsawg-vpn-common-10: No Objection
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/blog/handling-iesg-ballot-
> positions/
> for more information about how to handle DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-opsawg-vpn-common/
> 
> 
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> [S3, question]
> 
> * Should "ipv6/ttl" actually be "ipv6/hoplimit"?

[[Med]] We can't as this is inherited from RFC8519:

            container ipv6 {
              description
                "Rule set that matches IPv6 header.";
              uses packet-fields:acl-ip-header-fields;
              uses packet-fields:acl-ipv6-header-fields;
            }

> 
>   I'm not sure what might have been defined in other YANG documents
>   elsewhere, but "ttl" is not the term normally associated with IPv6
>   (8200s3).

[[Med]] Indeed, but that is clearly covered in RFC8519:

    leaf ttl {
      type uint8;
      description
        "This field indicates the maximum time the datagram is allowed
         to remain in the internet system.  If this field contains the
         value zero, then the datagram must be dropped.

         In IPv6, this field is known as the Hop Limit.";
      reference
        "RFC 791: Internet Protocol
         RFC 8200: Internet Protocol, Version 6 (IPv6) Specification.";
    }

> 
> * Should "ipv6/protocol" actually be "ipv6/nextheader"?

[[Med]] idem as above. RFC8519 defines the protocol data node as follows: 

    leaf protocol {
      type uint8;
      description
        "Internet Protocol number.  Refers to the protocol of the
         payload.  In IPv6, this field is known as 'next-header',
         and if extension headers are present, the protocol is
         present in the 'upper-layer' header.";
      reference
        "RFC 791: Internet Protocol
         RFC 8200: Internet Protocol, Version 6 (IPv6) Specification.";
    } 

> 
>   The field in the header is actually "Next Header" (8200s3), but
>   is the intention here to identify the next "logical higher-layer
>   protocol", i.e. skipping over other headers that might be in
>   between the IPv6 header and, say, a TCP header?
> 
> * How does "private or public cloud" count as "external connectivity"?
> 
>   Seems like the referenced 4364s11 is primarily concerned with
>   Internet access.  I guess it seems odd to me to consider a VPN
>   endpoint in a cloud instance especially different from any other
>   (e.g., physical) endpoint...
> 
> 

[[Med]] Access to a cloud is still some sort of external connectivity. We mentioned it there to accommodate the need in rfc8299#section-6.2.2.  



_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

[OPSAWG] Erik Kline's No Objection on draft-ietf-… Erik Kline via Datatracker
Re: [OPSAWG] Erik Kline's No Objection on draft-i… mohamed.boucadair