IETF Logo Mail Archive

Re: [pim] PIM and IPsec experience

Alia Atlas <akatlas@gmail.com> Tue, 10 March 2015 19:04 UTC

Return-Path: <akatlas@gmail.com>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57E9D1A87EF; Tue, 10 Mar 2015 12:04:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.999
X-Spam-Level:
X-Spam-Status: No, score=-101.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7mDRCiGTkQ8l; Tue, 10 Mar 2015 12:04:14 -0700 (PDT)
Received: from mail-oi0-x22d.google.com (mail-oi0-x22d.google.com [IPv6:2607:f8b0:4003:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 921ED1A001A; Tue, 10 Mar 2015 12:04:14 -0700 (PDT)
Received: by oiga141 with SMTP id a141so3459726oig.8; Tue, 10 Mar 2015 12:04:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=nt6hF3DM/cfNqAWPC86JTxWkcNvTt7/pWcV+/cYwAwA=; b=q8DoOYl2EOhVQ67seEDUo3d+2Lh4yhMbh+NgdTTLZMEYjQV4J40b7cFa4kzZMaTLRy G+Mu8WCQqnpPcCas4pe08u8AEInEXDDTAK5H2WLHHRWyw7IkY3F7sdkAUGdLm4PZ8lRw HN/egBak/i0EK9vLtgt5IzarnSwJcPFqW70TYJ3+H/69SRx4QDAdhpOZv4uDaYphpFYE QTz73EOEbj4u+C3KRhAuFMzT5Je4oH/q6n4jrYkMNItom1Q9KbC2R4wV9f90boSSliQX di0LkLljM6XVXWT0HOICwSp48zW152bQqlIwGr4ingWkejE6KiswwKkVeHz03+L4xaRP 3ffQ==
MIME-Version: 1.0
X-Received: by 10.202.102.158 with SMTP id m30mr26080786oik.22.1426014254075; Tue, 10 Mar 2015 12:04:14 -0700 (PDT)
Received: by 10.60.139.164 with HTTP; Tue, 10 Mar 2015 12:04:13 -0700 (PDT)
In-Reply-To: <20150310185945.GM16454@cisco.com>
References: <54FE3666.4030702@venaas.com> <54FF18A5.9010706@concordia.ca> <BY2PR05MB0794C13F2D9E0F93088E67DD4180@BY2PR05MB079.namprd05.prod.outlook.com> <20150310185945.GM16454@cisco.com>
Date: Tue, 10 Mar 2015 15:04:13 -0400
Message-ID: <CAG4d1rcZ0viMq1Bp6GjaG-gUWnjzwLSmgVLWZUtQ+17M96EnZQ@mail.gmail.com>
From: Alia Atlas <akatlas@gmail.com>
To: Toerless Eckert <eckert@cisco.com>
Content-Type: multipart/alternative; boundary="001a114098ec0f170f0510f3d15f"
Archived-At: <http://mailarchive.ietf.org/arch/msg/pim/WExUkn7b7R5FUJOqFhMwtUlnvGc>
Cc: "draft-ietf-pim-rfc4601bis@ietf.org" <draft-ietf-pim-rfc4601bis@ietf.org>, "pim@ietf.org" <pim@ietf.org>
Subject: Re: [pim] PIM and IPsec experience
X-BeenThere: pim@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Protocol Independent Multicast <pim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pim>, <mailto:pim-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pim/>
List-Post: <mailto:pim@ietf.org>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pim>, <mailto:pim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2015 19:04:17 -0000

On Tue, Mar 10, 2015 at 2:59 PM, Toerless Eckert <eckert@cisco.com> wrote:

> If we assume very little deployment epxerience... where would that
> leave us wrt. to AH vs. ESP vs how to move forward on the spec side ?
>

We are checking to see how the RFC Editor can handle Updates for 4601bis.
It would be useful in 4601bis to have Informational references to the
various RFCs
that update 4601 and help set them in context for a future reader.

Alia



> Cheers
>     Toerless
>
> On Tue, Mar 10, 2015 at 04:23:11PM +0000, Jeffrey (Zhaohui) Zhang wrote:
> > Lab testing can provide data on interoperability, but what about
> deployment experiences?
> >
> > > -----Original Message-----
> > > From: William Atwood [mailto:william.atwood@concordia.ca]
> > > Sent: Tuesday, March 10, 2015 12:16 PM
> > > To: pim@ietf.org; draft-ietf-pim-rfc4601bis@ietf.org
> > > Subject: Re: [pim] PIM and IPsec experience
> > >
> > > Stig,
> > >
> > > At Concordia, as part of the work supporting the development specified
> > > in RFC 5796, we did a series of tests.
> > >
> > > 1) Two and three "soft" routers (Linux boxes running XORP) for the
> "same
> > > key for everyone" and "separate keys for each sender" cases.
> > >
> > > 2) Two and three Cisco 2811 routers for the same two cases, except that
> > > we could not run the "three-router, separate keys case for each sender"
> > > case due to a limitation in the Cisco command line interface for manual
> > > keying.
> > >
> > > 3) Inter-operation of a XORP router and a Cisco 2811, for both the
> > > "same-key" and the "separate key" cases, with one XORP router and one
> > > Cisco router.  (The "three-router, separate keys" case was not tried,
> > > for the reasons given above.)
> > >
> > > 4) Inter-operation of a XORP router and a Cisco 2911.
> > >
> > > AH was used in all the tests.
> > >
> > > Since the establishment of the IPsec parameters is _completely_
> > > independent of the PIM-SM code, I expect that it would not be difficult
> > > to demonstrate inter-operation with ESP.  I would be willing to provide
> > > the manpower to do this.
> > >
> > > The above establishes the existence of two independent inter-operating
> > > implementations.  If I can find someone to loan me a suitable router
> > > from another company (with IPsec enabled), I expect that it would not
> be
> > > hard to demonstrate inter-operation with a third implementation, for
> > > both AH and ESP.  (I would be willing to provide the manpower to do
> this.)
> > >
> > >   Bill
> > >
> > >
> > > On 09/03/2015 8:10 PM, Stig Venaas wrote:
> > > > Hi
> > > >
> > > > As part of making RFC 4601 an Internet Standard we would like to
> know to
> > > > what extent there is experience with AH interoperability. Has anyone
> > > > conducted tests or are aware of deployments with multiple
> > > > implementations? What about ESP?
> > > >
> > > > It would also be interesting to know about deployments using IPsec,
> > > > even if just a single implementation is involved. No need to name
> > > > particular deployments, but it would be nice to get some idea how
> > > > common it is.
> > > >
> > > > Stig
> > > >
> > > > _______________________________________________
> > > > pim mailing list
> > > > pim@ietf.org
> > > > https://www.ietf.org/mailman/listinfo/pim
> > >
> > > --
> > > Dr. J.W. Atwood, Eng.             tel:   +1 (514) 848-2424 x3046
> > > Distinguished Professor Emeritus  fax:   +1 (514) 848-2830
> > > Department of Computer Science
> > >    and Software Engineering
> > > Concordia University EV 3.185     email:william.atwood@concordia.ca
> > > 1455 de Maisonneuve Blvd. West    http://users.encs.concordia.ca/~bill
> > > Montreal, Quebec Canada H3G 1M8
> >
> > _______________________________________________
> > pim mailing list
> > pim@ietf.org
> > https://www.ietf.org/mailman/listinfo/pim
>
> --
> ---
> Toerless Eckert, eckert@cisco.com
>
> _______________________________________________
> pim mailing list
> pim@ietf.org
> https://www.ietf.org/mailman/listinfo/pim
>

v2.23.0 | Report a Bug | By Email