IETF Logo Mail Archive

Re: [pim] PIM and IPsec experience

"Jeffrey (Zhaohui) Zhang" <zzhang@juniper.net> Tue, 10 March 2015 16:23 UTC

Return-Path: <zzhang@juniper.net>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0C3F1A1B86; Tue, 10 Mar 2015 09:23:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id deE5QothHkyt; Tue, 10 Mar 2015 09:23:14 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0136.outbound.protection.outlook.com [207.46.100.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35AB11A003A; Tue, 10 Mar 2015 09:23:14 -0700 (PDT)
Received: from BY2PR05MB079.namprd05.prod.outlook.com (10.242.38.16) by BY2PR05MB079.namprd05.prod.outlook.com (10.242.38.16) with Microsoft SMTP Server (TLS) id 15.1.106.15; Tue, 10 Mar 2015 16:23:12 +0000
Received: from BY2PR05MB079.namprd05.prod.outlook.com ([169.254.8.124]) by BY2PR05MB079.namprd05.prod.outlook.com ([169.254.8.124]) with mapi id 15.01.0106.007; Tue, 10 Mar 2015 16:23:12 +0000
From: "Jeffrey (Zhaohui) Zhang" <zzhang@juniper.net>
To: William Atwood <william.atwood@concordia.ca>, "pim@ietf.org" <pim@ietf.org>, "draft-ietf-pim-rfc4601bis@ietf.org" <draft-ietf-pim-rfc4601bis@ietf.org>
Thread-Topic: [pim] PIM and IPsec experience
Thread-Index: AQHQWsasXuW2ReOCrEqQOsNth7nO6J0V5VGAgAAB/4A=
Date: Tue, 10 Mar 2015 16:23:11 +0000
Message-ID: <BY2PR05MB0794C13F2D9E0F93088E67DD4180@BY2PR05MB079.namprd05.prod.outlook.com>
References: <54FE3666.4030702@venaas.com> <54FF18A5.9010706@concordia.ca>
In-Reply-To: <54FF18A5.9010706@concordia.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.129.241.10]
authentication-results: concordia.ca; dkim=none (message not signed) header.d=none;
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR05MB079;
x-microsoft-antispam-prvs: <BY2PR05MB0791C0CEAA9E9486FCFC2E6D4180@BY2PR05MB079.namprd05.prod.outlook.com>
x-forefront-antispam-report: BMV:1; SFV:NSPM; SFS:(10019020)(6009001)(479174004)(377454003)(24454002)(51704005)(13464003)(106116001)(2501003)(46102003)(33656002)(66066001)(76576001)(76176999)(50986999)(54356999)(2656002)(2201001)(107886001)(19580395003)(2900100001)(19580405001)(2950100001)(122556002)(15975445007)(87936001)(92566002)(62966003)(40100003)(102836002)(99286002)(86362001)(77156002)(74316001); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR05MB079; H:BY2PR05MB079.namprd05.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5005006)(5002009); SRVR:BY2PR05MB079; BCL:0; PCL:0; RULEID:; SRVR:BY2PR05MB079;
x-forefront-prvs: 051158ECBB
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Mar 2015 16:23:11.8257 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR05MB079
Archived-At: <http://mailarchive.ietf.org/arch/msg/pim/gCwaVd8-r9P4Gx9sDXIwmx4wPnA>
Subject: Re: [pim] PIM and IPsec experience
X-BeenThere: pim@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Protocol Independent Multicast <pim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pim>, <mailto:pim-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pim/>
List-Post: <mailto:pim@ietf.org>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pim>, <mailto:pim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2015 16:23:19 -0000

Lab testing can provide data on interoperability, but what about deployment experiences?

> -----Original Message-----
> From: William Atwood [mailto:william.atwood@concordia.ca]
> Sent: Tuesday, March 10, 2015 12:16 PM
> To: pim@ietf.org; draft-ietf-pim-rfc4601bis@ietf.org
> Subject: Re: [pim] PIM and IPsec experience
> 
> Stig,
> 
> At Concordia, as part of the work supporting the development specified
> in RFC 5796, we did a series of tests.
> 
> 1) Two and three "soft" routers (Linux boxes running XORP) for the "same
> key for everyone" and "separate keys for each sender" cases.
> 
> 2) Two and three Cisco 2811 routers for the same two cases, except that
> we could not run the "three-router, separate keys case for each sender"
> case due to a limitation in the Cisco command line interface for manual
> keying.
> 
> 3) Inter-operation of a XORP router and a Cisco 2811, for both the
> "same-key" and the "separate key" cases, with one XORP router and one
> Cisco router.  (The "three-router, separate keys" case was not tried,
> for the reasons given above.)
> 
> 4) Inter-operation of a XORP router and a Cisco 2911.
> 
> AH was used in all the tests.
> 
> Since the establishment of the IPsec parameters is _completely_
> independent of the PIM-SM code, I expect that it would not be difficult
> to demonstrate inter-operation with ESP.  I would be willing to provide
> the manpower to do this.
> 
> The above establishes the existence of two independent inter-operating
> implementations.  If I can find someone to loan me a suitable router
> from another company (with IPsec enabled), I expect that it would not be
> hard to demonstrate inter-operation with a third implementation, for
> both AH and ESP.  (I would be willing to provide the manpower to do this.)
> 
>   Bill
> 
> 
> On 09/03/2015 8:10 PM, Stig Venaas wrote:
> > Hi
> >
> > As part of making RFC 4601 an Internet Standard we would like to know to
> > what extent there is experience with AH interoperability. Has anyone
> > conducted tests or are aware of deployments with multiple
> > implementations? What about ESP?
> >
> > It would also be interesting to know about deployments using IPsec,
> > even if just a single implementation is involved. No need to name
> > particular deployments, but it would be nice to get some idea how
> > common it is.
> >
> > Stig
> >
> > _______________________________________________
> > pim mailing list
> > pim@ietf.org
> > https://www.ietf.org/mailman/listinfo/pim
> 
> --
> Dr. J.W. Atwood, Eng.             tel:   +1 (514) 848-2424 x3046
> Distinguished Professor Emeritus  fax:   +1 (514) 848-2830
> Department of Computer Science
>    and Software Engineering
> Concordia University EV 3.185     email:william.atwood@concordia.ca
> 1455 de Maisonneuve Blvd. West    http://users.encs.concordia.ca/~bill
> Montreal, Quebec Canada H3G 1M8

v2.23.0 | Report a Bug | By Email