IETF Logo Mail Archive

Re: [PWE3] PWE3 WG adoption of draft-zhang-mpls-tp-pw-oam-config-06

<neil.2.harrison@bt.com> Thu, 22 September 2011 09:16 UTC

Return-Path: <neil.2.harrison@bt.com>
X-Original-To: pwe3@ietfa.amsl.com
Delivered-To: pwe3@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7ABF821F8D2D for <pwe3@ietfa.amsl.com>; Thu, 22 Sep 2011 02:16:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.144
X-Spam-Level:
X-Spam-Status: No, score=-2.144 tagged_above=-999 required=5 tests=[AWL=0.854, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_21=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hE6L1QsLeuTn for <pwe3@ietfa.amsl.com>; Thu, 22 Sep 2011 02:16:01 -0700 (PDT)
Received: from smtpe1.intersmtp.com (smtp63.intersmtp.com [62.239.224.236]) by ietfa.amsl.com (Postfix) with ESMTP id 07B8321F8D24 for <pwe3@ietf.org>; Thu, 22 Sep 2011 02:15:59 -0700 (PDT)
Received: from EVMHT63-UKRD.domain1.systemhost.net (10.36.3.100) by RDW083A007ED63.smtp-e3.hygiene.service (10.187.98.12) with Microsoft SMTP Server (TLS) id 8.3.159.2; Thu, 22 Sep 2011 10:18:29 +0100
Received: from EMV62-UKRD.domain1.systemhost.net ([169.254.2.13]) by EVMHT63-UKRD.domain1.systemhost.net ([10.36.3.100]) with mapi; Thu, 22 Sep 2011 10:18:29 +0100
From: neil.2.harrison@bt.com
To: david.i.allan@ericsson.com, yaakov_s@rad.com, tnadeau@lucidvision.com
Date: Thu, 22 Sep 2011 10:18:24 +0100
Thread-Topic: [PWE3] PWE3 WG adoption of draft-zhang-mpls-tp-pw-oam-config-06
Thread-Index: Acx3goEzNOnfu6S8SwuR/ru8rkcpt///4R0AgAAIugCAABXmgIAAG3YAgACSlID//b4RQP/7cAsw//bTzxA=
Message-ID: <6D3D47CB84BDE349BC23BF1C94E316E440602FD219@EMV62-UKRD.domain1.systemhost.net>
References: <666A6B6D38439F49A7FB8E0FE839CA06016D957C5F@ESESSCMS0365.eemea.ericsson.se> <6BBD00C6-9462-4C02-8843-B7AF42C9BCF6@lucidvision.com> <5E893DB832F57341992548CDBB333163A28C6E23AB@EMBX01-HQ.jnpr.net> <EFFCC24E-C38E-41F5-8C12-B505BE860B6A@lucidvision.com> <5E893DB832F57341992548CDBB333163A28C8C4F08@EMBX01-HQ.jnpr.net> <60C093A41B5E45409A19D42CF7786DFD5223AEC5BC@EUSAACMS0703.eamcs.ericsson.se> <07F7D7DED63154409F13298786A2ADC903FB9BE5@EXRAD5.ad.rad.co.il> <60C093A41B5E45409A19D42CF7786DFD5223B683BB@EUSAACMS0703.eamcs.ericsson.se>
In-Reply-To: <60C093A41B5E45409A19D42CF7786DFD5223B683BB@EUSAACMS0703.eamcs.ericsson.se>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-GB
Content-Type: multipart/alternative; boundary="_000_6D3D47CB84BDE349BC23BF1C94E316E440602FD219EMV62UKRDdoma_"
MIME-Version: 1.0
Cc: pwe3@ietf.org
Subject: Re: [PWE3] PWE3 WG adoption of draft-zhang-mpls-tp-pw-oam-config-06
X-BeenThere: pwe3@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Pseudo Wires Edge to Edge <pwe3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pwe3>, <mailto:pwe3-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pwe3>
List-Post: <mailto:pwe3@ietf.org>
List-Help: <mailto:pwe3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pwe3>, <mailto:pwe3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Sep 2011 09:16:04 -0000

Hi  Dave....one remark in-line:

From: pwe3-bounces@ietf.org [mailto:pwe3-bounces@ietf.org] On Behalf Of David Allan I
Sent: 22 September 2011 09:29
To: Yaakov Stein; Thomas Nadeau
Cc: pwe3@ietf.org
Subject: Re: [PWE3] PWE3 WG adoption of draft-zhang-mpls-tp-pw-oam-config-06

Hi Yaakov:

No argument on management plane configuration.

I was thinking more of the LSP-PING bootstrapping to establish binding.
NH=> This mistake arises because LDP is not a proper co-ps mode layer network.  LDP creates many problems, but here the key point is that there is no proper CP function of signalling that sets-up/tears-down LSPs...the merging LSPs (which are not connections anyway) 'self nucleate'.

Aside=> The CP/MP should tell the trail termination points of a connection that is about to be created what identifier (=SA) to expect in the DP CV OAM messages.  Similarly, the CP/MP should remove this condition when the connection is taken down.  We should not attempt such configuration via the DP OAM messages themselves.

regards, Neil
This email contains BT information, which may be privileged or confidential.
It's meant only for the individual(s) or entity named above. If you're not the intended
recipient, note that disclosing, copying, distributing or using this information
is prohibited. If you've received this email in error, please let me know immediately
on the email address above. Thank you.
We monitor our email system, and may record your emails.
British Telecommunications plc
Registered office: 81 Newgate Street London EC1A 7AJ
Registered in England no: 1800000



 I'd rather move that function to a more trusted adjacency and in the case of LDP signalling for PWs, a configuring east west exchange already exists.

My statement about trust was more along the lines that auto-discovery and trust are somewhat orthogonal concepts. A chain of trust needs to be introduced. A CP adjancency to me scales much better from the point of view of the number of security associations required, as it is one SA for the aggregate of the PWs served by the adjacency....

I'll be the first to admit I've not checked the security provisions in LSP-PING, but if if there is significant provisions, I have signalling and LSP-PING bootstrapping I now require a minimum of two SAs to establish the chain of trust to configure a PW, worse if it is an SA per ME, nightmare if it is an SA per MEP/MIP pair (not relevant to bootstrapping but mentioned the slippery slope we are discussing). We went into some of this in the security section of the TP OAM framework (now RFC 6371)

I hope that is clearer...

Dave



________________________________
From: Yaakov Stein [mailto:yaakov_s@rad.com]
Sent: Thursday, September 22, 2011 4:12 PM
To: David Allan I; Thomas Nadeau
Cc: pwe3@ietf.org
Subject: RE: [PWE3] PWE3 WG adoption of draft-zhang-mpls-tp-pw-oam-config-06
Dave

I actually am closer to Tom on this issue,
but didn't see any reason to fight windmills on this one.

But was surprised at both clauses of your statement.

First, from a pure security PoV, all the management systems I have seen are more trustworthy than most control planes.
And since this is for TP which doesn't even assume an IP forwarding plane let alone IPsec,
then I have to assume that someone is going to start configuring everything using GACh payloads,
which frankly scares me, unless you have armed guards physically viewing all of your network elements.
(You may recall my rants on the lack of any security in MPLS and my futile attempts at pwsec
a few years back.)

Second, "OAM is about trust". Well yes, it is about how much the client layer trusts the server layer
or the customer trusts the service provider, or the boxes trust the fibers.
Or in many cases how little trust there is and how to check up so that you can prove your case of SLA noncompliance.
In any case I don't see the connection between this kind of "trust"
and the kind I think you are talking about in comparing control and management planes.

I trust that you will explain.

Y(J)S

From: pwe3-bounces@ietf.org [mailto:pwe3-bounces@ietf.org] On Behalf Of David Allan I
Sent: Wednesday, September 21, 2011 03:08
To: John E Drake; Thomas Nadeau
Cc: pwe3@ietf.org
Subject: Re: [PWE3] PWE3 WG adoption of draft-zhang-mpls-tp-pw-oam-config-06

IMO I prefer the trust model of using the CP to set this up and coordinate the end points, and OAM is about trust.

so I support adoption of the draft, it is a move in the right direction

cheers
Dave

v2.23.0 | Report a Bug | By Email