Re: [renum] Working Group Last Call: draft-ietf-6renum-gap-analysis-03.txt
"Liubing (Leo)" <leo.liubing@huawei.com> Wed, 19 September 2012 02:59 UTC
Return-Path: <leo.liubing@huawei.com>
X-Original-To: renum@ietfa.amsl.com
Delivered-To: renum@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3338B11E80DE for <renum@ietfa.amsl.com>; Tue, 18 Sep 2012 19:59:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dQiogt-HcWv1 for <renum@ietfa.amsl.com>; Tue, 18 Sep 2012 19:59:14 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) by ietfa.amsl.com (Postfix) with ESMTP id A544011E80D2 for <renum@ietf.org>; Tue, 18 Sep 2012 19:59:13 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml204-edg.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.5-GA FastPath queued) with ESMTP id AKU51675; Wed, 19 Sep 2012 02:59:12 +0000 (GMT)
Received: from LHREML404-HUB.china.huawei.com (10.201.5.218) by lhreml204-edg.china.huawei.com (172.18.7.223) with Microsoft SMTP Server (TLS) id 14.1.323.3; Wed, 19 Sep 2012 03:58:19 +0100
Received: from SZXEML421-HUB.china.huawei.com (10.82.67.160) by lhreml404-hub.china.huawei.com (10.201.5.218) with Microsoft SMTP Server (TLS) id 14.1.323.3; Wed, 19 Sep 2012 10:58:40 +0800
Received: from SZXEML509-MBS.china.huawei.com ([10.82.67.53]) by szxeml421-hub.china.huawei.com ([10.82.67.160]) with mapi id 14.01.0323.003; Wed, 19 Sep 2012 10:58:37 +0800
From: "Liubing (Leo)" <leo.liubing@huawei.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, Marc Lampo <marc.lampo.ietf@gmail.com>
Thread-Topic: [renum] Working Group Last Call: draft-ietf-6renum-gap-analysis-03.txt
Thread-Index: AQHNlZ6LRHT5YMbiOECBYU4Cz/+Is5eQ9x7g
Date: Wed, 19 Sep 2012 02:58:36 +0000
Message-ID: <8AE0F17B87264D4CAC7DE0AA6C406F4529355FF5@szxeml509-mbs>
References: <99B887114EDB1449941CFBC8EC279FA12CB43E09@PRVPEXVS17.corp.twcable.com> <CAB0C4xOdmHpTN2hVY6R4MAeGZU4kKruMuL0u1wPFgqCkXAsbzg@mail.gmail.com> <50587202.9080808@gmail.com>
In-Reply-To: <50587202.9080808@gmail.com>
Accept-Language: en-US, zh-CN
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.111.99.42]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Cc: "renum@ietf.org" <renum@ietf.org>
Subject: Re: [renum] Working Group Last Call: draft-ietf-6renum-gap-analysis-03.txt
X-BeenThere: renum@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Renumbering discussion mailing list." <renum.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/renum>, <mailto:renum-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/renum>
List-Post: <mailto:renum@ietf.org>
List-Help: <mailto:renum-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/renum>, <mailto:renum-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Sep 2012 02:59:15 -0000
Hi, Marc & Brian Thanks for your comments. Please see inline. > -----Original Message----- > From: renum-bounces@ietf.org [mailto:renum-bounces@ietf.org] On Behalf Of > Brian E Carpenter > Sent: Tuesday, September 18, 2012 9:07 PM > To: Marc Lampo > Cc: renum@ietf.org > Subject: Re: [renum] Working Group Last Call: > draft-ietf-6renum-gap-analysis-03.txt > > Marc, > > On 18/09/2012 08:54, Marc Lampo wrote: > > Hello (and sorry to jump in so late, but as I just changed employer ...), > > > > my remark is about impact of renumbering on IPSEC VPN definitions. > > In my opinion this area is not addressed (enough). > > [Bing] In previous mails, Di Ma also pointed out this issue, and proposed some texts. Thank you for pointing it out again, then it is obvious that the IPsec renumbering issue would be probably cared by many people. We'll add some more description accordingly. > > I understand that, via a reference to RFC5887 these is a suggestion to > > define addresses on either side of an IPSEC VPN via DNS. > > One element is that in practice, not all devices "out there" (some > > very widely used) are not capable of defining the valid addresses on > > an IPSEC endpoint via DNS. > > True, that's an implementation and deployment gap, not a protocol gap. > All we can do in the IETF is document this kind of gap, since we don't > control implementations. > > > > > The second element is about the DNS aspect itself. > > Suppose there is a site-to-site VPN between organisations A and B. > > Suppose organisation A is capable of defining "valid addresses behind > > VPN endpoint" via DNS. > > Problem is that device at organisation A needs access to a NS that > > "knows" about internal addresses at organisation B. > > But if organisation B renumbers its internal network ! > > How can DNS server accessible/used by VPN endpoint at organisation A > > know about new addresses in an automatic way ? > > Only if B publishes the appropriate AAAA records in global DNS. Of course > B must also use appropriate DNS TTLs and follow the RFC 4192 overlap > procedure. Then when the IPsec SA breaks, the VPN software will retry > and find the new AAAA record. > > Nothing works if people don't use the global DNS correctly, due to misguided > belief in security by obscurity. > > > Because there is so little about this subject, in the present version, > > I think it is not addressed enough. > > Either explicitly, in a paragraph firmly stating recommendations and > procedures; > > or in section 9, Gaps considered unresolvable, where it can be added > > why this is a problem and what admins will have to do manually, if > > they renumber. > > I think we need to separate out implementation and deployment > recommendations, > which are in scope for an Ops Area WG, even if we need to add a goal to > the WG Charter. > [Bing] For the detailed gap analysis you proposed above, I generally agree with Brian, we need to distinguish the protocol gaps and implementation gaps. For the recommendations, I think we can consider to add some description in draft-ietf-6renum-enterprise-scenarios, which contains BCPs for renumbering as an important part of the draft. > Regards > Brian > > > Kind regards, > > > > Marc Lampo > > > > On Thu, Sep 6, 2012 at 6:17 PM, Howard, Lee <lee.howard@twcable.com> > wrote: > >> We are requesting a Working Group Last Call on this document. Please > review and provide comments before September 19, since this may be the final > review of this document. > >> > >> Thanks, > >> > >> Lee > >> > >> > >>> -----Original Message----- > >>> From: renum-bounces@ietf.org [mailto:renum-bounces@ietf.org] On > Behalf > >>> Of internet- drafts@ietf.org > >>> Sent: Monday, September 03, 2012 11:38 PM > >>> To: i-d-announce@ietf.org > >>> Cc: renum@ietf.org > >>> Subject: [renum] I-D Action: draft-ietf-6renum-gap-analysis-03.txt > >>> > >>> > >>> A New Internet-Draft is available from the on-line Internet-Drafts > directories. > >>> This draft is a work item of the IPv6 Site Renumbering Working Group of > the IETF. > >>> > >>> Title : IPv6 Site Renumbering Gap Analysis > >>> Author(s) : Bing Liu > >>> Sheng Jiang > >>> Brian Carpenter > >>> Stig Venaas > >>> Filename : draft-ietf-6renum-gap-analysis-03.txt > >>> Pages : 20 > >>> Date : 2012-09-03 > >>> > >>> Abstract: > >>> This document briefly introduces the existing mechanisms could be > >>> utilized by IPv6 site renumbering and tries to cover most of the > >>> explicit issues and requirements of IPv6 renumbering. Through the gap > >>> analysis, the document provides a basis for future works that > >>> identify and develop solutions or to stimulate such development as > >>> appropriate. The gap analysis is presented following a renumbering > >>> event procedure clue. > >>> > >>> > >>> > >>> > >>> The IETF datatracker status page for this draft is: > >>> https://datatracker.ietf.org/doc/draft-ietf-6renum-gap-analysis > >>> > >>> There's also a htmlized version available at: > >>> http://tools.ietf.org/html/draft-ietf-6renum-gap-analysis-03 > >>> > >>> A diff from the previous version is available at: > >>> http://www.ietf.org/rfcdiff?url2=draft-ietf-6renum-gap-analysis-03 > >>> > >>> > >>> Internet-Drafts are also available by anonymous FTP at: > >>> ftp://ftp.ietf.org/internet-drafts/ > >>> > >>> _______________________________________________ > >>> renum mailing list > >>> renum@ietf.org > >>> https://www.ietf.org/mailman/listinfo/renum > >> Lee Howard > >> Director, Network Technology > >> Time Warner Cable > >> (703) 345-3513 > >> 13820 Sunrise Valley Drive, Herndon VA 20171 > >> > >> > >> > >> This E-mail and any of its attachments may contain Time Warner Cable > proprietary information, which is privileged, confidential, or subject to > copyright belonging to Time Warner Cable. This E-mail is intended solely for the > use of the individual or entity to which it is addressed. If you are not the > intended recipient of this E-mail, you are hereby notified that any dissemination, > distribution, copying, or action taken in relation to the contents of and > attachments to this E-mail is strictly prohibited and may be unlawful. If you > have received this E-mail in error, please notify the sender immediately and > permanently delete the original and any copy of this E-mail and any printout. > >> _______________________________________________ > >> renum mailing list > >> renum@ietf.org > >> https://www.ietf.org/mailman/listinfo/renum > > _______________________________________________ > > renum mailing list > > renum@ietf.org > > https://www.ietf.org/mailman/listinfo/renum > > > _______________________________________________ > renum mailing list > renum@ietf.org > https://www.ietf.org/mailman/listinfo/renum
- [renum] Working Group Last Call: draft-ietf-6renu… Howard, Lee
- Re: [renum] Working Group Last Call: draft-ietf-6… Fuyu (Eleven)
- Re: [renum] Working Group Last Call: draft-ietf-6… George, Wes
- Re: [renum] Working Group Last Call: draft-ietf-6… Brian E Carpenter
- Re: [renum] Working Group Last Call: draft-ietf-6… Liubing (Leo)
- Re: [renum] Working Group Last Call: draft-ietf-6… George, Wes
- Re: [renum] Working Group Last Call: draft-ietf-6… George, Wes
- Re: [renum] Working Group Last Call: draft-ietf-6… Marc Lampo
- Re: [renum] Working Group Last Call: draft-ietf-6… Brian E Carpenter
- Re: [renum] Working Group Last Call: draft-ietf-6… Liubing (Leo)
- Re: [renum] Working Group Last Call: draft-ietf-6… Liubing (Leo)
- Re: [renum] Working Group Last Call: draft-ietf-6… RJ Atkinson
- Re: [renum] Working Group Last Call: draft-ietf-6… Shane Amante