RE: Request for WGLC for draft-ietf-rtgwg-net2cloud-problem-statement-09 & draft-ietf-rtgwg-net2cloud-gap-analysis-06
Linda Dunbar <linda.dunbar@futurewei.com> Fri, 01 May 2020 22:13 UTC
Return-Path: <linda.dunbar@futurewei.com>
X-Original-To: rtgwg@ietfa.amsl.com
Delivered-To: rtgwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECC643A1555; Fri, 1 May 2020 15:13:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.908
X-Spam-Level:
X-Spam-Status: No, score=-2.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.82, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0GJuq-h9GNp4; Fri, 1 May 2020 15:13:19 -0700 (PDT)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2110.outbound.protection.outlook.com [40.107.236.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBBA73A147C; Fri, 1 May 2020 15:13:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Lzv+0LPnAT7MGzXcjPkYIEMw8q29p+mngN1p60JIETvVBq3B40rmd/HE+TsjxiwNWKoUVja1G/9hCk63QhSBeYyf3q2LeUmmWyhxMqsLdhU+LcHuuH1H5CiKrtcBMKo0kaopqFtNzbMw5phiJcPhYjJvzWEnV/OqQOghobcDW6JLezyF88nSO1BNn1aBCx9FIvDp6T0RixdvtrinCfKaaG2cgMxPublNI96RkG88FdUDerOVi2lJ+XJzKe1NkYrLHxtS5t/6akVRbkX5xlCTHkWk5HY42q0Wmssd+3wkwaN5Ge3PVqfR64qlmWZ5qaQVQ3BqRrhxuWO7sk7XHloLEw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8FOLFSr+XMBkWEZoL838umwKFlQzkhzKgnem+zKaVR4=; b=dD7Yikuv8CYm1JDGQAVvB8JfLEVxKAtEjHWQoVPnWztcfDGZlg9qJGIPUjS7KzqLPT4g32T6erDpJvKBOW7PjUlQmzi9JchP8NJBf7RUAyebmqNh5pbsI6QMufMly7KZwqRmo+LtU/QhS9FGCGVnu9rvpxCAvXcHMhtGM14ed127tSwAuHd6PMOBNc7RfjNvi/fly+T0UsRcxc97KK4L4uVQSILxlVWAWqKeBlkXWu6KYb7s4B77XHNPMhPuAiwCXO8p888YJas+zz4igT9V20G/pzHU5gNZb9xWvBh2Cf+OjCg6KuuAcfDoOCgTRECSz26buIAo6Lxj+243Rw0V+Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8FOLFSr+XMBkWEZoL838umwKFlQzkhzKgnem+zKaVR4=; b=cOP56PRAuHHGAzedTxtBptxj5wfJX29NWzODCbetuue4JirO+46YP8C8swePnWh5iN8SFnDmccs6jmHKvLHqU3YRXTmdaZBPdOp5NQrJzyuWB3GwNe3lkNjewrQ07MMP4xhdUTxbzsKwE+etSTLCkOyxV7oA5JAJYXJNNKaXYB4=
Received: from SN6PR13MB2334.namprd13.prod.outlook.com (2603:10b6:805:55::16) by SN6PR13MB2318.namprd13.prod.outlook.com (2603:10b6:805:56::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.6; Fri, 1 May 2020 22:13:15 +0000
Received: from SN6PR13MB2334.namprd13.prod.outlook.com ([fe80::5dac:54bb:275d:f2c5]) by SN6PR13MB2334.namprd13.prod.outlook.com ([fe80::5dac:54bb:275d:f2c5%4]) with mapi id 15.20.2979.013; Fri, 1 May 2020 22:13:14 +0000
From: Linda Dunbar <linda.dunbar@futurewei.com>
To: rtgwg-chairs <rtgwg-chairs@ietf.org>, "rtgwg@ietf.org" <rtgwg@ietf.org>
Subject: RE: Request for WGLC for draft-ietf-rtgwg-net2cloud-problem-statement-09 & draft-ietf-rtgwg-net2cloud-gap-analysis-06
Thread-Topic: Request for WGLC for draft-ietf-rtgwg-net2cloud-problem-statement-09 & draft-ietf-rtgwg-net2cloud-gap-analysis-06
Thread-Index: AdYgBbT1ELyy+9asR4qtHij8WWrFEg==
Date: Fri, 01 May 2020 22:13:14 +0000
Message-ID: <SN6PR13MB2334D4C0442BC5FFD7D528F085AB0@SN6PR13MB2334.namprd13.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=futurewei.com;
x-originating-ip: [72.180.73.64]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 184bb878-f105-4ded-cdb2-08d7ee1cd82d
x-ms-traffictypediagnostic: SN6PR13MB2318:
x-microsoft-antispam-prvs: <SN6PR13MB23188FE892904950BCB44A3185AB0@SN6PR13MB2318.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0390DB4BDA
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR13MB2334.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(376002)(136003)(39840400004)(346002)(396003)(366004)(7696005)(6506007)(53546011)(71200400001)(316002)(33656002)(52536014)(26005)(30864003)(2906002)(478600001)(45080400002)(44832011)(5660300002)(450100002)(86362001)(966005)(110136005)(66446008)(66946007)(55016002)(9686003)(66556008)(66476007)(8676002)(64756008)(76116006)(66574012)(186003)(8936002); DIR:OUT; SFP:1102;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: pid8PWU43Y1uqoyYoXOFZGw8NOauNzYaZeD8r9YBMA/ESvAMYuJYE2PVKqI9fIQ1wIllHXPK2F+LSdn2rOMgYkv3Egtc2ObLeIpFV67WN7XO/+fZa+q3xl6I+Ko0qB8SieKNVMumcpLiyNaKKVgn3o9u7W0d3ynYVIL89xD9Yx7weH1eTAsmXztK1kb0ifJ5JJekNqdBs9Y//Cx2wbmp27hNFSovtz44XWcNigglFZvPJsb0mOVPDzELyrfQTLMK8WB20dLeQQr+tjx98F4XgClbtKt3P11KJ9k+ouRDvY9Beh0tZJeRq01w/mYcHUX/yJ5dUzXt6TJ/PrEEG/07fqvOjEjx5QBQRwI0rL0WZ0ZUbJxzjH+E5A/H14MASBL3L98E7mrcSngknJJ28uY3kSZ2vaWmNwTly3U0qzsRFbNYqCDs94APGdSuQo2HlIhO
x-ms-exchange-antispam-messagedata: J7M/w5XFtD87yJfBxQCDFUfnurxtqKa1w0r7Ug3v97ujf4uFUy3dO9yqGHMPLEISryxB5KayFf4f5p8uOKeUz59vHq6xUGBc96+uFYPcclN4HmSAwiuGBBeagfsIA7yhEiyiSMi4mDHKDU89Yt35mamDmfV584HmrXwO3bZT2ZqfrPrfW7W4l0YPQ4gnhdbkBPjNmLXKpqWbpeSPhuTE9/uSkF2hJzUBEW5uRJjb8pGoGHDrqNGJiM/5rJCfZxeepbVtAWGwlK+EUJuVXGi7bfevtYBf1D6lyL1HedrKRE1cBoY6FOESKV1jCcJW/qissMUDk3vN5QXHOg6pY6o1kh6dfbdTy2fAInMIRecuSk5xKZ4dsA5fYbSGxqBpCm1R3WbrWY8HEI8v8w+JONOjLG27UzAEayT8tCBJi99pR0JrmuIAhWDhHMyZNU7atolUuTCKF+9ee8FtAbLGED326zeFD41YRjPc1IbvUObuzsEZFmXzcVg7/jAoF8gdv24DZclCcYtBMyldDHvlgX1/dprQedvfkD4cTxHyhi2aORESoNEqA11nJ4Q0CIukhWIh21lg+yQSBU8i6IMpNSmxJgjqb7MoOUY7Y8PX8fkBTGKUVzPFYpKmlz6F92imeiOS/8UOlXKLzeAeLOxybmxZGm6uvZdCZbc8W+Sz5wJ1G/Gw84ziDucggOWdg01t5fS0ol2cwr3VzN2lFmKPsOdieCbuUEcYc8WSE7EZBwj90qsLv9Arhwlg3uLANH/c/6qTrZ58O5BqLpjZ9vnZfOtHTmrVuk75F59Gt33WKgrbAdY=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_SN6PR13MB2334D4C0442BC5FFD7D528F085AB0SN6PR13MB2334namp_"
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 184bb878-f105-4ded-cdb2-08d7ee1cd82d
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 May 2020 22:13:14.8090 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Z4QlhZQZB9UUtCg+xwgGF3Iwl103eQXFbe9ylHLtHdyTl82smb/433XWRletvkC+fL9fgXyyccRb3CEu3dJO4A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR13MB2318
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtgwg/Iap4YAP48QBh__lmK09CT1yTeEI>
X-BeenThere: rtgwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Routing Area Working Group <rtgwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtgwg/>
List-Post: <mailto:rtgwg@ietf.org>
List-Help: <mailto:rtgwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 May 2020 22:13:22 -0000
To make it easier for people to provide feedback, we added a Gap Summary section to draft-ietf-rtgwg-net2cloud-gap-analysis
Here is the summary of the technical gaps discussed in this document:
- For Accessing Cloud Resources
a) When a remote vCPE can be reached by multiple PEs of one provider VPN network, it is not straightforward to designate which egress PE to the remote vCPE based on applications
b) Need automated and reliable tools to map the user-friendly (natural language) access rules into machine readable policies and to provide interfaces for enterprises to self-manage policy enforcement points for their own workloads.
c) NAT Traversal. An enterprise's network controller needs to be informed of the NAT properties for its workloads in Cloud DCs. If the workloads are attached to the enterprise's own vCPEs instantiated in the Cloud DCs, the task can be achieved.
d) The multicast traffic to/from remote vCPE needs a feature like Appointed Forwarder specified by TRILL to prevent multicast data frames from looping around.
e) BGP between PEs and remote CPEs via untrusted networks.
f) Traffic Path Management
- Overlay Edge Node's WAN Port Management: BGP UPDATE propagate client's routes information, but don't distinguish network facing ports.
- Aggregating VPN paths and Internet paths
a) Control Plane for Overlay over Heterogeneous Networks is not clear.
b) BGP UPDATE Messages missing properties:
- Lacking SD-WAN Segments Identifier
- Missing attributes in Tunnel-Encap
c) SECURE-L3VPN/EVPN is not enough
d) Missing clear methods in preventing attacks from Internet-facing ports
Looking forward to any feedback or suggestions.
Thank you very much
Linda Dunbar
-----Original Message-----
From: Linda Dunbar
Sent: Wednesday, March 18, 2020 9:21 PM
To: rtgwg-chairs <rtgwg-chairs@ietf.org>; rtgwg@ietf.org
Subject: Request for WGLC for draft-ietf-rtgwg-net2cloud-problem-statement-09 & draft-ietf-rtgwg-net2cloud-gap-analysis-05
Chris and Jeff,
We have made significant changes to address the comment and suggestions from IETF106, email discussions and other IETF WGs.
We have removed all reference to SD-WAN from those two drafts, making the drafts primarily focusing on the problems and gaps of networks to connect enterprise premises with hybrid cloud data centers.
We believe the following documents are ready for WGLC. Can you please start the WGLC for the following drafts?
https://datatracker.ietf.org/doc/draft-ietf-rtgwg-net2cloud-problem-statement/
https://datatracker.ietf.org/doc/draft-ietf-rtgwg-net2cloud-gap-analysis/
thank you very much.
Linda Dunbar
-----Original Message-----
From: Linda Dunbar
Sent: Wednesday, March 18, 2020 5:54 PM
To: 'Hollenbeck, Scott' <shollenbeck@verisign.com<mailto:shollenbeck@verisign.com>>
Cc: 'dnsop@ietf.org' <dnsop@ietf.org<mailto:dnsop@ietf.org>>; 'rtgwg@ietf.org' <rtgwg@ietf.org<mailto:rtgwg@ietf.org>>
Subject: RE: DNS for Cloud Resources in draft-ietf-rtgwg-net2cloud-problem-statement-08
Scott,
Here is the revised version with your suggested changes incorporated: https://datatracker.ietf.org/doc/draft-ietf-rtgwg-net2cloud-problem-statement/
Thank you very much for the review and suggestion.
Linda Dunbar
-----Original Message-----
From: Linda Dunbar
Sent: Monday, March 16, 2020 12:01 PM
To: Hollenbeck, Scott <shollenbeck@verisign.com<mailto:shollenbeck@verisign.com>>
Cc: dnsop@ietf.org<mailto:dnsop@ietf.org>; rtgwg@ietf.org<mailto:rtgwg@ietf.org>
Subject: RE: DNS for Cloud Resources in draft-ietf-rtgwg-net2cloud-problem-statement-08
Scott,
Thank you very much for the suggestion. Have changed the text per your suggestion. Will upload the new version when the IETF submission opens up next Monday.
Linda
-----Original Message-----
From: Hollenbeck, Scott <shollenbeck@verisign.com<mailto:shollenbeck@verisign.com>>
Sent: Wednesday, March 11, 2020 1:19 PM
To: Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>>
Cc: dnsop@ietf.org<mailto:dnsop@ietf.org>
Subject: DNS for Cloud Resources in draft-ietf-rtgwg-net2cloud-problem-statement-08
(Sorry, this is a late response to a review request original sent to the dnsop list on 11 February)
Section 3.4 (DNS for Cloud Resources) includes these sentences:
"Globally unique names do prevent any possibility of collision at the present or in the future and they make DNSSEC trust manageable. It's not as if there is or even could be some sort of shortage in available names that can be used, especially when subdomains and the ability to delegate administrative boundaries are considered."
Could we make the last sentence stronger, perhaps with a statement like this from the US CERT WPAD Name Collision Vulnerability alert dated May 23, 2016?
"Globally unique names do prevent any possibility of collision at the present or in the future and they make DNSSEC trust manageable. Consider using a registered and fully qualified domain name (FQDN) from global DNS as the root for enterprise and other internal namespaces."
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.us-cert.gov%2Fncas%2Falerts%2FTA16-144A&data=02%7C01%7Clinda.dunbar%40futurewei.com%7Cc4a7c2f2e85741d5b8a308d7c5e8eef1%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C1%7C637195476559397274&sdata=vBnDcnkZ8Zsk7MT610GQOsRQVt7G%2BLscbvwiDWXX%2Fvc%3D&reserved=0
The alert actually says "other internal namespace", but I think that's a typo.
Scott
- RE: Request for WGLC for draft-ietf-rtgwg-net2clo… Linda Dunbar