Re: [trill] Tsvart early review of draft-ietf-trill-over-ip-10

"Susan Hares" <> Fri, 02 February 2018 17:16 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8AC7912DA3E; Fri, 2 Feb 2018 09:16:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.945
X-Spam-Status: No, score=0.945 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jJPZemOsLzvN; Fri, 2 Feb 2018 09:16:55 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 285A312DA01; Fri, 2 Feb 2018 09:16:55 -0800 (PST)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=;
From: "Susan Hares" <>
To: "'Joe Touch'" <>, "'Magnus Westerlund'" <>
Cc: "'Donald Eastlake'" <>, <>, "'trill IETF mailing list'" <>, <>, "'Alia Atlas'" <>
References: <> <> <> <> <> <> <>
In-Reply-To: <>
Date: Fri, 2 Feb 2018 12:16:50 -0500
Message-ID: <046e01d39c49$9db0ed40$d912c7c0$>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHMe5Py4K7gCbNISswrkrRWdm5LSgK0mNF7AihNSYMCOrHPowKzZSfQAjCud/oBW3LLqqM03xqQ
Content-Language: en-us
Archived-At: <>
Subject: Re: [trill] Tsvart early review of draft-ietf-trill-over-ip-10
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Developing a hybrid router/bridge." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 02 Feb 2018 17:16:56 -0000


As WG chair, I need to manage the last of the WG calls for the TRILL.   We are closing the TRILL WG and pushing to handle all the drafts in an effective manner.  Therefore,  I am going to be more blunt that I normally am. 

Are you asking to utilize TLS/DTLS instead of IPSEC tunnel mode on a link?   
Are you suggesting to run a routing protocol should intermix with data forwarding without security? 

If you are asking a draft to be rewritten at this point to explain these issues, I would like some substantiating background or theory from the routing side to indicate why you feel TLS/DTLS is better than an IPSEC tunnel or that a routing protocol should not be protected within a secure tunnel against data traffic.  The directions you are asking to document has not be successful in routing IGPs or path vector protocols.  

 If you are suggesting a tutorial is added to a protocol document, provide operational reasons why this should be contained within a TRILL protocol specification.   If you feel that these reasons for these choices should be document in an independent draft, then you are welcome to suggest this to Alia Atlas.  I'm sure that Donald Eastlake will consider an independent draft explain reasons if Alia Atlas thinks it is useful. 

I will hold the WG LC for trill-over-ip until Monday morning at noon ET (9am PT) while you start a focused discussion on this topic.  By Monday at noon ET, this discuss needs to come to a conclusion.   

Sue Hares 
Trill co-chair

-----Original Message-----
From: trill [] On Behalf Of Joe Touch
Sent: Friday, February 2, 2018 10:34 AM
To: Magnus Westerlund
Cc: Donald Eastlake;; trill IETF mailing list;
Subject: Re: [trill] Tsvart early review of draft-ietf-trill-over-ip-10

Hi, all,

This doc is very confusing.

Its title and discussion throughout indicates “TRILL over IP”, including figs in Sec 4, but the only actual encapsulations described are TRILL over UDP and TRILL over TCP.

IMO, this needs a very deep scrub to resolve. It would help to understand that the root issue is that the encapsulation headers are *all* those added to the TRILL packet trying to transit the IP network; there’s no “inserting” of encapsulation between IP and TRILL.

That includes:

- explaining why you require IPsec tunnel mode, when the encapsulations presented would be completely secure using TLS/DLS or any variant of IPsec on the encapsulated traffic

- explaining the relation between TRILL MTU discovery and the MTU of the transport level, and how these interact (or could interfere) with each other

- why are not other more obvious encapsulations being considered, notably any TCP/UDP encapsulation that already supports Ethernet, including GRE (which might then allow this doc to be condensed to instructions for configuration, rather than trying to specify a new encapsulation system)


trill mailing list