Re: [trill] Tsvart early review of draft-ietf-trill-over-ip-10

"Susan Hares" <shares@ndzh.com> Sun, 04 February 2018 19:33 UTC

Return-Path: <shares@ndzh.com>
X-Original-To: trill@ietfa.amsl.com
Delivered-To: trill@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54DEA128D2E; Sun, 4 Feb 2018 11:33:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.945
X-Spam-Level:
X-Spam-Status: No, score=0.945 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cWzIJiXPAo_u; Sun, 4 Feb 2018 11:33:34 -0800 (PST)
Received: from hickoryhill-consulting.com (50-245-122-97-static.hfc.comcastbusiness.net [50.245.122.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 443AE127978; Sun, 4 Feb 2018 11:33:34 -0800 (PST)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=166.176.249.181;
From: "Susan Hares" <shares@ndzh.com>
To: "'Joe Touch'" <touch@strayalpha.com>
Cc: "'Magnus Westerlund'" <magnus.westerlund@ericsson.com>, "'Donald Eastlake'" <d3e3e3@gmail.com>, <tsv-art@ietf.org>, "'trill IETF mailing list'" <trill@ietf.org>, <draft-ietf-trill-over-ip.all@ietf.org>, "'Alia Atlas'" <akatlas@gmail.com>
References: <149754795560.13109.17521244075940607817@ietfa.amsl.com> <CAF4+nEG-28weDot9R9Z4-05PX1tzBoKZSOHu8BJY2GiRzOv0nA@mail.gmail.com> <52E4A8FC978E0241AE652516E24CAF0029AC2251@ESESSMB103.ericsson.se> <CAF4+nEEhaY+gtyjhVN1uzwgJ8m5oy1VU3urdH_hh-2KYV+NXLQ@mail.gmail.com> <CAF4+nEEaJr7RwAaQx59fTvAhh0qy1NRqPx4HREvzGPRHqdx++w@mail.gmail.com> <e4cb17c2-188a-4201-8803-34437e38c36b@ericsson.com> <3EEB0996-3396-43FA-A9B0-069B39FCFE9E@strayalpha.com> <046e01d39c49$9db0ed40$d912c7c0$@ndzh.com> <B35EA70F-0BF4-48FB-A886-3FBE2CAAA555@strayalpha.com>
In-Reply-To: <B35EA70F-0BF4-48FB-A886-3FBE2CAAA555@strayalpha.com>
Date: Sun, 4 Feb 2018 14:33:29 -0500
Message-ID: <012001d39def$097ce140$1c76a3c0$@ndzh.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Content-Language: en-us
Thread-Index: AQHMe5Py4K7gCbNISswrkrRWdm5LSgK0mNF7AihNSYMCOrHPowKzZSfQAjCud/oBW3LLqgMdlyUfAq5PSUejCc5nAA==
X-Authenticated-User: skh@ndzh.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/trill/wIQzIAFniOh281kGqP5B2X9VOXA>
Subject: Re: [trill] Tsvart early review of draft-ietf-trill-over-ip-10
X-BeenThere: trill@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Developing a hybrid router/bridge." <trill.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trill>, <mailto:trill-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trill/>
List-Post: <mailto:trill@ietf.org>
List-Help: <mailto:trill-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trill>, <mailto:trill-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Feb 2018 19:33:36 -0000

Joe: 

I am confused as to your concerns.  I'll take this offline to see if I can get some clarity on the concerns.  Thank you for your continued comments on this document. 

Sue Hares 

-----Original Message-----
From: Joe Touch [mailto:touch@strayalpha.com] 
Sent: Friday, February 2, 2018 12:56 PM
To: Susan Hares
Cc: Magnus Westerlund; Donald Eastlake; tsv-art@ietf.org; trill IETF mailing list; draft-ietf-trill-over-ip.all@ietf.org; Alia Atlas
Subject: Re: [trill] Tsvart early review of draft-ietf-trill-over-ip-10

Hi Susan,

> On Feb 2, 2018, at 9:16 AM, Susan Hares <shares@ndzh.com> wrote:
> 
> Joe:
> 
> As WG chair, I need to manage the last of the WG calls for the TRILL.   We are closing the TRILL WG and pushing to handle all the drafts in an effective manner.  Therefore,  I am going to be more blunt that I normally am. 
> 
> Are you asking to utilize TLS/DTLS instead of IPSEC tunnel mode on a link?   

I’m indicating the doc fails to justify the required use of IP-level security for a transport encapsulation solution. 

> Are you suggesting to run a routing protocol should intermix with data forwarding without security? 

No. 

> If you are asking a draft to be rewritten at this point to explain these issues, I would like some substantiating background or theory from the routing side to indicate why you feel TLS/DTLS is better than an IPSEC tunnel or that a routing protocol should not be protected within a secure tunnel against data traffic.  The directions you are asking to document has not be successful in routing IGPs or path vector protocols.

Trill goes inside TCP or UDP in this doc. For that part of the path anything that protects that payload is sufficient. If the payload needs to be protected elsewhere ie before or after this transit then that is a separate issue. 

> 
> If you are suggesting a tutorial is added to a protocol document, provide operational reasons why this should be contained within a TRILL protocol specification.   If you feel that these reasons for these choices should be document in an independent draft, then you are welcome to suggest this to Alia Atlas.  I'm sure that Donald Eastlake will consider an independent draft explain reasons if Alia Atlas thinks it is useful. 

None of this is relevant to my comment. 

> I will hold the WG LC for trill-over-ip until Monday morning at noon ET (9am PT) while you start a focused discussion on this topic.  By Monday at noon ET, this discuss needs to come to a conclusion.   
> 
> Sue Hares 
> Trill co-chair
> 
> -----Original Message-----
> From: trill [mailto:trill-bounces@ietf.org] On Behalf Of Joe Touch
> Sent: Friday, February 2, 2018 10:34 AM
> To: Magnus Westerlund
> Cc: Donald Eastlake; tsv-art@ietf.org; trill IETF mailing list; draft-ietf-trill-over-ip.all@ietf.org
> Subject: Re: [trill] Tsvart early review of draft-ietf-trill-over-ip-10
> 
> Hi, all,
> 
> This doc is very confusing.
> 
> Its title and discussion throughout indicates “TRILL over IP”, including figs in Sec 4, but the only actual encapsulations described are TRILL over UDP and TRILL over TCP.
> 
> IMO, this needs a very deep scrub to resolve. It would help to understand that the root issue is that the encapsulation headers are *all* those added to the TRILL packet trying to transit the IP network; there’s no “inserting” of encapsulation between IP and TRILL.
> 
> That includes:
> 
> - explaining why you require IPsec tunnel mode, when the encapsulations presented would be completely secure using TLS/DLS or any variant of IPsec on the encapsulated traffic
> 
> - explaining the relation between TRILL MTU discovery and the MTU of the transport level, and how these interact (or could interfere) with each other
> 
> - why are not other more obvious encapsulations being considered, notably any TCP/UDP encapsulation that already supports Ethernet, including GRE (which might then allow this doc to be condensed to instructions for configuration, rather than trying to specify a new encapsulation system)
> 
> Joe
> 
> 
> _______________________________________________
> trill mailing list
> trill@ietf.org
> https://www.ietf.org/mailman/listinfo/trill
>