On 1/27/2016 4:37 AM, Benoit Claise wrote:
This document doesn't give an operator “so-what” for deployment in 60
pages.
I'm afraid I don't understand this sentence.
You know, a few summary paragraphs that indicates where this
specification is useful and where it is not for operators, and the
potential fragility of the solution (which could be in a new
operational consideration section or in the security considerations.
As I've been trying to explain to Sue, I don't understand what is being
asked for in these "few summary paragraphs". An "operator's guide to
provisioning extranets" would be useful, but not within the scope of
this draft.
The security considerations section already points out that
misconfiguration of the Route Targets may result in misdelivery of
traffic; the above text is merely a paraphrase of material that is
already present in the document.
Note that there is no requirement to have a separate "operational
considerations" section.
I don't think I've seen text around coordination to set up filter, for
example.
Coordination to set up filters? I don't know what you are referring to.
Sue has been trying to be helpful and even proposed some text:
Whenever a VPN is provisioned, there is a risk that provisioning
errors will result in an unintended cross-connection of VPNs,
which would create a security problem for the customers. Extranet
can be particularly tricky, as it intentionally cross-connects
VPNs, but in a manner that is intended to be strictly limited by
policy. If one is connecting two VPNs that have overlapping
address spaces, one has to be sure that the inter-VPN traffic
isn't to/from the part of the address space that is in the
overlap. The draft discusses a lot of the corner cases, and a lot
of the scenarios in which things can go wrong.
Actually, I wrote that text in an email to Sue. Although it too is just
a paraphrase of existing materiaI, I could add it to the "overview"
section as part of the description of what an extranet is. Are you
saying that you will lift the DISCUSS if I just add that paragraph?
_______________________________________________
BESS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/bess
