Folks,
Please review and comment on this draft.
Ron
-----Original Message-----
From: [email protected] <[email protected]>
Sent: Monday, June 11, 2018 3:49 PM
To: Ron Bonica <[email protected]>; Eric Rosen <[email protected]>; Eric
Rosen <[email protected]>
Subject: New Version Notification for draft-rosen-bess-secure-l3vpn-00.txt
A new version of I-D, draft-rosen-bess-secure-l3vpn-00.txt
has been successfully submitted by Eric C. Rosen and posted to the IETF
repository.
Name: draft-rosen-bess-secure-l3vpn
Revision: 00
Title: Augmenting RFC 4364 Technology to Provide Secure Layer L3VPNs
over Public Infrastructure
Document date: 2018-06-11
Group: Individual Submission
Pages: 19
URL: https://tools.ietf.org/html/draft-rosen-bess-secure-l3vpn-00
Status: https://datatracker.ietf.org/doc/draft-rosen-bess-secure-l3vpn/
Htmlized: https://tools.ietf.org/html/draft-rosen-bess-secure-l3vpn-00
Htmlized: https://datatracker.ietf.org/doc/html/draft-rosen-bess-secure-l3vpn
Abstract:
The Layer 3 Virtual Private Network (VPN) technology described in RFC
4364 is focused on the scenario in which a network Service Provider
(SP) maintains a secure backbone network and offers VPN service over
that network to its customers. Customers access the SP's network by
attaching "Customer Edge" (CE) routers to "Provider Edge" (PE)
routers, and exchanging cleartext IP packets. PE routers generally
serve multiple customers, and prevent unauthorized communication
among customers. Customer data sent across the backbone (from one PE
to another) is encapsulated in MPLS, using an MPLS label to associate
a given packet with a given customer. The labeled packets are then
sent across the backbone network in the clear, using MPLS transport.
However, many customers want a VPN service that is secure enough to
run over the public Internet, and which does not require them to send
cleartext IP packets to a service provider. Often they want to
connect directly to edge nodes of the public Internet, which does not
provide MPLS support. Each customer may itself have multiple tenants
who are not allowed to intercommunicate with each other freely. In
this case, the customer many need to provide a VPN service for the
tenants. This document describes a way in which this can be achieved
using the technology of RFC 4364. The functionality assigned therein
to a PE router can be placed instead in Customer Premises Equipment.
This functionality can be augmented by transmitting MPLS packets
through IPsec Security Associations. The BGP control plane sessions
can also be protected by IPsec. This allows a customer to use RFC
4364 technology to provide VPN service to its internal departments,
while sending only IPsec-protected packets to the Internet or other
backbone network, and eliminating the need for MPLS transport in the
backbone.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
_______________________________________________
BESS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/bess
