<added [email protected]> Sue,
Before getting to the discussions of the three IPsec proposals, there are some elements of draft-ietf-idr-tunnel-encaps-17.txt that I can see might have caused some confusions and I’d like to get those sorted out first. The tunnel-encap draft specifies sub-tlv for VxLAN, VxLAN GDP, and NVGRE in sections 3.2.1, 3.2.2, and 3.2.3. I am not aware of any vendor that has implemented these sub-tlvs because the info in these sub-tlv already exist in EVPN routes (e.g., MAC addresses, Ethernet Tags, etc.) which they have implemented it. Therefore, all the vendors that I am aware of use Extended Community defined in section 4.1 along with EVPN routes to signal VxLAN and GENEVE tunnel types. Furthermore, I am not aware of anyone using NVGRE encap! So, as the first step, we should remove these three sections from the draft if there is no objection. Cheers, Ali From: Susan Hares <[email protected]> Date: Tuesday, July 28, 2020 at 8:30 AM To: Cisco Employee <[email protected]>, "[email protected]" <[email protected]> Cc: "'Hu, Jun (Nokia - US/Mountain View)'" <[email protected]> Subject: IPSec Tunnels and draft-sajassi-bess-secure-evpn Ali and bess WG: IDR has 3 proposals for IPsec tunnels that impact draft-ietf-idr-tunnel-encaps-17.txt. As an IDR co-chair/shepherd, I have been discussing these three drafts (Ali and two other authors sets) to try to find out if we can have one general solutions. The discussion has been very fruitful to point up BGP issues of interoperability, security, privacy, manageability, and scaling. For example, there is a lack of a clear specification between RFC6514 (PMSI tunnel attribute) and the tunnel-encaps draft that specifies how these drafts interoperate. I suspect the bess and idr chairs will need to discuss if tunnel-encaps has to address this point. I wrote up my ideas in draft-hares-idr-bgp-ipsec-analysis-00.txt so the authors could tell me what I misunderstood. You’ll find this draft stops half way. I have the rest of the draft written, but I wanted feedback from all the author teams before sending it out. After hearing some of the details from the authors, I would like to sponsor an IDR interim so we could discuss these issues at length. If you think this is a good idea, please let me know. One other thing… unfortunately, I scheduled a set of meetings for EDT time after IETF meetings this week. Your next response will occur from 11-16 UTC on Wednesday. Cheerily, Sue
_______________________________________________ BESS mailing list [email protected] https://www.ietf.org/mailman/listinfo/bess
