Hi Sandra, On Mon, Aug 31, 2015 at 4:20 PM, Sandra Murphy <[email protected]> wrote: > On Aug 27, 2015, at 5:59 PM, Russ Housley <[email protected]> wrote: > >> >> (3) In Section 11, we learn that the VLAN membership of all the >> RBridge ports in an LAALP MUST be the same. Any inconsistencies in >> VLAN membership may result in packet loss or non-shortest paths. >> Is there anything that can be added to the Security Considerations >> that can help avoid these inconsistencies? > > Interesting. In the trill draft I recently reviewed for secdir > (draft-ietf-trill-aa-multi-attach) it makes a similar statement that VLAN > membership had to be consistent across all ports on all RBridges in a LAALP. > In that draft, the consistency meant the VLANs could be left out of the > protocol packet.
Did you see my response to your secdir review which I send 3 days ago? > All enabled VLANs MUST be consistent on all ports connected to an > LAALP. So the enabled VLANs need not be included in the AA-LAALP- > GROUP-RBRIDGES TRILL APPsub-TLV. They can be locally obtained from > the port attached to that LAALP. > > I wondered if the LAALP was responsible for ensuring the consistency. If it > is left to the operator configuration, that’s tough. Turns out there’s a > dynamic VLAN registration protocol (VRP), but I could not discover that it is > doing a consistency check. > > If the draft you are looking at implies inconsistency is a possibility, then > it must be that neither the LAALP or VRP ensures the consistency. As per my previous response to you, as far as I know all existing LAALPs are proprietary MC-LAG implementations and how they maintain consistent VLAN enablement on the TRILL switch LAALP ports is out of scope for the TRILL protocol. Thanks, Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA [email protected] > —Sandy _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
