Hi Sue, I have much interest in your proposed item. I think the following RFC 9061 can be used for the IPsec interface for BGP over IPsec.
- RFC 9061: A YANG Data Model for IPsec Flow Protection Based on Software-Defined Networking (SDN) https://datatracker.ietf.org/doc/html/rfc9061 We can regard BGP routers as NSFs, and we can run either IKE or IKE-less approach in RFC 9061. We can also extend the approach in RFC 9061 so that it can accommodate BGP message exchanges (e.g., AS-PATH and NEXT-HOP attributes). I will investigate RFC 9061 more to see whether my comments are correct or not. Thanks. Best Regards, Paul On Wed, Jul 20, 2022 at 8:55 PM Susan Hares <[email protected]> wrote: > Linda: > > > > I apologize for being unclear. We ran into a few problems with trying to > complete the BGP Yang model in the area of IPsec links. BGP runs over TCP > over IPsec links in some scenarios. When creating the modeling, it was > unclear which Yang modules were targeted to support this feature. > > > > What I need is advice from the I2NSF and the IPSECME on the place to ask > for work additions to support BGP peers. > > > > The scenario is between two BGP routers. The type of IPsec connections > between BGP routers can be: > > - within a trusted cloud (same administrative domain, same trust > cloud), > - across a physically secure private link, > - across the open Internet (where attacks happen). > > > > The key is we want to configure and monitor the IPsec link. > > > > As BGP co-authors looked at this, I did not understand which group to ask > help from. I volunteered to ask for help. > > > > If you or anyone can point me to where to go without taking valuable WG > time, it would be great. If you need me to explain more on email, I’d be > glad to. > > > > Rather than just pose this question from the Mike-line, I thought I’d ask > ahead of time. > > > > Cheers, sue > > > > *From:* Linda Dunbar <[email protected]> > *Sent:* Tuesday, July 19, 2022 6:09 PM > *To:* Susan Hares <[email protected]>; [email protected] > *Subject:* RE: IETF 114 I2NSF agenda uploaded > > > > > > Sue, > > > > Are you talking about IPsec between two trusted nodes? > > Something different from the IPsecme WG? > > > > Linda > > > > *From:* Susan Hares <[email protected]> > *Sent:* Tuesday, July 19, 2022 3:00 PM > *To:* Linda Dunbar <[email protected]>; [email protected] > *Subject:* RE: IETF 114 I2NSF agenda uploaded > > > > Linda: > > > > In the recharter discussion, is it appropriate to ask about specific items > such as additions to ipsec work in I2NSF? > > I do not have a draft for this work. > > > > Sue > > > > *From:* I2nsf <[email protected]> *On Behalf Of *Linda Dunbar > *Sent:* Tuesday, July 19, 2022 3:44 PM > *To:* [email protected] > *Subject:* [I2nsf] IETF 114 I2NSF agenda uploaded > > > > > > I2NSF WG, > > > > Here is the agenda for next week’s I2NSF session (Tuesday). > > > > https://datatracker.ietf.org/doc/agenda-114-i2nsf/ > <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fagenda-114-i2nsf%2F&data=05%7C01%7Clinda.dunbar%40futurewei.com%7C8b5d4da98b89456a579d08da69c1548c%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C1%7C637938576342441642%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000%7C%7C%7C&sdata=N040a56pN%2BLVElz5IOt4jddwoHRH1pKTpTkAPMhd%2BD4%3D&reserved=0> > > > > Please let me know if I miss anything. > > > > Thank you. > > Linda > _______________________________________________ > I2nsf mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/i2nsf >
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
