Hi, My first question is not whether it's a good idea to build an IP VPN over IP tunnels, because I'm sure it is. It is more whether we actually need a BCP describing how to do it, rather than just, say, open-source code for a VRF instance that does this.
I think that question is definitely worth exploring, and is probably a big enough question to deserve a BOF (not necessarily a WG-forming BOF). But that needs to be based on a more problem-oriented and analytic draft, I think. It definitely needs expertise from the Transport Area as well as the Internet Area, to get the congestion management right. For the moment, I am quite unable to judge whether the proposal in this draft to use GRE-in-UDP or GUE is the best answer. I also don't really understand the security model. There is some discussion of IPsec tunnels and RFC3884. If we use IPsec tunnels, why would we need DTLS? For that matter, if we use TLS tunnels, why would we need DTLS? I'm also quite unable to know how to position this proposal compared to https://tools.ietf.org/html/draft-templin-aerolink which has been in development for several years. They seem to tackle some of the same problems. Regards Brian Carpenter _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
