Joe, On 29/11/2016 17:38, Joe Touch wrote: > Hi, Brian, > > > On 11/28/2016 7:59 PM, Brian E Carpenter wrote: >> Hi, >> >> My first question is not whether it's a good idea to build an IP VPN over >> IP tunnels, because I'm sure it is. It is more whether we actually need >> a BCP describing how to do it, rather than just, say, open-source code >> for a VRF instance that does this. > +1 >> I think that question is definitely worth exploring, and is probably a big >> enough question to deserve a BOF (not necessarily a WG-forming BOF). But >> that needs to be based on a more problem-oriented and analytic draft, I >> think. >> It definitely needs expertise from the Transport Area as well as the Internet >> Area, to get the congestion management right. > -1 > > We already have RFC6040.
Doesn't that only apply with ECN-capable end points? > This isn't a transport problem (if it is, it > has been done incorrectly - see below). No, but it might induce interesting transport problems if the tunnel behaves other than as a piece of wire. RFC6077 seems to identify a number of open problems in this area, but you certainly know more about this than I do. >> For the moment, I am quite unable to judge whether the proposal in this draft >> to use GRE-in-UDP or GUE is the best answer. > There can be no single answer to that question. Like regular links, > tunnels (virtual links) vary with their environment, and should. >> I also don't really understand >> the security model. There is some discussion of IPsec tunnels and RFC3884. >> If we use IPsec tunnels, why would we need DTLS? For that matter, if we use >> TLS tunnels, why would we need DTLS? > TLS is a very bad idea. We should never try to tunnel IP over TCP. I agree it's a terrible idea, but pragmatically situations can arrive where it's the only real option. > DTLS might be available where IPsec isn't. If that is the case, it needs to be explained in more detail in the draft. Anyway it needs to be a clear choice: IPsec or DTLS, but not both. (This is a point that has also come up in the Anima WG, as it happens.) Brian >> I'm also quite unable to know how to position this proposal compared to >> https://tools.ietf.org/html/draft-templin-aerolink which has been >> in development for several years. They seem to tackle some of the same >> problems. > +1 >> >> Regards >> Brian Carpenter >> >> >> _______________________________________________ >> Int-area mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/int-area > > _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
