Hi Brian, Joe, and et al, Thank you for the questions and comments. Please see inline below.
-----Original Message----- From: Int-area [mailto:[email protected]] On Behalf Of Brian E Carpenter Sent: Monday, November 28, 2016 10:00 PM To: [email protected] Subject: [Int-area] Some thoughts on draft-yong-intarea-inter-sites-over-tunnels Hi, My first question is not whether it's a good idea to build an IP VPN over IP tunnels, because I'm sure it is. It is more whether we actually need a BCP describing how to do it, rather than just, say, open-source code for a VRF instance that does this. [Lucy] We certainly like to discuss what IETF needs to do here. Now more and more vendors make such products to enable site-interconnection over IP tunnels (note: site traffic may be non-IP), and more and more enterprise companies use such product for site-interconnection. Some products may not even meet Internet requirement or UDP application requirement, which is not good, having a standard way to implement is valuable for the Internet. In addition, in future, such products can be commoditized and be used in very large scale and/or between two trusted parties, then standard solution is necessary in this space to avoid interworking issues. I think that question is definitely worth exploring, and is probably a big enough question to deserve a BOF (not necessarily a WG-forming BOF). But that needs to be based on a more problem-oriented and analytic draft, I think. It definitely needs expertise from the Transport Area as well as the Internet Area, to get the congestion management right. [Lucy] Thank you for the suggestion. We like to solicit interest and suggestion on what is the proper way to develop this application in IETF. Before IETF98, should we discuss this in intarea mailing list or have a new mailing list to discuss this? FYI: here is another draft related to this application. https://datatracker.ietf.org/doc/draft-dunbar-opsawg-private-networks-over-thin-cpe/ For the moment, I am quite unable to judge whether the proposal in this draft to use GRE-in-UDP or GUE is the best answer. I also don't really understand the security model. There is some discussion of IPsec tunnels and RFC3884. If we use IPsec tunnels, why would we need DTLS? For that matter, if we use TLS tunnels, why would we need DTLS? [Lucy] I agree Joe and Tom's answer. I'm also quite unable to know how to position this proposal compared to https://tools.ietf.org/html/draft-templin-aerolink which has been in development for several years. They seem to tackle some of the same problems. [Lucy] In fact, Fred informed us about draft-templin-aerolink before Seoul meeting and we had some offline discussions about the two. We agreed that both Fred's draft and Yong's draft specify a solution for site-interconnection by IP tunnels; however Fred's draft solves more complex case than Yong's draft. Yong's draft assumes that each enterprise site is at a location and not often moves; Fred's draft assume that each network site can dynamically moves (e.g. airplane is a site), so site location address, i.e. tunnel EP, may change frequently on Internet; thus Fred's solution uses AERO protocol [RFC6706] to dynamically get tunnel EP address and establish tunnels. The tunnel EP in Yong's case is static. We kindly agreed to work together in this subject, Fred also want to submit Fred's draft to intarea WG draft. We certainly like to hear the intarea expert suggestion on the work development. Thanks, Lucy Regards Brian Carpenter _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
