Brian,
Opps, should have replied to this message (and not the prior).
My previous mail basically said the new requirement is placed on the
ADVPN solution, not a particular implementation. I think it's important
to ensure that the overall solution provides for Requirement 14, and I'm
not sure how this can be done without a requirement.
See below for additional specific responses.
On 12/13/2012 4:48 PM, Brian Weis wrote:
> Hi Vishwas,
>
> See a couple of notes inline.
>
> On Dec 13, 2012, at 9:54 AM, Vishwas Manral <[email protected]
> <mailto:[email protected]>> wrote:
>
>> Hi Brian,
...
>> Requirement 14 says "The ADVPN solution MUST support Provider Edge
>> (PE) based VPN's". This requirement seems unfair to the end point
>> use cases in 2.1 and 2.3, or even gateway-to-gateway ADVPN
>> solutions that have nothing to do with L3VPNs! I think you're
>> trying to say it must be possible to build an ADVPN solution that
>> meets the requirements of L3VPN, which I have no problem with but
>> I don't think think this it's a fair requirement to put in Section
>> 4. Is there anything beyond the new text you added in 2.2
>> regarding L3VPN that needs to be said?
>>
>> VM> No I did not add any extra text for L3VPN besides this one. The
>> idea was that if IPsec over GRE as PE to PE communication tunnels the
>> ADVPN technology should not preclude such a solution.Like I have said
>> earlier I do not have strong opinion regarding this requirement. Lou
>> thought this should be there and I asked the list if there were
>> objections to this, and I did not hear anyone object, so I added it.
>>
>
> Thanks for the background. It should be possible to address Lou's
> concern underlying concern without adding a requirement that is onerous
> for ADVPN use cases where L3VPN doesn't apply.
I agree there implementation cases where the requirement doesn't apply.
This is why the requirement was phrased as being a requirement on the
overall solution, not on as an implementation requirement.
> The Section 2.2 text I
> referred to is "There is also the case when L3VPNs operate over IPsec
> Tunnels." Maybe that could be expanded into a new paragraph in lieu of a
> requirement? I notice the use of lower case "must" is used in this section.
>
>> Lets try to hear from Lou on this.
>
> Lou, would something like the following text in Section 2.2 be a
> satisfactory replacement for Requirement 14?
>
> There is also the case when L3VPNs operate over IPsec Tunnels,
> for example Provider Edge (PE) based VPN's. An AD VPN must
> support L3VPN as an application protected by the IPsec
> Tunnels.
it he must was a MUST, sure.
Lou
>
> Thanks,
> Brian
>
>>
>> There's a couple remaining nits:
>>
>> Section 2.2: s/A fully meshed solution is would/A fully meshed
>> solution would/
>> Section 4: s/This sectiondefines/This section defines/
>>
>> VM> Updated.
>>
>> Thanks,
>> Vishwas
>>
>>
>> Thanks,
>> Brian
>>
>> _______________________________________________
>> IPsec mailing list
>> [email protected] <mailto:[email protected]>
>> https://www.ietf.org/mailman/listinfo/ipsec
>>
>>
>
>
>
> _______________________________________________
> IPsec mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/ipsec
>
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
