Hi Pekka,
Thanks for your comments.
# Since you are not subscribed to the list, it was bounced back to chairs.
As you may be aware (e.g., see RFC3945), GMPLS allows any type of control
channel to be used as long as there is IP reachability.
In L1VPN framework, there is some description about requirements for CE-PE
control channels in security considerations section (section 12). If a
control channel is physically separate per VPN (e.g., in-fiber in-band
SONET/SDH overhead bytes), it is relatively secure. But if a control
channel is physically shared by multiple VPNs (e.g., out-of-fiber ethernet
cable connected to a hub), some security mechanisms may be needed depending
on trust model.
# NOTE: -03 version is now available, but text related to above is the same
as -02 version.
Hope this clarifies.
Thanks,
Tomonori
At 15:10 06/05/02 +0300, Pekka Savola wrote:
Hi,
(Not subscribed, hopefully this'll get through to the list.)
I read draft-ietf-l1vpn-framework-02. I found it reasonably clear to
understand, and I think it's ready or almost ready for publication.
One thing that kept intriguing me (this may be because I haven't studied
the GMPLS background material very much) is what exactly are the options
for CE-PE control plane connectivity at IP level (and as a generalization,
the whole control plane connectivity end-to-end). The doc specifically
assumes that such exists for some models, but doesn't describe how and the
requirements for such. This seems like an important point to me.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
_______________________________________________
L1vpn mailing list
L1vpn@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/l1vpn
