Hi, The draft-deng-opsawg-composed-vpn-sm-requirement had a more general approach. In this document we are looking at a single service provider that has more than one domain and has the interconnects. The data model allows that service provider to specify the composed VPN and provide the orchestrators with the information to configure the segments VPN , assuming that the connectivity between the domains is given Roni
-----Original Message----- From: OPSAWG [mailto:[email protected]] On Behalf Of Randy Bush Sent: Tuesday, November 06, 2018 8:52 AM To: opsawg Subject: Re: [OPSAWG] draft-evenwu-opsawg-yang-composed-vpn [ first, apologies for forging a message from joe to the list ] back in october 2016, i said > at this level of abstraction, anything can be made to look as if it > would work and be wonderful. it essentially says that a multi-as vpn > is composed by linking multiple single-as vpn systems. this is not a > deep insight, and it provides no clues on how to do it. > > of the 392 devils to be found in the details, inter-provider > authentication and identification of end-points, billing, ... the > list goes on and one. > > then there are issues such as describing and provisioning the > contracted (with the end customer) privacy constraints across multiple > provider technologies. > > fwiw, our customers do use multi-provider vpns; they use ipsec. we > provide ipsec capable cpe and various management/orchestration systems. the draft in $subject is an even higher level description of the same unsolved problems. while i do admire and encouragethe use of more formal abstractions, it would also be good if the real underlying issues were addressed. perhaps, likely due to undercaffeination, i missed seeing the semantics being clarified. if so, my apologies. randy _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
