Re: [bess] Last Call: (BGP Usage for SD-WAN Overlay Networks) to Informational RFC

Adrian, Thank you very much for the extensive comments and suggestions. I am breaking the resolutions in two separate emails. This one addresses the comments to Section 3.1.2. Will have another email addressing the remaining comments. Can you check if the resolutions to your comments inserted

Re: [bess] [Last-Call] Last Call: (BGP Usage for SD-WAN Overlay Networks) to Informational RFC

Hi Robert, We write standards to serve those who implement, deploy, and manage the technology. That means among other things, that our documents need to be specific enough to enable interoperable implementations to be written. Simply saying “the intention is to run BGP over TLS” (or some

Re: [bess] [Last-Call] Last Call: (BGP Usage for SD-WAN Overlay Networks) to Informational RFC

Hi John, I think I am getting to what you are saying ... or maybe not. If I am reading it correctly you say that running BGP over TLS or DTLS is not standardized hence we should be very careful in putting this in the new documents. Would you be of a different opinion if authors say instead that

Re: [bess] [Last-Call] Last Call: (BGP Usage for SD-WAN Overlay Networks) to Informational RFC

> On Feb 6, 2024, at 2:48 PM, Robert Raszuk wrote: > > I have been using BGP over TCP over TLS and BGP over TCP over DTLS for years > testing Sproute's SDWAN solution. Works perfectly fine. In fact it performs > much better then BGP over TCP over IPSec. Cool. There are a great many things in

Re: [bess] [Last-Call] Last Call: (BGP Usage for SD-WAN Overlay Networks) to Informational RFC

Hi John, Trimming a bit the list of to/cc I noticed you stated this: ".. as far as I’m aware, there is no IETF specification for BGP over TLS, and I don’t expect that there will ever be a specification for BGP over DTLS, given that BGP assumes a stream transport..." So that got me a bit

Re: [bess] Last Call: (BGP Usage for SD-WAN Overlay Networks) to Informational RFC

Hi Linda, Without doing a full review of the proposed language in context, I don’t think I can offer a firm thumbs-up or thumbs-down. But generally speaking, if the document allows the reader to understand what the security architecture is and how they would realize it, either by referencing

Re: [bess] Secdir last call review of draft-ietf-bess-bgp-sdwan-usage-19

Hi Linda, ...snipping... On 06/02/2024 18:11, Linda Dunbar wrote: [Linda] Thank you very much for the suggestion. This draft operates under the assumption that a secure channel exists between the SD-WAN controller and the SD-WAN edges. Right The challenge you seem to face though is the lack

Re: [bess] [Last-Call] Last Call: (BGP Usage for SD-WAN Overlay Networks) to Informational RFC

Hi Robert, > On Feb 6, 2024, at 1:49 PM, Robert Raszuk wrote: > > Hi John, > > https://datatracker.ietf.org/doc/draft-wirtgen-bgp-tls/ See my earlier reply to Linda. > And for DTLS ... isn't this simply TCP over DTLS which works just fine ? I’m not sure what you’re getting at here. It’s

Re: [bess] Last Call: (BGP Usage for SD-WAN Overlay Networks) to Informational RFC

John, One key SD-WAN scenario involves expanding the existing VPN network by incorporating additional paths from other networks. In this context, the operator can efficiently utilize their primary management channel, initially designed for VPN control for the BGP to control the SD-WAN.

Re: [bess] [Last-Call] Last Call: (BGP Usage for SD-WAN Overlay Networks) to Informational RFC

Hi John, https://datatracker.ietf.org/doc/draft-wirtgen-bgp-tls/ And for DTLS ... isn't this simply TCP over DTLS which works just fine ? Many thx, R. On Tue, Feb 6, 2024 at 4:38 PM John Scudder wrote: > I haven’t done a full review of this document, but I did notice that Roman > Danyliw

Re: [bess] Secdir last call review of draft-ietf-bess-bgp-sdwan-usage-19

Stephen, Thank you very much for the comments. Please see the resolution below. Linda -Original Message- From: Stephen Farrell via Datatracker Sent: Friday, February 2, 2024 8:03 AM To: sec...@ietf.org Cc: bess@ietf.org; draft-ietf-bess-bgp-sdwan-usage@ietf.org; last-c...@ietf.org

Re: [bess] Last Call: (BGP Usage for SD-WAN Overlay Networks) to Informational RFC

Yes, I noticed that, hence “no *IETF* specification”, it’s an individual draft. If the security model of the present spec relies on BGP-over-TLS, maybe a 00 individual contribution isn’t as firm a foundation as you’d like. Of course, I can’t speak for Roman, it’s his DISCUSS, I was just

Re: [bess] Last Call: (BGP Usage for SD-WAN Overlay Networks) to Informational RFC

John, There is a draft on BGP over TLS: https://datatracker.ietf.org/doc/draft-wirtgen-bgp-tls/ We are working with the author to enhance the draft. We will add the reference to BGP over TLS. And remove the BGP over DTLS. Can those changes address your comments? Thank you, Linda

Re: [bess] Mail regarding draft-ietf-bess-rfc7432bis

Hello Greg, Thank you for pointing out this draft. Best Regards, Menachem From: Greg Mirsky Date: Tuesday, 6 February 2024 at 16:08 To: Ali Sajassi (sajassi) Cc: Menachem Dodge , Matthew Bocci (Nokia) , draft-ietf-bess-rfc7432...@ietf.org , bess-cha...@ietf.org , bess@ietf.org Subject:

Re: [bess] Last Call: (BGP Usage for SD-WAN Overlay Networks) to Informational RFC

I haven’t done a full review of this document, but I did notice that Roman Danyliw balloted DISCUSS on version 15 [1], asking, among other things, "Are there pointers for BGP over DTLS? Over TLS?”. This doesn’t appear to have been addressed, either in Linda’s reply to Roman [2], or in the text

Re: [bess] Mail regarding draft-ietf-bess-rfc7432bis

Hi Ali and Menachem, thank you for the discussion of the applicability of PW CW. I would like to bring to your attention the work at the MPLS WG on the use of the Post-stack First Nibble (PFN). I must apologize that the draft has

Re: [bess] A couple of question about draft-ietf-bess-evpn-ac-aware-bundling

Hi, Regarding my Q2: I have encountered deployments in which an EVPN IRB is configured with multiple IP subnets while the single attachment circuit of the broadcast domain it uses is delimited by a single VLAN. Regards, Sasha From: Alexander Vainshtein Sent: Tuesday, February 6, 2024 3:51 PM

[bess] A couple of question about draft-ietf-bess-evpn-ac-aware-bundling

Hi, I have a couple of question about the AC-aware bundling draft . The background for these questions is given below. 1. Section 6.2 of RFC 7432 that