2.3.7 Layer 3 Virtual Private Networks (l3vpn)

Last Modified: 2003-07-09

Rick Wilder <rick@rhwilder.net>
Ross Callon <rcallon@juniper.net>
Ronald Bonica <ronald.p.bonica@mci.com>
Internet Area Director(s):
Thomas Narten <narten@us.ibm.com>
Margaret Wasserman <mrw@windriver.com>
Internet Area Advisor:
Thomas Narten <narten@us.ibm.com>
Technical Advisor(s):
Alex Zinin <zinin@psg.com>
Mailing Lists:
General Discussion: l3vpn@ietf.org
To Subscribe: https://www1.ietf.org/mailman/listinfo/l3vpn
Archive: https://www1.ietf.org/mail-archive/working-groups/l3vpn/current/maillist.html
Description of Working Group:
Alex Zinin is the routing advisor.

This working group is responsible for defining and specifying a
limited number of solutions for supporting provider-provisioned
Layer-3 (routed) Virtual Private Networks (L3VPNs).

The WG is responsible for standardization of the following solutions:
    1. BGP/MPLS IP VPNs (based on RFC 2547)
    2. IP VPNs using Virtual Routers
    3. CE-based VPNs using IPSEC

The following VPN deployment scenarios will be considered by the WG:

    1. Internet-wide: VPN sites attached to arbitratry points in
      the Internet

    2. Single SP/single AS: VPN sites attached to the network of a
      single provider within the scope of a single AS

    3. Single SP/multiple AS'es: VPN sites attached to the network
      of a single provider consisting of multiple AS'es

    4. Cooperating SPs: VPN sites attached to networks of different
      providers that cooperate with each other to provide VPN service

As part of this effort the WG will work on the following tasks
(additional work items will require rechartering):

    1. Requirements and framework for Layer 3 VPNs
    2. Solution documents for each approach listed above (including
      applicability statements)
    3. MIB definitions for each approach
    4. Security mechanisms for each approach

As a general rule, the WG will not create new protocols, but will
provide functional requirements for extensions of the existing
protocols that will be discussed in the protocol-specific WGs. L3VPN WG
will review proposed protocol extensions for L3VPNs before they are
recommended to appropriate protocol-specific WGs.

Multicast and QoS support are excluded from the charter at this time.
They may be considered for inclusion in an updated charter at a later
time. Future work items may also include OAM support.
Goals and Milestones:
Done  Submit L3 VPN Requirements Document to IESG for publication as Info
Done  Submit Generic Requirements Document to IESG for publication as Info
Done  Submit L3 VPN Framework Document to IESG for publication as Info
Dec 03  Submit VPN Security Analysis to IESG for publication as Info (draft-fang-ppvpn-security-framework-00)
Dec 03  Submit BGP/MPLS VPNs specification and AS to IESG for publication as PS (draft-ietf-ppvpn-rfc2547bis-03, draft-ietf-ppvpn-as2547-01)
Dec 03  Submit CE-based specification and AS to IESG for publication as PS (draft-ietf-ppvpn-ce-based-03, draft-declercq-ppvpn-ce-based-sol-00, draft-declercq-ppvpn-ce-based-as-01)
Dec 03  Submit Virtual Router specification and AS to IESG for publication as PS (draft-ietf-ppvpn-vpn-vr-03, draft-ietf-ppvpn-as-vr-01)
Jan 04  Submit VPN MIB Textual Conventions to IESG for publication as PS (draft-ietf-ppvpn-tc-mib-02)
Jan 04  Submit MPLS/BGP VPN MIB to IESG for publication as PS (draft-ietf-ppvpn-mpls-vpn-mib-05)
Jan 04  Submit VR MIB to IESG for publication as PS (draft-ietf-ppvpn-vr-mib-04)
Jan 04  Submit BGP as an Auto-Discovery Mechanism for publication as PS (draft-ietf-ppvpn-bgpvpn-auto-05.txt)
Mar 04  Submit specification of using IPSEC for PE-PE encapsulation in BGP/MPLS VPNs to IESG for publication as PS (draft-ietf-ppvpn-ipsec-2547-03)
Mar 04  Submit specification of using GRE for PE-PE encapsulation in BGP/MPLS VPNs to IESG for publication as PS (draft-ietf-ppvpn-gre-ip-2547-02)
Mar 04  Submit specification of CE Route Authentication to IESG for publication as PS (draft-ietf-ppvpn-l3vpn-auth-03)
Mar 04  Submit specification of OSPF as the PE/CE Protocol in BGP/MPLS VPNs for publication (draft-rosen-vpns-ospf-bgp-mpls-06.txt)
  • - draft-ietf-l3vpn-requirements-00.txt
  • - draft-ietf-l3vpn-framework-00.txt
  • - draft-ietf-l3vpn-ce-based-00.txt
  • - draft-ietf-l3vpn-bgp-ipv6-00.txt
  • - draft-ietf-l3vpn-mpls-vpn-mib-00.txt
  • - draft-ietf-l3vpn-rfc2547bis-00.txt
  • - draft-ietf-l3vpn-ipsec-2547-01.txt
  • - draft-ietf-l3vpn-ospf-2547-00.txt
  • - draft-ietf-l3vpn-gre-ip-2547-00.txt
  • - draft-ietf-l3vpn-bgpvpn-auto-00.txt
  • - draft-ietf-l3vpn-vpn-vr-00.txt
  • - draft-ietf-l3vpn-vr-mib-00.txt
  • - draft-ietf-l3vpn-tc-mib-00.txt
  • - draft-ietf-l3vpn-as2547-01.txt
  • - draft-ietf-l3vpn-applicability-guidelines-00.txt
  • - draft-ietf-l3vpn-as-vr-00.txt
  • - draft-ietf-l3vpn-auth-00.txt
  • - draft-ietf-l3vpn-generic-reqts-01.txt
  • - draft-ietf-l3vpn-mgt-fwk-00.txt
  • No Request For Comments

    Current Meeting Report

    End.L3 PPVPN WG Minutes - Adrian Farrel (adrian@olddog.co.uk)
    Ross Callon and Ron Bonica presiding.
    Alex Zinin - Why split the WG?
     o PPVPN will be shut down after draft relocation
     o Thomas Narten will be responsible AD for both L2VPN & L3VPN
     o Rick Wilder, Loa Andersson & Vach Kompella are L2VPN Chairs
     o Rick Wilder, Ross Callon & Ron Bonica are L3VPN Chairs
     o Subscribe to new mailing lists, ppvpn@ will be closed
     o Security TA TBD
     o see slides
    Ross introduced Thomas Narten as AD
    Thomas said:
    - other AD is Margaret Wasserman who is a new AD
    - WG is in Internet Area because that's where it belongs!
    Ron Bonica - L3 VPN Charter
    - charter is on line 
    - see slides
    - WG will be limited to requirements and applications, NOT new 
    Ross Callon - Draft status
    - see slides
    Common documents:
    Luyuan Fang
    Security Framework for Provider Provisioned Virtual Private Networks 
    - see slides
    * Dave McDyson
    - objective is to identify aproaches, so support draft
    - analysis is a better title than framework
    - draft has tensions between L2 and L3
    * Ron
    - its important
    - propose adopt as WG
    - comments in two weeks (on list)
    - Luyuan to collect feed back from other sources
    - respin in two weeks or so (after first two weeks)
    - then WG last call
    * ??
    - should section 8 have full statement or templates?
    - timeframe implies templates
    - he's OK with this
    - check everyone OK with multiple drafts as consequence
    * Ron
    - ack on all points
    * Ross (from later in meeting)
    - sense of the room for WG doc
      - no oposition, reasonable support
      - consensus declared
    Thomas Nadeau
    Framework for PPVPN Operation and Management 
    - see slides
    * Ross
    - Alex advises that its OK to decide on whether this is a WG document
    - If a charter update would be needed then we can ask the IESG post facto 
    for a charter update
    - sense of the room for WG doc
      - no oposition, reasonable support
      - consensus declared
    Rahul Aggarwal
    Signaling Tunnel Encapsulation/Deencapsulation Capabilities 
    - see slides
    * Alex Zinin
    - recall discuss on list about protocol specific extensions
    - should go to WG that owns protocol after L3 PPVPN makes 
    suggestions and checks meets requirements
    - in this case IDR WG
    * Rahul
    - yes
    * Alex
    - don't make WG doc
    - get positive feedback from Wg first
    - then go to IDR
    - split draft if needed for other protocols
    * Rahul
    - what is the correct procedure?
    * Alex
    - let's not spend time on procedures now
    - current procedure is that protocol extensions are done in the WG that 
    owns the protocol
    * Rahul
    - let's guage interest
    * Alex
    - you don't have doc that can be a WG doc
    * Thomas Narten
    - premature to ask about WG doc
    - ask rather is there interest in problem
    * Ross
    - how many read? :fair number
    - appropriate approach that should be considered? :clear support, none 
    L3 documents :
    Pedro Marques
    Constrained VPN route distribution 
    - see slides
    * ???
    - for inter-AS how relate to the two different inter-AS methods
    * Pedro
    - it applies to B & C
    * Ross
    - whos' read : modest
    - who should be concenred  : modest v. 1
    - who thinks WG doc : modest
    * Pedro
    - IDR or here
    * Yakov
    - BGP already has multiprotocol support
    - this spec uses what already exists
    * Pedro
    - draft contains no mods to existing standards
    * Thomas Narten
    - but does it change the interpretation?
    * Pedro
    - no, but defines new bits
    * Thomas
    - huh? no change to existing standards but changes bits on the wire?
    * Dave
    - disagree, thinks changes the way BGP operates
    * ???
    - should be in IDR including the problem solution
    * Ross
    - do it on both lists
    * P
    - is this something the WG wnats a soln for
    - is mechanism considered as a solution by this WG
    - 2547 is not done in IDR
    * Ron
    - consensus on problem being worth inspection
    * George Swallow
    - scalability is always a problem and must be considered
    - if this is a solution then this is good
    * Luyuan Fang
    - there is a real problem : inter-AS
    Pedro Marques
    RFC2547bis networks using internal BGP as PE-CE protocol
    - read the slide
    * Ron (individual)
    - CE device peering using your AS, could it peer elsewhere using your AS 
    * Pedro
    - cust n/w has its own AS number
    - never sees provider n/w AS number
    - doesn't even know about it
    - this is the point
    * Joel
    - two likely scenarios
       1. this is a good general tool so go to IDR
       2. IDR says this is a bad idea in which case this WG should not do it
    - In other words we shouldn't do it in either case
    - This is too close to the core working of BGP for us to do
    * Pedro
    - begs to differ
    - this is 2547 only
    - IDR WG does not have expertise in this area
    - we are not modifying any rules at all
    * ???
    - Why run IGP with domain we don't control?
    - Takes away purpose of outsourcing VPN to the carrier
    * Pedro
    - there is no assumption that IGP is being run
    - unless routers are behind CE, no IGP used
    * Ross
    - if this is useful for VPNs is for this WG
    - BGP manipulation technique is for IDR
    * Alex
    - ack
    Lede Feng (taken out of order)
    ISIS as the PE/CE Protocol in BGP/MPLS VPNs
    - read the slides
    * Hans Breddler
    - sub-TLV to TLV 135: any plan to handle admin tag or down to single 
    * Lede
    - we need to extend BGP to support extensions
    * Hans
    - does it make sense to address small metrics at the moment?
    - just keep going with existing?
    * Danny McPherson
    - are people doing it, or is it to complete the set of protocols?
    * Lede
    - Yes, China Telecom is requesting this
    * Ron
    - who read? : small
    - any other customers? : no response
    - should we pursue the draft? : none
    - we will check on list
    Gargi Nalawade
    IPv4-Tunnel SAFI
    - read the slides
    * ???
    - most VPN use MPLS, so why do we need this?
    - how do you deal with misconfiguration?
    * Gargi
    - tunnel creation is triggered, this just signals relation with end 
    - so no question of misconfig
    * ???
    - saves very little in config effort
    * Gargi
    - disagree
    - just config one tunnel and flood it
    - implementation and deployment details
    * Ross
    - read? : modest
    - problem here that doc is trying to solve (general of setting up 
    tunnels, this solves specific part of problem)
    * Gargi
    - no, not just IP tunneling
    * Ross
    - separate issue of setting up tunnels from determining routes?
    * Ross
    - is this a problem that we want to work on?
    * ???
    - this is the same problem as Rahoul presented
    * Ross
    - complimentary of oposed solns?
    * Rahoul
    - problems are similar
    - earlier draft is PPVPN perspective
    - this is more directed to solution
    - there is some overlap, just different perspectives
    * Gargi
    - authors of both drafts are talking
    - there are some differences
    * Rahoul
    - there is a distinction between problem and solution
    - this draft is a solution without a problem statement
    * Ron
    - please work together for a problem statement for a superset
    * Rahoul
    - we already have agreement
    - previously suggested that there was more than one 
    authentication draft
    - this is not so


    PPVPN Operations and Management Framework
    L3VPN Charter
    Status of L3 PPVPN Working Group Documents
    Constrained VPN route distribution
    Internal BGP as PE-CE Protocol
    IS-IS as the PE/CE Protocol in BGP/MPLS VPN
    Tunnel Encapsulation Signalling using the Tunnel SAFI