Rev-03 created addressing comments received from rev-02 draft - sent to editor for release soon
disparities between framework and problem statement addressed.
Laurent Toutain: Hub and Spoke
-----------------------------
Clarification added and l2tp2 hello and lcp echo timers
hello dead peer detection and lcp timers both kept, lcp timer for nat refresh
Strong consensus i.e no feedback responses to mail list
Last call to the list, two week timer on it.
Christ : Mesh new draft
----------------------------
updated of terminology: new terminology felt more descriptive need to review docs i.e.
problem statement to make sure in sync with respect to the new terminology
Other changes
general principals added
reference model removed from draft-02
vote taken to make a WG document-
Yaakov asked problem definition is aligned with problem statement
- Resolved in rev03.
document adopted as WG document
Need to align with Shu's security document
Need to added multicast, and security,
Formal request has been made to IDR to make NLRI/NH draft a WG doc
Draft Wu present
Darft pmohapapt - present by Chris Metz
2-octet distinguisher removed.
Yaakov asked it be made clear that this draft only applies to those
encapsulations requiring addition info i.e. GRE with key, l2ptv3 but not
gre no key.
The document will be discussed in IDR
Presentation by Prof Young:
Mesh Multicast
Cernet2 supports ipv6 and ipv6 multicast but need to support 4v
multicast from access/regional networks across core.
Chris Metz presented some suggested solutions
1:1 mapping -linear scaling
or
mVPN-like- using work from l3vpn WG less than linear scaling
Chair asked if problem statement makes mvpn the only solution.
Chris Metz said if was up to operator.
1:1 solution
see slides :
ip backbone:
question on RPF vector-
Greg Shepperd pointed out other solutions out there for multicast
problem, but not in vpn case
mvpn-like:
see slides
control plan options both documented
data plane options - well defined and layout out in m-vpn-draft
encaps
1:1 ipip free
update mesh framework with these thoughts in rev3
draft x--softwire 4over6multicastr-xx updated.
chair asked if we group was happy to have multicast as a section of
framework, rather than new doc which was agreed.
Shu Yamamoto -security -see slides
========================
rev 02 created with comment from security expect.
ikev2 centric rather than v1
Chair asked about AH ESP and Shu’s views on this
Tony Hain – Authentication Header has troubles with ipv4 nat - Need to
be looking at AH for V6 solution because of problem in network with ESP
Yaakov- nobody running bgp over ipsec, people run MD5, doc must be
pragmatic and allow MD5 – Chair(Alain) point out this is recommendation
The Floor asked if any consideration for group based security model
versus ikev2 , as they scale better –
Shu - No he needs to look into
chair asked AD if we could rely of work in l3vpn- AD said, yes
Chair asked floor if mesh security should follow l3vpn otherwise the chair is worried
could delay deployment.
Chair asked should mesh security be in a different document
Chair asks that it be discussed on list if mesh security should be a different doc
Yakov - good idea provided mesh doc not stall at IAD waiting for
security doc
Chair(Alain) - this is not mandatory - we should have some boiler plate text with recommendations
Summary-
Chair asked about phase 1- particularly for hub and spoke, he understood
some work had started and requested that in Chicago a presentation is
made about phase 1 H & S
------------------------------------