L3VPN Working Group IETF 85 Session 2012-11-09 0900-1100: Salon E WG Status draft-mapathak-interas-option-d-00 draft-ymbk-l3vpn-origination-02 draft-fang-l3vpn-end-system-requirements-00 draft-fang-l3vpn-virtual-pe-framework-01 draft-xu-virtual-subnet-09 draft-zheng-l3vpn-pm-analysis-00 draft-dong-l3vpn-pm-framework-00 draft-drao-bgp-l3vpn-virtual-network-overlays-00 draft-rfernando-virt-topo-bgp-vpn-01 WG Status Co-chairs, 10min draft-mapathak-interas-option-d-00 Arjun, 10min [Unknown]: Six years we had a similar draft. We see a lot of similarities with your draft and yet there is no reference to the earlier work. Arjun: Ok, I was not aware of the earlier work. Please point me to the draft. Lucy: Are you referring to the forwarding plan? Arjun: Yes, so any failure on an interface is not affected. We are dealing with physical interfaces. Maria: What is the difference between options? Arjun: Option B has a single global interface. You perform an import option. Maria: But you cannot perform route summarization. Arjun: Yes. This is a hybrid model. I will take your additional comments offline. Martin: Is this going to be a L3VPN draft? Please check the draft new and naming convention. Jabber Comment from Thomas Morin: The proposal made 6 years ago was objected because (quote) "there was nothing to standardize"; this draft is lucid and just targets "informational"; this may be useful to document. draft-ymbk-l3vpn-origination-02 Arjun, 15min Robert: In various places in your draft you say you are defining by VPN. However you do not mention route target in your draft. So it is confusing as I do not know how you determine what prefixes are part of a VPN. Arjun: Agreed. We do use route target. You can augment the policy with the validated state of the route. You can have policy on the route on the ASBR. If it valid or invalid you take the appropriate action. Bruno: The goal is protect possible routes against misconfiguration? The SP issue is regarding the advertisement and to routes to say the voice gateway. How do you distinguish between misconfigured routes from good routes if they have the same key? Arjun: The SP will have to serve as transport. You can have a key per VPN on the PE itself. Lou: This is supposed to work from the CE? So the CE puts in an L3VPN attribute so its L3VPN attribute? Is this not the same problem that SIDR will try to solve? Why not use the same solution? Arjun: SIDR has no L3VPN context. Lou: What you’re saying is you need a private key authority. Arjun: No. You do not need a PKI, you can use a shared key. Lou: Looks like you have a gap in functionality Adrian: First question from Thomas on Jabber: what is signed: just the prefix ? The whole SAFI? The whole SAFI plus attributes ? if attributes are not part of the signed blob, aren't there security problems that remain if attributes of a signed route are mangled in transit ? Arjun: On the ASBR the RT context to take appropriate route. Adrian: Second question from Thomas on Jabber: which attributes do you have in mind as they get overwritten? Arjun: Attributes are striped on the PE. Adrian: Questions Martin: Was discussed in IDR and discussed. Arjun: Comments were to take work to SIDR or L3VPN. draft-fang-l3vpn-end-system-requirements-00 Maria, 15min Kireeti: You mentioned decoupling from L2 topology. Can you explain again? Maria: slide 6 – Let us say the separation. Kireeti: this is simply Ethernet connectivity. Maria: yes. Lucy: Do you expect the CE to advertise the hypervisor? Maria: No. Different from traditional VPN. Lucy: Is there requirements for separating data plane and control plane. Maria: Yes. Ning: This is good work. In line with data center work. Martin: How many of the requirements in the draft have been addressed? Martin - Room Poll: Who thinks its need to document the requirements? [Fair number]. Who thinks it is not needed. [Nobody]. Lucy: I think this is good work but I think it’s out of charter. Luyuan: I do not see any need for recharter. It is not proposing new protocols. Martin: no rechartering discussion here at that meeting draft-fang-l3vpn-virtual-pe-framework-01 Luyuau, 15min Kireeti: When you say centralized route controller. You can have this without a centralized controller. Luyuan: Agreed. Lucy: Does the external device also include PE and data centre gateway? Luyuan: Yes. Lucy: Please go to first slide [Motivation]. Is this the requirement? Then the framework needs to reflect this. Luyuan: This is an example, but I take your comments. Consider this for people who want to extend their network service deployment. Martin: Sorry were running out of time, please move this discussion to the list. draft-xu-virtual-subnet-09 Xiaohu, 15min Martin – Room Poll: Who has read document? [A few hands]. draft-zheng-l3vpn-pm-analysis-00 Zhenbin, 10min draft-dong-l3vpn-pm-framework-00 Jie, 10min Martin: Please try to trigger discussion on the list. draft-drao-bgp-l3vpn-virtual-network-overlays-00 Dhananjaya Rao, 15min Lucy: What are the MAC address requirements coming from customers? Are you intra-DC and inter-DC but slides show both, so not a different approach? Dhananjaya: No it’s a common solution. Lucy: If you ask people to implement. Does the VN ID globally or locally? Dhananjaya: both. Unknown: You want introduce another encapsulation format. Dhananjaya: Virtual network overlay. Unknown: what is motivation for another encapsulation method. Dhananjaya: What to reuse. Unknown: NVO3 comment – VXLAN has reserved bits for protocol type field. Dhananjaya: Generally driven by platform ASICs. LISP for instance defined IP over IP encapsulation. Kireeti: Let’s be sensible. Martin: This sits between L3VPN and NVO3. Need to make sure it sits in a single place. Kireeti: A similar draft for e-VPN ? That draft needs to be split apart as there is significant overlapping. Maria: maybe think about the advantages. draft-rfernando-virt-topo-bgp-vpn-01 Kireeti Is this informational? Presenter: Yes. If it becomes useful then we will convert it.