Hi, Brian,
On 11/28/2016 7:59 PM, Brian E Carpenter wrote: > Hi, > > My first question is not whether it's a good idea to build an IP VPN over > IP tunnels, because I'm sure it is. It is more whether we actually need > a BCP describing how to do it, rather than just, say, open-source code > for a VRF instance that does this. +1 > I think that question is definitely worth exploring, and is probably a big > enough question to deserve a BOF (not necessarily a WG-forming BOF). But > that needs to be based on a more problem-oriented and analytic draft, I think. > It definitely needs expertise from the Transport Area as well as the Internet > Area, to get the congestion management right. -1 We already have RFC6040. This isn't a transport problem (if it is, it has been done incorrectly - see below). > For the moment, I am quite unable to judge whether the proposal in this draft > to use GRE-in-UDP or GUE is the best answer. There can be no single answer to that question. Like regular links, tunnels (virtual links) vary with their environment, and should. > I also don't really understand > the security model. There is some discussion of IPsec tunnels and RFC3884. > If we use IPsec tunnels, why would we need DTLS? For that matter, if we use > TLS tunnels, why would we need DTLS? TLS is a very bad idea. We should never try to tunnel IP over TCP. DTLS might be available where IPsec isn't. > I'm also quite unable to know how to position this proposal compared to > https://tools.ietf.org/html/draft-templin-aerolink which has been > in development for several years. They seem to tackle some of the same > problems. +1 > > Regards > Brian Carpenter > > > _______________________________________________ > Int-area mailing list > Int-area@ietf.org > https://www.ietf.org/mailman/listinfo/int-area _______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area
