Robert, Perhaps the right thing here is for you to propose text to Fred on how to make sure his traffic is safe from the types of state-sponsored attack that an air traffic system might need to withstand?
Stewart > On 25 Jul 2018, at 13:24, Robert Raszuk <[email protected]> wrote: > > > True network slicing for IP networks means either waist of resources or very > strict multi-level queuing at each hop and 100% ingress traffic policing. Yet > while this has a chance to work during normal operation at the time of even > regular failures this all pretty much melts like cheese on a good sandwich. > > It is going to be very interesting to compare how single complex sliced > network compares for any end to end robust transport from N normal simple IP > backbones and end to end SLA based millisecond switch over between one and > another on a per flow basis. Also let's note then while the former is still > to the best of my knowledge a draft the latter is already deployed globally > in 100s of networks. > > Best, > R. > > >> On Wed, Jul 25, 2018 at 1:21 PM, Acee Lindem (acee) <[email protected]> wrote: >> >> >> >> >> From: rtgwg <[email protected]> on behalf of Stewart Bryant >> <[email protected]> >> Date: Wednesday, July 25, 2018 at 5:55 AM >> To: Robert Raszuk <[email protected]> >> Cc: Routing WG <[email protected]> >> Subject: Re: VPN security vs SD-WAN security >> >> >> >> >> >> >> >> On 25/07/2018 10:40, Robert Raszuk wrote: >> >> /* Adjusting the subject ... */ >> >> >> >> Hello >> >> Stewart, >> >> >> >> You have made the below comment in the other thread we are having: >> >> >> >> Indeed, I would have expected this to be on a secure network of some sort >> either purely >> private or some form of VPN. However, I am sure I read in your text that you >> were >> considering using the Public Internet much in the way of SD-WAN. >> >> >> >> Would you mind as extensively as you can expand on the above statement ? >> >> >> >> Specifically on what basis do you treat say L2VPN or L3VPN of naked >> unencrypted packets often traveling on the very same links as this "bad" >> Internet traffic to be even slightly more secure then IPSEC or DTLS >> encrypted SD-WAN carried data with endpoints being terminated in private >> systems ? >> >> >> >> Thx, >> >> Robert >> >> >> Robert, I think that you have to take it as read that an air traffic control >> SoF system is encrypting its packets. If it is not, then it is clearly not >> fit for purpose. >> >> What concerns me is that an air traffic system is one of the most, if not >> the most, high profile targets in civil society. You get reminded of this >> each time you travel to IETF. >> >> The thing about safety of flight traffic is that a sustained and effective >> DDoS attack has global impact in a way that few other such attacks have. >> >> A VPN system ought to sustain resistance to such an attack better than the >> proposed system which treats the SoF traffic the same as regular traffic. >> >> >> >> I guess you are making a case for your network slicing work 😉 >> >> >> >> Acee >> >> >> >> - Stewart >> >> >> >
_______________________________________________ rtgwg mailing list [email protected] https://www.ietf.org/mailman/listinfo/rtgwg
