Hi Linda,
It is feasible if we do this based on regulation and agreement with customer. There are many ways to do application identification, DPI\DNS\5 Tuples\URL\APN. Needs to use different technology to handle different scenarios. That is the pain point. BR, 杨锋 Feng Yang 发件人: Apn [mailto:[email protected]] 代表 Linda Dunbar 发送时间: 2021年1月23日 01:26 收件人: Feng Yang; 'Pengshuping (Peng Shuping)'; [email protected]; [email protected] 主题: Re: [Apn] A new draft on APN for your review, thank you! Feng, MEF88 (Application Security for SD-WAN services) states that if subscribers need the Security services by the SDWAN services provided by the Service Providers, the subscribers need to provide the security key (such as TLS1.2 keys) to the Providers. https://wiki.mef.net/display/DSC/SD-WAN+Application+Security+Project+Contributions I am curious from China Mobile perspective, is it a feasible for China Mobile subscribers to provide their TLS1.2 key to you? Thanks, Linda Dunbar From: rtgwg <[email protected]> On Behalf Of Feng Yang Sent: Friday, January 22, 2021 1:54 AM To: 'Pengshuping (Peng Shuping)' <[email protected]>; [email protected]; [email protected] Subject: 答复: [Apn] A new draft on APN for your review, thank you! Hi Shuping, SD-WAN is expected to carry quite some applications over hybrid links, such as internet, mpls, etc. Only with the application information, , it is possible for SD-WAN CPE to direct the traffic over different paths according to the application requirement. For the application information, quite some ways work properly if the traffic is not encrypted. So the problem here is how to get the application information from the encrypted packets. Application information is the base that we can provide a lot of services. We expect to combine this with SRv6 in order to provide a new competitive SD-WAN service which can put SLA service、cloud based VAS(Value Added Service) together in a flexible way. BR, 杨锋 Feng Yang 发件人: Apn [mailto:[email protected]] 代表 Pengshuping (Peng Shuping) 发送时间: 2021年1月20日 14:18 收件人: [email protected]; [email protected] 主题: Re: [Apn] A new draft on APN for your review, thank you! Dear all, In the MEF 70 “SD-WAN Service Attribute and Services”, Table 4 on Page 36 has defined the fields (from layer 2 through layer 4) which are expected to be able to match against ingress IP Packets. APPID is explicitly listed as a criterion. “The APPID Policy Criterion provides the ability for the Service Provider to define and name both simple and complex matches. These can include standard matches available to all of the Service Provider’s Subscribers from a catalog and/or custom matches developed by the Service Provider by agreement with a particular Subscriber.” https://www.mef.net/wp-content/uploads/2019/07/MEF-70.pdf <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mef.net%2Fwp-content%2Fuploads%2F2019%2F07%2FMEF-70.pdf&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C4c092e96fa604c5f89eb08d8beaae006%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637468988437111085%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=N0zZ3aZ%2F88oYs3GG4FJbj3eUbXQz%2B1xZKZ5HX8KW99Y%3D&reserved=0> Is there anybody who knows more about the details about this criterion and its implementations of the catalog and the interactions? How does the standard match and the custom match work in the real system? What are the key elements in the system? How do they interact? Many thanks! Best regards, Shuping From: Pengshuping (Peng Shuping) Sent: Tuesday, December 15, 2020 11:12 AM To: [email protected]; [email protected] Subject: A new draft on APN for your review, thank you! Dear all, A new draft on APN has been posted, https://datatracker.ietf.org/doc/html/draft-peng-apn-scope-gap-analysis <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-peng-apn-scope-gap-analysis&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C4c092e96fa604c5f89eb08d8beaae006%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637468988437121080%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=2zHps5x%2BPAngdBs2OmoWDoZVfcuJR00vulMhdP8Q%2B%2FA%3D&reserved=0> . In this draft, we clarified the scope of the APN work in IETF, introduced an example use case and the basic solution. Moreover, we compared with the existing “similar” work/solutions and did corresponding gap analysis. Your review and comments are very much appreciated. Thank you! Best regards, Shuping A new version of I-D, draft-peng-apn-scope-gap-analysis-00.txt has been successfully submitted by Shuping Peng and posted to the IETF repository. Name: draft-peng-apn-scope-gap-analysis Revision: 00 Title: APN Scope and Gap Analysis Document date: 2020-12-16 Group: Individual Submission Pages: 11 URL: https://www.ietf.org/archive/id/draft-peng-apn-scope-gap-analysis-00.txt <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-peng-apn-scope-gap-analysis-00.txt&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C4c092e96fa604c5f89eb08d8beaae006%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637468988437121080%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=xM21DHtsz2HcEqAWrNzsSvcTxTKtXCaGHat2kx4Dn0c%3D&reserved=0> Status: https://datatracker.ietf.org/doc/draft-peng-apn-scope-gap-analysis/ <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-peng-apn-scope-gap-analysis%2F&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C4c092e96fa604c5f89eb08d8beaae006%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637468988437131063%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=gqxkPULsqdZjCJ7xw3qTabkdm96wv%2BSnYpNBEQ0VjA0%3D&reserved=0> Htmlized: https://datatracker.ietf.org/doc/html/draft-peng-apn-scope-gap-analysis <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-peng-apn-scope-gap-analysis&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C4c092e96fa604c5f89eb08d8beaae006%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637468988437131063%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=%2FqDARDM4UG0Drbr%2F5U4nx3HF5E1fG%2Fv2dbX3rGB5Mo0%3D&reserved=0> Htmlized: https://tools.ietf.org/html/draft-peng-apn-scope-gap-analysis-00 <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-peng-apn-scope-gap-analysis-00&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C4c092e96fa604c5f89eb08d8beaae006%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637468988437141061%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=A2v6Dqx61FmMXdHf8K2guAmQEutAz55CBye7iFscNNo%3D&reserved=0> Abstract: The APN work in IETF is focused on developing a framework and set of mechanisms to derive, convey and use an identifier to allow for implementing fine-grain user-, application-, and service-level requirements at the network layer. This document describes the scope of the APN work and the solution gap analysis.
_______________________________________________ rtgwg mailing list [email protected] https://www.ietf.org/mailman/listinfo/rtgwg
