Document Title: Multi-segment SD-WAN via Cloud DCs Authors: K. Majumdar, L. Dunbar, V. Kasiviswanathan, A. Ramchandra, A. Choudhary Intended Status: Standards Track Shepherd: Chongfeng Xie Responsible AD: Jim Guichard
(1) Type of RFC Standards Track. The document defines new protocol elements (a GENEVE Option Class and Sub-TLV registry) requiring IANA action, thus Standards Track is appropriate. (2) Technical Summary This document specifies a method for connecting multiple SD-WAN segments via Cloud Backbones without decrypting/re-encrypting user traffic at Cloud Gateways. The approach uses GENEVE encapsulation (RFC 8926) to carry metadata alongside IPsec-encrypted payloads. The draft defines: - A new GENEVE Option Class for Multi-Segment SD-WAN. - Sub-TLVs for metadata (e.g., egress GW, region restriction, exclusion, authentication). - Procedures for ingress/egress Cloud GWs. - Error handling, manageability, and security considerations. (3) Working Group Summary The document has not yet gone through Working Group Last Call. However, based on the discussion within RTGWG and the importance of the technical problem addressed, the document is considered ready to proceed to WGLC. No significant controversy remains. (4) Document Quality The draft is well written and includes diagrams, deployment motivation, and detailed considerations for security and manageability. External review has already influenced improvements. Further review by NVO3/GENEVE experts may be helpful, but no fundamental issues are expected. (5) IPR Each author has confirmed compliance with BCP 78/79. No IPR disclosures have been filed against this document. (6) Consensus There was sufficient WG support for the document, with positive feedback from both vendors and operators. (7) Appeals No threats of appeal or indications of extreme discontent. (8) ID Nits and References No unresolved nits. Normative references are to stable RFCs (e.g., RFC 8174, RFC 8926). Informative references include relevant drafts (e.g., Edge Discovery, Lightweight Authentication), but publication is not blocked by their progress. (9) IANA Considerations The draft requests: 1. Allocation of a new GENEVE Option Class (0x0163). 2. Creation of a new IANA registry Multi-Segment SD-WAN Sub-TLVs (assignment policy: IETF Review). 3. Registration of Sub-TLVs defined in this document. These requests are clearly described in Section 11 and follow standard practice. (10) Security Considerations The draft provides a detailed threat analysis. Key points: - GENEVE headers are not encrypted → risk of metadata tampering. - Mitigations: optional HMAC Sub-TLV, or AH/ESP-NULL for stronger protection. - Cross-domain deployments require authentication/authorization policy enforcement. - Payload confidentiality is preserved by IPsec. Security considerations are judged sufficient for Standards Track. (11) Conclusion The Shepherd has reviewed the document carefully and believes it is technically sound and ready for advancement. The security and IANA considerations are clearly specified. The draft aligns with existing standards and deployment practices. Based on the technical discussions in RTGWG and the relevance of the problem it addresses, it is judged ready for WGLC. Chongfeng
_______________________________________________ rtgwg mailing list -- [email protected] To unsubscribe send an email to [email protected]
