Re: [savi] Gen-ART review of draft-ietf-savi-threat-scope-06
Then it will be done. I will wait for the AD to decide what other changes are needed, and then will either make this change or include it in an RFC Editor note. Thank you, Joel On 3/27/2013 12:42 PM, Black, David wrote: That would do nicely. Thanks, --David -Original Message- From: Joel M. Halpern [mailto:j...@joelhalpern.com] Sent: Wednesday, March 27, 2013 12:30 PM To: Black, David Cc: Ted Lemon; McPherson, Danny; s...@ietf.org; ietf@ietf.org; gen- a...@ietf.org; Jean-Michel Combes; joel.halp...@ericsson.com Subject: Re: [savi] Gen-ART review of draft-ietf-savi-threat-scope-06 Would it suffice to replace Old: If the bridging topologies which connects the switches changes, or if LACP [IEEE802.3ad] changes which links are used to deliver traffic, the switch may need to move the SAVI state to a different port, are the state may need to be moved or reestablished on a different switch. New: If the bridging topologies which connects the switches changes, or if LACP [IEEE802.3ad], VRRP, or other link management operations, change which links are used to deliver traffic, the switch may need to move the SAVI state to a different port, are the state may need to be moved or reestablished on a different switch. ? Proposed changes on the second - fourth lines above. Yours, Joel On 3/26/2013 7:45 PM, Black, David wrote: Ted, Remembering that this is an informational draft, which does a pretty good job of informing the reader about the problem space, is it your opinion that the issues you have raised _must_ be addressed before the document is published, or do you think the document is still valuable even if no further text is added to address your concern? At a minimum, in section 4.1.2, this should be addressed: b) the new text implies that LACP is the only way to cause this situation - it's not, so LACP should be used as an example. I'm not sure I've seen Fred's response, but that change would suffice. An RFC Editor note should suffice. Thanks, --David -Original Message- From: Ted Lemon [mailto:ted.le...@nominum.com] Sent: Monday, March 25, 2013 9:38 PM To: Black, David Cc: McPherson, Danny; Fred Baker; joel.halp...@ericsson.com; gen- a...@ietf.org; Jean-Michel Combes; s...@ietf.org; ietf@ietf.org Subject: Re: Gen-ART review of draft-ietf-savi-threat-scope-06 On Mar 25, 2013, at 9:04 PM, "Black, David" wrote: Summary: This draft is on the right track, but has open issues, described in the review. While I identified the same issue you did with switching systems that do link aggregation and other magic, I think that the document is useful whether this is fixed or not. It's true that it doesn't have a full section that talks specifically about this problem, but I think it's unlikely that the authors are going to add one-when I mentioned it to Joel, he didn't express excitement at the prospect. I think Fred's response, while a little salty, accurately represents the situation: the working group produced this document, the document does what it's supposed to do, one could continue to polish it indefinitely, but then the document would never get published. Remembering that this is an informational draft, which does a pretty good job of informing the reader about the problem space, is it your opinion that the issues you have raised _must_ be addressed before the document is published, or do you think the document is still valuable even if no further text is added to address your concern? ___ savi mailing list s...@ietf.org https://www.ietf.org/mailman/listinfo/savi
Re: [lisp] Last Call: (LISP EID Block) to Informational RFC
Most of what you describe Sander sounds reasonable, and sounds aligned with what is i the deployment documents. The WG debated the EID allocation extensively. One could argue that there is no need for it, that we could merely request that PI allocations be granted for LISP EID usage individually. The WG felt that if we could get all IPv6 LISP EID allocations from a single block that was not used for anything else, that would simplify avoiding lookups in the mapping system that were inevitably going to fail. Thus the allocations request. Yours, Joel On 11/16/2012 4:12 PM, Sander Steffann wrote: Hi Joel, Why does any operator have a reason to carr any routes other than their paying customers? Because it provides connectivity for their customers. If we get this block allocaed, then it results in 1 extra routing entry in the global routing table to support LISP inter-working. An entry that some of their customers may use, whether the operator carrying it knows that or not. In fact, it would take significant extra work for the operator to somehow block this aggregate. If LISP fails, this is a small cost to find out. If LISP succeeds, this results in significant reduction in core tabl sizes for everyone. That still assumes the altruistic routing of the prefix. And I am afraid that if the usage of this block gets a bad reputation that all LISP usage will share that reputation. I really like LISP but I am still not convinced that it's a good idea. If we can find a way to get the EID prefix routed in a reliable way then I would love it! I really care about LISP and I am afraid that: people see unreliable routing for EID /16 => assume LISP is unreliable. That is why I am pushing so hard to get this sorted out. Hmmm. What about the following strategy: - Start with the EID prefix being handed out like PI - Either through the RIRs if they are willing to take the responsibility - Or from a separate registry - Some altruistic /16 PITRs might show up in the global BGP table - A holders of a (assume) /48 from the EID prefix can arrange PITRs for their own space - And announce it as a separate route in the global BGP table (for now) - Keep the routing and reliability under their own control - If the experiment is a success we advise ISPs to: - Install their own PITRs for the /16 - Filter out the /48s at their border The filtering of the more-specifics once they have their own PITRs will make sure that they use those PITRs and that they will use the most optimal path to the locators as soon as possible. It will also keep their routing table smaller. If enough big transit providers offer /16 PITRs to their customers then the more-specifics might be filtered on a larger scale. So, summary: The ways to reach a PITR would be a) Run your own PITR (big networks, LISP users) b) Use one from your transit(s) (smaller networks that don't have their own) c) Use an altruistic one as last resort As long as (a) and (b) aren't a reality the LISP users who don't want to rely on (c) can run/rent/etc a PITR for their own space. I think the routing community would really appreciate it if all those more-specific routes would be temporary until wide deployment of (a) and (b) make them unnecessary. And if this doesn't become a success we have a bunch of /48 prefixes to the separate PITRs in the BGP table. It won't be much, otherwise we would have declared success. So the risk of messing the BGP table up is very limited. And when can tell people: if you are bothered by those more-specifics in your routing table you can always deploy your own PITRs and filter the more-specifics at your border. That might keep everyone happy. What do you think? Thanks, Sander
