One document matched: draft-rosen-ppvpn-2547bis-protocol-02.txt
Differences from draft-rosen-ppvpn-2547bis-protocol-01.txt
Network Working Group Eric C. Rosen
Internet Draft Cisco Systems, Inc.
Expiration Date: August 2003
February 2003
Protocol Actions for RFC2547bis
draft-rosen-ppvpn-2547bis-protocol-02.txt
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Abstract
The purpose of this document is to list all the protocol changes
specified in [rfc2547bis] and related drafts which might be regarded
to require approval or other action by IETF WGs other than the PPVPN
WG. This document is for temporary administrative purposes only, and
does not itself specify a protocol or an architecture.
Rosen [Page 1]
Internet Draft draft-rosen-ppvpn-2547bis-protocol-02.txt February 2003
Table of Contents
1 Introduction ........................................... 2
2 BGP Protocol Extensions ................................ 2
2.1 Required Extensions .................................... 2
2.2 Optional Extensions .................................... 3
3 OSPF Protocol Extensions ............................... 3
4 IPsec Considerations ................................... 4
5 Multicast Considerations ............................... 5
6 Security Considerations ................................ 5
7 References ............................................. 5
1. Introduction
The purpose of this document is to list all the protocol changes
specified in [RFC2547bis] and related drafts which might be regarded
to require approval or other action by IETF WGs other than the PPVPN
WG. This document is for temporary administrative purposes only, and
does not itself specify a protocol or an architecture.
2. BGP Protocol Extensions
There are no BGP protocol extensions which require action by any IETF
WG before [RFC2547bis] may be progressed to proposed standard. The
remainder of this section lists the BGP protocol extensions that are
used, and their status.
2.1. Required Extensions
Required for the implementation of the VPN architecture specified in
[RFC2547bis] are the following BGP extensions (to which [RFC2547bis]
makes normative references):
- "BGP Multiprotocol Extensions for BGP-4", RFC 2858 (Proposed
Standard)
- "BGP Extended Communities Attribute", draft-ietf-idr-bgp-ext-
communities-05.txt (has passed WG Last Call, on Standards track)
Rosen [Page 2]
Internet Draft draft-rosen-ppvpn-2547bis-protocol-02.txt February 2003
- "Capabilities Advertisement with BGP-4", RFC 2842 (Proposed
Standard)
[RFC2547bis] itself defines a new BGP address family, "VPN-IPv4
Labeled Addresses", but does so in accordance with procedures
specified in RFC 2858. [2547-IPv6] also defines a new BGP address
family, "MPLS-labeled VPN-IPv6".
2.2. Optional Extensions
The following BGP extensions (to which [RFC2547bis] makes NON-
normative references) are optional for the VPN architecture specified
in [RFC2547bis]:
- Route Refresh Capability for BGP-4, RFC 2918 (Proposed Standard)
- "Cooperative Route Filtering Capability for BGP-4", draft-ietf-
idr-route-filter-06.txt (BGP working group document)
3. OSPF Protocol Extensions
[RFC2547bis] does not itself specify the procedures used when OSPF is
the PE/CE routing protocol. This is largely specified in the draft
"OSPF as the PE/CE Protocol in BGP/MPLS VPNs", draft-rosen-vpns-
ospf-bgp-mpls-04.txt [VPN-OSPF]. As [RFC2547bis] does not require
the use of OSPF as the PE/CE routing protocol, [RFC2547bis]'s
reference to [VPN-OSPF] is non-normative.
[VPN-OSPF] does not require any protocol changes which require action
by any IETF WG. However, [VPN-OSPF] does not specify procedures for
handling the case where the PE/CE link is an Area 0 link. This is
specified in a separate draft, [VPN-OSPF-Area0]. Since [VPN-OSPF]
does not require support for the case where the PE/CE link is an Area
0 link, any reference from it to [VPN-OSPF-Area0] would be non-
normative.
[VPN-OSPF-Area0] does require an extension to the OSPF protocol. In
particular, it assigns a use for one of the hitherto unused OSPF
Options bits. This does require approval by an IETF WG.
Rosen [Page 3]
Internet Draft draft-rosen-ppvpn-2547bis-protocol-02.txt February 2003
4. IPsec Considerations
In [2547-IPsec], procedures are defined to enable packets between PE
routers to be encrypted and/or authenticated via IPsec. This is done
by first creating an IP tunnel that beings at one PE router and ends
at the other. The MPLS packets are placed in this IP tunnel. IPsec
Transport Mode is then applied to the packets that enter and leave
this tunnel. No changes to IPsec or its related protocols are
specified or envisioned. However, the way in which IPsec is used
might be considered "unusual" in the following respects:
- Transport mode is used, although the endpoints of the Security
Association are not the ultimate source and destination of the
packets. This is not thought to be an issue, though, because the
endpoints of the SA ARE the source and destination of the IP
packets to which IPsec is applied.
- The egress PE is optionally allowed to exert policy control over
the Security Association, and BGP may be optionally used to
distribute policy information. The existence of policy control
at the egress is a common industry practice, though some have
argued that this is not what the IPsec specifications originally
intended.
- The set of packets sent on a particular Security Association is
determined by routing, rather than by filtering on the packet
header. While this is a common industry practice, some have
argued that this is not a "proper" use of IPsec.
In the opinion of the author, these are non-issues, but they are
mentioned here in recognition of the fact that there may be other
opinions.
There are some additional considerations from [2547-IPsec]:
- That document references [MPLS-in-IP/GRE], which is being
proposed to the MPLS WG, but is not yet a working group document.
Arguably the reference is non-normative.
- Optional parts of that [2547-IPsec] require the definition of
additional BGP Extended Communities.
Rosen [Page 4]
Internet Draft draft-rosen-ppvpn-2547bis-protocol-02.txt February 2003
5. Multicast Considerations
This section is deferred to a later revision.
6. Security Considerations
As this document is for administrative purposes only, and specifies
no architecture, protocols, procedures, or practices, it does not
raise any security considerations.
7. References
[2547-IPsec] Rosen, De Clercq, Paridaens, T'Joens, Sargor, "Use of
PE-PE IPsec in RFC2547 VPNs", draft-ietf-ppvpn-ipsec-2547-03.txt,
February 2003
[2547-IPv6] Nguyen, Gastaud, Ooms, De Clercq, Carugi, "BGP-MPLS VPN
extension for IPv6 VPN over an IPv4 infrastructure", draft-ietf-
ppvpn-bgp-ipv6-vpn-03.txt, November 2002
[BGP-MP] Bates, Chandra, Katz, and Rekhter, "Multiprotocol Extensions
for BGP4", June 2000, RFC 2858
[BGP-EXTCOMM] Ramachandra, Tappan, "BGP Extended Communities
Attribute", draft-ietf-idr-bgp-ext-communities-05.txt, May 2002
[BGP-ORF] Chen, Rekhter, "Cooperative Route Filtering Capability for
BGP-4", draft-ietf-idr-route-filter-08.txt, January 2003
[BGP-RFSH] Chen, "Route Refresh Capability for BGP-4", March 2000,
RFC 2918
[MPLS-in-IP/GRE] "Encapsulating MPLS in IP or GRE", draft-ietf-
mpls-in-ip-or-gre-00.txt, January 2003
[RFC2547bis] Rosen, Rekhter, et. al., "BGP/MPLS VPNs", draft-ietf-
ppvpn-r4fc2547bis-03.txt, October 2002
[VPN-OSPF] Rosen, Psenak and Pillay-Esnault, "OSPF as the PE/CE
Protocol in BGP/MPLS VPNs", draft-rosen-vpns-ospf-bgp-mpls-06.txt,
February 2003
[VPN-OSPF-Area0] Rosen, Psenak, and Pillay-Esnault, "OSPF Area 0
PE/CE Links in BGP/MPLS VPNs", draft-rosen-ppvpn-ospf2547-area0-
02.txt, February 2003
Rosen [Page 5]
Internet Draft draft-rosen-ppvpn-2547bis-protocol-02.txt February 2003
Rosen [Page 6]
| PAFTECH AB 2003-2026 | 2026-04-20 15:02:23 |