Hi,
On Wed, 18 Jun 2003, Harald Tveit Alvestrand wrote:
I can think of some possible reasons, not necessarily exclusive
- this is a bad idea/impossible to do well, so we shouldn't do it
Yes to both.
- some other organization is already doing it, so we shouldn't
No idea about that.
- we're too stupid to get it right, so we shouldn't do it
Yes.
- the IETF is too large, so we shouldn't be adding more work
Yes.
From your message, I can't tell which of those, or of any number of other
possible objections, is the basis of your objection.
BTW - all these things were already being worked on in PPVPN. Some were
even described in the charter.
Fair question, I probably should have included more text in the first
place :-).
1. Virtual Private LAN Service. This is Internet-wise ethernet bridging
over routing protocols such as BGP, IS-IS, etc; further, this has
typically little respect for security implications which are implicit (or
even explicit) in LAN networks.
So, my main points are:
- we must not overload routing protocols and such infrastructure (IMHO,
this seems an inevitable path the work would go towards..)
- we must not create complexity by deploying ethernet bridging all over
the Internet. Our work should be focused on making IP work, not
specifying Ethernet-over-IP (or worse, Ethernet-over-IP as a *service*).
- it is architecturally wrong: use different subnets, period -- that's
what those are meant for in the first place!
- the model has significant security modifications.
Seems like some operators want to move their frame relay (and what have
you) customers to be bridged over IP, instead of fixing their networks.
(I'm allowed to say that because I work for an ISP :-). And vendors are
desperate to provide to solutions for these "needs". But is this the
right approach? I don't think so.
2. Virtual Private Wire Service
This is slightly better as you're "only" performing point-to-point
communication. Same considerations as above apply, to a slightly lesser
extent.
Btw. how is this different from currently-specified GRE tunneling? It
being made a "service"?
3. IP-only L2 VPNs
This seems a subset of case 1), which seems almost reasonable when it's
made for point-to-point links. I just don't see why folks would really
want anything like this. I can't figure out *one* area of applicability
where using layer 3 mechanisms couldn't be made to work around the issue.
--On onsdag, juni 18, 2003 09:27:49 +0300 Pekka Savola
<pekkas(_at_)netcore(_dot_)fi>
wrote:
Hi,
I do not think this WG should be chartered.
On Tue, 17 Jun 2003, The IESG wrote:
1. Virtual Private LAN Service (VPLS)--L2 service that emulates LAN
across an IP and an MPLS-enabled IP network, allowing standard
Ethernet devices communicate with each other as if they were
connected to a common LAN segment.
I *definitely* think we should *NOT* be working on this.
2. Virtual Private Wire Service (VPWS)--L2 service that provides L2
point-to-point connectivity (e.g. Frame Relay DLCI, ATM VPI/VCI,
point-to-point Ethernet) across an IP and an MPLS-enabled IP
network.
We shouldn't be working on this.
3. IP-only L2 VPNs--L2 service across an IP and an MPLS-enabled
IP network, allowing standard IP devices to communicate with each
other as if they were connected to a common LAN segment or a
point- to-point circuit.
We may have to work on the point-to-point L2 VPN case, but I'd like to
see alternative approaches to this.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
_______________________________________________
This message was passed through
ietf_censored(_at_)carmen(_dot_)ipv6(_dot_)cselt(_dot_)it, which
is a sublist of ietf(_at_)ietf(_dot_)org(_dot_) Not all messages are
passed. Decisions on
what to pass are made solely by Raffaele D'Albenzio.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings