Stephen: They are adding 2 BGP Extended communities. They are modifying rules for distribution of BGP routes and PIM trees in the case of MPLS VPNs supporting multicast. The thing that worries me is they are stating that "breaking any of the policy rules" is a security consideration. However, as far as I can tell the specification lacks an indication of how to trace or audit such rules.
P as to "Private" VPNS is simply an indication of overlay VPNS used for a set of customers. Just one variant of routing technology specified, IMHO. Sue -----Original Message----- From: BESS [mailto:[email protected]] On Behalf Of Stephen Farrell Sent: Thursday, December 17, 2015 8:54 AM To: Benoit Claise; The IESG Cc: [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected] Subject: Re: [bess] Benoit Claise's Discuss on draft-ietf-bess-mvpn-extranet-04: (with DISCUSS and COMMENT) On 17/12/15 13:30, Benoit Claise wrote: > 3) Is security section really a security section? It seems more like > “do this policy” or this will fail. It should get a stronger review > from the security directorate I've not posted a ballot for this one as my question is more "What does P really stand for in this kind of VPN?" and I don't really get what here is new that requires a PS. So any security discuss would likely be met by "not new, can't change" and is therefore perhaps not the best use of our time. It'd be better if we could get some folks to try to re-instate the P == Private in VPN. (But that is admittedly very hard if one really has to do multicast.) S. _______________________________________________ BESS mailing list [email protected] https://www.ietf.org/mailman/listinfo/bess _______________________________________________ BESS mailing list [email protected] https://www.ietf.org/mailman/listinfo/bess
