On Wed, 18 Jun 2003, Vach Kompella wrote: > > > - the IETF is too large, so we shouldn't be adding more work > > > > Yes. > > So we should not do any new work?! We should focus on the work that is more integral to IP and the Internet. > > 1. Virtual Private LAN Service. This is Internet-wise ethernet bridging > > over routing protocols such as BGP, IS-IS, etc; further, this has > > typically little respect for security implications which are implicit (or > > even explicit) in LAN networks. > > > > So, my main points are: > > > > - we must not overload routing protocols and such infrastructure (IMHO, > > this seems an inevitable path the work would go towards..) > > If you use LDP, it is NOT a routing protocol. The specific mode of use > (targeted LDP) is already described in RFC 3036. The FECs are different, but > the FEC TLV was defined in such a way as to be extensible. Then LDP has been quite carefully cloaked as being one ("graceful restart for LDP, ..") :-) The problem is of course also with the statement "If you use LDP..". But there also seem to be some interests in placing stuff elsewhere, like in BGP. > > - we must not create complexity by deploying ethernet bridging all over > > the Internet. Our work should be focused on making IP work, not > > specifying Ethernet-over-IP (or worse, Ethernet-over-IP as a *service*). > > Primarily, folks want to use it as in "Ethernet-over-MPLS". That may not > necessarily go down well with you either, but think of MPLS as a logical FR. > Providers do not want to change their infrastructure, e.g., replace a FR cloud > with an ATM cloud, then with SONET or GigE. That's mega-expensive. By > abstracting the L2 using MPLS, they can provide the L2VPN service without > wholesale infrastructure replacement. Bridging networks at layer _3_ with VPN's is a bit questionable, but that is a bit more in our radar. I don't think this is something we can endorse, as a model. > > - it is architecturally wrong: use different subnets, period -- that's > > what those are meant for in the first place! > > Use different subnets to create VPNs? I don't understand what you mean. VPLS > and VPWS address a requirement for multiple domains (aka VPNs), logically > distinct from and invisible to each other. Why would you want to do something like: __-----___ Ethernet ( ) The _same_ Ethernet segment ======= ( Internet ) ===== segment! (__ ___) ----- Instead, build two separate ethernet segments: one with IP addressing from 1.1.1.0/24 and the other from 1.1.2.0/24. You may even want to build a L3 VPN between the two. But Ethernet? That seems misguided. > > 2. Virtual Private Wire Service > > > > This is slightly better as you're "only" performing point-to-point > > communication. Same considerations as above apply, to a slightly lesser > > extent. > > > > Btw. how is this different from currently-specified GRE tunneling? It > > being made a "service"? > > GRE-tunneling is one option, but only for the transport of the VC. However, you > need a demux field to identify the VC that you are carrying. Carrying one > customer VC between a pair of PEs is obviously not adequate. I meant GRE tunneling between CPE's. :-) > Tunneling is not new in the IETF. The fact that you are tunneling what may be > non-IP packets seems to be giving you the heebie-jeebies. Why? What about the > tn3270, dlsw, netbios over ip work that has gone on in the past? A little > massaging to make the packet look like data to be carried over an IP network, > and some implementation details at the edges. I remember the multipoint media happen to have some assumptions about the network, e.g. the use of interpacket delay and the use collision detection. These change a lot of when you expand the scope of an Ethernet beyond a physical segment. Of course, these may not be always problematic, if you require switched Ethernet segments, but the thought is worrisome regardless. Moreover, we work on an IP layer. We enable IP layer to be able to handle our tasks. If there is some problem why we cannot just use different IP subnets between the two (or multiple) end-points, we need to fix that problem, not burrow even further down the ISO layers. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings