[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

comments on draft-ietf-ppvpn-generic-reqts

To: iesg@ietf.org
Subject: comments on draft-ietf-ppvpn-generic-reqts
From: Alex Zinin <zinin@psg.com>
Date: Mon, 3 Feb 2003 14:41:32 -0800

4.10

  Should be more explicit about the difference in data-plane and
  control-plane resources of the network.

  As with data-plane resource sharing, should talk about SLAs for
  control-plane for the cases where the SP's control plane is used to
  distribute customer's routes, i.e., how does addition of another 100
  VPN sites to a PE not mean slower convergence of those 10 connected
  to it before. I.e., it doesn't seem to be enough to talk about
  failures... isn't control-plane service degradation not a concern?
  What about affects on the Internet routing from this perspective
  (i.e., routing instabilities in a VPN with thousands of sites
  affecting the Internet because of lousy job with resources
  separation in the PEs that also run INET BGP)?

  These considerations should also be reflected in the Security
  Considerations section--DoS attacks on PE control plane CPU are
  possible.

5.1.3:

>    The following example applies to the number of tunnels necessary in
>    various devices in the network. In a PE-based VPN, edge-to-edge
>    tunnels (PE-to-PE)  need to be established, while in a CE-based VPN,
>    end-to-end tunnels between  pairs of CEs are necessary. Therefore,in
>    general, PE-based VPNs scale better than CE-based VPNs, although the
>    scalability of CE-based VPNs may be improved by tunnel aggregation
>    between PEs.

This example presupposes MPLS as the tunneling technology. If the
network does not have to maintain state for tunnels (as it doesn't for
TCP connections, for instance), one could argue that the CE-based
solution actually scales better, since a given CE needs to terminate
only a limited set of tunnels within the VPN it belongs to, while in
the PE-based case, each PE serves a high number of VPNs, and hence
potentially several orders of magnitude more tunnels.

>    A scalable PE-based solution should quantify the amount of state that
>    a PE and P device must support. This should be stated in terms of the
>    total  number of VPNs and site interfaces supported by the service
>    provider.

The second sentence seemed a bit strange. Wasn't a O()-style function
of those meant instead?

>    A CE-based solution should quantify the state and scaling limits.
>    This should be stated in terms of the number of tunnels supported,
>    how these tunnels are provisioned and maintained (e.g., key
>    exchange), how routing occurs across these tunnels, and what the
>    impact of changes in the network topology do to the convergence
>    performance of such a solution.

Why is this for CE-based solutions only? I'd say same questions are
valid for PE-based scenarios too.

5.2.1.

>    A customer should be able to make dynamic requests for changes to
>    traffic parameters. A customer should be able to receive real-time
>    response from the SP network in response to these requests.  One
>    example of such as service is a "Dynamic Bandwidth management"
>    capability, that enables real-time response to customer requests for
>    changes of allocated bandwidth allocated to their VPN(s).

DoS discussion in Security Considerations on this?

6.2.

>    The plug and play feature of a VPN solution with minimum
>    configuration requirements is an important consideration. The VPN
>    solutions should have mechanisms for protection against customer
>    interface and/or routing instabilities so that they do not impact
>    other customers' services.

"...or interfere with the Internet routing"

-- 
Alex

Prev by Date: re: draft-ietf-trade-iotp-v1.0-set-02.txt
Next by Date: Re: Prod: Directorates pages
Previous by thread: re: draft-ietf-trade-iotp-v1.0-set-02.txt
Next by thread: Fwd: Public Review Issues update
Index(es):
- Date
- Thread