Document: draft-ietf-l3vpn-gre-ip-2547-03.txt From: Lucy E. Lynch Date: 25 oktober 2004 Use of PE-PE GRE or IP in BGP/MPLS IP Virtual Private Networks draft-ietf-l3vpn-gre-ip-2547-03.txt "This draft has serious issues, described in the review, and needs to be rethought." Make that a "MAY have serious issues" this draft seems predicated on the theory that MPLS works just fine but IP/GRE may not - is everybody sure thats true? I don't think I understand mpls/l3vpn technology well enough to say. nits: idnits 1.34 (28 Jul 2004) draft-ietf-l3vpn-gre-ip-2547-03.txt: Abstract section seems to be numbered Checking conformance with RFC 3667/3668 boilerplate... The document seems to lack an RFC 3667 Section 5.1 IPR Disclosure Acknowledgement The document seems to lack an RFC 3668 Section 5 IPR Disclosure Acknowledgement Warnings: There are 6 instances of lines with hyphenated line breaks in the document. Concerns: - 5.2. MPLS-in-IP/MPLS-in-GRE Decapsulation by Egress PE "We assume that every egress PE is also an ingress PE, and hence has ^^^^^^ the ability to decapsulate MPLS-in-IP (or MPLS-in-GRE) packets." Is this a MUST or a SHOULD? - 6. Implications on packet spoofing "The filtering described in the previous paragraph works only within a single SP network. It is not clear whether (and how) this filtering could be extended to support multiple SP networks. That makes the scheme described in this document fairly problematic in the multi- provider environment." This seems like a fairly important security issue Question (may be dumb): Are there internal tunnel viability issues that need to be addressed? see: draft-ietf-l3vpn-framework-00.txt section 4.3.5 on Tunnel maintenance Several issues around tunnel failure are raised and the I'm not sure the overall conclusion: "With hierarchical tunnels it may suffice to only monitor the outermost tunnel for loss of connectivity. However there may be failure modes in a device where the outermost tunnel is up but one of the inner tunnels is down." works once you've wrapped the tunnel inside IP/GRE A Puzzlement: - 12. Acknowledgment "Most of the text in this document is "borrowed" almost verbatim from draft-rosen-ppvpn-ipsec-2547-00.txt" An rfcdiff on these two documents shows majors differences across the board (e.g. compare rosen section 2.6 to section 5.2 above) -