A Framework for Network Resource Partition (NRP) based Enhanced Virtual Private Networks
draft-ietf-teas-enhanced-vpn-20
Yes
Jim Guichard
No Objection
Deb Cooley
(John Scudder)
(Murray Kucherawy)
(Zaheduzzaman Sarker)
Note: This ballot was opened for revision 19 and is now closed.
Jim Guichard
Yes
Deb Cooley
No Objection
Roman Danyliw
No Objection
Comment
(2024-06-11 for -19)
Not sent
Thank you to Christer Holmberg for the GENART review. ** Abstract This document also provides an overview of relevant technologies in different network layers, and identifies some areas for potential new work. The new areas of work weren’t clear. ** Section 3.2.1. Editorial. Some professional services are used to relying on specific certifications and audits to ensure the compliancy of a network with traffic isolation requirements, and specifically to prevent data leaks. What is a “professional services”? I know that term as “consulting”.
Erik Kline Former IESG member
Yes
Yes
(2024-06-11 for -19)
Sent
# Internet AD comments for draft-ietf-teas-enhanced-vpn-19 CC @ekline * comment syntax: - https://github.com/mnot/ietf-comments/blob/main/format.md * "Handling Ballot Positions": - https://ietf.org/about/groups/iesg/statements/handling-ballot-positions/ ## Comments ### S15 * The FlexE link seems to be a 404. Some light googling found this working link: https://www.oiforum.com/wp-content/uploads/OIF-FLEXE02.1.pdf but I don't know if that's what the authors/wg intend.
John Scudder Former IESG member
No Objection
No Objection
(for -19)
Not sent
Murray Kucherawy Former IESG member
No Objection
No Objection
(for -19)
Not sent
Paul Wouters Former IESG member
No Objection
No Objection
(2024-06-13 for -19)
Sent
"Enhanced VPNS" can be easily confused for EVPN / Ethernet VPN ? The
term is also sometimes capitalized and sometimes not, making it look
like a formal term and sometimes like an informal description. Why
not avoid using the word enhanced and call it "NRP VPN" ?
[RFC9543] discusses the general framework, components, and interfaces for
requesting and operating network slices using IETF technologies. These network
slices may be referred to as RFC 9543 Network Slices, but in this document
(which is solely about IETF technologies) we simply use the term "network
slice" to refer to this concept.
There was a long discussion with the IESG for RFC9543 to not confuse the technology
with 5G network slices. Creating this "alias" here of course counters that whole
concept.
While an enhanced VPN service may be sold as offering encryption
and other security features as part of the service, customers
would be well advised to take responsibility for their own
security requirements themselves possibly by encrypting traffic
before handing it off to the service provider.
This is true of all VPNs, and not really a security consideration for NRP VPNs ?
The privacy of enhanced VPN service customers must be
preserved. It should not be possible for one customer to discover
the existence of another customer, nor should the sites that
are members of an enhanced VPN be externally visible.
Same here?
Zaheduzzaman Sarker Former IESG member
No Objection
No Objection
(for -19)
Not sent