IETF Debates On: MPLS Is Bad 94
A reader writes "MPLS, or Multi-protocol Label Switching, seems to be a popular choice for router vendors nowadays until two AT&T researchers argue it differently. They "say MPLS create serious network management challenges for Internet backbone providers." "Even more dire are their warnings about potential security and privacy problems for companies that deploy MPLS-based VPNs." This issue will be discussed on an IETF meeting held this week in London. More details here ." Related to the IETF [?] , this submission came in: The Internet Engineering Task Force (IETF)
is now meeting in London for
IETF-51.
You can watch
multicast sessions. "
User's view (Score:3, Informative)
As a user of a 300+ site MPLS VPN ompressions are generally very good. Apart from a few bugs where MPLS tags are ocasionally lost.
The alternative of a 300 site IPSEC Tunnel VPN with full mesh connectivity would be a lot harder to manage.
slashnik
Re:User's view (Score:2)
I also don't quite understand why you say that a "300 site IPSEC Tunnel VPN" would be harder to manage. It seems that if you have a public key infrastructure (and you need that anyway), any two sites can easily and securely identify themselves to each other and set up a VPN between them if they choose; there should be no need for any central administration or management at all, at least if you have reasonably good software at the endpoints.
Re:User's view (Score:2)
You can easily run IPSec tunnels over MPLS if this concerns you, but it's a lot harder to run a huge IPSec VPN than an MPLS VPN. Both of them have their role, and will increasingly be used together - MPLS VPNs for scalability and other MPLS benefits, IPSec for end to end encryption.
Re:User's view (Score:2)
That doesn't sound particularly reassuring, since it relies on physical security, integrity of your infrastructure, and trust in your provider if you outsource. For example, if anybody breaks into some machine that's part of your infrastructure, they can potentially get access to all the traffic going through that router.
it's a lot harder to run a huge IPSec VPN than an MPLS VPN
I still don't understand what you mean by this. What is there "to run" with a VPN? For a VPN, you need to know the gateways, subnets, and public keys of anybody you want to talk to (if you don't want encryption, you don't need the keys), and you don't have to think about transports or routing at all since that is taken care of by the existing Internet infrastructure. It seems to me that MPLS requires you to worry about additional things. So, I really don't see how MPLS makes things simpler for anybody when it comes to VPNs.
Re:User's view (Score:2)
This is enough of an issue for large networks that hardware sales are swung by the IPSec provisioning/policy software, and larger providers are looking for solutions that scale to tens of thousands of sites.
MPLS VPNs also typically require provisioning software, but by contrast most of the work is done on provider-edge routers, and can even be done by hand. MPLS VPNs don't require any tunnels at all - you just connect a new site into the VPN, and BGP automagically distributes the IP-to-label bindings around the network, keeping each VPN's address space separate. The per-packet overhead is only 4 bytes, which is significant when you want to roll out enterprise-wide VoIP over the VPN.
If you are running IPSec without encryption over the Internet, your VPN security is quite non-existent, and much lower than an MPLS VPN, so I'd be surprised if many people do this.
Re:User's view (Score:2, Interesting)
The alternative would have been a private network over leased lines or frame relay links. We have a virtual private network in that all sites are linked together over a 3rd party core providing seperacy of data / routing protocols from other users of the 3rd party core. Where security is required we still encrypt data using IPSEC over the MPLS VPN.
With the MPLS solution there is "single hop" connectivity between all sites at all times.
Wouldn't there be high management overhead to reproduce with IPSEC tunnels?
slashnikRe:User's view (Score:2)
I don't see why. With a VPN, each participant needs to know the public keys, gateways, and subnets of all the others it wants to talk to directly. You can distribute and update that information automatically from a central, public site as a single file and have it installed on each satellite system automatically. How much easier can it get?
MPLS somewhere requires at least the same amount of information. Now, maybe your communications provider uses their internal customer/equipment database to hide this from you, but the bookkeeping is still happening, and presumably you are paying for the convenience. Furthermore, since your provider isn't doing encryption for you with MPLS, you still have the same key distribution problem, so you end up doing the distribution yourself anyway, at least if you want any kind of security.
So, overall, I still don't get it. In terms of total effort, MPLS seems no easier to set up and use than a VPN to me. It's shifting some of the work around, but its lack of encryption means that you end up duplicating effort anyway.
Re:User's view (Score:1)
Re:User's view (Score:2)
Let me ask you the corresponding question. With MPLS, how do you handle encryption? Do you just not bother? Do you do it in software? Or do you use hardware? How do you distribute keys and how do you revoke them? How do you install those keys on your encryption hardware if you are using hardware?
So, the question is: why is the industry pushing MPLS rather than offering better VPNs? Probably MPLS is really being deployed because it addresses another problem, and this is just another service that can be offered using it. No doubt, users find it convenient given that devices with equivalent/better VPN-based functionality aren't being sold (as widely?). Communications providers may like that it creates a "closer relationship" with their customer (i.e., you probably won't switch as easily). Hardware manufacturers may see an opportunity to sell a lot more boxes. I don't know exactly what the reason is, that's what I'm trying to understand (thanks--the discussion so far has helped). In any case, I'd hold on to my wallet :-)
Re:User's view (Score:1)
The main point to remember here is that the carriers' MPLS VPN service was an alternative to having to build a private country wide 300 node network. It would be pretty expensive to do this where each site requires E1(T1) access. Even once it's built it would cost a fortune to run and manage
When encryption is required, eg. for financial data, encryption is done in hardware (NIC -> Router) this is not my area so I don't know how keys are handled
As to why the industry is pushing VPN's, It may be that to large service providers bandwidth is pretty cheap. MPLS VPN's provide them with a way that they can productize this bandwith while keeping logical separation between the customers networks. Customers can even use the same IP address ranges.
Use a routing protocol (Score:2)
MPLS VPNs are based on running the enterprise's routing protocol throughout the VPN, so there is no need to manually configure static routes everywhere (which is what your posting describes). Actually MPLS VPNs encapsulate the routing updates across the core, so that core routers never see the full VPN routing tables, but the effect is the same.
Re:Use a routing protocol (Score:2)
Now, let's say that VPN configuration was as complex as Internet routing. Why develop MPLS when all you you want is a dynamic update of VPN configuration information? Why do all the routers in between the VPN endpoints need to do something different? And, as I indicated, you still have the (dynamic) key distribution problem, unless you send plaintext data outside your network (shudder).
Re:Use a routing protocol (Score:2)
There are some people who have done dynamic protocols for VPN node discovery for both IPSec and MPLS VPNs, but the problem is somewhat simpler in the MPLS case.
Please read a bit about MPLS VPNs, then this will become much clearer - a good site to start at is www.mplsrc.com.
Well... It doesn't suck but... (Score:4, Interesting)
Re:Well... It doesn't suck but... (Score:2)
As usual, the journalists are late to the controversy - this was a hot topic in 1997 when MPLS was first invented (tag switching, Cisco's proprietary version) and then again a year or two later as the MPLS working group hotted up.
Um, wow ... (Score:1)
Ross Callon (then DEC) is (I am happy to see) still activly working on the concepts we built into CATNIP (IPv7 draft).
really amazing...
If you want the very early history, see RFC1475 (TP/IX) and 1476 (RAP, a RIP upgrade for sending labels back upstream).
The thing I really find fascinating is large scale debates on issues identified then: yes, IMHO you want to distribute labels with multiple methods (RAP-etc being only one), yes, you use them to identify flows and tunnels.
My disappointment is that I tried very hard to get FCID/tag/label switching built into the IPng, and my proposal wasn't selected.
Oh well. It is really amazing to watch. (Did I say that already? ;-)
Robert Ullmann
MPLS in't the problem (Score:1)
Re:Umm.. (Score:5, Informative)
This is a "Good Thing" for several reasons. For one thing, it's quicker, as IP addresses are variable length, whereas MPLS labels are fixed. It also allows a lot more granular traffic control and shaping. Also, you can encapsulate just about anything inside MPLS, not just IP. And you can do QoS, CoS, VPN and lots of other stuff.
This is a VERY simplified version of what MPLS is and does. For more information try the following:
Re:Umm.. (Score:3, Informative)
And, no offense, but a "bit" misleading... For instance IP addresses are not variable length...
As for being a "good thing", techonologies are very seldom good or bad... they have pluses and minus, costs and benefits... the irritating thing about MPLS is that every marketing department in the networking world sudently started to claim that it was the cure for "world hunger"... it isn't.
Immediatly as you deploy mpls in a network you are deploying an entire new set of control protocols and having 2 ways traffic can flow intead of just 1. It becomes exponentially harder to diagnose... contrary to what the original poster mentioned, mpls LSPs (tunnels) are not usually manually created (if they are they will not automatically reroute in case of failure).
This is not to say that there are not ocasions where mpls might not be a cost effective technology, but it does have significant costs...
As for the benefits, the old lookup efficiency argument is purely irrelevant in todays world. Switching ASICs can switch IP packets in deterministic time and the hardest part of designing an ASIC is often not the lookup engine.
When mpls was the buzzword of the day a few exuberant network architects where thinking of massivly deploying mpls in full mesh LSPs, with COS differentiation from each edge of the network.
The few people that tried this have burned themselfs quite badly (global center's network statbility problems are usually cited as an example).
So presently the COS/QOS argument is mostly out... face it, QOS is nothing else but to pick which packets get droped on congestion... besides it requires a huge ammount of resources and complexity on routers to enforce and a prohibitive ammount of state to really have any effect... It is much cheaper to put the money in increasing the effective bandwith providing an higher treshold of congestion (optimally above the ammount of traffic carried in the link).
Traffic Engineering (in the sense of diverting traffic out of hot spots) and VPNs (L2 and L3) apear to be the two applications currently on the table.
More than a few people are of the opinion that mpls L3 VPNs do not scale for any acceptable number of customers for which is pratical to deploy service. Personally i believe that the major reason for a service provider to stay away from them is that in an L3 VPN there is no admistrative boundary to diagnose a problem... on a Frame Relay VPN it is easy to figure out if a connectivity problem is in the customer or the SP side... with L3 VPNs the SP will end up having to support any connectivity issue in the VPN... i dont think this is a cost effective model...
Anyway this is a very long rant already...
In a nutshell, technologies are not good or bad, just a set of cost/benefit equations... and don't eat whatever the marketing department feeds you... it is usually BS.
Re:Umm.. (Score:1)
Re:Umm.. (Score:1)
>instance IP addresses are not variable length...
The network address in the IP address is variable length and routing is done on the network address.
Re:Umm.. (Score:1)
Humans don't even have to setup the LSPs. Signalling protocols such as RSVP-TE or CR-LDP can be used to do the setup automagically based on the IGP path or using constraint-based criteria such as reserved bandwidth, desired latency/jitter characteristics, etc.
RSVP overview from Juniper [juniper.net]
CR-LDP overview from Juniper [juniper.net]
Re:Umm.. (Score:2, Funny)
This MPLS thing looks impressive: it can send packets safely from New York to New York without getting mugged. Where can I get one?
Re:Umm.. (Score:1)
Every airport has a three letter designator and bagage is sorted accordingly (by label) based on it's destination. You check your bag at the counter and the tag (label) is applied to it and sent into the bowels of the airport and it magically appears at your destination.
Simple example, but functional
Re:Umm.. (Score:1)
It is indeed magic if your bag appears at your destination. Personally, I suspect they've had those same bags on the carousel since 1968.
MPLS is a useful tool (Score:4, Informative)
1. To provide VPNs (with the same security as the vast number of Frame Relay and ATM networks out there) - the key difference from IPSec is that (a) they run over an IP network owned by a single provider and (b) constrained routing updates are used to limit the visibility of a VPN site. You can't even DoS an MPLS VPN site unless you are in the VPN, whereas IPSec's IKE has some well-known issues with IKE being DoSable. Anyone who is spending large amounts of money on a VPN between sites is best advised to run it on a private network - MPLS VPNs (RFC 2547) are much more scalable than FR/ATM, and the Layer 2 MPLS VPNs have their own limitations (although they are easier to set up for the enterprise). IPSec is much less scalable than the non-encryption VPNs, since gateways have limits on number of IPSec tunnels and on throughput. Whether you use IPSec, FR, ATM or MPLS L3 or L2 VPNs, there is a *lot* of configuration to be done - that's why any large provider is using a provisioning tool such as Orchestream (www.orchestream.com, my employer - yes, I am probably biased
2. Traffic engineering - this means balancing traffic across the various paths in your network - e.g. if you have a northern US and southern US path, and the latter is longer, IP routing will always go via the north, even if the southern US path is underloaded. MPLS TE allows providers to balance some of the traffic onto the southern path, providing better performance and delaying network upgrades. TE can also be used to lay down bandwidth-reserved pipes. However, it's important to note that TE is only one application of MPLS, and other applications do NOT require these 'pipes' (LSPs, label switched paths) - e.g. MPLS VPNs work quite happily without LSPs.
3. Easy upgrade to IPv6 - just migrate your core routers' control software (routing protocols etc) to IPv6, and make them act as MPLS label switches. Only edge switches need IPv6 hardware. However, within a few years most routers will have good IPv6 hardware (Cisco will do hardware acceleration for IPv6 by end of next year).
4. Provisioning of optical light paths - there is a lot of work on GMPLS (Generic MPLS), which will allow SONET cross-connect switches and optical-layer switches to be provisioned with a light path in the same way as MPLS Traffic Engineering.
There is a faction within the IETF that is against anything that adds easier centralised provisioning to IP networks - this is understandable, but IP network providers want to deliver higher-value services today, such as VPNs, and to get more utilisation out of their networks using MPLS Traffic Engineering. There are a lot of these providers at the IETF, but many others are busy running their networks.
IPSec and MPLS both have their place, and can be combined (IPSec over MPLS end to end, or just for the last mile connection).
Finally, for the 'this will destroy the Internet' crowd - having well-managed IP networks using MPLS only serves to make the providers more profitable. Many MPLS networks carry both Internet and private IP traffic, meaning that the everyday traffic can be subsidised by business traffic, just like the way the airlines use business class and flexible ticket pricing to subsidise non-business travellers.
MPLS Security (Score:1)
For those totally confused... (Score:2)
I can't remember the main URL, but since my FOLK project uses it, I've a link from the FOLK pages [sourceforge.net].
Hey now! (Score:2, Funny)
MPLS sucks (Score:3, Informative)
Re:MPLS sucks (Score:2, Informative)
Anyways prioritization is the name of the game. Also known as might is right. From the Jungle to the OS the rule is valid so whats wrong with MPLS screwing this or that: should my video streams (Hidden Dragon Crouching Tiger) compete with your icons?
You will agree that MPLS performs "atleast" what other relevant technologies have achieved in past: IBM'S Aris, or Toshiba's Packet Switching etc. It does appear to be a the logical next step in the evolution of packet forwarding. It is a standard independant of manufacturers. Even it is biased, you cant argue with the sense of buyers. Market forces ultimately decide the technology S-Curve.
It has problems Scalability , Security, etc but alteast the things are moving in the right direction.
For purely administrative reasons it falls short of offering an end-to-end QOS . So the relevance of argument, by some, that it maynot become the "internet" technology is perhaps valid.
Re:MPLS sucks (Score:2)
People are using MPLS for VPNs and other applications, not just traffic engineering. It's also a great way of turning ATM switches into IP routers, which is something that the IP people should be enjoying (ATM was going to kill IP, now IP is taking over ATM)...
As for the hardware issue - this is irrelevant, MPLS is not being used to speed up obsolete hardware, it's being used on some of the fastest routers around (Juniper M160 and Cisco 12416), for its usefulness, not just for its speed.
Re:MPLS sucks (Score:1)
Still lots of misconceptions (Score:2)
All VPN packets are labelled twice - once to get them from site to site, and once to get them from PE router to PE router. Only the second (outermost) label is visible to core (P) label switch routers. Hence there is absolutely no LSP state in the core relating to VPNs. Similarly, the core LSRs don't have any per-VPN routing state, since this is kept only in the PE routers.
By all means, criticise MPLS, but please get your facts right.
Re:MPLS sucks (Score:1)
Re:MPLS sucks (Score:2, Informative)
I think you discount the QoS benefits too quickly- IMO it wont be long before backbone providers will be charging differently based on different QoS levels ("for $xxx, we can guarantee that 90% of your packets will make it through our network..."). QoS is one of the hottest topics right now, and MPLS takes care of the hardest part automatically.
MPLS and QoS classification (Score:2)
In IPv6 you can encode the result of classifications on a per-flow basis (e.g. a VoIP call, rather than a class which is for all VoIP traffic) - this is what the Flow Label (16 bits) does, though it's unclear how much this will be used since it's dependent on per-flow RSVP being deployed.
MPLS does support using 3 bits (the EXPerimental bits) in the label to mark class of service values, just like IP Precedence - most MPLS edge routers automatically copy the IP Precedence into these bits. It can also let you reserve bandwidth etc for MPLS Traffic Engineered paths through the network, which can be a good way of guaranteeing QoS through the MPLS network. However, this has little to do with classification, which normally happens in the pure IP domain, closer to the edge of the network.
Re:MPLS and QoS classification (Score:1)
Re:MPLS and QoS classification (Score:2)
If you need per-flow QoS, use RSVP or one of the lighter-weight reservation protocols, as a way of admitting flows into a fixed size pipe across your core network. That pipe can be an MPLS traffic engineered LSP, which can be set up with a certain bandwidth guaranteed through the core (very like an ATM PVC). If you use IPv6 for marking flow labels, you can make the per-flow marking decision right at the first hop router, then use this flow label at all RSVP-enabled routers up to the edge MPLS LSR, which just maps the flow into the appropriate LSP.
Re:MPLS sucks (Score:1)
Who puts the shim on?
Well, you seem to have forgotten that only 1 router in the network has to do the lookup instead of every single router- that saves a lot of lookups.
And MPLS takes care of QoS automatically? Whoa. It does NO SUCH THING
No, I said that MPLS takes care of packet classification automatically, and that is the hardest part of QoS.
MPLS isn't a cure-all, but it does have some very cool benefits.
Re:MPLS sucks (Score:2)
QoS, the Future (Score:2, Informative)
The concept behind QoS is that some data streams depend not only on getting data, but getting it in a timely manner (voice, video, real-time nuclear control protocols). Other data streams don't care about how long it takes to deliver, just so the data comes through (ftp, mail, news).
In a general store-and-forward system (like every router & switch I've ever seen), every packet is treated equally. Meaning that the ftp/mail/news packet can get through and make my voice/video packet "late" and therefore unusable.
Quality of Service is all about asking the network if it can provide a certain bandwidth with a certain latency. (QoS as releated to connection contracts is a different matter, which is better termed Traffic Policing.) The network decides if it can provide this to me, and sets up routing tables to handle the connection. The routers now see my new voice/video packet coming in and let it jump the queue ahead of the ftp/web/news packet, because it now understands that the voice/video is worthless unless it gets there on time.
QoS, the FedEx of the Internet.
U.S. Postal Serivce, the standard "who cares when it gets there" delivery method.
Re:QoS, the Future (Score:1)
QoS allows time critcal application traffic to get priority over non-priority traffic.
QoS really only kicks in when the network traffic exceeds the bandwith allocated, so if the traffic is perfectly matched to the bandwidth QoS really dosen't play a role. If your traffic suddenly out grows, or bursts above the allocated bandwidth QoS becomes a factor and critcal traffic will be get a preferance over non-critical traffic.
The best example of this type of priority traffic (other than the previous exapmles) is SNA over IP
Re:MPLS sucks (Score:5, Informative)
[snip]
This would be enough for a person with an average education in MPLS to judge how much you (don't) know about MPLS. I am doing MPLS-oriented research for the last 1.5 years so let me try clearing some of the "bad air" around the issue:
1) MPLS is NOT circuit switching ON TOP of packet switching. If you would care to do some minimal reading before you flame a subject, you would find out that MPLS is not ISO layer >= 3 but it is a "layer 2.5" technology. In other words IP datagrams are carried on top of MPLS frames pretty much the way ATM worked.
2) The reasons behind MPLS are too complex to describe here (for the intrested reader, take a look at RFC3031). But basically it was acknowledged that despite ATM being "evil" circuit switched technology does offer some advantages. That's why you can (_very_ roughly) characterize MPLS as an "IP friendly ATM", minus some of ATM's design shortcomings (that were present there due to the technology limitations at that time and ATM's intended use).
But to rebute your misconception, MPLS is NOT about "routing IP datagrams fast", nor "replacing CIDR". Again, if you care to skim the mentioned RFC it is acknowledged that this _were_ some advantages few MPLS proponents claimed but this is simply not true, as you correctly state: Efficient algorithms for IP address lookup and routing are implemented in hardware by several vendors (incl. cisco, btw...) so MPLS doesn't have any edge there.
3) About "Traffic Engineering being a load of crap" I would say that few of the top 10 largest carriers in US might disagree a bit. Get a hold of an educated MCI network operations engineering (say MCI/UUNET) and ask how much improvement (and revenue) TE gives them. And yes, the reaction is "WOW".
And QoS... Same deal- load of crap.
4) Well, QoS is too broad a topic to disuss in any relevance here. But in saying that you automatically excluded _all_ mechanisms for traffic differentiation in a network. Enough said.
Also, to end this, MPLS is _not_ only about TE/QoS/IP fast switching. It is used for fast network restoration, it is extended for supporting WDM in a similar manner (see "Generalized"MPLS), etc. People w/ some network education might care to take a look here [watersprings.org] for a overall view on the MPLS-related topics.
All in all I would dare to say that your posting is the worst kind of mis-information:It contains a grain of truth and mixes completely different and unrelated subjects as "comparisons" (OPenGL w/ CIDR)
For the rest of the readers, the necessary grain of salt when reading the linked article: In IETF there is a lot of politics around MPLS (disguised in "technical debates") -- surprise,surprise. For example if someone cares to browse the MPLS mailing list archives Mr. Randy Bush long opposed BGP/MPLS VPNs (described initially in RFC2547.IIRC there is also draft updating it). Which happen to be a technology cisco pushes very hard and which Mr. Bush opposes violently.
What particular agenda Mr. Bellovin has escapes me. But I assume (again, this is _speculation_) since AT&T made a _huge_ investment in ATM in the past do not see MPLS (which is simply a better competening technology) so favorably.
All in all, remember that the most competent answer is "I don't know.It depends".
My $0.02
Florian-Daniel Otel
http://www.ce.chalmers.se/staff/otel [chalmers.se]
Re:MPLS sucks (Score:1)
Dude, " >= 3" is the same as " > 2"; and "2.5 > 2" also. You are nitpicking here.
Re:MPLS sucks (Score:3, Funny)
2.5 > 2 - True
2.5 >= 3 - False
Hmm... so... whaddaya think?
BTW, yes, I am nitpicking here, but this was too funny not to respond to. :)
Re:MPLS sucks (Score:3, Informative)
Re:MPLS sucks (Score:1)
As the experts in the nwfusion article (http://www.nwfusion.com/news/2001/0806mpls.html) state, MPLS based VPNs are not inherently secure because there's no encryption. But if our random provider or end user organization is not afraid of these minor issues (complexity, poor scalability, management difficulties and costs, ability to do the same with just IP, lack of security, need to have MPLS widely implemented, dependence on fewer vendors) then I guess they can go for it.
Re:MPLS sucks (Score:1)
Thats not what the experts said- they said that the default is to not encrypt. There is nothing to stop you from encrypting the whole packet as long as you leave the MPLS label alone.
Sure MPLS can do lots of nice things, but at what cost?
This new layer of complexity amounts to checking the first couple of bits of a packet to see if it has an MPLS shim or not. Thats not a whole lot of complexity or cost.
src/dst addresses identify individual flows uniquely enough
The source and destination addresses can identify flows most of the time, but its expensive to maintian that rule base and to identify a packet. And if you want more accuracy, you have to add more dimensions to your rule base (src port and dest port for example), and it gets even worse. The best algorithms out there do it in O(n), but the lookup of an MPLS label is done in constant time.
Re:MPLS sucks (Score:1)
Thats not what the experts said- they said that the default is to not encrypt. There is nothing to stop you from encrypting the whole packet as long as you leave the MPLS label alone.
Of course, but the customer either is not aware of the lack of encryption or you have to add one more layer to the processing of packets.
This new layer of complexity amounts to checking the first couple of bits of a packet to see if it has an MPLS shim or not. Thats not a whole lot of complexity or cost.
The mechanism in LSRs is not complex. It is the management of the various flows.
The source and destination addresses can identify flows most of the time, but its expensive to maintian that rule base and to identify a packet. And if you want more accuracy, you have to add more dimensions to your rule base (src port and dest port for example), and it gets even worse. The best algorithms out there do it in O(n), but the lookup of an MPLS label is done in constant time.
With IPv6, the core routers can efficiently forward packets based on e.g. /24 or /32 matches without extra lower (2.5 or 2) layer MPLS and the level of detail increases as network edge approaches. I strongly doubt if anyone would use MPLS to separate individual services, so port level accuracy is not an issue. If the VPN gateways want to use labels for identification, they can still use IPv6 flow label field (although this is unnecessary, given the intrinsic route aggregation).
Ouch (Score:1)
Re:Ouch (Score:1, Offtopic)
Smart Edge, Dumb Core (Score:1)
The goal should be a cooperative, smart core, smart edge network.
Re:Smart Edge, Dumb Core (Score:2)
The IETF loves saying things are bad... (Score:4, Informative)
I gaurantee when you get 2300 people (the current conference attendance) together, they'll disagree on many a topic. The good news is that the (frequenly lively) debates are certainly fun to participate in, hence the reason I came.
Re:The IETF loves saying things are bad... (Score:1)
/magnus - was there.
Re:The IETF loves saying things are bad... (Score:2)
How many times did you read the RFCs before understanding them. And if you re-read them again, I bet you'd learn something new (again).
/Wes -- I was there too
Re:The IETF loves saying things are bad... (Score:4, Funny)
That's an odd pronunciation...
Re:The IETF loves saying things are bad... (Score:2)
s/pronounced/proclaimed/g
Re:The IETF loves saying things are bad... (Score:1)
Main Entry: pronounce
...
Pronunciation: pr&-'naun(t)s
Function: verb
Inflected Form(s): pronounced; pronouncing
transitive senses
1 : to declare officially or ceremoniously <the minister pronounced them husband and wife>
2 : to declare authoritatively or as an opinion <doctors pronounced him fit to resume duties>
Re:The IETF loves saying things are bad... (Score:2)
insert appropriate number of "C-x u" here....
Inter Domain Traffic (Score:1)
RFC 2547 not the only option for layer3 MPLS VPN's (Score:1)
See RFC 2917 [ietf.org] for an "informational" RFC that seems (to me, at least) to be a superior technology. I'll quote the abstract inline:
The carrier operates the physical equipment that implements the virtual routers. The customers retain control of the virtual router as long as they keep paying their bills. VPN routes don't waft into the core like they do in RFC 2547, and the virtual routers are perfectly free to encrypt traffic over the LSP if the customer is willing to pay for it being done that way.
Can someone please explain why this 'request for comments' has attracted so little interest?
Plenary session (Score:1)
Well, it's a little late to be announcing the IETF meeting if anyone is actually interested (although I doubt the percentage of Slashdot readership that is actually interested (versus the percentage that thinks they might be) is too terribly high...), but fortunately the good multicast event hasn't been missed.
If you're at all interested in the goings-on of the IETF and would like to get a feel for the overall issues considered "important", watch the Plenary session tonight (I think it's at 1830 UTC). It is generally interesting, and guaranteed to have at least a little bit of bickering. ;-)
Re:Routers Suck (Score:1, Offtopic)
You know, when you troll like that you're supposed to sign the posts... something like "CmdrTaco", "Hemos", or perhaps "Anne Tomlinson".