nanog mailing list archives
Re: SRv6
From: James Bensley <jwbensley+nanog () gmail com>
Date: Wed, 16 Sep 2020 20:04:49 +0100
On Tue, 15 Sep 2020 at 19:14, Randy Bush <randy () psg com> wrote:
I'm still learning, but, It does seem interesting that the IP layer (v6) can now support vpn's without mpls.as the packet payload is nekkid cleartext, where is the P in vpn?
Define "privacy". In the kind of VPN I think you're suggesting (e.g. an IPSEC based VPN) they implement the classic CIA acronym (Confidentiality, Integrity and Authentication, with the "C" essentially meaning "encrypted" in practice however, privacy requires all three of "CIA", encryption alone isn't privacy). "VPN" is not mutually dependent on "CIA", the two things can and do exist separately. WIth MPLS L3 VPNs for example, the traffic isn't encrypted, but by creating a layer of abstraction (at the control plane, by signalling via MP-BGP using RDs and RTs, and at the forwarding plane by using MPLS tunneling) a customer's routing data and forwarding data is kept private (not encrypted!) from my physical infa forwarding- and control-planes, and from each other L3 VPN customer on my infra [1]. In fact, the point that customer (control- and forwarding-plane) data is kept private from MY INFRA, is *the* fundamental aspect of MPLS L3 VPNs; they wouldn't scale at all without it. Privacy != encryption. Cheers, James. [1] This doesn't mean there aren't security flaws in MPLS (there are, but there are in things like IPSEC too), and "how secure" it is, is a separate subject.
Current thread:
- Re: SRv6, (continued)
- Re: SRv6 Valdis Klētnieks (Sep 19)
- Re: SRv6 Mark Tinka (Sep 20)
- Re: SRv6 Łukasz Bromirski (Sep 21)
- Re: SRv6 Mark Tinka (Sep 16)
- Re: SRv6 James Bensley (Sep 16)
- Re: SRv6 Randy Bush (Sep 16)
- Re: SRv6 Paul Timmins (Sep 16)
- Re: SRv6 James Bensley (Sep 18)
- Re: SRv6 Randy Bush (Sep 18)
- Re: SRv6 Tom Hill (Sep 21)
- Re: SRv6 Randy Bush (Sep 21)
- Re: SRv6 Tom Hill (Sep 21)
- Re: SRv6 James Bensley (Sep 21)
- Re: SRv6 Greg Shepherd (Sep 21)
- Re: SRv6 Mark Tinka (Sep 22)