To: p8021@nic.hep.net From: asayed@fox.nstn.ca (Ayman Sayed) Subject: Re: REVISION TO SDE Cc: "Martin McNealis." , "Alonge Ken" Hi 802.1'ers I have received this message from the 802.10 E-mail exploder. I don't recall reaching "a consensus on the need to explicitly tag datagrams as belonging to a particular virtual private network in order for vLANs to scale." I do recall some discussion about the need for scalability independent of the use of signalling or tagging. I don't believe this discussion concluded that an explicit tagging approach is required for scalability. Am I mistaken -- was such consensus reached? Regards, Ayman Sayed Plaintree Systems Inc. ---------------------------------------------------------------------------- >To: "Alonge Ken" >Subject: Re: REVISION TO SDE >Cc: housley@spyrus.com, sils@mintaka.orion.ncsc.mil, bschanni@baynetworks.com, > jfw@alantec.com, langille@nexen.com, J_Ekstrom@UB.com, > pfrantz@baynetworks.com, Nancy_Meyer/UB_Networks*UB@notes.UB.com, > kzm@cisco.com, nfinn@cisco.com, avnerb@cisco.com, tmoraros@cisco.com, > agt@cisco.com, mmcnealis@cisco.com >Date: Fri, 17 Nov 1995 00:20:48 -0800 >From: "Martin McNealis." > > >Hi Ken, > >What emerged from the 802.1 discussions in Montreal last week was consensus >on the need to explicitly tag datagrams as belonging to a particular virtual >private network in order for vLANs to scale. The existing IEEE 802.10 Standard >is ideally suited to that and also addresses the major follow on requirement >customers have - a mechanism to secure data transfer within virtual networks. > >There is already considerable momentum behind using 802.10 for secured vLANs >(e.g. BayNetworks, UB Networks etc. are also actively working on it). Thus I >would like to see the vendor community work now with the 802.10 Committee to >incorporate provisions for secured virtual networks (which could coexist with >host based implementations), into the Standard via the V-Bit extension we >discussed with Russ. My rationale behind not necessarily wanting to wait until >802.1 has a firm proposal for virtual networking being that the eventual >solution will be inherently complex, and is therefore some time away. However >if we can agree on the fundamental mechanism (IEEE 802.10) used to contain >traffic with a secured domain that will allow vendors to begin development on >interoperable implementations, while 802.1 continues to work on a distributed >vLAN information protocol and management aspects. Also in view of the existing >customer interest in 802.10, it would only serve to confuse the customer base >if we then "re-invented" a similar protocol. > >Now following on from the discussion we had on the Wednesday afternoon, it's >apparent that there is considerable synergy between the group of stations >which belong to a multicast SAID, and the group of stations which belong to >a vLAN. The initial concern of the 802.10 committee as voiced by Russ was in >the allocation of SAID values and the potential for conflict; defining a V-bit >would address this. However in discussions here at Cisco, Keith McCloghrie >raised the issue of whether the same ambiguity may arise in the scenario >whereby you have two distinct Security Administrations/Key Servers on the same >bridged LAN (increasingly likely as LAN infrastructures scale), and therefore >it may be worth considering using a small portion of the 4 byte SAID space for >a general administration ID of some sort. This would not only allow for a vLAN >definition likely to have weaker data confidentiality/integrity but also for >multiple overlapping secure domains. We'd be interested in the committee's >feedback on this. > >My understanding is that 802.10 has already been mandated by the 802.11 >wireless LAN Working Group; I feel it is equally applicable to logically >partitioning networks into virtual topologies and offers the added benefits >of an inherent security mechanism. Adopting 802.10 for the underlying vLAN >identification mechanism would have considerable support, (also from NIC >vendors anxious to introduce vLAN compatible offerings) and help promulgate >the Standard as a whole. > > >Thanks, > >-Martin- > > >P.S. Is there information on the Interim in Utah available yet? > > >Date: 13 Nov 1995 12:54:26 U >From: "Alonge Ken" >Subject: REVISION TO SDE >To: "SILS.EXP" >Cc: "BRIAN SCHANNING" >X-Mailer: Mail*Link SMTP-MS 3.0.2 > >All- > >At the closing ExecCom meeting Thursday night I asked for some assistance >regarding the possible modification (adding a V-bit) to SDE that Russ >discussed with the Cisco folks to support VLAN. The recommendation was that >we hold off on any changes to SDE until the VLAN folks have had more time to >work on their issues/requirements and come up with a draft VLAN proposal. >Mick Seaman feels that there might not be a need to modify SDE at all, but >only time will tell. > >So, unless anyone in our working group feels that we absolutely have to >write up a PAR (and is willing to write it) proposing the addition of a >V-bit to the SAID, we won't do anything for now. > >Ken