►
From YouTube: IETF94-TRILL-20151105-1740.webm
Description
TRILL meeting session at IETF94
2015/11/05 1740
A
A
C
B
C
C
Yes,
okay,
great
so
I'm
going
to
talk
about
link
security,
so
this
is
similar
to
previous
presentations
because
it
hasn't
been
that
much
advanced.
But
still
there
are
some
new
points.
So
there's
a
partial
draft
out
there,
which
is
an
updated
for
this
meeting
and
the
goals
of
this
draft
or
to
do
three
things-
establish
a
strong
security
policy.
I
specify
the
link
security,
one-hop,
trill
security
for
various
link
type
swear.
It
wasn't
clearly
specified
before
and
to
specify
edge-to-edge
security.
C
So
the
proposed
policies
are
that
if
the
trill
port
is
capable
of
encrypting
at
line
speed
full
speed,
then
it
must
default
to
encrypting.
And
if
you
don't
have
a
way
to
set
up
authenticated,
encryption
minutes
should
do
opportunistic
encryption,
and
even
if
the
port
is
not
capable
of
encrypting
at
line
speed,
then
you
have
to
implement
encryption
because
it
may
be
there's
some
circumstances
under
which
you're
not
using
the
full
line.
Speed
anyway,
and
the
sensitivity
of
the
data
is
such
that
you
want
to
try
to
encrypt,
even
though
that'll
slow
things
down.
C
So
that's
a
pretty
strong
position
for
trill
to
take
security.
So
there
are
three
link
types
that
have
been
specified
so
far:
ethernet
PPP
and
pseudo
wires,
and
there
are
considerate
e
considerations
in
the
rfcs
that
do
that.
But
it's
not
does
not
really
enforce
this
new
policy
and
isn't
really
clear
enough
to
tell
you
how
to
do
this
sort
of
security.
C
So
there
are
sections
of
this
draft
on
those
three
link
types
and
it
goes
into
more
detail
and
specifies
the
one
hospital
security
and
in
greater
detail
and
with
this
new
policy
enforcement-
and
there
is
a
fourth
link
type
coming
along,
which
is
the
trill
over
IP
draft,
but
the
true
/
IP
draft.
Since
we
may
not
know
what
we
want
to
do
in
terms
of
security,
it
has
this
already
in
it.
So
it
doesn't
need
to
be
covered
by
this
link.
Security
draft,
it's
in
the
trill
over
IP
draft.
C
So
here's
a
diagram
showing
different
kind
of
security.
You
can
have
n
sation
to
end
station
security,
which
is
a
good
thing
to
do
that.
We
don't
have
to
trust
really
any
of
the
switches
in
the
middle,
but
that's
really
outside
of
patrol
scope
since
intro.
Currently,
these
edge
connections
are
Ethernet
you'd,
probably
using
oops.
C
Well,
we
got
to
be
careful
what
I
push
here
using
this
mac
sec,
where
you
could
use
whatever
you
want
for
end
and
security,
then
there's
the
end
station
to
the
neighboring,
our
bridge
and
that's
as
a
ethernet.
So
I
probably
also
use
mac
sec
there,
but
since
it
involves
the
end
station
and
you
have
to
have
keying
at
both
ends,
that's
I
think,
outside
of
trill
scope.
Really,
so
then
you
have
troll
hop
securities.
A
PPP,
ethernet
and
pseudo
are
one
optional.
C
Security
and
edge
to
edge
would
be
from
the
ingress
to
the
egress
in
both
directions.
So
so
it
mek
since
we're
talking
about
ethernet
at
the
end
station
and
stuff
and
mac
sac
is
the
standard
kind
of
encryption
for
ethernet.
That
seems
like
the
natural
thing
to
do
on
links.
The
idea
is
to
use
the
whatever
the
natural
security
is
for
the
particular
link
technology.
C
C
So
I
stingers
are
there's
an
appendix
that
talks
a
bit
about
this
and
to
n
station
to
edge
switch
and
end-to-end
security.
But
so
this
is
the
sword
illustrating
smacks
that
you
have
our
bridge
one
or
average
two
and
there
they
want
to
talk
max
sec
to
each
other
and
they've
got
three
through
net
links
because
there's
actually
two
bridges
in
the
way,
because
it's
really
a
bridged
land
in
between
them.
This
may
not
be
very
common
installation,
but
it's
fully
fully
supported
by
trill.
C
C
C
You
got
the
air
your
mac
addresses
the
mac
sec
tag
is
currently
defined,
has
to
be
the
very
first
tag,
it's
right
after
the
abacus,
and
then
it
encrypts
everything
else
so
for
trill
traffic,
the
encrypted
blob
would
include
the
optional
outer
VLAN
and
then
the
entire
trill
or
is
is
a
payload.
I
say
the
trill
also
is
is
either
type
and
then
the
trill
data
with
the
is
is
data
and
there's
an
integrity
means
called
an
integrity
check
value.
C
It's
actually
the
comptia
authentic,
the
stuff
that
it
shows
that
it
hasn't
been
corrupted,
should
verify
the
contents
and
different
turning
on
what
max
sec
options.
You've
chosen,
it
can
be
eight
or
sixteen
bytes
and,
of
course,
if
it's
on
ethernet,
you
still
have
the
frame
check
sequence
with
the
frame
check.
Sequence
is
really
does
designed
to
detect
hardware
errors
and
noise
on
the
line
and
stuff
like
that
not
to
provide
security,
I.
C
It
has
in
it
a
designation
for
the
security
Association,
so
going
back
here
for
a
sec,
so
maxik
is
80
to
1
a
ii
alpha
echo
and
it
defines
how
to
do
the
mac
sec
tag
and
the
encryption
and
authentication
assuming
you
already
have
keys.
So
the
question
is:
how
do
you
get
the
keys?
Well,
you
could
manually
configure
them,
but
the
normal
way
to
do
ki,
negotiation
and
stuff
like
that
is
with
802
dot1x,
so
80
to
that
1x
has
been
extended
to
do
key
negotiation.
C
If
it's
on
an
Ethernet
link
you're
just
using
the
native
Ethernet
stuff,
so
this
is
just
normal
mac,
Ethernet,
MAC
SEC
doesn't
actually
the
key
negotiation
messages
and
the
Mac
sect.
Ag
don't
have
much
to
do
with
drill.
I
mean
you
might
start
with
a
trill
key
or
something,
but
the
802
1x
messages
and
the
mac
sec
tag
and
everything
or
just
a
kind
of
the
way.
A
tour
2012
finds
them
for
ethernet.
Ok,.
C
C
Anyway,
so
that's
then
this
is
what
the
looks
like
on
that
one
hop
link
and
since
it's
only
going
one
hop
it's
good
to
have.
If
there's
Ethernet
tag,
you
want
it
in
there.
But
since
it's
going
going
from
this
arbic
port
to
this
Bridgeport,
if
it
gets
decrypted
here,
then
the
bridge
will
see
the
VLAN,
even
though
the
VLAN
tag
is
inside
the
encryption.
So.
C
Ok,
so
the
trill
switches
along
the
path
can
see
more
of
the
packet,
but
on
the
other
hand,
you
only
have
to
do
this
at
the
ingress
and
egress.
So
if
you
have
like
a
four
or
five
hops
all
that
Phil
switches
along
the
way,
don't
have
to
worry
about
this.
They
can
just
tunnel
this
thing
through
and
handle
it
just
like
regular
trail
traffic.
So
you
you
can
do
all
the
crypto
work,
just
on
the
edge
switches
and
the
core
switches
which
are
probably
higher
speed.
C
Don't
need
to
worry
about
it,
so
yeah
I
would
think
that
in
fact,
most
people
would
prefer
to
do
edge
to
edge
encryption.
They're,
probably
mostly
mostly
trust
their
switches,
so
by
doing
edge
to
edge
encryption,
then
they
kind
of
protect
all
the
links
to
some
extent,
so
so
this
edge.
So
this
is
looking
at
the
edge
to
edge
the
ingress,
the
egress
encryption
and
what?
What
possible
ways
of
doing
that?
Are
there
the
three
big
protocols
that
are
kind
of
out
there
and
well
defined
our
max
ack
IP?
C
Second
DTLS
Oh
Mac
second
ipsec,
have
better
hardware
support,
so
you
probably
want
to
do
something
with
hardware
support.
That's
what
we've
heard
from
implementers
and
did
for
various
reasons.
It
seems
like
Mac.
Sec
would
probably
have
better
market
acceptance,
and
people
would
probably
view
it
as
a
less
expensive
alternatives
and
ipsec.
So
if
you
can
do
it
with
Mac
sack,
that
seems
like
the
way
to
go
max
egg
has
hardware
support
and
all
it'll
be
a
little
bit
different
in
this
case,
because
it
needs
to
be.
You
need
to
do
Mac.
C
C
You
have
on
some
link
in
the
middle
of
the
are
multi
hot
path
from
you'd
have
whatever
link
header
trailer
needs
with
that
link,
and
you
still
need
to
have
the
troll
header
out
there
so
that
you
can
forward
the
frame
appropriately
and,
of
course,
after
the
trill
header,
depending
how
you
look
at
it
is.
The
trill
header
is
followed
by
these
damac
destination
source
addresses
and
the
VLAN
or
fine
green
label,
or
if
you
want
to
look
at
it
that
way,
you
can
consider
the
whole
block
down
to
and
including
the
data
label.
C
To
all
be
the
trail.
Header
doesn't
either
way
you
look
at.
It
doesn't
make
any
difference,
and
then
you
have
this
knack
sec
tag,
so
the
mac
sec
tag
would
have
this
encrypted
stuff,
and
you
have
the
payload
down
here.
Well,
this
you
really
want
the
mac
sec
to
it.
Protect
the
data
label
when
you're
putting
the
data
label
out
here,
the
VLAN
tag
or
whatever
it
is
so
that
you
can
do
pruning.
C
C
So,
as
I
say,
I
plan
to
the
next
week
when
Terminator
201
talk
to
some
max
experts
and
pin
down
a
few
details
about
exactly
how
this
all
would
work
and
what
the
best
way
to
do
it
is
so
I
think
the
draft
needs
some
more
work
and
but
hopefully,
after
and
one
more
revision
to
get
some
more
details
in
it.
We
could
adopt
it
as
a
working
group
craft
and
get
some
better
link
security
and
edge
to
edge
security
into
troll.
D
C
C
So
question
is:
how
do
you
do
the
king
and
I
think,
if
you
are
using
mac
sec
for
edge
to
edge
what
you
would
do,
is
you
try
to
run
802
dot1x
from
edge
to
edge
and
you
take
the
802
dot1x
messages
and
put
them
inside
an
arbite
channel
message.
So
you'd
run
an
arbor
channel
messages
back
and
forth,
so
the
ingress
and
the
egress
our
bridge
would
negotiate
a
key
with
a
tour.
B
C
Assuming
is
Ethernet
link,
which
is
by
far
the
most
common,
then
the
this
is
just
the
FCS
and
the
link
header
is
the
source
and
destination
MAC
addresses
for
that
each
hop.
So
this
is
this:
is
the
format
over
a
single
hop
somewhere
in
the
middle
of
the
network,
so
you're
looking
at
it
like
on
the
wire
here,
but
it's
it's
an
edge-to-edge
encrypted,
so
it
does
something
here
and
gets
forward
and
forward
it.
A
C
C
So
this
is
a
step.
Okay.
This
is
a
status
update
on
what's
going
on
with
multi-level
and
multi
topology.
From
my
point
of
view,
what
I
think
yeah
so
there's
this
draft
ITF
trill
our
bridge
multi-level.
So
this
is
an
informational
draft
and
the
idea
is
to
kind
of
survey
the
advantages
and
disadvantages
of
different
options.
C
It
was
adopted
since
the
July
meeting,
but
we're
under
to
the
July
meeting
was
still
an
individual
draft.
Now
it's
a
working
group
draft
and
so
there's
the
presentation
from
the
last
meeting.
Itf
93.
If
you
want
more
details-
and
one
of
the
big
questions-
is
whether
to
unique
nicknames
where
all
the
our
bridges
in
your
multi-level
campus
have
unique,
nicknames
or
aggregated
nicknames,
where
you
can
have
duplicated
nicknames
between
level
one
areas.
So
what
this
informational
graphs
recommends.
C
Is
you
have
some
kind
of
hybrid
approach,
so
you
can
support
both
of
these,
and
the
reason
is
that
the
unique
nicknames
are
basically
simpler.
You
don't
need
to
make
any
changes.
Well,
anything
only
a
meeting
to
make
any
changes
in
the
hardware
at
the
border,
our
bridges
and
it's
basically
simpler
to
implement,
and
you
know
it's.
If
you
have
a
small
campus,
let's
say
you
have
I,
don't
know
a
thousand
our
bridges
and
you
want
to
make
it
into.
You
know
twenty
areas
of
50
each
or
something
like
that.
C
Then
that
seems
like
no
particular
problem
having
a
thousand
unique
nicknames.
You
know
and
it's
very
straightforward.
The
current
chips,
I
think
will
all
work
fine
stuff
like
that.
But
if
you
get
really
you
get
really
big.
The
problem
is
that
the
you
have
problems
with
running
out
of
nicknames
and
just
gets
a
kind
of
a
problem
coordinating
the
nicknames
over
this
huge
campus.
C
If
you
have
50,000
nodes,
then,
instead
of
two
thousand
and
you
have
a
bigger
problem
so
and
if
you
have
a
hundred
thousand
there
just
aren't
hundred
thousand
nicknames,
it's
only
actually
there's
less
than
64
K
because
of
some
being
reserved.
So
you
need
aggregated
nickname
scheme
or
some
scum
scheme
to
handle
that
case.
So
this
draft
assumes
that
the
solution
for
that
would
be
some
aggregated
nickname
scheme
soups
right.
C
So
this
is
just
a
diagram
to
show
what
I'm
talking
about
here's
a
some
level,
one
areas
if
it
really
be
a
lot
more,
are
bridges.
Here's
level,
two
there's
these
border
or
bridges,
they're
labeled
BRB,
but
they
don't
necessarily
sorry
that
different
and
you
can
have
level
one
areas.
This
only
shows
one
of
them,
but
you
could
have
multiple
ones,
which
are
all
part
of
this
yellowish
unique,
nickname
area,
and
so
all
the
arbiter
numbers
here
and
the
border
are
bridges
all
have
unique
numbers.
There's
no
overlap
in
any
of
these
numbers.
C
On
the
other
hand,
these
two
air
level
one
areas
are
shown
is
having
an
area
number
18
year
and
33,
and
these
have
the
duplicates.
So
there's
our
be
one
exists
in
level
two,
and
also
this
inside
this
one
and
other
ones
can
be
duplicated
both
between
these
ones.
In
between
that
and
the
unique
area.
These
are
aggregated
nicknames
generally,
the
border,
our
bridges
have
to
still
be
unique,
but
so
that's
just
a
diagram
to
show
what
I'm
talking
about.
C
So
what
is
this
graft?
Itf
troll,
multi-level
single
nickname,
which
is
a
particular
way
of
doing
aggregation,
and
it
was
adopted
since
the
July
meeting-
and
this
is
the
presentation
that
was
made
in
July,
so
that's
been
adopted
as
the
working
group
craft
for
aggregated
case,
there's
an
expired
draft,
which
is
to
scissor
draft
on
how
to
do
a
unique
nickname,
sits.
One
example
there's
also
one
other
old
draft
that
was
on
unique
nicknames,
which
was
never
adopted
as
a
working
group
draft.
C
So
this
last
time
this
was
presented
was
quite
a
while
ago,
11
ret
IETF
meetings
ago.
So
almost
almost
four
years
in
more
than
three
years
and
the
other
relevant
draft
is
the
multi
topology
draft
troll,
our
bridge
multi
topology.
It's
actually
our
version,
I
think
so
anyway.
So
this
is
a
target.
Of
course.
These
this
the
muddies
multi-level
single
nickname
and
the
chesa
one
are
targeted
at
proposed
standard
and
the
oldest
apology.
C
One
is
this
adopted
since
the
July
meeting,
here's
the
slides
or
in
July,
and
so
so
what
should
we
do
with
all
this
stuff?
Well,
so
I
think
we
could
just
go
ahead
and
working
group
last
call
the
informational
draft
I
think
it's
in
good
enough
shape,
I'm,
not
saying
that
wouldn't
be
any
changes
from
the
working
group
last
call,
but
I
think
we
could
do
that
and
we
could
probably
do
that
with
the
multi
topology
draft,
so
I
think
we
kind
of
decided
to
what
to
do
about
multi
levels.
C
So
this
is
the
informational,
multi-level
draft,
so
for
standards
track
multi-level
kind
of
need
to
decide
what
to
do
so.
I
think
it's
a
good
idea
to
have
you
a
unique
nickname
way
to
do
it
available.
So
for
simple
people
want
to
have
a
not
too
huge
a
campus
using
existing
hardware
stuff
like
that
it
would
be
good,
but
for
the
general
case
we
need
an
aggregated
way
to
do
it.
Also,
so
should
we
you
know
we
could
revive.
C
C
B
C
I
mean
I
think
having
a
separate
graft
on
unique,
nickname
method
is
a
good
idea
and-
and
generally
I
don't
think,
it's
very
hard
to
combine
them,
because
you
know,
if
you
have
this
thing
here,
the
you
need
to
do
whatever
nickname
mapping
at
these
border
are
bridges,
so
that,
like
this,
are
be
one
doesn't
get
confused
with
this
RB
1
or
some
RB
1
over
here.
So
it
needs
to
do
some
nickname,
mapping
and
stuff
here,
whereas
the
unique
nickname
case,
the
nicknames,
never
change,
and
you
still
have
to.
C
I
mean
these
dis
little
standardization
to
do
you
have
to
describe
how
trees
work
and
you
have
to
do
various
things,
but
really
it
it
kind
of
as
much
I
think
it's
simpler
in
this
case,
so
so
it
it
doesn't
make
too
much.
You
know,
I,
don't
think,
there's
that
much
interaction
between
the
unique
nickname
way
of
doing
it
and
the
aggregated
way
can
convene
could
be
us
be
in
two
separate
grass.
They
don't
ever
don't
have
to
actually
be
combined
into
one
draft.
C
B
C
C
D
C
So
those
are,
these
might
be
different
campuses
or
might
just
be
one
really
big
campus,
because
going
to
multi-level
makes
the
routing
converge
faster
and,
as
has
lots
of
advantages,
so
they
might
not
be
separate
canvases,
but
whatever
you're
doing
you
have
to
be
sure
that
they
don't
that
nicknames,
don't
conflict
with
each
other
in
the
unique
nickname
case.
So
I
think
the
practical
matter.
C
The
only
way
to
do
that,
which
is
discussed
in
the
this
informational
draft,
discusses
that
all
that
you
basically
have
to
in
an
area
announced
what
what
block
of
nicknames
are
available.
So
it
make
our
bridges
in
that
area
will
only
allocate
nicknames
that
are
in
some
some
block
of
nicknames
and
you
have
different
blocks
for
the
different
areas.
Something
like
that.
I
think
you
have
to
do.
C
B
D
D
The
mac
learning
for
our
local
site
can
always
that
by
learning
sorry,
it
can't
be
that
plan
learning
also
it
can
be
soo
layer
to
registration
protocols
and
the
manual
configuration
for
the
US,
the
average.
The
micro
grace.
Learning
from
the
trio
network
can
be
dead
by
learning.
Oh
is
also
study.
Study
is
the
data
plan,
is
a
contrib
line,
learning
method.
D
D
D
It'll
earns
is
a
sauce
made
with
associated
with
the
salsa
interface
on
the
equals
a
bridge
when
the
average
receives
data
packet.
It
learns
the
mecha
race
associated
with
synchronous,
operation,
nickname
and
do
a
little
one.
The
traffic
arrives
are
the
metrannans.
The
mecha
increase
timer
will
be
refreshed.
D
If
we
use
in
studying
for
equals,
I,
Bridget
and
mecha
learning
the
Azadi
hands
of
is
drama
class
physical
mechanism,
why
humans,
the
average
and
no
mental
owns
with
the
sauce
maker
or
twice
it
will
notify,
or
you
can
see
a
bridge
to
to
delay
to
the
mac
address
the
yeah.
It
relies
on
the
s.a.t
control
plan,
mcafee
strong
mechanism
to
delete
equals
averages
macroplex
on
for
our
layer
to
registration
protocols.
D
D
D
D
Okay,
this
is
a
proposal
specify
an
average
channel
protocol
message
to
flash
my
rests
at
that
level
and
averaging
nickname
to
post
and
have
been
done
from
the
data
plan,
because
if
the
US
average
relies
on
pet
applying
for
Mac
learning
continued
no
mac
address,
it
can
only
realize
all
the
time
of
etching
out
pennies
to
delay
its
own
Meg
yeah.
The
timer
may
be
very
long
young
many
commercial
land
switches
that
the
photo
time
is
the
family
needs.
During
the
five
minutes,
the
traffic
palanca
ho
may
be
formed
yeah.
So
we
have
to
we.
D
D
D
Metaphysical
message,
I
with
some
forms,
the
it
can
be,
a
single
entry
of
the
ether
can
be
used
to
notify
the
mac
address
with
tal
for
our
single,
my
country,
all
can
be
the
make
of
the
macro.
Flash
message
can
be
for
a
better
level
all
can
be
for
set
of
data
level
yeah.
That
means,
if
we
want
to
flash
only
one
micro
dress.
All
you
guys
are
averages.
D
We
can
use
a
foster
message
for
actually
only
as
a
week.
The
message
specifies
only
one
mac
address
for
withdrawal
in
forgiving
to
withdraw
all
mac
addresses
you
know
VLAN
or
on
finding
Colin
label
the
macro
visible.
The
flash
message
should
include
should
specify
the
data
level.
If
we
went
to
a
patchy
flash,
a
set
of
potato
levels,
all
the
MAC
addresses
in
these
data
levels,
we
should
specify
the
set
of
data
levels
in
this
message.
D
B
D
B
D
D
D
Because,
currently,
if
we
use,
if
it
is
that
he
is
deployed
yeah,
there
are
this
message:
it
doesn't
need
you
yeah,
because
the
Asadi
can
withdrawal
can
send
visual
message
to
the
to
the
aging
whole
entire
truth
networks.
Yeah,
the
message
is
menu
for
a
better
plan.
Mokelumne
yeah,
yes,
I
T-
will
not
used
in
this
case.
D
D
B
B
D
We
extend
in
study
for
the
make
a
flash
function.
The
mcflurry
function
will
be
very
high
way
yeah
because
we
only
use
the
a
very
simple
message
for
our
younger
separated
to
notify
equals
average
to
flash
a
single
Meg
or
settle
for
mex
or
Olmec
sing,
single
data
level
or
Oh
max
in
a
set
of
debt
levels.
Yeah
looks
the
notification
mechanism
is
very
simple.
If
we,
if
we
have
to
deploy
asadi
holy
study,
components
for
the
macro
flash
function,
either
will
be
too
heavy.