IETF Logo Mail Archive

Re: [bess] Benoit Claise's Discuss on draft-ietf-bess-mvpn-extranet-04: (with DISCUSS and COMMENT)

Eric C Rosen <erosen@juniper.net> Tue, 22 December 2015 14:53 UTC

Return-Path: <erosen@juniper.net>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C3A41A079D; Tue, 22 Dec 2015 06:53:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.502
X-Spam-Level:
X-Spam-Status: No, score=-0.502 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cOU5Fm26Kbz1; Tue, 22 Dec 2015 06:53:14 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0720.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:720]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 141E71A066C; Tue, 22 Dec 2015 06:53:13 -0800 (PST)
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=erosen@juniper.net;
Received: from [172.29.33.26] (66.129.241.10) by BY2PR0501MB2006.namprd05.prod.outlook.com (10.163.197.17) with Microsoft SMTP Server (TLS) id 15.1.361.13; Tue, 22 Dec 2015 14:52:50 +0000
To: Benoit Claise <bclaise@cisco.com>, The IESG <iesg@ietf.org>
References: <20151217133049.1038.44405.idtracker@ietfa.amsl.com>
From: Eric C Rosen <erosen@juniper.net>
Message-ID: <567963BD.5040706@juniper.net>
Date: Tue, 22 Dec 2015 09:52:45 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <20151217133049.1038.44405.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Originating-IP: [66.129.241.10]
X-ClientProxiedBy: CY1PR17CA0003.namprd17.prod.outlook.com (25.163.68.13) To BY2PR0501MB2006.namprd05.prod.outlook.com (25.163.197.17)
X-Microsoft-Exchange-Diagnostics: 1; BY2PR0501MB2006; 2:bbvPtEbVyzbRRMDCz9XjSZ0YOmuug6ijw6nRus/swrq3/GeLJAECix6I1DjWWFjTBGNq7jdxy7rwuZ/eYV8u2cqimqM4OYf7LrfZbnGp5xfNNa3lQV+woYWO+G18980JvQyuIe5djMMSKqunVabaig==; 3:bOH/72iJkXfPXMsc1OeA3wF+U0T1n39fMhNZ2K2wUnHFEyac57DVs4o+7BpxdM8BR8RiH6QL3JFnCJMuUG9AGCGi//IfLId4Gxr5zjfZbTGIJzWX2X45H3md1VA8J/mO; 25:Nje/u0ansRjsaql4BpS7ZEOW8R14GaFioxwS51RI3+YbFEREQ83dudYwAnV0ScRlX/XyhYxKfUdLNBW32LT47FGL3Xr3eiixf0alEm40tbonZX5fVDU0dA8jj9G65rC+ICpVfd8+vpDTuOpss2aAz0RA9gMfHWaKWHwdksNInFrDWdFZERVIc8deunxX1Bdt9vA6fT3FRsf7A+50EjdHvrAP8MIyfbqAPpuPBqHKsdyRrhEYtvfmNT9xxw0lULpm
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR0501MB2006;
X-Microsoft-Exchange-Diagnostics: 1; BY2PR0501MB2006; 20:3/MVKxar9m95FClTBZBkPvb4/O6SWNj33rbChj0kky6Iw7orjzYwgoeAprPZk+VdTxLYkymJdng59/W6h+0c/goyGOlWkqkHeC4WTLhi3W4VRBKO37QwFyQ78FcrpGzwVXGX0r6zJDCtXiQflTfLjJEAZEqtbSjFCXFwpI5+aeXteJ57p9DwuwB5Lam5pipB9XusBjXjpQ6HoQamvFUnZPW3Jn7bOcsi4EnnN82ByJAZwWTfkYOAJqPiNbO+dssNXsRBmBXBFWE+hi8BAcOQSmuIqGL8fwFtEb6PBwJiwfTkpPp5CWmfmYtj/IJzdsB+iPPZm8iSfc9HYP8BeQHo7K0Xgb6NupN7c8MtWtJ0UfCdCb0IMrSoQ5MaoU01Mjg+8Nbi6l6vAK0Ww5svb1B4IxZtEiRfBWWSxL72SCQgReFEO0VItomIrF+5hGeiloBBiDPlzPG6aVcFZJ3Srlnxz+UKKadXMH9aU6gldp0Tjrk+q9KUSunrNvIUd3tMS3Lh; 4:4hzw2l/F4q9b2bUSei+vKrzz3TDOTA8/Wy63FQSSbzy8e2hguByCgbzmA3RzbwJ7PgC4yQRnmiagjymA+GaOhxv6G6n74mtBs1pKZsog0ty/KLP6cmwsPEuX7hHdvGMpvF4Y1MX8KywFq1qevJosx/t8J4o80wbxgqlk58uwVF1PowNf4hwPMNn6UyHnwGUOg7lZFXsQO+MN6qqddomb+VuqoaU77f0RprR0z/2U2otYQAH8cDJxQ0M4hwTwirlO+BTQUftKS6XZgEVr5q8woLAB0kqFc95Fa1J9x90RzyawJaZsV1Cd6JJiMvx64+uxT/SALK8QcjAqHqfNlnnajFZbu+6ILbmUJs0+1vho1rFjd9CTEC+4xi2TS90CTDH0
X-Microsoft-Antispam-PRVS: <BY2PR0501MB2006FC9E8C7658C70361A1A8D4E50@BY2PR0501MB2006.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(520078)(5005006)(3002001)(10201501046); SRVR:BY2PR0501MB2006; BCL:0; PCL:0; RULEID:; SRVR:BY2PR0501MB2006;
X-Forefront-PRVS: 0798146F16
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6009001)(6049001)(479174004)(199003)(189002)(52044002)(24454002)(377454003)(15975445007)(81156007)(19580395003)(40100003)(5001770100001)(65806001)(189998001)(76176999)(33656002)(86362001)(47776003)(36756003)(122386002)(101416001)(80316001)(87266999)(83506001)(4001350100001)(1096002)(65956001)(5001960100002)(87976001)(23676002)(99136001)(5004730100002)(92566002)(586003)(66066001)(97736004)(59896002)(2950100001)(230783001)(54356999)(42186005)(106356001)(105586002)(6116002)(5008740100001)(50466002)(65816999)(77096005)(50986999)(64126003)(3846002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR0501MB2006; H:[172.29.33.26]; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Received-SPF: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1;BY2PR0501MB2006;23:BhB3tomxik+VNP3PO7mAyoWel25EIAhkQXLJklgazo8wJsMfLRDCvrZqu/Zxd43hp7ylp7R3KvjW+LlqJeMRfbVyg7Ip23qxj7csVexjOmXVUtievTGwNZH+Mw9fFdh5lxC6yhWp9DuT40Lu7C5ttdqqwNFUG8x1v4aNUedAO0yuStiPf3VlEkVxPIjRT/EnkpazbXHGrX+iUFn6bm40j+7YEITwDCmmv7tmCIUNDvvdmOEYgRvQ23Xlp+kqSQ6MTcZcQskwNLGuEkto+XQvBgRmSxAKn4k3bCJMh2FVegIex/9a98n2sO403mWmsW2MGBEbA7TaVBMsDafIIcsGXpN1Y3Vju2C8RjCX9/b3TJRgpauMzhWFnqbKsqbTXtJZjaO2cpkvrMoeFZnpaxrPMKLQpwkHU3kGxaVby+6WwDcgH89Qzi2g94yv0E3gRN2xszhEBKLmHsJbLkZQXcy/RugRJP7wXGZ6lQ9Aevk6ymUHlIFb+EACV49QEi8taTv8HC8yqOl27VNjef4cifXqCv7EyPx1bkLp2fS+PglJMMbkNXOAGmAUFTbKmXNxfhmUiIJizbay1BGtHAFGqBGHt7OfWqDcOfrO91uCnWPLiagJe22JZZBK0fyAtzs6FtxVq0YQt55pgbDQ+fUwHlVoctyDlLdmBFm80cvZZqI6/rkAGgZkRqNx/UvmFOhtYrs3zWMnvAMa5ZISWBSdTc96rM3WuNuCrS5KlZpcyWYa+4ufyU8LkbekIx378W8I+xMiirT5404vbCQammvX0g6wKYSfHBDUXWNwvizuKV7aMAFr9zls7kFmfjETS0RzoZM1EmHSGywHQWD+RJYbxg8g6B2WO2eXJ3jBTmForXZ3jLVIBXdFw5KYy2B8ufrX60VYzfH7R9f0xSO41Tl97c6quDzCDfuDwTj1qAcMI6y5tNxXZHysPIn/ogz8+c4Gknp15hmC50iSJ9bWYMMtJRecgW3SQuAIN/zkWESqfTS/VeCCJIRsi75ET05UAzgRiCn6jrc+i1SJOwavPpREtsFsUS1OFAEodCKzAMCvimug2zCzbxsI8+nS6UV+C+Hic4tWcNUaDUbh0C+2WWFrivoN2cUr29MXAzNrDIwiwFcIJqIEPSLXX9jWOuAceBmOVFxMLwiwV43FawneO2YT2gO3XZ4WfqvlSlRL343qIFSIwUC7ioYvysPrvnSkYnuyVV7t0MGuIo7bpkQ8Oi9QNWmMwyEavPf/ynGUZxMBsDErtvnI22vxImLyh5L9D04b7yn2YifDmbldwdbb5RdzrmH1UnkU18PNTNYvFdgRMIBz+I4ixWw3+XLofm0dYxkrO4/N
X-Microsoft-Exchange-Diagnostics: 1; BY2PR0501MB2006; 5:J8uu7G0HOSR5s7XaIoFFF9YMMonPDyeb6GA34/h3yZQx+spPBuyE9jpSidmlKGEsPgH7X+L3Finc19b3TadNdGcnCgsWKb6CdsYRh7+QG19piSQ58WYDsveVZL7r1CJWlogsNYXN6RRZtkVV19f+Bg==; 24:hJfvvg7WxYnewiVAsTW6DTFyIYuo/I2OJ9u4iujBxzrQKm7x34lXMUT/60jPyMnPPAtVHKUjnnML6K3dfggiipDGHCNEKcQfGD4EBKr5XxE=
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Dec 2015 14:52:50.5973 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR0501MB2006
Archived-At: <http://mailarchive.ietf.org/arch/msg/bess/0uIBVrgDqqUb0MEBrwIz-xIllVQ>
Cc: draft-ietf-bess-mvpn-extranet@ietf.org, shares@ndzh.com, aretana@cisco.com, bess-chairs@ietf.org, martin.vigoureux@alcatel-lucent.com, bess@ietf.org
Subject: Re: [bess] Benoit Claise's Discuss on draft-ietf-bess-mvpn-extranet-04: (with DISCUSS and COMMENT)
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Dec 2015 14:53:18 -0000

Draft-ietf-bess-mvpn-extranet-05 has been posted.

This revision contains some edits to the sections on the Extended 
Communities, and some other editorial changes, stemming from the ops-dir 
review.

I did not follow the suggestion of the ops-dir review to add an 
"Operator Tips and Tricks" section, as that would be outside the scope 
of the document, and there is no IETF requirement to include such a section.

On 12/17/2015 8:30 AM, Benoit Claise wrote:
> Benoit Claise has entered the following ballot position for
> draft-ietf-bess-mvpn-extranet-04: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-bess-mvpn-extranet/
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
> As mentioned in Sue Hares' OPS DIR, 3 major concerns. The last one is
> actually for the security ADs.
>
> Status: Not ready,  three major concerns and two editorial nits:
>
> Major concerns:
>
> 1)      Specification of the Extranet Source Extended Community and Extra
> Source extended Community
>
> Please provide the type of detail as show in RFC 4360 sections 3.1, 3.2,
> and 3.3.
>
> 2)      Why is there no Deployment considerations section?
>
> The whole draft is a set of rules for handling policy, BGP A-D routes,
> tunnel set-up, and PIM Join/leaves in the case of an intra net.  Unless
> these rules are followed exactly, traffic may flow into a VPN it is not
> suppose to.
>
> If the customer and the SP must coordinate on setting up filters, the
> procedure is outside the document.
>
> An error in any of these set-ups is considered a “security violation”.
>
> Milo Medin stated “with enough trust” a rock can fly to the moon.
> However, the NASA flights were fragile and risky.  In the journey to the
> moon, there was no other choice.  Instrumentation has 4-5 backups.
>
> In this set-up, one has to ask “is there another choice” to this whole
> design that seem fragile addition of extranets to an intra-AS multicast
> design.  If the design is not fragile, then there should be a deployment
> section indicating how to manage the RTs, RDs, and policy set-up.
> Perhaps experience with the Intra-As has shown deployment tips that would
> make this less fragile.  If so,  it would be good to include an
> operations consideration section.
>
> If a new class of tools provides monitoring or provisioning, mentioning
> these would be useful.  If yang modules are being developed, that would
> be useful.
>
> Places that indicate issues with violated constraint:
>
> p. 11, 12, 19 (2.3.2 – a priori knowledge, inability to detect), , p. 25
> last paragraph (violation of constraints will cause things to not work.
> However, only policy can control), p. 27 4.2.2 (1st paragraph, Route
> Reflector must not change), p. 31 (5.1, first paragraph),
>
> 3)      Is security section really a security section? It seems more like
> “do this policy” or this will fail.  It should get a stronger review from
> the security directorate
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Editorial suggestions:
>
>   
>
> Summary: In general the authors provide dense English text to describe
> this rules.   In general the English text contains valid complex
> sentences.  However, a few things should be suggested:
>
>   
>
> 1)      PTA – define it in a definition section or spell out the
> abbreviation
>
> 2)      Phrases like  “the RT RT-R” become overly dense.  Use “Route
> Target RT-R”.
>
> 3)      Breaking up section 6.2.1 – with subjection and subtitles would
> make it more readable,
>
> 4)      P. 36 second paragraph.  The reason for the “MUST” in 1st full
> paragraph is a bit vague.  It seems logical, but the reasoning is just
> vague in the text.
>
> 5)      paragraph 2 in page 47 (section 7.3.1) is awkward, please reword.
>
>
> 6)      Paragraph 5 in page 47 (section 7.3.1) – does not explain why the
> condition should hold.  The authors have done this in eac other case, so
> it seems inconsistent.
>
> 7)      Page 53 – section 7.4.5 paragraph 3  “VRF route Import EC” –
> please spell out first usage and give abbreviation (VRF Route Import
> Extended Community (EC).
>
>

v2.23.0 | Report a Bug | By Email