Re: [bess] Alvaro Retana's No Objection on draft-ietf-bess-evpn-proxy-arp-nd-11: (with COMMENT)
"Rabadan, Jorge (Nokia - US/Mountain View)" <jorge.rabadan@nokia.com> Mon, 08 March 2021 19:49 UTC
Return-Path: <jorge.rabadan@nokia.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0ABCD3A1613; Mon, 8 Mar 2021 11:49:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.148
X-Spam-Level:
X-Spam-Status: No, score=-2.148 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.248, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K3QEwOqIzKmc; Mon, 8 Mar 2021 11:49:17 -0800 (PST)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2138.outbound.protection.outlook.com [40.107.223.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FB973A160C; Mon, 8 Mar 2021 11:49:13 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NGAIWitd1Tyvyys8+zBW1EjxLvalvSQZZiiLjHmgJV1CW+elDV83/mRH6/77RUOV+k5EBDXZKywp6LyzQsFkx7JoDWbik0Oh6jNOChqvuodeRQ0FMQ/agpV2psbraoDOP5SCtfslk1rHpS2PMsLO3ddv3gBiaMPvMJ8Bg75wrHNsuzEpeRvniMU0yCzij7OKcHXw3qU3Vw5xJRGmBby41nH0uOoTBA1iIZgzFtFXca0m9IcvNoo4Sh5v5TTPFxreBp0rm8W6vlO4S8Y06DvY3BqaaHOWwYMyo8zfUPq6K4jUuNeq/ICDklVvKtepNRlXa1vAiaPIaLoChKh1DxdjwA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3I0ap/gFYko7AD7jSSlJK9giQ3lXQc9mLQ076dvFSN8=; b=ffglfiVSf2Ji8MolrKGKR6BuLENUZtrTRbCNUCKxwH3WSGd2MKOh9qXH/6nGt8QJIQ8s+VzodWoqWlMTRf08aLNLo8DU7pSVz5mr3tAC9pkxzIOhkPEd/vlj1jGoYfoO1E7VEFEGTSQnyYFEYiXKz2JA2rgDjm1tdIkI7JLEwxLlp2n+7t2gcRpDF+nFANcOoLEL3L/Ge7LsahVlZzXU+eaR2Kywc/rsK1XXX0e6uWig+EpP7MHgDmRnsz2VTN4MWYiol+VhnSpBeQb3jZwq0/jg8gytTAUAG04p2s/jSjrI9TM90oK/nziWhrbjz5stfyGq4Pj1gpClzzYVtz/g2A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3I0ap/gFYko7AD7jSSlJK9giQ3lXQc9mLQ076dvFSN8=; b=qSO9fAh2MfVkbpRSuR9TV5Ng8Dj+wEeBuoM504Z9auBCpIh/hibqqY9n0DoPNrNYDW6RSHmB3in29GHT6euFppaiOI6TXGI+1bR6Wd7g3dQMeCqX42E6+zYwEIMqXF7hB1WthqyKdmY4EVxG8iq9N7CWvPFkC8MuqDczMJLXOOg=
Received: from MWHPR08MB3520.namprd08.prod.outlook.com (2603:10b6:301:61::15) by MWHPR08MB3518.namprd08.prod.outlook.com (2603:10b6:301:6b::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.19; Mon, 8 Mar 2021 19:49:10 +0000
Received: from MWHPR08MB3520.namprd08.prod.outlook.com ([fe80::3df6:7840:7369:73a6]) by MWHPR08MB3520.namprd08.prod.outlook.com ([fe80::3df6:7840:7369:73a6%6]) with mapi id 15.20.3912.027; Mon, 8 Mar 2021 19:49:10 +0000
From: "Rabadan, Jorge (Nokia - US/Mountain View)" <jorge.rabadan@nokia.com>
To: Alvaro Retana <aretana.ietf@gmail.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-bess-evpn-proxy-arp-nd@ietf.org" <draft-ietf-bess-evpn-proxy-arp-nd@ietf.org>, "bess-chairs@ietf.org" <bess-chairs@ietf.org>, "bess@ietf.org" <bess@ietf.org>, "Bocci, Matthew (Nokia - GB)" <matthew.bocci@nokia.com>
Thread-Topic: Alvaro Retana's No Objection on draft-ietf-bess-evpn-proxy-arp-nd-11: (with COMMENT)
Thread-Index: AQHW7eIDhYeeQlyVuU+lGFyufe2ewao6GjHf
Date: Mon, 08 Mar 2021 19:49:10 +0000
Message-ID: <MWHPR08MB3520873607AF2E4EA5DCFD64F7BC9@MWHPR08MB3520.namprd08.prod.outlook.com>
References: <161100573942.32023.1055981922796356833@ietfa.amsl.com>
In-Reply-To: <161100573942.32023.1055981922796356833@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=nokia.com;
x-originating-ip: [80.31.183.184]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 54525a10-7c47-4bc4-7fe7-08d8e26b3e32
x-ms-traffictypediagnostic: MWHPR08MB3518:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MWHPR08MB35189429A23F96BA1522B436F7939@MWHPR08MB3518.namprd08.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: m/rHd+JR2/sUFPwA+QpUK5n4qXIfmq8vbqzAv4CIgaRf0Lk4U8hmUM3NcK6ZyOd93WoLPttwRVxDeiQDLVykZ8dtnzrv/YCMlY828/Jpdyu6pCR+3tm8f6RfO0hEU/p/5EAlxUEKE6S8Nh3ArrFqjDC3v4Kbp6kkMkNT18Atg0P422tUX/wj/LgALw7zP4w86/vV8KD+Z9hEI37vmtUobbGcHuSsQXCp8znAoINddoH+G3XmvzpuKjI/fFzG8kxIInwJfMO+HJJSpR7Rol3Zzkru3LSH7Lcu1rdqDqWY6dMQrUZYhAKMcMnuLpZ7ZpvO+DWmMDa2TTbA2FSixGLe3fcWshVV9nsWc1ZhL+v2OR1ElPVRDHGUK17WnkqjSo4sW+oMpZ/d6Z8gxOtpePa5ZPMbEbXSJ+xaoTw1SezILGZC83UTAHN0p67iJ6B5er74nNCqo/15shEbEOwYQHxuXjk4w8RO2GPtI9BOjKt1PmrA8ss4v68WU/Jc4d7jvUVKpRw9GrWVmgCryY5EheCpeJKut0VgFBTpAxoaGZ1xGGzNDk+uSxg+Z+/Kc/T0hTG+xDWlvv12qI4iu/iZHt0fdG1nsLkye8AfauewU+sgC54=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR08MB3520.namprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(396003)(136003)(366004)(39860400002)(376002)(110136005)(316002)(7696005)(53546011)(66574015)(966005)(478600001)(55016002)(8936002)(6506007)(186003)(54906003)(2906002)(83380400001)(33656002)(9326002)(26005)(71200400001)(91956017)(66946007)(66446008)(8676002)(76116006)(9686003)(66476007)(64756008)(66556008)(86362001)(5660300002)(107886003)(52536014)(4326008); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: NVdHUVMBU8c3YjYhYZMXcgfEYfDGVJnh1t1sO6G8dvuAlRLdhGpmOyN29EpNPD8IaSgyZdc+Ex+3nnddbzQyTZGneW9miLKAxgYq6U4kGLtF+LuEfFu0JU1WB0KIeYogNTpcrHXmmQIGoRvrai1npVULi9ifhldejCpT9PNzBrSfUPAKr5AkXWmKN2CM4/1zuVngJ0DkYMDouQEu/+7KUbf79WkCYve9V5+h4VUDAycnsRHoZAYUjGNpTJLfIMmqS9m9gGdiALh2TyeYAaTMRVaD0Q8ntYHsyAxQYQx1leV9LEf+OlYuDB/mYlypk9cbt4wwP0lMGM/UPSAz1wrTl5uYrFgXYSbSKHQUEOg3c313Ws6SvfzvdYDybiFeH/3RKjlumX2nTDLBnuwL91jcZg/hJbjh9LkKWPsR86ppAbQ2x42vwrcbj6zNAyVca/LyZ4NjdKOJdbwXqH0FWugqZkuT4FpRS/nqTb0PslIoeJrPg4zMed5Xvz71trHyS9vs0Bi3V47U+H8gYm0g5jvnSLzOohqRs2wzXAmdvXteXdnffVPdhlQuUvVzJCThcmYirO34s+ZOcEDTbEQEJ7gICLXe9m8hLP+2rXN7bAHVix36jXEqPkLMUXbkAcna2vxGEv9v/4ue0bAXmZA6ydVmXMFAJe48GaE2wJb+ceodWJxN+NFRl9nxQ/TAdr7EVYLiHD8oSBcvaDcOTfVYvUNMsQGsomW9RFPWlVcSJP9BlRU5iCf2xo5RmfMbOm5Mb2Dt5VkP102uUG9Nj38D7OmhkGuxD2zpS6gR+gq4M/NGZxxEGRVN3b3/oooBOKYmH/zL0GFf0X9n/HCI/LH+Hg8puMV97AiXP897PNMTPRGF6F7ap58MJxl5hOQa3/QHTsnpdTtKUTcnk2C4AdntBjsVjWKNTsNpnFoWcJ/dXAlMcPbaO6DVHdzpNjpyh+aUilwApUDRSfRs7uIm7sCqyxk07RBhfPCLzTShv2Lq5qpLqMvIX/zNMGkCeeUE9MlOfi815ZjOxAAjA4i2cfwgyZa82nb4RlZmvXTgw85b04hMmR6yusyRlwglW8xOV6YvyPxqipEpulrPaWhwCX+50T3l1RwCIVYZltDIUHfgvaPA4J2qvdStBJ4WTdXmDf3N17quY3eJMq8gkvQP1lLEJSl/0FEUuS3OtWyRMKsZunIJfNb50wODc4ErhH5u+qnZ/Ym8iUcKFB371lHr3XuuH/CEpl8ZUsyghgR+bzjE4dN/jey/hIEqvzcT+KJEhpajdaXw1RplGkTa3bIxUI5QBbZ/JtL7s/ySH3S8NKBVnJ22B80IRVdCwe6YfTW952kxZhmnJ8W70ZeXJ24nnXwRw9R25g==
Content-Type: multipart/alternative; boundary="_000_MWHPR08MB3520873607AF2E4EA5DCFD64F7BC9MWHPR08MB3520namp_"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MWHPR08MB3520.namprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 54525a10-7c47-4bc4-7fe7-08d8e26b3e32
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Mar 2021 19:49:10.5100 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: NFQMqYcxfYneXzuZCvLFlxSUlsbQCiyV1XQD23q+M36PeB/RvG4bW67bboAxCD/Gg1w0bhTr0OZznrRvzEDL8g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR08MB3518
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/Mp6wp5iKjFHUEsW3L4WmWD8G_IA>
Subject: Re: [bess] Alvaro Retana's No Objection on draft-ietf-bess-evpn-proxy-arp-nd-11: (with COMMENT)
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2021 19:49:20 -0000
Hi Alvaro, Thank you very much for reviewing! Will incorporate the changes in the next revision. Please see in-line with [jorge]. Jorge -------------------------------------------------------------------------------------------------------------------- From: Alvaro Retana via Datatracker <noreply@ietf.org> Date: Monday, January 18, 2021 at 10:36 PM To: The IESG <iesg@ietf.org> Cc: draft-ietf-bess-evpn-proxy-arp-nd@ietf.org <draft-ietf-bess-evpn-proxy-arp-nd@ietf.org>, bess-chairs@ietf.org <bess-chairs@ietf.org>, bess@ietf.org <bess@ietf.org>, Bocci, Matthew (Nokia - GB) <matthew.bocci@nokia.com> Subject: Alvaro Retana's No Objection on draft-ietf-bess-evpn-proxy-arp-nd-11: (with COMMENT) Alvaro Retana has entered the following ballot position for draft-ietf-bess-evpn-proxy-arp-nd-11: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-bess-evpn-proxy-arp-nd/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- As mentioned in the Introduction: This document describes the Proxy-ARP/ND function in [RFC7432] networks, augmented by the capability of the ARP/ND Extended Community [I-D.ietf-bess-evpn-na-flags]. From that perspective this document updates [RFC7432]. Even with this statement, the purpose of this document and the relationship between it, rfc7432 and I-D.ietf-bess-evpn-na-flags is not completely clear to me. I would like to understand the following: - Why isn't this description included in I-D.ietf-bess-evpn-na-flags if the functionality is introduced there? [jorge] The extended community is introduced in [I-D.ietf-bess-evpn-na-flags], but the use of the extended community is not limited to RFC7432’s proxy-arp/nd in the mentioned document, but it can be used for any ARP/ND function, including ARP/ND resolution in IRB interfaces. draft-ietf-bess-evpn-proxy-arp-nd focuses purely on the proxy-arp/nd aspects of RFC7432 networks. - This document formally Updates rfc7432, but I-D.ietf-bess-evpn-na-flags didn't. How can the description of the function Update rfc7432 if the functionality doesn't? What exactly is the update to rfc7432? [jorge] RFC7432 talks about this proxy-arp/nd capability in section 10, but as you can see, leaves many aspects to the implementation. draft-ietf-bess-evpn-proxy-arp-nd details all those aspects. This document was initially considered an informational draft, but after discussing with Martin we changed it to Standards track, since we thought RFC7432 should have provided this level of details in the first place. - The WG developed this document alongside I-D.ietf-bess-evpn-na-flags, but it is not referenced from there. Why? [jorge] I-D.ietf-bess-evpn-proxy-arp-nd makes use of I-D.ietf-bess-evpn-na-flags, but the other way around is not necessarily true. We can add it as informational reference if you think it is needed. Besides those high-level questions, I have a set of comments that are mostly related to the normative language used. I would like to see these issues addressed before publication. (1) §3.1 recommends this: The provisioned static IP->MAC entry SHOULD be advertised in EVPN with an ARP/ND Extended Community where the Immutable ARP/ND Binding Flag flag (I) is set to 1, as per [I-D.ietf-bess-evpn-na-flags]. ...but I-D.ietf-bess-evpn-na-flags requires the behavior, from §3.1: o If an IP->MAC pair is static (it has been configured) the corresponding MAC/IP Advertisement route MUST be sent along with an ARP/ND Extended Community with the I Flag set. [jorge] ok, changed to MUST. (2) §3.1: "An entry MAY associate a configured static IP to a list of potential MACs, i.e. IP1->(MAC1,MAC2..MACN)." s/MAY/may This is not a normative statement, but just a fact. [jorge] that’s right, changed. (3) The phrase "MUST/SHOULD be learned" is used several times, but the normative action doesn't seem to apply to learning, but to what is required to learn. For example, from §3.1: a. Proxy-ARP dynamic entries: They SHOULD be learned by snooping any ARP packet (Ethertype 0x0806) received from the CEs attached to the BD. A better wording would be something like: "The PE SHOULD snoop all ARP packets received from the CEs in order to learn dynamic entries." The normative action is clear: snoop! Please review/update other places where this phrase is used. [jorge] ok, I changed the occurrences in section 3.1. (4) §3.1: "They SHOULD be learned by snooping any ARP packet..." Why is this action only recommended? When would a PE not snoop the ARP packets? IOW, why is MUST not used? Note that neither rfc7432/I-D.ietf-bess-evpn-na-flags use Normative language then talking about snooping. [jorge] ok, changed to MUST (5) §3.1: "They SHOULD be learned out of the Target Address and TLLA information in NA messages (Ethertype 0x86DD, ICMPv6 type 136) received from the CEs attached to the BD." Same questions... [jorge] ok, changed to MUST (6) §3.1: "A Proxy-ND implementation SHOULD NOT learn IP->MAC entries from NS messages, since they don't contain the R Flag required by the Proxy-ND reply function." If the R flag is required, when is it ok to learn from NS messages? IOW, why is this action not a requirement? [jorge] ok, changed to MUST (7) §3.1.1: "the node MUST remove that router from the Default Router List...as specified in [RFC4861] section 7.3.3." This is in fact already specified in rfc4861, there's no need to specify it here again. s/MUST/must [jorge] changed, thanks. (8) §3.1.1: "Static entries SHOULD have the R Flag information added by the management interface. The O Flag information MAY also be added by the management interface." It sounds as if the action here is to add the flag, right? Perhaps: "The R Flag information SHOULD be added...for static entries. ..." [jorge] ok, changed When is it ok to not configure the flags? Why is the configuration not required? The text in I-D.ietf-bess-evpn-na-flags seems to assume that it is a requirement (but no normative language is used there): "R and O Flag values...are...configured in case of static entries." (§3.1) What if the value is not configured, what is the default? [jorge] changed the default to 1. (9) §3.2: a. When replying to ARP Request or NS messages, the PE SHOULD use the Proxy-ARP/ND entry MAC address as MAC SA. This is RECOMMENDED so that the resolved MAC can be learned in the MAC FIB of potential layer-2 switches sitting between the PE and the CE requesting the Address Resolution. It seems to me that the use as MAC SA should be required and not just recommended "so that the resolved MAC can be learned in...layer-2 switches". Why is that not the case? [jorge] the PE may choose to use its own MAC as the MAC SA, and that is okay if there are no layer-2 switches between the PE and the host. Even if there is a layer-2 switch, the host still resolves the ARP/Neighbor. This is a recommendation to avoid unnecessary flooding, but not a requirement. (10) §3.2: "A PE SHOULD NOT reply to ARP probes received from the CEs." When is it ok for the PE to reply? IOW, why is the behavior recommended and not required? [jorge] an ARP probe is destined to end hosts/CEs. I changed it to MUST NOT. (11) §3.2: "A PE SHOULD only reply to ARP-Request and NS messages with the format specified in [RFC0826] and [RFC4861] respectively." When is it ok to reply using a different format, and what format would that be? [jorge] good point, changed to MUST (12) §3.3: "The operator SHOULD be able to activate this option with one of the following parameters..." For the operator to be able to do anything, the implementation has to support the functionality. It might be better to recommend the implementation... [jorge] added: “The implementation of a 'unicast-forward' function is RECOMMENDED” (13) §5.1: "Existing mitigation solutions, such as the ARP-Sponge daemon [ARP-Sponge] MAY also be used in this scenario." This seems to just be an example: s/MAY/may [jorge] that’s correct, I changed it. (14) §6: "IXPs MUST still employ additional security mechanisms that protect the peering network..." Which are the required mechanisms? [jorge] I changed this to: “IXPs must still employ additional security mechanisms that protect the peering network as per the established BCPs such as…” (15) §6: "IXPs...SHOULD follow established BCPs such as the ones described in [Euro-IX-BCP]." When is it ok to not follow "established BCPs"? Seeing that you are normatively recommending something, please add specific mechanisms, not just an example. [jorge] I think the normative language is wrong here, so I changed it as per the above comment. BCPs for IXPs are out of the document’s scope. (16) The references to ARP-Sponge and Euro-IX-BCP don't include enough information to access the documents. Is there a stable link that can be included? [jorge] added, thanks.
- [bess] Alvaro Retana's No Objection on draft-ietf… Alvaro Retana via Datatracker
- Re: [bess] Alvaro Retana's No Objection on draft-… Rabadan, Jorge (Nokia - US/Mountain View)
- Re: [bess] Alvaro Retana's No Objection on draft-… Alvaro Retana