[bess] AD Review of draft-ietf-bess-evpn-prefix-advertisement-09
Alvaro Retana <aretana.ietf@gmail.com> Tue, 13 February 2018 18:09 UTC
Return-Path: <aretana.ietf@gmail.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E8DB124D68; Tue, 13 Feb 2018 10:09:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xWGpe4DAS_EC; Tue, 13 Feb 2018 10:09:21 -0800 (PST)
Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0A6C124205; Tue, 13 Feb 2018 10:09:20 -0800 (PST)
Received: by mail-oi0-x230.google.com with SMTP id t135so1875911oif.8; Tue, 13 Feb 2018 10:09:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:date:message-id:subject:to:cc; bh=ERthMeocZluyMKi8dcm5Kh+F0CUABPIOBLwaCSLtFy0=; b=sTdGQNG+qOY3JWPr0Bbr5r1vbOi6dLOQi3SFul81+UxHM1CptGkYYsBljgP+5DSeMd S+hUqf2I081+dR40gTWawZr1HAzyLVDzShbJuVw43VXmYgj6CEjAcStuvuInV5QkQUYO RAptrOiF1VRFzKp5Bm/9P2wNSsUfYZQKZm3KVoi+wP5/niJz9SY/wrPR3tgt5hs5IcyE TR2j/BRSyRyhEHXDlYNShFiTvimwpc1nLY670IaSq2/5j9FS03/Cj+vmGC3YrSZhu48v E+Yl3+5wlof1UvP5D1H4ct7gmI5vJI/Y/cUi/66X0k6JNcGDQChjGQ/2gwVk4dUKWB9j 6h7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:date:message-id:subject:to:cc; bh=ERthMeocZluyMKi8dcm5Kh+F0CUABPIOBLwaCSLtFy0=; b=TScCXI9wML8G5OMd0X+0hz0m/8CAJsT811XtLpAEYjRGiCL9GyAxaMCEPxCj/u5A/D PGz4ugULQaHlf41S7BM6dIQ9P5168wgbxBbqkgxbmxbbHXG5Rg7RHeSVC0m2OyZcpAx8 fWsuAioQ7R9PF720gECPmdWai4xWL/Xw2rALgvNR7KvGuM4sFZrrMzc1u7YPnFacG8wH SFK0je0mzgzr1nQOhOFdQ9fOn3jrTwTKaNRe7jQ1E/JGbmW6gJD2D8eIusIq7mGozBvi Ev7t9hYEAgUh3IwvBiJYgOpyet4l9c4Jeo+/QCp+C1rQ39I5YQcWQeYvkDwhR9M3cMD4 7vsg==
X-Gm-Message-State: APf1xPDZseqFXDxr2cmNUhWc2vFgABZ386IQlkTv5JOriUqYPgdLEmqX eUt4ejs908UtmS8PeTLKIF432xPjlAduTAMMef8=
X-Google-Smtp-Source: AH8x2272qD6x0j13Mt3QyVcC/4/Ozwr6521WrAj36M1hipDzQsFEJ7J54mAZlagooiYInB5xOcOgqnFbtyxwuOK5q+o=
X-Received: by 10.202.207.151 with SMTP id f145mr1486095oig.263.1518545359568; Tue, 13 Feb 2018 10:09:19 -0800 (PST)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Tue, 13 Feb 2018 10:09:18 -0800
From: Alvaro Retana <aretana.ietf@gmail.com>
X-Mailer: Airmail (467)
MIME-Version: 1.0
Date: Tue, 13 Feb 2018 10:09:18 -0800
Message-ID: <CAMMESsym4VZqXUPoR403o77s=LkfBWQhxPUg2DORgqJCu56UAQ@mail.gmail.com>
To: draft-ietf-bess-evpn-prefix-advertisement@ietf.org
Cc: bess-chairs@ietf.org, bess@ietf.org, "Jeffrey (Zhaohui) Zhang" <zzhang@juniper.net>
Content-Type: multipart/alternative; boundary="001a113b047cbb81af05651be4f3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/P-eHCTeqb87bh4nOVZAeyghfNpE>
Subject: [bess] AD Review of draft-ietf-bess-evpn-prefix-advertisement-09
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Feb 2018 18:09:24 -0000
Dear authors: I just finished reading this document. I am glad to finally get to process it -- thank you for the work! I do have a long list of comments (see below). Many of my major ones are related to the use of Normative Language and some other clarifications, including places where I think the technology might still be underspecified. Central to the technology specified in this document is the use of an Overlay Index. The use cases make clear the use, but there is no place where it is discussed what it is (except for "An Overlay Index is a next-hop that requires a recursive resolution...", which doesn't provide significant information) or how/when to use it (except for the use cases in Section 4). I think the readability would be improved if there was a section (or paragraph) that explicitly talked about the concept. Suggestion: put it somewhere in Section 2.1, *before* the name is introduced ("...associated to an Overlay Index that can be a VA IP address, a floating IP address, a MAC address or an ESI."). Thanks! Alvaro. Major: M1. Support for RT-5 M1.1. Section 3 says: The support for this new route type is OPTIONAL. Since this new route type is OPTIONAL, an implementation not supporting it MUST ignore the route, based on the unknown route type value, as specified by Section 5.4 in [RFC7606]. (1) I understand what you mean by "OPTIONAL" above -- from an IETF process point of view it means that you're not formally Updating rfc7432, so EVPN compliant implementations (according to rfc7432) may not support this new route. However, from the point of view of this specification, the support cannot be optional because otherwise then there would be no point in writing this document; IOW, if you want to use RT-5, then you MUST support it. (2) You cannot specify in this document what implementations not supporting this specification should do (much less use a MUST to describe that), because, by definition, those implementations don't know about this document. The text above just repeats what rfc7606 already says...so in reality you seem to be making a statement about backwards compatibility: nothing bad will happen if an implementation not supporting this specification receives the new route because of rfc7606. Suggestion: NEW> According to Section 5.4 in [RFC7606], a node that doesn't recognize the RT-5 will ignore it. Add something about backwards compatibility... [This change would also allow rfc7606 to become an Informative Reference.] M1.2. I do have a question. If the operation of the network, for instance in the case described in 2.2, depends on the RT-5, but a node ignores it (because it doesn't support it yet), what is the effect? I'm assuming that the result will be that none of the routes associated to vIP23 will be known, so no traffic will be sent to it (even if the ownership is known). That seems to mean that all nodes (NVEs) MUST support RT-5 for the system to work, right? (This relates back to the "OPTIONAL" nature in the text above.) Please include this operational consideration somewhere. M2. Section 3.1 (IP Prefix Route Encoding) M2.1. "RD, Ethernet Tag ID and MPLS Label fields will be used as defined in [RFC7432] and [EVPN-OVERLAY]." Both documents use those fields in different ways depending on the route type and the application -- you need to be more specific. Note also that a couple of bullets later there is a specification for the MPLS Label field. M2.1.1. Depending on the specifics, we may need EVPN-OVERLAY to be a Normative reference. M2.2. "The IP Prefix will be a 32 or 128-bit field (ipv4 or ipv6). The size of this field does not depend on the value of the IP Prefix Length field." Does that mean that the IP Prefix Length field can be set (for example) to a number > 32 while the IP Prefix and GW IP Address fields both contain IPv4 addresses? That doesn't make sense, but the text currently allows it! M2.3. BTW, there's nothing in the document that talks about what should be an error and what do to about them. An example is the case above...another one would be if the IP Prefix Length is set to anything > 128...etc. M2.4. [minor] I noticed that rfc7432 uses IP Address Length/IP Address instead of IP Prefix Length/IP Prefix...and that the setting and meaning are slightly different. For my own education, why the change? Having discrete values for the length, for example, seems cleaner and simpler than a range... M2.5. [minor] s/GW IP (Gateway IP Address)/GW (Gateway) IP Address field M2.6. [minor] The figure shows the lengths in octets, but the description talks about bits for the IP addresses. Please be consistent. M2.7. [minor] The figures in 3 and 3.1 don't have names. M3. Section 3.2 says that "an Overlay Index can be an ESI, IP address in the address space of the tenant or MAC address". How do I know which one? Table 1 provides an answer, but I think there are a couple of inconsistencies and contradictions...and several open questions: M3.1. From 3.2: The ESI and GW IP fields MAY both be zero, however they MUST NOT both be non-zero at the same time. A route containing a non-zero GW IP and a non-zero ESI (at the same time) will be treated as- withdraw. M3.1.1. [minor] s/treated as-withdraw/treat-as-withdraw ...and please add a reference to rfc7606 after "treat-as-withdraw".] M3.1.2. The "MAY" above is out of place because it just represents a fact, the Normative part is covered by the "MUST NOT". s/MAY/may M3.1.3. The text above (and the table) reflect that if the ESI or the GW IP are non-zero, then the other one must be 0. However, 3.1 says that the GW IP "SHOULD be zero if it is not used as an Overlay Index." The problem here is that if the GW IP is not used as an Overlay Index, then it may still be non-zero (because the SHOULD leaves that door open), and if the ESI is also non-zero (because it is the Overlay Index) then we should treat-as-withdraw. IOW, I think that the "SHOULD" should be a "MUST" -- or are there cases where the GW IP would be non-zero (if it is not the Overlay Index)? M3.2. Table 1 is missing the combination where ESI is Zero, GW-IP is Non-Zero and the MAC is Non-Zero. I would assume that the result is still GW-IP. If that is the case, then explicitly indicating it would be beneficial. Suggestion: "If either the ESI or GW-IP are non-zero, then one of them will be the Overlay Index, regardless of whether the EC is present or the value of the Label..." M3.3. The Notes for Table 1 mention a couple of examples of invalid MAC addresses, but it doesn't explain what a valid one is. I hope that draft-ietf-bess-evpn-inter-subnet-forwarding talks about that, but I couldn't find anything there right away. It would be ideal to put a reference, and (if not in the other draft) to remember to add it... M3.4. The only requirement for the ESI or GW-IP seems to be a non-zero value...but that is obviously not enough. I hope that rfc7432 contains something along the lines of a valid ESI and maybe even something about IP addresses in the EVPN context... Please reference that. M3.5. For the cases where both ESI and GW-IP are zero, the zero/zero MAC and Label combination is missing. Section 3.1 says that "If the received MPLS Label value is zero, the route MUST contain an Overlay Index...", but if the other 3 values are all zero, now what? Should a route in those conditions result also in treat-as-withdraw? M3.6. If the Router's MAC Extended Community is present, but the address is invalid, does that translate to zero or non-zero in the table? M3.7. The second Note on the Table says that "Overlay Index may be the RT-5's MAC address or None, depending on the local policy of the receiving NVE/PE", but a few paragraphs before (still in 3.2) the text says that "Overlay Index for a given IP Prefix is set by local policy at the NVE that originates an RT-5 for that IP Prefix". That results in a contradiction (or at least an incomplete specification of that case): is the policy set at the originator or the receiver? What if they conflict? M3.8. [minor] At the start of 3.2 it says that an "Overlay Index can be an ESI, IP address in the address space of the tenant or MAC address"...but towards the end of that section the text says that "The Overlay Index is None...different Overlay Indexes supported by RT-5 (GW IP, ESI, MAC or None)". It seems to me that the Overlay Index is not really "None", but that there is no Overlay Index in some cases...is that correct? Please clarify. M3.9. "Any other use-case using a given Overlay Index, SHOULD follow the procedures described in this document for the same Overlay Index." Why is "SHOULD" used? Are there use cases that are not applicable to this specification? If so, please mention them. If not, or if you don't know, then why keep the "SHOULD", or even make that statement at all? M4. From 3.2: "Irrespective of the recursive resolution, if there is no IGP or BGP route to the BGP next-hop of an RT-5, BGP SHOULD fail to install the RT-5 even if the Overlay Index can be resolved." Why is that a "SHOULD" and not a "MUST"? Are there cases for which the RT-5 would be installed? M5. Section 4 is introduced by saying that it "describes some use-cases". I take that to mean that it includes examples of how the technology specified in Section 3 is used. That seems to be correct, except that the use cases in the 4.4.* sections contain Normative Language. In general, please let the examples be examples and keep the Normative nature in the specification part of the document. Some specifics... M5.1. Both 4.4.1 and 4.4.2 end with: "An EVPN IP-VRF-to-IP-VRF implementation is REQUIRED to support the ingress and egress procedures described in this section." Not only does that sound obvious (otherwise this document wouldn't exist), but I don't know what the Normative requirement is beyond supporting RT-5 as described in this document. The text seems superfluous to me. M5.2. Section 4.4.3 ends with: "This model is OPTIONAL for an EVPN IP-VRF-to-IP-VRF implementation." The optional nature of any of the procedures should be reflected in Section 3. The text also seems superfluous to me. M5.3. Section 4.4.1 contains the following Normative text: o The second one is the Router's MAC Extended Community as per [EVPN-INTERSUBNET] containing the MAC address associated to the NVE advertising the route. This MAC address identifies the NVE/DGW and MAY be re-used for all the IP-VRFs in the NVE. The Router's MAC Extended Community MUST be sent if the route is associated to an Ethernet NVO tunnel, for instance, VXLAN. If the route is associated to an IP NVO tunnel, for instance VXLAN GPE with IP payload, the Router's MAC Extended Community SHOULD NOT be sent. Section 3.1 just says that RT-5 "MAY be sent along with a Router's MAC Extended Community" (and not "MUST" as it says above). However, I see nothing (related to the Normative Language) that this text specifies that is not already in, or contradicts, 3.*, is that true? If so, then you should be able to just use lower case for the rfc2119 keywords. M5.3.1. "GW IP= SHOULD be set to 0" s/SHOULD be set to 0/set to 0 M5.4. Section 4.4.2 also has Normative language: M5.4.1. In some cases (for example: "Label value SHOULD be zero..."), the Normative language seems to just indicate a fact, not a specification. Later again: "Label= SHOULD be set to 0." s/SHOULD/should M5.4.2. "The Router's MAC Extended Community SHOULD NOT be sent in this case." This is another example of a fact...going back to Table 1, (IIRC) it doesn't matter if the MAC EC is present... s/SHOULD NOT/should not M5.4.3. "This route-target MAY be the same as the one used with the RT-5." This sounds like another fact to me. s/MAY/may M5.5. Normative Language in Section 4.4.3 M5.5.1. "SHOULD be set to 0": sounds like a statement of fact s/SHOULD/should M5.5.2. "This MAC address MAY be re-used for all the IP-VRFs in the NVE." s/MAY/may M6. The Security Considerations Section only says that "The security considerations discussed in [RFC7432] apply to this document." Ok, fine, but why? Is it because this document doesn't add new functionality? No. Is it because this document uses the same procedures? Not really. Why? Are there considerations specific to the new RT-5? Maybe not...but at least say so. What about the dependency between RT-5 and other route types (RT-2 or RT-1) in some use cases: where if both are not present then it doesn't work..? Could that be considered a security issue? Can a router in the middle of the network drop RT-5 (or RT-2/RT-1) and cause the resulting routing to either not be possible or be different? Is there anything that can be done to mitigate that? [Note: just thinking out loud. It seems to be possible to filter out RT-5 (or any type) routes...] M7. The Reference to EVPN-INTERSUBNET should be Normative because the Router's MAC Extended Community is used here. Minor: P1. The text uses "will be" in several places. Being more prescriptive (and using rfc2119 Normative language, if needed) is the right way to clearly specify the expected behavior. Please revise. P2. While the bess reader will understand when the text talks about "BD-10 route-target", it will not be straight forward for the typical reader to connect the two because a BD is defined as a "broadcast domain" and the relationship to a RT is not clear. Please add text to the terminology section to make the connection. P3. In 4.2, vIP23 is used as the floating IP. But simply "IP23" is used in the description -- so the Figure and the description don't match. Note that 2.1 uses vIP23 throughout. P4. In 4.3, this "MAY" is out of place: "the VNI MAY directly identify the egress interface". Not only is it part of an example (no place for Normative language), but it is just stating a fact. s/MAY/may P5. References: RFC4364 can be Informative. Nits: N1. Move Section 6 (Conventions used in this document) up into the Terminology Section. And please use the template from rfc8174. N2. SN and DGW are used in many places, but were not introduced/defined. N3. Please don't use "we"; e.g. s/we assume/it is assumed N4. s/M3"/M3 N5. "...this route is used to address the current and future inter-subnet connectivity requirements" Future requirements? Now do you know that? ;-) N6. s/"EVPN Route Types/"EVPN Route Types" N7. In 3.1: s/IP Prefix advertisement route NLRI/IP Prefix Route Type N8. s/ipv4/IPv4 N9. s/ipv6/IPv6 N10. Ethernet Tag ID is used un some places, and Eth-Tag ID in others. N11. In the use cases, the "M" variable is not defined. N12. Please expand GARP. N13. The narrative/format of the use cases in 4.1-4.3 is different than what is in 4.4.* -- it would be nice for the format to be consistent. N14. Figure 7 has "IP10", but the text talks about "IP1".
- [bess] AD Review of draft-ietf-bess-evpn-prefix-a… Alvaro Retana
- Re: [bess] AD Review of draft-ietf-bess-evpn-pref… Rabadan, Jorge (Nokia - US/Mountain View)
- Re: [bess] AD Review of draft-ietf-bess-evpn-pref… Alvaro Retana