[bess] AD Review of draft-ietf-bess-evpn-prefix-advertisement-09

Alvaro Retana <aretana.ietf@gmail.com> Tue, 13 February 2018 18:09 UTC

Return-Path: <aretana.ietf@gmail.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 3E8DB124D68; Tue, 13 Feb 2018 10:09:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id xWGpe4DAS_EC; Tue, 13 Feb 2018 10:09:21 -0800 (PST)
Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0A6C124205; Tue, 13 Feb 2018 10:09:20 -0800 (PST)
Received: by mail-oi0-x230.google.com with SMTP id t135so1875911oif.8; Tue, 13 Feb 2018 10:09:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:date:message-id:subject:to:cc; bh=ERthMeocZluyMKi8dcm5Kh+F0CUABPIOBLwaCSLtFy0=; b=sTdGQNG+qOY3JWPr0Bbr5r1vbOi6dLOQi3SFul81+UxHM1CptGkYYsBljgP+5DSeMd S+hUqf2I081+dR40gTWawZr1HAzyLVDzShbJuVw43VXmYgj6CEjAcStuvuInV5QkQUYO RAptrOiF1VRFzKp5Bm/9P2wNSsUfYZQKZm3KVoi+wP5/niJz9SY/wrPR3tgt5hs5IcyE TR2j/BRSyRyhEHXDlYNShFiTvimwpc1nLY670IaSq2/5j9FS03/Cj+vmGC3YrSZhu48v E+Yl3+5wlof1UvP5D1H4ct7gmI5vJI/Y/cUi/66X0k6JNcGDQChjGQ/2gwVk4dUKWB9j 6h7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:date:message-id:subject:to:cc; bh=ERthMeocZluyMKi8dcm5Kh+F0CUABPIOBLwaCSLtFy0=; b=TScCXI9wML8G5OMd0X+0hz0m/8CAJsT811XtLpAEYjRGiCL9GyAxaMCEPxCj/u5A/D PGz4ugULQaHlf41S7BM6dIQ9P5168wgbxBbqkgxbmxbbHXG5Rg7RHeSVC0m2OyZcpAx8 fWsuAioQ7R9PF720gECPmdWai4xWL/Xw2rALgvNR7KvGuM4sFZrrMzc1u7YPnFacG8wH SFK0je0mzgzr1nQOhOFdQ9fOn3jrTwTKaNRe7jQ1E/JGbmW6gJD2D8eIusIq7mGozBvi Ev7t9hYEAgUh3IwvBiJYgOpyet4l9c4Jeo+/QCp+C1rQ39I5YQcWQeYvkDwhR9M3cMD4 7vsg==
X-Gm-Message-State: APf1xPDZseqFXDxr2cmNUhWc2vFgABZ386IQlkTv5JOriUqYPgdLEmqX eUt4ejs908UtmS8PeTLKIF432xPjlAduTAMMef8=
X-Google-Smtp-Source: AH8x2272qD6x0j13Mt3QyVcC/4/Ozwr6521WrAj36M1hipDzQsFEJ7J54mAZlagooiYInB5xOcOgqnFbtyxwuOK5q+o=
X-Received: by with SMTP id f145mr1486095oig.263.1518545359568; Tue, 13 Feb 2018 10:09:19 -0800 (PST)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Tue, 13 Feb 2018 10:09:18 -0800
From: Alvaro Retana <aretana.ietf@gmail.com>
X-Mailer: Airmail (467)
MIME-Version: 1.0
Date: Tue, 13 Feb 2018 10:09:18 -0800
Message-ID: <CAMMESsym4VZqXUPoR403o77s=LkfBWQhxPUg2DORgqJCu56UAQ@mail.gmail.com>
To: draft-ietf-bess-evpn-prefix-advertisement@ietf.org
Cc: bess-chairs@ietf.org, bess@ietf.org, "Jeffrey (Zhaohui) Zhang" <zzhang@juniper.net>
Content-Type: multipart/alternative; boundary="001a113b047cbb81af05651be4f3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/P-eHCTeqb87bh4nOVZAeyghfNpE>
Subject: [bess] AD Review of draft-ietf-bess-evpn-prefix-advertisement-09
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Feb 2018 18:09:24 -0000

Dear authors:

I just finished reading this document.  I am glad to finally get to process
it -- thank you for the work!

I do have a long list of comments (see below).  Many of my major ones are
related to the use of Normative Language and some other clarifications,
including places where I think the technology might still be underspecified.

Central to the technology specified in this document is the use of an
Overlay Index.  The use cases make clear the use, but there is no place
where it is discussed what it is (except for "An Overlay Index is a
next-hop that requires a recursive resolution...", which doesn't provide
significant information) or how/when to use it (except for the use cases in
Section 4).   I think the readability would be improved if there was a
section (or paragraph) that explicitly talked about the concept.
Suggestion: put it somewhere in Section 2.1, *before* the name is
introduced ("...associated to an Overlay Index that can be a VA IP address,
a floating IP address, a MAC address or an ESI.").




M1. Support for RT-5

M1.1. Section 3 says:

   The support for this new route type is OPTIONAL.

   Since this new route type is OPTIONAL, an implementation not
   supporting it MUST ignore the route, based on the unknown route type
   value, as specified by Section 5.4 in [RFC7606].

(1) I understand what you mean by "OPTIONAL" above -- from an IETF process
point of view it means that you're not formally Updating rfc7432, so EVPN
compliant implementations (according to rfc7432) may not support this new
route.  However, from the point of view of this specification, the support
cannot be optional because otherwise then there would be no point in
writing this document; IOW, if you want to use RT-5, then you MUST support

(2) You cannot specify in this document what implementations not supporting
this specification should do (much less use a MUST to describe that),
because, by definition, those implementations don't know about this
document.  The text above just repeats what rfc7606 already says...so in
reality you seem to be making a statement about backwards compatibility:
nothing bad will happen if an implementation not supporting this
specification receives the new route because of rfc7606.

   According to Section 5.4 in [RFC7606], a node that doesn't recognize the
RT-5 will ignore it.  Add something about backwards compatibility...

[This change would also allow rfc7606 to become an Informative Reference.]

M1.2. I do have a question.  If the operation of the network, for instance
in the case described in 2.2, depends on the RT-5, but a node ignores it
(because it doesn't support it yet), what is the effect?  I'm assuming that
the result will be that none of the routes associated to vIP23 will be
known, so no traffic will be sent to it (even if the ownership is known).
That seems to mean that all nodes (NVEs) MUST support RT-5 for the system
to work, right?  (This relates back to the "OPTIONAL" nature in the text
above.)  Please include this operational consideration somewhere.

M2. Section 3.1 (IP Prefix Route Encoding)

M2.1. "RD, Ethernet Tag ID and MPLS Label fields will be used as defined in
[RFC7432] and [EVPN-OVERLAY]."  Both documents use those fields in
different ways depending on the route type and the application -- you need
to be more specific.  Note also that a couple of bullets later there is a
specification for the MPLS Label field.

M2.1.1. Depending on the specifics, we may need EVPN-OVERLAY to be a
Normative reference.

M2.2. "The IP Prefix will be a 32 or 128-bit field (ipv4 or ipv6). The size
of this field does not depend on the value of the IP Prefix Length field."
 Does that mean that the IP Prefix Length field can be set (for example) to
a number > 32 while the IP Prefix and GW IP Address fields both contain
IPv4 addresses?  That doesn't make sense, but the text currently allows it!

M2.3. BTW, there's nothing in the document that talks about what should be
an error and what do to about them.  An example is the case above...another
one would be if the IP Prefix Length is set to anything > 128...etc.

M2.4. [minor] I noticed that rfc7432 uses IP Address Length/IP Address
instead of IP Prefix Length/IP Prefix...and that the setting and meaning
are slightly different.  For my own education, why the change?  Having
discrete values for the length, for example, seems cleaner and simpler than
a range...

M2.5. [minor] s/GW IP (Gateway IP Address)/GW (Gateway) IP Address field

M2.6. [minor] The figure shows the lengths in octets, but the description
talks about bits for the IP addresses.  Please be consistent.

M2.7. [minor] The figures in 3 and 3.1 don't have names.

M3. Section 3.2 says that "an Overlay Index can be an ESI, IP address in
the address space of the tenant or MAC address".  How do I know which one?
Table 1 provides an answer, but I think there are a couple of
inconsistencies and contradictions...and several open questions:

M3.1. From 3.2:

   The ESI and GW IP fields MAY both be zero, however they MUST NOT
   both be non-zero at the same time. A route containing a non-zero GW
   IP and a non-zero ESI (at the same time) will be treated as-

M3.1.1. [minor] s/treated as-withdraw/treat-as-withdraw ...and please add a
reference to rfc7606 after "treat-as-withdraw".]

M3.1.2. The "MAY" above is out of place because it just represents a fact,
the Normative part is covered by the "MUST NOT". s/MAY/may

M3.1.3. The text above (and the table) reflect that if the ESI or the GW IP
are non-zero, then the other one must be 0.  However, 3.1 says that the GW
IP "SHOULD be zero if it is not used as an Overlay Index."  The problem
here is that if the GW IP is not used as an Overlay Index, then it may
still be non-zero (because the SHOULD leaves that door open), and if the
ESI is also non-zero (because it is the Overlay Index) then we should
treat-as-withdraw. IOW, I think that the "SHOULD" should be a "MUST" -- or
are there cases where the GW IP would be non-zero (if it is not the Overlay

M3.2. Table 1 is missing the combination where ESI is Zero, GW-IP is
Non-Zero and the MAC is Non-Zero.  I would assume that the result is still
GW-IP.  If that is the case, then explicitly indicating it would be
beneficial.  Suggestion: "If either the ESI or GW-IP are non-zero, then one
of them will be the Overlay Index, regardless of whether the EC is present
or the value of the Label..."

M3.3. The Notes for Table 1 mention a couple of examples of invalid MAC
addresses, but it doesn't explain what a valid one is.  I hope that
draft-ietf-bess-evpn-inter-subnet-forwarding talks about that, but I
couldn't find anything there right away.  It would be ideal to put a
reference, and (if not in the other draft) to remember to add it...

M3.4. The only requirement for the ESI or GW-IP seems to be a non-zero
value...but that is obviously not enough.  I hope that rfc7432 contains
something along the lines of a valid ESI and maybe even something about IP
addresses in the EVPN context...  Please reference that.

M3.5. For the cases where both ESI and GW-IP are zero, the zero/zero MAC
and Label combination is missing.  Section 3.1 says that "If the received
MPLS Label value is zero, the route MUST contain an Overlay Index...", but
if the other 3 values are all zero, now what?  Should a route in those
conditions result also in treat-as-withdraw?

M3.6. If the Router's MAC Extended Community is present, but the address is
invalid, does that translate to zero or non-zero in the table?

M3.7. The second Note on the Table says that "Overlay Index may be the
RT-5's MAC address or None, depending on the local policy of the receiving
NVE/PE", but a few paragraphs before (still in 3.2) the text says that
"Overlay Index for a given IP Prefix is set by local policy at the NVE that
originates an RT-5 for that IP Prefix".  That results in a contradiction
(or at least an incomplete specification of that case): is the policy set
at the originator or the receiver?  What if they conflict?

M3.8. [minor] At the start of 3.2 it says that an "Overlay Index can be an
ESI, IP address in the address space of the tenant or MAC address"...but
towards the end of that section the text says that "The Overlay Index is
None...different Overlay Indexes supported by RT-5 (GW IP, ESI, MAC or
None)".  It seems to me that the Overlay Index is not really "None", but
that there is no Overlay Index in some cases...is that correct?  Please

M3.9. "Any other use-case using a given Overlay Index, SHOULD follow the
procedures described in this document for the same Overlay Index."  Why is
"SHOULD" used?  Are there use cases that are not applicable to this
specification?  If so, please mention them.  If not, or if you don't know,
then why keep the "SHOULD", or even make that statement at all?

M4. From 3.2: "Irrespective of the recursive resolution, if there is no IGP
or BGP route to the BGP next-hop of an RT-5, BGP SHOULD fail to install the
RT-5 even if the Overlay Index can be resolved."  Why is that a "SHOULD"
and not a "MUST"?  Are there cases for which the RT-5 would be installed?

M5. Section 4 is introduced by saying that it "describes some use-cases".
I take that to mean that it includes examples of how the technology
specified in Section 3 is used.  That seems to be correct, except that the
use cases in the 4.4.* sections contain Normative Language.  In general,
please let the examples be examples and keep the Normative nature in the
specification part of the document.   Some specifics...

M5.1. Both 4.4.1 and 4.4.2 end with: "An EVPN IP-VRF-to-IP-VRF
implementation is REQUIRED to support the ingress and egress procedures
described in this section."  Not only does that sound obvious (otherwise
this document wouldn't exist), but I don't know what the Normative
requirement is beyond supporting RT-5 as described in this document.  The
text seems superfluous to me.

M5.2. Section 4.4.3 ends with: "This model is OPTIONAL for an EVPN
IP-VRF-to-IP-VRF implementation."  The optional nature of any of the
procedures should be reflected in Section 3.  The text also seems
superfluous to me.

M5.3. Section 4.4.1 contains the following Normative text:

 o The second one is the Router's MAC Extended Community as per
   [EVPN-INTERSUBNET] containing the MAC address associated to
   the NVE advertising the route. This MAC address identifies the
   NVE/DGW and MAY be re-used for all the IP-VRFs in the NVE. The
   Router's MAC Extended Community MUST be sent if the route is
   associated to an Ethernet NVO tunnel, for instance, VXLAN. If
   the route is associated to an IP NVO tunnel, for instance
   VXLAN GPE with IP payload, the Router's MAC Extended Community
   SHOULD NOT be sent.

Section 3.1 just says that RT-5 "MAY be sent along with a Router's MAC
Community" (and not "MUST" as it says above).  However, I see nothing
(related to the Normative Language) that this text specifies that is not
already in, or contradicts, 3.*, is that true?  If so, then you should be
able to just use lower case for the rfc2119 keywords.

M5.3.1. "GW IP= SHOULD be set to 0"  s/SHOULD be set to 0/set to 0

M5.4. Section 4.4.2 also has Normative language:

M5.4.1. In some cases (for example: "Label value SHOULD be zero..."), the
Normative language seems to just indicate a fact, not a specification.
Later again: "Label= SHOULD be set to 0."   s/SHOULD/should

M5.4.2. "The Router's MAC Extended Community SHOULD NOT be sent in this
case."  This is another example of a fact...going back to Table 1, (IIRC)
it doesn't matter if the MAC EC is present...  s/SHOULD NOT/should not

M5.4.3. "This route-target MAY be the same as the one used with the RT-5."
 This sounds like another fact to me.  s/MAY/may

M5.5. Normative Language in Section 4.4.3

M5.5.1. "SHOULD be set to 0": sounds like a statement of fact

M5.5.2. "This MAC address MAY be re-used for all the IP-VRFs in the NVE."

M6. The Security Considerations Section only says that "The security
considerations discussed in [RFC7432] apply to this document."  Ok, fine,
but why?  Is it because this document doesn't add new functionality?  No.
Is it because this document uses the same procedures? Not really.  Why?

Are there considerations specific to the new RT-5?  Maybe not...but at
least say so.

What about the dependency between RT-5 and other route types (RT-2 or RT-1)
in some use cases: where if both are not present then it doesn't work..?
Could that be considered a security issue?  Can a router in the middle of
the network drop RT-5 (or RT-2/RT-1) and cause the resulting routing to
either not be possible or be different?  Is there anything that can be done
to mitigate that?  [Note: just thinking out loud.  It seems to be possible
to filter out RT-5 (or any type) routes...]

M7. The Reference to EVPN-INTERSUBNET should be Normative because the
Router's MAC Extended Community is used here.


P1. The text uses "will be" in several places.  Being more prescriptive
(and using rfc2119 Normative language, if needed) is the right way to
clearly specify the expected behavior.   Please revise.

P2. While the bess reader will understand when the text talks about "BD-10
route-target", it will not be straight forward for the typical reader to
connect the two because a BD is defined as a "broadcast domain" and the
relationship to a RT is not clear.  Please add text to the terminology
section to make the connection.

P3. In 4.2, vIP23 is used as the floating IP.  But simply "IP23" is used in
the description -- so the Figure and the description don't match.  Note
that 2.1 uses vIP23 throughout.

P4. In 4.3, this "MAY" is out of place: "the VNI MAY directly identify the
egress interface".  Not only is it part of an example (no place for
Normative language), but it is just stating a fact.  s/MAY/may

P5. References: RFC4364 can be Informative.


N1. Move Section 6 (Conventions used in this document) up into the
Terminology Section.  And please use the template from rfc8174.

N2. SN and DGW are used in many places, but were not introduced/defined.

N3. Please don't use "we"; e.g. s/we assume/it is assumed

N4. s/M3"/M3

N5. "...this route is used to address the current and future inter-subnet
connectivity requirements"  Future requirements?  Now do you know that? ;-)

N6. s/"EVPN Route Types/"EVPN Route Types"

N7. In 3.1: s/IP Prefix advertisement route NLRI/IP Prefix Route Type

N8. s/ipv4/IPv4

N9. s/ipv6/IPv6

N10. Ethernet Tag ID is used un some places, and Eth-Tag ID in others.

N11. In the use cases, the "M" variable is not defined.

N12. Please expand GARP.

N13. The narrative/format of the use cases in 4.1-4.3 is different than
what is in 4.4.* -- it would be nice for the format to be consistent.

N14. Figure 7 has "IP10", but the text talks about "IP1".