Re: [bess] AD Review of draft-ietf-bess-evpn-overlay-08

John E Drake <jdrake@juniper.net> Mon, 04 December 2017 22:16 UTC

Return-Path: <jdrake@juniper.net>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DC001287A0; Mon, 4 Dec 2017 14:16:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.011
X-Spam-Level:
X-Spam-Status: No, score=-0.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bf8lfxmA2YkY; Mon, 4 Dec 2017 14:16:50 -0800 (PST)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88D54126BF3; Mon, 4 Dec 2017 14:16:50 -0800 (PST)
Received: from pps.filterd (m0108163.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id vB4MENWd016315; Mon, 4 Dec 2017 14:16:46 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=Tr1hZSljcom1kpVC7lVmmeIiPTcF/W6aaHEL/a4oXZ4=; b=IQ20RmyaREGeD9Wk0vLYnJsCUyAHZc7Y1f6eiaZ+sV4Y09ZPAJRvhSWPoDGAjKwt9SeE p3A7DTqhn8F6yHv0ETOZbZVebvYZL/94CFCZ72HEb6oQScqKGl2Ocl7iTNhC2UV1j9t6 VBc8czmlCjhLbS+XlGdyK7fQNo5cemOSRhs+maAj0RnwJb/E437MoRQyLnAGytFCs1xT nNMlX0fZk5wtBYERUPo69jKYTkDkQqpAWaMk08hNeM9gGwxRQN7/6o7ic/rjbaW7j+TR LXQQy0ri0N1CcKzYgKs84umqqzS0kCqfu11KhTuJYXtR3hvaR2wx0lhXXG4g+yveW3Qh PA==
Received: from nam01-sn1-obe.outbound.protection.outlook.com (mail-sn1nam01lp0120.outbound.protection.outlook.com [207.46.163.120]) by mx0b-00273201.pphosted.com with ESMTP id 2ene6t04a9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 04 Dec 2017 14:16:46 -0800
Received: from BN6PR05MB3540.namprd05.prod.outlook.com (10.174.234.153) by BN6PR05MB3540.namprd05.prod.outlook.com (10.174.234.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.239.4; Mon, 4 Dec 2017 22:16:38 +0000
Received: from BN6PR05MB3540.namprd05.prod.outlook.com ([10.174.234.153]) by BN6PR05MB3540.namprd05.prod.outlook.com ([10.174.234.153]) with mapi id 15.20.0239.004; Mon, 4 Dec 2017 22:16:38 +0000
From: John E Drake <jdrake@juniper.net>
To: Alvaro Retana <aretana.ietf@gmail.com>, "bess-chairs@ietf.org" <bess-chairs@ietf.org>
CC: "EXT - thomas.morin@orange.com" <thomas.morin@orange.com>, "bess@ietf.org" <bess@ietf.org>
Thread-Topic: [bess] AD Review of draft-ietf-bess-evpn-overlay-08
Thread-Index: AQHTbUnGUR4xBXzyEUO5yCqvhqOJ9qMzvUGw
Date: Mon, 4 Dec 2017 22:16:38 +0000
Message-ID: <BN6PR05MB3540ADA70267A0858915E891C73C0@BN6PR05MB3540.namprd05.prod.outlook.com>
References: <CAMMESsw2x53Av-_zi5nL5czKCXYmi_mk0i6qyYYZDYHE8oo_tA@mail.gmail.com>
In-Reply-To: <CAMMESsw2x53Av-_zi5nL5czKCXYmi_mk0i6qyYYZDYHE8oo_tA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.129.241.14]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR05MB3540; 6:8wyiPkH8yKi9R5jMr46GugJy3S/8CsjIap2w0qF1uHBiXehFxWmi29m80hFV2vOnUXgj8xwkuWvMfSGEwifLV33DzvFCSCxLxPbtcX1RmGyKbtmVeDv38W22Hj4pY+KCC/+gk1hlK7NRlwMXt/qoCuAFKyadHU0cenRHbyg60gj3iW0yQtjRkq9161NIEpRlWM1WyaEOkUdHumhWDXlKB+o99BAugeOpX7b2iipct0A4RjLfzY9u5XEuY3/JGBXy+h3wghQwWUb7afd6+aNuz5ZaQJseT9ycjrb7ili6NUygOp70kuvyfEndEY8uEIdAF8nPCM9Tm6IVSesuhM3QyrrBX+X+5+zBRfA9D4OJfEQ=; 5:aYYZC4jApXPMmMIynSAg6SEdYpGQXrHkLoGy8aiXxEHUhbQqoj1717gu/V0FZ3GVezYL87k7mzGxjbLrLI5e7hbnlIETVL9Uul1i+FzVXcs7m5FcxclbyZ3xEgFvB3evHKuj/OpxfPpYbUMlau9zzsLjLFLtkfbUBsVFL1eZlOA=; 24:Hb1XILynpmyrGshnZjeh2p6SY4FpswFDa06LmYA7e5BCoaBESutnDYf2k+pko+Okh/3dXFi6WnIth/JDUKwdoxx4ePc4403P8eemjCXXWG8=; 7:rRy8hKh7TDVYzyhEX+AENBJ+FzYlrYcpmlYZDdLkd+QClheJ1jQWGXN+T4n6Cj5ir+26fHk/SE+ICeJdjTCFXwd7xt/RJrJ8GzZ1n/qxl+cQGN21sB2e4pmqG+scHISNIQu7a5UJv+KzlnksJ+L+yFa/yELteVi3Y743JdYk8LAWwME0ZNgLHQ2KgYpJoGUo+qPeLyfCAT3jyQBx1BRjMEtgWJOmuc/l+ujkqUPiPQFg5Jf/MyuHqDdccXwXs9NS
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 9db4e053-5131-4b41-9c44-08d53b64b0ac
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603286); SRVR:BN6PR05MB3540;
x-ms-traffictypediagnostic: BN6PR05MB3540:
x-ld-processed: bea78b3c-4cdb-4130-854a-1d193232e5f4,ExtAddr
x-microsoft-antispam-prvs: <BN6PR05MB3540CF601A438EF8741DE5B6C73C0@BN6PR05MB3540.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(10436049006162)(192374486261705)(227612066756510)(18271650672692)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3231022)(3002001)(6055026)(6041248)(20161123560025)(20161123555025)(20161123562025)(20161123564025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:BN6PR05MB3540; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:BN6PR05MB3540;
x-forefront-prvs: 051158ECBB
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(376002)(39860400002)(366004)(189002)(199003)(51444003)(53546010)(7696005)(53936002)(6246003)(606006)(110136005)(2900100001)(236005)(39060400002)(25786009)(6306002)(4326008)(54896002)(77096006)(33656002)(105586002)(97736004)(6506006)(316002)(189998001)(106356001)(6436002)(2501003)(230783001)(101416001)(9686003)(3280700002)(3660700001)(966005)(99286004)(68736007)(8676002)(55016002)(66066001)(5660300001)(14454004)(54906003)(3846002)(6116002)(790700001)(8936002)(74316002)(2950100002)(229853002)(54356011)(102836003)(86362001)(575784001)(76176011)(478600001)(81166006)(7736002)(81156014)(19609705001)(2906002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR05MB3540; H:BN6PR05MB3540.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BN6PR05MB3540ADA70267A0858915E891C73C0BN6PR05MB3540namp_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 9db4e053-5131-4b41-9c44-08d53b64b0ac
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Dec 2017 22:16:38.8413 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR05MB3540
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-12-04_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1712040311
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/nlAyermcEGNZNeN-NgyD4TkA71M>
Subject: Re: [bess] AD Review of draft-ietf-bess-evpn-overlay-08
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Dec 2017 22:16:55 -0000

Alvaro,

Comments inline.

Yours Irrespectively,

John

From: BESS [mailto:bess-bounces@ietf.org] On Behalf Of Alvaro Retana
Sent: Monday, December 4, 2017 4:49 PM
To: bess-chairs@ietf.org
Cc: EXT - thomas.morin@orange.com <thomas.morin@orange.com>om>; bess@ietf.org
Subject: [bess] AD Review of draft-ietf-bess-evpn-overlay-08

Dear Authors:

I just finished reading this document (finally!).  I have a some comments (see below) which I think should be easy to address.

I also have some bigger issues that we’ll need the Chairs’ help to solve:

(1) Coordination with nv03

For the Chairs:  Except for some clarification comments [1] related to the current version, I see no other traffic in the nvo3 list related to this document.  Was there some other coordination that I’m missing?   I am not questioning having this document in bess (that’s perfectly fine); I’m just raising the needed coordination with other WGs, from the Charter: "The working group will also coordinate with...NVO3 working group for coordination of protocols to support data center VPNs.”

[JD]  This draft had been around for nearly five years and the coordination happened a long time ago.  Because NVO3 was not chartered to work on a control plane, the coordination was mainly to ensure that this draft met the requirements specified by that group.


What about Geneve (draft-ietf-nvo3-geneve)?  The nvo3 WG is focusing on Geneve as the Standard encapsulation, but this document doesn’t even mention it.

[JD]  There is a separate draft for Geneve.

(2) Document Status

Why is this a Standards Track document?  The Abstract/Introduction say that “this document describes how Ethernet VPN (EVPN) can be used as an NVO solution and explores applicability of EVPN functions and procedures.”  -- if it’s just a description (as the text clearly is), and not a technical specification, then why it is not Informational?

[JD]  We define new code points for encapsulation, we define how EVPN labels are carried in the VXLAN and NVGRE encapsulations, and we define alternate multi-homing procedures for both split horizon and mass-withdraw.  We also define which EVPN routes and procedures are applicable when the CE & PE are collocated in a VM.  (I’ve probably missed a few things.)

I can see how we could call it an Applicability Statement (rfc2026) and still publish it in the Standards Track.  If we want to go that way, we would need some minor updates to make it clear that this is an Applicability Statement and is not intended to stand in for a Technical Specification.  I am not clear on the process as it related to possible DownRefs (see below), but I’m willing to Last Call an Applicability Statement in the Standards Track…if that is what you want.


Thanks!

Alvaro.


[1] https://mailarchive.ietf.org/arch/msg/nvo3/cd0hOfb966ROcL4t8JCrBD28bBg/?qid=c9f632dc5d6aab5e4b22972bb242baf0<https://urldefense.proofpoint.com/v2/url?u=https-3A__mailarchive.ietf.org_arch_msg_nvo3_cd0hOfb966ROcL4t8JCrBD28bBg_-3Fqid-3Dc9f632dc5d6aab5e4b22972bb242baf0&d=DwMFaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=CRB2tJiQePk0cT-h5LGhEWH-s_xXXup3HzvBSMRj5VE&m=mKJTroxeKwUW5Dz0wIXlyEsRpF3mTI9Cx3Lr7BnoimQ&s=_nhO55F4ZyOeH1wQYIJdhaP3mZgVJyJaWwaPy1uirtk&e=>



Major:

M1. Section 5.1.2.1 (Auto Derivation of RT) shows a “packet format” to illustrate how the RT can be auto-derived.  Without any context, the description doesn’t make much sense: the fields are not described in order, the reader is expected to know about global and local administrative fields, the “A-bit” (or the Type field) are not mentioned in the description, people could probably guess that “D-ID” means “domain-id”, there’s no indication of what to do with that “packet format”, etc.  Please clean the description up, include clearer explanations and some references can’t hurt.

M1.2. What about 4-byte ASNs?


M2. From 5.1.3 (Constructing EVPN BGP Routes): “...routes MAY be advertised with multiple encapsulation types as long as they use the same EVPN multi-homing procedures (section 8.3.1, Split Horizon)…”. Is Split Horizon an example, or the only multi-homing procedure that should be considered?  Please be clear.


M3. From 5.2 (MPLS over GRE):

M3.1. “...when it is used in conjunction with EVPN the GRE key field SHOULD be present, and SHOULD be used to provide a 32-bit entropy field.”  What are the cases when it is ok not to include the field, or use it for that purpose?  IOW, why are these SHOULDs not MUSTs?  Or maybe, when is the key field needed?

M3.2. "The Checksum and Sequence Number fields are not needed and their corresponding C and S bits MUST be set to zero.”  This is different than what rfc4023 specifies (not a problem).  If you’re specifying the setting of the bits, then you should be more prescriptive with whether the fields are included of not; suggestion: "The Checksum and Sequence Number fields MUST NOT be included and the corresponding C and S bits in the GRE Packet Header MUST be set to zero.”


M4. In 7.1 (Impact on EVPN BGP Routes & Attributes for VXLAN/NVGRE Encapsulation)

M4.1. These 2 MUSTs seem out of place as they are used to explain, and not in a Normative way: “ ..the RD must be a unique value per EVI or per NVE as described in [RFC7432]. In other words, whenever there is more than one administrative domain for global VNI, then a unique RD MUST be used, or whenever the VNI value have local significance, then a unique RD MUST be used.”  s/MUST/must

M4.2. This SHOULD is also out of place because the standardization was already done in rfc7432 (this document is just mentioning it): “...as noted in section 8.6 of [RFC7432]...the single-homing ingress NVE SHOULD be able to…”. s/SHOULD/should

M4.3. Section 10.2.1 then points back at the text in 7.1 using another SHOULD…again, s/SHOULD/should


M5. 7.2 (Impact on EVPN Procedures for VXLAN/NVGRE Encapsulation) also includes a superfluous SHOULD: “...as noted in section 8.6 of [RFC7432]...a single-homing ingress NVE SHOULD implement…”.  s/SHOULD/should


M6. The introductory paragraph in Section 8.1 (EVPN Multi-Homing Features) says that it is used to "recap the multi-homing features of EVPN to highlight the encapsulation dependencies. The section only describes the features and functions at a high-level. For more details, the reader is to refer to [RFC7432].”  However some of the 8.1.* sub-sections contain Normative language.  Is that Normative language specifying new behavior introduced in this document, or highlighting the recap from rfc7432?  If there’s no new behavior, then please use lower cases.  If there is new behavior, then it would be nice to clarify that in 8.1.


M7. In 8.3.1 (Split Horizon), this MUST is out of place because it is not specifying anything: “...other means of performing the split-horizon filtering function MUST be devised.” s/MUST/must


M8. References

M8.1. TUNNEL-ENCAP (aka draft-ietf-idr-tunnel-encaps) should be Normative, which btw is marked to Obsolete rfc5512; I mention this because both are listed in several parts, so you should take rfc5512 out.

M8.2. These should also be Normative: RFC7348, NVGRE, VXLAN-GPE, RFC4023



Minor:

P1. Please use the new Normative Language boilerplate (rfc8174).


P2. From 7.1 (Impact on EVPN BGP Routes & Attributes for VXLAN/NVGRE Encapsulation): “...reduces the required routes and attributes to the following subset of four out of eight”.  Please either list the attributes that are not needed, or put in a reference to where those can be found. (rfc7432 ??)


P3. From 8.3.1 (Split Horizon): "In order to prevent unhealthy interactions…”. I would really like to see more here: what does “unhealthy interactions” mean?  Can it result in loops or lost traffic or some other “bad” thing?   I note that even through you “prohibit” the configuration, you don’t go as far as mandating that it not to be used (MUST NOT), which makes me want to understand more the potential effects…if it happens, what are the risks?


P4. In 8.3.3 (Unknown Unicast Traffic Designation): “...the ingress PE MAY use a flag-bit in the VxLAN header to indicate BUM traffic type. Bit 6 of flag field in the VxLAN header is used for this purpose per section 3.1 of [VXLAN-GPE].”  Suggestion: “…the ingress PE MAY set the BUM Traffic Bit (B bit) [VXLAN-GPE] to indicate BUM traffic.”


P5. Security Considerations:  I find that the suggestion of IPSec may be out of place in this document; this document pretty much just talks about how to use EVPN, it doesn’t really introduce new capabilities, so unless IPSec is mentioned in rfc7432 (which is not — and not even mentioned in this section), or recommended in rfc4271 (which is not) then I would refrain from including such recommendation here.  In fact, I think that pointing at the Security Considerations of existing RFCs should be enough.

P5.1. The reference to rfc4301 (beyond what VXLAN/NVGRE) mention seems like you’re trying too hard.  I would just put explicit references to the encapsulations since they should be dealing with security themselves.


P6. References: [KEYWORDS] shows up twice.  I think that the reference to rfc4271 can be made Informative.




Nits:

N1. Section 3 (Terminology) literally transcribes several definitions from rfc7432/rfc7365 — while it is ok, I personally prefer just pointing at the definitions: it’s just easier to have the other RFCs be the authoritative source and not rely on maintaining the definitions in sync should they ever change.  Suggestion: “The reader is expected to be familiar with the terminology in …”.

N2. s/the VNI value have local significance/the VNI value has local significance

N3. s/it is recommend/it is recommended

N4. Please be consistent in naming references, some list the RFC number, while others a name...