IETF Logo Mail Archive

[bess] AD Review of draft-ietf-bess-mvpn-extranet-03

"Alvaro Retana (aretana)" <aretana@cisco.com> Thu, 12 November 2015 19:50 UTC

Return-Path: <aretana@cisco.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D29E51B331B; Thu, 12 Nov 2015 11:50:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0PU9fjfM06Vc; Thu, 12 Nov 2015 11:50:54 -0800 (PST)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D9D51B3318; Thu, 12 Nov 2015 11:50:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=22428; q=dns/txt; s=iport; t=1447357855; x=1448567455; h=from:to:cc:subject:date:message-id:mime-version; bh=2STHukLQBwr122xfryF51KuadMfcd5+8i3e4TctiG30=; b=NyGpiLgSwhom8oyXRa10jw+/g1C/ihPPPmA/R9dI/Q34IrmSLmLxUYST CMwrzxfHcm0KRyhXs7clvUP4Gj2U3j0Qh/Mf8gzOCWGqMOIcbGW1qQp7H An8eOR0+TP40U4bTyKDhERPtexGNqmh8vlZM8y2hNo9Zw223dFg8fyY5X Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D0AQDa7ERW/4YNJK1egm5NgUi+OQENgWWGEIFAOBQBAQEBAQEBfwuENwRnEhIBgQAnBA4ZB4gTxDQBAQEBAQUBAQEBAQEdhlQBiTKFBAWWSAGHSEWFGYFbhECDJYoxiFMBHwEBQoIRBRiBVoRmQoEHAQEB
X-IronPort-AV: E=Sophos;i="5.20,283,1444694400"; d="scan'208,217";a="207580422"
Received: from alln-core-12.cisco.com ([173.36.13.134]) by alln-iport-5.cisco.com with ESMTP; 12 Nov 2015 19:50:53 +0000
Received: from XCH-ALN-002.cisco.com (xch-aln-002.cisco.com [173.36.7.12]) by alln-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id tACJorQV002800 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 12 Nov 2015 19:50:53 GMT
Received: from xch-aln-002.cisco.com (173.36.7.12) by XCH-ALN-002.cisco.com (173.36.7.12) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Thu, 12 Nov 2015 13:50:52 -0600
Received: from xch-aln-002.cisco.com ([173.36.7.12]) by XCH-ALN-002.cisco.com ([173.36.7.12]) with mapi id 15.00.1104.000; Thu, 12 Nov 2015 13:50:52 -0600
From: "Alvaro Retana (aretana)" <aretana@cisco.com>
To: "draft-ietf-bess-mvpn-extranet@ietf.org" <draft-ietf-bess-mvpn-extranet@ietf.org>
Thread-Topic: AD Review of draft-ietf-bess-mvpn-extranet-03
Thread-Index: AQHRHYNvyjwvQsIUU0exAcHYeBpG+Q==
Date: Thu, 12 Nov 2015 19:50:52 +0000
Message-ID: <D2688C8A.E97D0%aretana@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.117.15.3]
Content-Type: multipart/alternative; boundary="_000_D2688C8AE97D0aretanaciscocom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/bess/rxp2zvON7GHOCcnonGsPRABzHFA>
Cc: "bess-chairs@ietf.org" <bess-chairs@ietf.org>, "VIGOUREUX, MARTIN (MARTIN)" <martin.vigoureux@alcatel-lucent.com>, "bess@ietf.org" <bess@ietf.org>
Subject: [bess] AD Review of draft-ietf-bess-mvpn-extranet-03
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Nov 2015 19:50:58 -0000

Hi!

I just finished reading this document.

As mentioned by the WG chairs at the meeting in Yokohama, the technology in bess can be complex and hard to penetrate for the average (or novice) reader.  While the target of documents like this one is not always the average (or novice) reader, it is important that those readers (including the IESG and other review directorates) are able to at least understand what's going on.  Most of my comments (below) are around readability/clarity.

In general I found the document (relatively) not hard to follow, if you read it end-to-end — it may be harder for someone to jump in and read/review a specific section without the benefit of building up to it.    Because of the length of the document, it would be nice to include a "road map" to guide the reader (in general: "Section x talks about X, Section y covers Y, etc.").  It might be easier to include references to the specific sections in 1.4 (Overview).

This is a long standards track document, so it is bound to have a lot of normative language.  On one hand I don't want to go overboard with explicitly mandating every little step..but at the same time we want to be clear as to what is "actually required for interoperation or to limit behavior which has potential for causing harm" [RFC2119].  Due to the potential of bad configurations resulting in incomplete/illdefined extranets, I can see why the behavior around RTs would require normative language.  However, there are some places where the use of rfc2119 keywords may be lacking, not needed or inconsistent.  An example of inconsistency is this paragraph from Section 7.2.3.1. (When Inter-Site Shared Trees Are Used):

   If VRF-S exports a Source Active A-D route that contains C-S in the
   Multicast Source field of its NLRI, and if that VRF also exports a
   UMH-eligible route matching C-S, the Source Active A-D route MUST
   carry at least one RT in common with the UMH-eligible route.  The RT
   must be chosen such that the following condition holds: if VRF-R
   contains an extranet C-receiver allowed by policy to receive extranet
   traffic from C-S, then VRF-R imports both the UMH-eligible route and
   the Source Active A-D route.

.. If the "route MUST carry at least one RT", why isn't the condition to be met also normative?  I don't want to belabor on this specific case, it is just an example.  However, I would appreciate it if the authors would scan the document for required or unneeded normative language.  I pointed at some cases in my comments below.

I do have a couple of items that I think are Major (see below) that I would like to see addressed before starting the IETF Last Call.






Major:

  1.  Section 1.3. (Clarification on Use of Route Distinguishers) uses the word "REQUIREs" in a couple of places.  In a strict manner, the rfc2119 key words is "REQUIRED".  While I think that the meaning of using "REQUIREs" should be obvious, please rephrase the text to strictly use the rfc2119 language.
  2.  Section 10 (Security Considerations)
     *   What is a "VPN security violation"?  It is mentioned in several places, but it is not explicitly defined.  Please either add a reference or be clear in what it is.
     *   Misconfiguration is a significant risk, for example assigning the wrong RTs to the wrong routes.  I think that risk should be mentioned.

Minor:

  1.  Section 1.1. (Terminology): "We will sometimes say that a route "matches" a particular host if the route matches an IP address of the host."  Given the previous definition (in the same paragraph) of "match" ("the address prefix of the given route is the longest match in that VRF for the given IP address") and the use of match there makes it unclear whether you're talking about a host route or just the longest match.
  2.  Section 1.3. (Clarification on Use of Route Distinguishers)
     *   This section explains the "unique VRF per RD" condition a couple of times — even though the explanation seems to be the same, it would be nice if it was explained only once.
     *   ""default RD" (discussed above)"  Where this text appears is in fact the first time that a "default RD" is mentioned.  I'm guessing that this refers to the RD in the "unique VRF per RD" condition, but please don't make the reader guess.
  3.  Section 4.1. (UMH-Eligible Routes)  The "MAY" in the second paragraph appears to be part of the example.  Suggested new text:
     *   The UMH-eligible extranet C-source routes do not necessarily have to   be unicast routes, they MAY be SAFI-129 routes (see Section 5.1.1 of   [RFC6513]).  If one wants, e.g., a VPN-R C-receiver to be able   to receive extranet C-flows from C-sources in VPN-S, but one does not   want any VPN-R system to be able to send unicast traffic to those   C-sources, then the UMH-eligible routes exported from VPN-S and   imported by VPN-R may be SAFI-129 routes.  The SAFI-129 routes are    used only for UMH determination, but not for unicast routing.
  4.  Section 4.2. (Distribution of Unicast Routes Matching C-RPs and DRs)  "It follows that if a VRF contains C-S, but does not contain a C-RP for C-G, then the VRF must import a unicast route matching a C-RP for C-G." and "Similarly, if a VRF contains a C-RP for C-G, but does not contain C-S, the VRF must import a unicast route matching the DR for C-S."  Should those "must" be a "MUST"?
  5.  Section 4.4.1. (The Extranet Source Extended Community)  "…only useful when all the extranet routes from a given VRF are exported with exactly the same set of RTs.  (Cf.  Section 4.3.1 of [RFC4364], which does provide a mechanism…"   Is there any inference that should be made from this text?  Should the Extranet Source Extended Community not be used when the mechanism in rfc4364 is used?  Any downsides if both are used?
  6.  Section 5.2. (Considerations for Particular Inclusive Tunnel Types)
     *   Please include a reference (or definition) for "inclusive tunnel" (maybe in the Terminology).  I couldn't find one in rfc6513, but did in rfc7582.
     *   The third paragraph ("In order for VRF-S to set up the P2MP…") seems to explain what is needed for the setup, which is something that I assume is standardized in a different document.  If so, then the "MUST" shouldn't be normative in this document.  s/MUST/must
  7.  Section 7.2.1. (Intra-AS I-PMSI A-D Routes)  "As specified in [RFC6514]…the RTs carried by that route MUST be chosen…"  That "MUST" is really in reference to rfc6514, so it shouldn't be normative in this document.  If you want to stress the "MUST", then one solution could be to quote the relevant text; otherwise s/MUST/must
  8.  It would be nice if section names were used in addition to section numbers when referring to them in the text — that would make it easier to recall (or look forward to) the text w/out having to go look at the TOC over and over.  [This point may be able to be addressed by the RFC Editor.]  It looks like you started doing this in some places in Section 7, but it is not consistent.
  9.  In several places the text reads: "This document provides procedures…"  Please include a reference to the section where those procedures are.
  10. Please expand on first use:
     *   s/S-PMSI/Selective Provider Multicast Service Interface (S-PMSI)
     *    s/SSM/source-specific multicast (SSM)
     *    s/I-PMSI/Inclusive-PMSI (I-PMSI)
     *    s/MI-PMSI/Multidirectional I-PMSI (MI-PMSI)
  11. References: Update the reference to rfc4601 to draft-ietf-pim-rfc4601bis.

Nits:

  1.  Some replacements:
     *   s/misdelivery of data in those scenarios are outlined in those Section 2.3/misdelivery of data in those scenarios are outlined in Section 2.3
     *   (6.3.1) s/and Each such/and each such
     *   (7.1) s/"corresponds to" to/"corresponds" to

v2.23.0 | Report a Bug | By Email