[bess] Alvaro Retana's Discuss on draft-ietf-bess-nsh-bgp-control-plane-13: (with DISCUSS and COMMENT)
Alvaro Retana via Datatracker <noreply@ietf.org> Thu, 19 December 2019 02:57 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: bess@ietf.org
Delivered-To: bess@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 37D03120018; Wed, 18 Dec 2019 18:57:18 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Alvaro Retana via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-bess-nsh-bgp-control-plane@ietf.org, bess-chairs@ietf.org, slitkows.ietf@gmail.com, bess@ietf.org, sfc-chairs@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.113.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Alvaro Retana <aretana.ietf@gmail.com>
Message-ID: <157672423820.4788.15963554106411963869.idtracker@ietfa.amsl.com>
Date: Wed, 18 Dec 2019 18:57:18 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/zzuGhgGD4yfYkOyXYC9Qx6NTAtM>
Subject: [bess] Alvaro Retana's Discuss on draft-ietf-bess-nsh-bgp-control-plane-13: (with DISCUSS and COMMENT)
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.29
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Dec 2019 02:57:18 -0000
Alvaro Retana has entered the following ballot position for draft-ietf-bess-nsh-bgp-control-plane-13: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-bess-nsh-bgp-control-plane/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- (1) Controllers and other nodes. Background: This document defines the new SFC NLRI, which has two distinct route types, originated by either a node hosting an SFI or a Controller. Each route type has a specific function and it is reasonable to expect that the originators represent different nodes in the network, with different functions, location, etc.. BGP Capabilities Advertisement doesn't have a route type granularity; instead, a BGP speaker known to support the SFC NLRI could originate any type of route. The facts above open the possibility that any node in the network can originate an SFPR and take over an SFP. §3.2.2 does a very good job of explaining the potential existence of multiple Controllers and even offers the appropriate tie breaker to take control of the SFP: "MUST use the SFPR with the numerically lowest SFPR-RD". The document proposes no mitigation to the possibility of any node (a rogue node, for example) issuing SFPRs. The assumption (§2.2) of "BGP connectivity between the Controllers and all SFFs" introduces also the ability to locate a rogue controller anywhere; I interpret "BGP connectivity" to include the presence of a router reflector (for example), which then allows distribution of SFPRs without going through a central policy point. On one hand I think this condition is a feature (the Controller can be anywhere), but the case of a rogue node that wants to act as a controller is not considered. To address this issue, I would like to see text that (1) acknowledges the issue (maybe in the security considerations section), and (2) discusses operational considerations for the placement, control, filtering, etc. of Controllers and the corresponding UPDATES from them and/or other nodes in the network. IOW, the considerations around proper initial setup of the system should be clear. (2) New Flow Specification Traffic Filtering Action §7.4 (Flow Spec for SFC Classifiers) defines a new Traffic Filtering Action to be used with the Flow Specification NLRI. rfc5775bis allows for any combination of Traffic Filtering Actions to be present, but this document says that "other action extended communities MUST NOT be present". I believe that specifying the use of treat-as-withdraw is ok as a case of Traffic Filtering Action Interference -- I just say "ok" because it is not clear to me (nor explained anywhere) why other Traffic Filtering Actions cannot be used; for example, I could imagine rate-limiting the traffic into an SFP. What concerns me more (and the reason for this DISCUSS point) is that rfc5575-only implementations will not consider the new Traffic Filtering Action, but could, depending on the components encoded in the NLRI, take actions based on other Traffic Filtering Actions. The result can then be an inconsistent application of Traffic Filtering Actions in the network -- for example, some nodes may want to drop the matching traffic (traffic-rate of 0), while others may want to have the same traffic entering an SFP. What are the operational considerations of using the new Traffic Filtering Action in a network where "legacy" (rfc5575bis-only) nodes exist? Is there a potential migration path? What might be the impact? How can correct operation be verified? (3) Use of the Control Plane This last point is not specifically for the authors, but for the Responsible AD and the Chairs for the sfc WG (cc'd). The SFPRs are built on, among other things, knowledge of the SFT(s) supported at a specific node. I note that only one Special Purpose SFT is defined in this document. The lack of SFT definitions means that no actual SFP can be instantiated. IOW, without additional work to define new SFTs it seems to me that the control plane as specified in this document cannot be used. :-( I couldn't find any related work (referencing this document) where new SFTs are proposed/defined. What are the plans to develop that work? Is there interest in the sfc WG to take advantage of the control plane? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Non-blocking comments: (1) I support Ben's DISCUSS point about the extension to the SFC Architecture. (2) rfc7665/§5.2 (SFC Control Plane) lists the expected functionality provided by the control plane. The last two points in the list are not part of the specification in this document, but there is no explanation why or if there is an alternate mechanism -- these are those points: 5. Provides the metadata and usage information classifiers need so that they in turn can provide this metadata for appropriate packets in the data plane. 6. When needed, provide information including policy information to other SFC elements to be able to properly interpret metadata. (3) Add a Normative reference to rfc4360 (BGP Extended Communities Attribute). (4) §3.1.1/§3.1.2: The two new Extended Communities are defined as different types. Is it really necessary to request two different types, instead of one type with sub-types? The transitive space is not close to exhaustion, but having a single type would make it easier for any future SFC-related extended communities to be identified/grouped. Just a thought... (5) Operational Considerations: there are multiple pieces of the puzzle that need to be coordinated, from RDs and RTs to pool identifiers and the assignment of SFIs to pools... It would be very nice if all the information that needs to be operationally managed/provisioned was mentioned in a single place in the document...and if recommendations for the operator where included. (6) §3.2.1 says that "Each TLV may include sub-TLVs", but that is not always true; for example, the length of the Association TLV is specified as being 12 (with no room for anything else). This is a minor and easy issue to fix. (7) §3.2.1: "Unknown TLVs SHOULD be ignored" When would an unknown TLV not be ignored? IOW, why not use MUST? (8) §3.2.1.1 specifies a series of errors in the Association TLV that result in "SHOULD be ignored". When would these values not be ignored, when would they be useful? IOW, why not use MUST? (9) Please review §7.4 against the language used in rfc5575bis for consistency. For example "flow spec" is only used in the name of IANA registries or related entries; Flow Specification is used instead. (10) Please include a pointer to I-D.ietf-idr-tunnel-encaps somewhere in §7.5. (11) I would really like to see a registry set up for the bits in the new SPI/SI Representation sub-TLV. (12) Other nits: s/set to loopback address/set to the loopback address s/[RFC4271] defines the BGP Path attribute./[RFC4271] defines BGP Path attributes.
- [bess] Alvaro Retana's Discuss on draft-ietf-bess… Alvaro Retana via Datatracker
- Re: [bess] Alvaro Retana's Discuss on draft-ietf-… Adrian Farrel
- Re: [bess] Alvaro Retana's Discuss on draft-ietf-… Alvaro Retana
- Re: [bess] Alvaro Retana's Discuss on draft-ietf-… Adrian Farrel
- Re: [bess] Alvaro Retana's Discuss on draft-ietf-… Alvaro Retana
- Re: [bess] Alvaro Retana's Discuss on draft-ietf-… Adrian Farrel
- Re: [bess] Alvaro Retana's Discuss on draft-ietf-… Alvaro Retana
- Re: [bess] Alvaro Retana's Discuss on draft-ietf-… Adrian Farrel
- Re: [bess] Alvaro Retana's Discuss on draft-ietf-… Alvaro Retana
- Re: [bess] Alvaro Retana's Discuss on draft-ietf-… Adrian Farrel
- Re: [bess] Alvaro Retana's Discuss on draft-ietf-… Adrian Farrel
- Re: [bess] Alvaro Retana's Discuss on draft-ietf-… Alvaro Retana