Re: [Bier] Benjamin Kaduk's Discuss on draft-ietf-bier-te-arch-10: (with DISCUSS and COMMENT)
Toerless Eckert <tte@cs.fau.de> Fri, 28 January 2022 17:04 UTC
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: bier@ietfa.amsl.com
Delivered-To: bier@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A1623A084D; Fri, 28 Jan 2022 09:04:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Level:
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1zaXQIudlDN6; Fri, 28 Jan 2022 09:04:10 -0800 (PST)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B3543A0856; Fri, 28 Jan 2022 09:04:08 -0800 (PST)
Received: from faui48e.informatik.uni-erlangen.de (faui48e.informatik.uni-erlangen.de [131.188.34.51]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTPS id D0B1E58C4B2; Fri, 28 Jan 2022 18:04:01 +0100 (CET)
Received: by faui48e.informatik.uni-erlangen.de (Postfix, from userid 10463) id B93954EA4BD; Fri, 28 Jan 2022 18:04:01 +0100 (CET)
Date: Fri, 28 Jan 2022 18:04:01 +0100
From: Toerless Eckert <tte@cs.fau.de>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: The IESG <iesg@ietf.org>, draft-ietf-bier-te-arch@ietf.org, bier-chairs@ietf.org, bier@ietf.org, Xuesong Geng <gengxuesong@huawei.com>, aretana.ietf@gmail.com
Message-ID: <YfQiAT2xlFcRRoKh@faui48e.informatik.uni-erlangen.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20211224230859.GD11486@mit.edu>
Archived-At: <https://mailarchive.ietf.org/arch/msg/bier/NfCT0Mv-FL-JuhU1f_Fq9Bv2BDU>
Subject: Re: [Bier] Benjamin Kaduk's Discuss on draft-ietf-bier-te-arch-10: (with DISCUSS and COMMENT)
X-BeenThere: bier@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "\"Bit Indexed Explicit Replication discussion list\"" <bier.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bier>, <mailto:bier-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bier/>
List-Post: <mailto:bier@ietf.org>
List-Help: <mailto:bier-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bier>, <mailto:bier-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jan 2022 17:04:15 -0000
Thanks, Ben -12 should resolve your DISCUSS and all nits/comments. Detailed replies below inline. Full diff from -11 to -12: http://tools.ietf.org//rfcdiff?url1=https://www.ietf.org/archive/id/draft-ietf-bier-te-arch-11.txt&url2=https://www.ietf.org/archive/id/draft-ietf-bier-te-arch-12.txt Diff with just the deltas from replies to your discuss/comments and followup comments from Carsten Borman. http://tools.ietf.org//rfcdiff?url1=https://www.ietf.org/archive/id/draft-ietf-bier-te-arch-11.txt&url2=https://raw.githubusercontent.com/toerless/bier-te-arch/8ed27af30d4da5883aeab7d63a2c427fa2922b1a/draft-ietf-bier-te-arch.txt Thanks again for all the detailled review. Cheers Toerless On Fri, Dec 24, 2021 at 03:08:59PM -0800, Benjamin Kaduk wrote: [...] > The comments help a great deal, though I'm still not convinced it's quite right. > The clearing of Packet->BitString in the second line seems okay now, but in > the first line we are supposed to be grabbing the set of bits that were set > in the packet and represent adjacencies relevant for this router. I think > that should be: > > AdjacentBits = Packet->BitString & AdjacentBits[SI]; > > (with no "~") so that we loop over the intended bits later on. > > I'd also suggest using a different name than "AdjacentBits" for this local > variable. What the behavior is when a local variable has the same name as > an array variable is unlikely to be an intuitive part of pseudocode, and > using a different name provides a clear separation. Yes, sincere apologies for not catching this in -11. I think what happened was that in 2018 i wrote this code for -01, and i simply put the "~" into the wrong one of the two code lines, being confused. And for -11 i didn't even check that line above concentrating on the other line that you called out. Maximum confusion around one character *sigh*. Thanks a lot for being persistent. Code is now: // Determine adjacent bits in the Packets BitString PktAdjacentBits = Packet->BitString & AdjacentBits[SI]; // Clear adjacent bits in Packet header to avoid loops Packet->BitString &= ~AdjacentBits[SI]; // Loop over PktAdjacentBits to create packet copies for (Index = GetFirstBitPosition(PktAdjacentBits); Index ; > (I also note that Carsten had some more comments on the pseudocode, which > seem worth thinking about; the criteria I used in my original review > wouldn't have made such items Discuss-worthy, so from my perspective they > are non-blocking comments.) Ack. I made some smaller fixes on behalf of Carstens feedback and those are included in the diff for your review. [...] > > not forward_connected(), so it could only impact a packet that > > was encapsulated for forward_routed by some other BFR with destination > > being BFER2, and this packet passes unexpectedly via BFR1. But it doesn't > > matter which routers/BFR it passes through, the BIER header will not > > be examined there, its just unicast routed. > > > > > Even worse, if DNC is not set, it seems that the copy that > > > leaves BFR1 and makes its way to BFR2 will have the bit cleared that's > > > used to indicate "leaf BFER". So, either I'm confused about how this > > > works (something that's quite plausible!), or there's some other > > > undocumented constraints here either on the topology or the use of DNC. > > > > The BitString is intended to express a delivery tree. Only nodes that > > will always be leaves in any tree (because of their location in the topolocy) > > will have a share Leaf BFR bit set. The fact that they clear this > > bit when they process the packet does thereofre not hurt further > > BIER forwarding of the packet, because by being leaf there is the implication > > that no BitString will be built in which they need to forward a receive > > BIER-TE pto a further BFR. > > > > > Reading forward to the summary in §5.1.10, perhaps my assumption about > > > indicating "send along this adjacency" was incorrect. Still, I > > > shouldn't need to read the later section in order to understand the > > > earlier one, so adding a few more words here may be in order. > > > > I wouldn't know what to write to clear up this confusion. > > If i managed correctly guess what you where confused about, > > maybe you want to suggest text ? > > I am still a little uncertain whether I understand correctly, though less > so than when I wrote the original comment. > > When you say that "nodes ... will have a share Leaf BFR bit set", is this > referring to when "the BIER-TE Controller then pushes the > BitPositions/adjacenties to the BIFT of the BFRs" (to quote §3.2.1.1), > which would (roughly?) correspond to having a bit set in the local BIFT for > a given adjacency? I think so. > Assuming that it is, then when I transition to the context of how a packet > where that bit is set gets propagated, that seems to imply that the "share > Leaf BFR bit" is not relevant to the processing that BFR1 does in my > original example. Going all the way back to my phrasing with a split into > "send along this adjacency" and "local_decap when it gets here", that was > intended to refer to BFR1 performing the "send along this adjacency" > function, and in light of the subsequent discussion I no longer think that > the single shared bit would perform that function. > > I think the source of my confusion is the sentence "All leaf-BFERs in a > BIER-TE domain can share a single bit position", in that I can read that > sentence as saying either/both of "single bit position for 'send this > packet out the interface that exits the BIER-TE domain'" and "single bit > position for 'a packet should get sent to this BFER'". It sounds like only > the former is the intent, so maybe adding a few words to this sentence > would help, e.g., "All leaf-BFERs in a BIER-TE domain can share a single > bit position to indicate that a packet should be processed and sent onwards > out of the BIER-TE domain". I am still trying to write myself up to the terse but still easily understandable language of other rfcs, but i continue to fail i guess. Maybe/hopefully, the issues i am describing actually are so complex that the text is not too verbose. I did replace the two paragraphs starting with the sentence you did not like as follows. This got a bit longer because i had to refine several things, starting with the fact that one can obviously not share a single bit position across all BFER in a BIER-TE domain, but only across all leaf-BFER that can be addressed via a single BitString (a BIER-TE domain using RFC8296 encapsulation will have multiple BitStrings differentiated by SD, SI, BSL or BIFT-id, so each of those BIFT would just require one leaf-BFER bit positions. And then the text about not being able to combine this shared bit position with LAN/Hub&Spoke optimizations also needed to be refined. So three paragraphs now. <t>In most situations, leaf-BFER that are to be addressed via the same BitString can share a single bit position for their local_decap() adjacency in that BitString and therefore save bit positions. On a non-leaf BFER, a received BIER-TE packet may only need to transit the BFER or it may need to also be decapsulated. Whether or not to decapsulate the packet therefore needs to be indicated by a unique bit position populated only on the BIFT of this BFER with a local_decap() adjacency. On a leaf-BFER, packets never need to pass through; any packet received is therefore usually intended to be decapsulated. This can be expressed by a single, shared bit position that is populated with a local_decap() adjacency on all leaf-BFER addressed by the BitString.</t> <t>The possible exception from this leaf-BFER bit position optimization can be cases where the bit position on the prior BIER-TE BFR (which created the packet copy for the leaf-BFER in question) is populated with multiple adjacencies as an optimization, such as in <xref target="LAN"/> or <xref target="hubnspoke"/>. With either of these two optimizations, the sender of the packet could only control explicitly whether or not the packet was to be decapsulated on the leaf-BFER in question, if the leaf-BFER has a unique bit position for its local_decap() adjacency.</t> <t>However, if the bit position is shared across leaf-BFER, and packets are therefore decapsulated potentially unnecessarily, this may still be appropriate if the decapsulated payload of the BIER-TE packet does indicate whether or not the packet needs to be further processed/received. This is typically true for example if the payload is IP multicast because IP multicast on a BFER would know the membership state of the IP multicast paylod and be able to discard it if the packet was delivered unnecessarily by the BIER-TE layer. If the payload has no such membership indication, and the BFIR wants to have explicit control about which BFER are to receive and decapsulate a packet, then these two optimizations can not be used together with shared bit positions optimization for leaf-BFER.</t> > > In BIER-TE we do not necessarily have a single BP designated > > to a BFER, so the controller has various options of how he > > assigns unambiguous bift-ids to BFER, and this text explains > > one option that would make it closests to (non-te) BIER. > > I think the "equally be determined" was what tripped me up, as it implies > that there is some other (unstated) primary way to determine the BFR-id, > which is equivalent to this procedure. Maybe "equally" is not quite the > right word, or we should say "can be determined using the same procedure as > in [(non-TE)] BIER"? Ack. changed. > > | BIER-TE controllers SHOULD use security equal to or better than these mechanisms. > > > > I am only using SHOULD because i dont see a risk of getting less security > > in any "IT" network (service provider, enterprise, data-center), TLS is > > the obviouos choice, and if somebody uses something different from the above > > list like SSH, then the deployment has some more fundamental ops challenges. > > > > But with MUST, we might create an inappropriate burden for "OT" networks > > (inside trains, planes, automobiles, to repeat my prior example). > > In many cases you might have physically removed "provisioning ports". > > > > Think of hidden i2c ports on devices through which you configure the > > device, then you remove and never touch again. Aka: physical security. > > Is that equal or better than TLS ? > > It might depend on what attacker capabilities are in the threat model you > care about. If you only care about some attacker far away on the internet > ... probably. I guess i should have added "blow a fuse" that also does not allow you to locally re-configure the device once its validated to be configured correcty for production (One Time Programmable). > Which is to say, I will not argue about the SHOULD, here. Thanks. My primary concern is that its difficult to compare security levels of end-to-end with infrastructure. E.g.: obviously, i'd be happy to sell cert based security like in ANIMA into OT environments to protect the infrastructure component and hence the system, e.g.: you can reprogram with credentials (maybe still only locally) and you can reset devices, but loose credentials etc. pp. > And all the other stuff (above and below) seems okay; no further comments. > Thanks again for the updates and explanations, Thanks a lot! Toerless > Ben > > > > Section 11.2 > > > > > > If "it is expected that the reader be familiar with" RFC 8296, it should > > > probably be classified as normative. > > > > Done. > > > > > NITS > > > > > > By no means an exhaustive collection, but hopefully they will help. > > > > > > Section 2.2 > > > > > > may be called an "overlay" BIER-TE topology. A BIER-TE topology will > > > both "forward_connected" and "forward_routed" adjacencies may be > > > called a "hybrid" BIER-TE topology. > > > > > > s/will/with/ > > > > Ack. > > > > > Section 2.3 > > > > > > In BIER- > > > TE, bits in the BitString of a BIER packet header indicate an > > > adjacency in the BIER-TE topology, and only the BFRs that are > > > upstream of this adjacency have this bit populated with the > > > adjacency in their BIFT. > > > > > > I think that s/are upstream/are the upstream endpoint/ would greatly aid > > > readability. > > > > Ack. > > > > > > > > 2. In BIER, the implied reference option for the core part of > > > the BIER layer control plane is the BIER extension to > > > distributed routing protocol, such as standardized in ISIS/ > > > OSPF extensions for BIER, [RFC8401] and [RFC8444]. [...] > > > > > > There seems to be some singular/plural mismatch(es) going on here. > > > Maybe "are the BIER extensions to distributed routing protocols, such as > > > those standardized in"? > > > > yes. > > > > > 3. The following element/functions described in the BIER > > > architecture are not required by the BIER-TE architecture: > > > > > > Probably best to use "elements/functions" to match plurality. > > > > ack. > > > > > 1. BIRTs on BFR for BIER-TE are not required when using a BIER- > > > > > > I think "BFRs" plural. (Probably the plural is best for the next few > > > instances of "BFR" (not "BFR-id") in this section, but I will not try to > > > note them all explicitly.) > > > > ack > > > > > Section 3.2 > > > > > > I think s/BFIR/BFIRs/ in all cases in this section (excluding > > > subsections) other than item 2.3, and possibly 2.1 if the intent is "for > > > each multicast overlay flow". > > > > sounds right. > > > > > > 3. Install state on the BFIR to imposition the desired BIER > > > packet header(s) for packets of the overlay flow. > > > > > > s/imposition/impose/ > > > > ack. > > > > > Section 3.2.1 > > > > > o Data-models and protocols to communicate between controller and > > > BFR in step 1, such YANG/Netconf/RestConf. > > > > > > probably s/BFR/BFRs/ and s/such/such as/. > > > > ack. > > > > > Section 3.2.1.1 > > > > > > When the topology is determined, the BIER-TE Controller then pushes > > > the BitPositions/adjacencies to the BIFT of the BFRs, populating only > > > those SI:BitPositions to the BIFT of each BFR to which that BFR > > > should be able to send packets to - adjacencies connecting to this > > > BFR. > > > > > > This sentence should probably be rewritten and split up; it may have > > > multiple valid parse trees but regardless is pretty hard to parse. > > > Having separate terms for "the BFR receiving BIFT updates" and "the BFR > > > to which a given bit says to send a packet" would help a lot. > > > > Yeah, weird complex. simplified now: > > > > <t>When the BIER-TE topology is determined, the BIER-TE Controller then pushes > > the BitPositions/adjacencies to the BIFT of the BFRs. On each BFR only those SI:BitPositions > > are populated that are adjacencies to other BFRs in the BIER-TE topology.</t> > > > > > Section 3.2.1.2 > > > > > > encoded as the same BitString. In BIER-TE, the BitString used to > > > reach the same set of BFER in the same sub-domain can be different > > > for different overlay flows because the BitString encodes the paths > > > towards the BFER, so the BitStrings from different BFIR to the same > > > set of BFER will often be different, and the BitString from the same > > > BFIR to the same set of BFER can different for different overlay > > > flows for policy reasons such as shortest path trees, Steiner trees > > > (minimum cost trees), diverse path trees for redundancy and so on. > > > > > > I suggest breaking the sentence before "and the BitString from the same > > > BFIR". > > > > ack > > > > > > Also, s/can different/can be different/ > > > > ack > > > > > > See also [I-D.ietf-bier-multicast-http-response] for a solution > > > describing this interaction. > > > > > > I'm not sure that "solution" is the best word here ("solution to which > > > problem?"). > > > > See also <xref target="I-D.ietf-bier-multicast-http-response"/> for an application > > leveraging BIER-TE engineered trees. > > > > > Section 3.2.1.4 > > > > > > When link or nodes fail or recover in the topology, BIER-TE could > > > quickly respond with out-of-scope FRR procedures such as > > > [I-D.eckert-bier-te-frr]. [...] > > > > > > Is the intent to say "could quickly respond with FRR procedures [...] > > > the details of which are out of scope for this document"? > > > > ack. > > > > > Section 3.3 > > > > > > 1. On BFIR imposition of BIER header for packets from overlay flows. > > > > > > comma after BFIR > > > > ack > > > > > > 3. On BFER removal of BIER header and dispatching of the payload > > > > > > comma after BFER > > > > ack > > > > > > Section 3.5 > > > > > > available at each BFR and for each BP when it is providing congestion > > > loss free services such as Rate Controlled Service Disciplines > > > > > > hyphenate "congestion-loss-free" > > > > ack > > > > > > control protocol such as Netconf or any other protocol commonly used > > > by a PCE to understand the resources of the network it operates on. > > > > > > I think s/PCE/Controller/ since this is the only instance of "PCE" > > > that's not part of "PCEP", in this document. > > > > Ack. > > > > > the BIER-TE defined steering of packets. This includes allocation of > > > buffers to guarantee the worst case requirements of admitted RCSD > > > traffic and potential policing and/or rate-shaping mechanisms, > > > > > > I'm not sure, but possibly s/potential/potentially/ > > > > yes. > > > > > Section 4.2.1 > > > > > > for copies of the packet made towards other adjacencies. This can be > > > used for example in ring topologies as explained below. > > > > > > "Below" could become a reference to §5.1.6 as was done in §4.1. > > > > ack. > > > > > Section 4.2.3 > > > > > > packet is copied onto such an ECMP adjacency, an implementation > > > specific so-called hash function will select one out of the lists > > > adjacencies to which the packet is forwarded. This ECMP hash > > > > > > s/lists/list's/ > > > > ack > > > > > Section 4.2.4 > > > > > > packets. Local_decap() adjacencies require the BFER to support > > > routing or switching for NextProto to determine how to further > > > process the packet. > > > > > > I'm not finding a protocol element to map to "NextProto" in this > > > context, so maybe writing out in long form something like "the next > > > protocol layer" would be preferred. > > > > Resolved by introducing term in prior sentence: > > > > A "local_decap" adjacency passes a copy of the payload of > > the BIER-TE packet to the protocol ("NextProto") within the BFR (IPv4/IPv6, Ethernet,...) responsible for > > that payload > > > > NextProto is also used in the Pseudocode. > > > > > Section 4.3 > > > > > > With MPLS, it is also possible to reuse the same SD space for both > > > BIER-TE and BIER, so that the same SD has both a BIER BIFT and > > > according range of BIFT-ids and a disjoint BIER-TE BIFT and non- > > > overlapping range of BIFT-ids. > > > > > > I think s/according/corresponding/ > > > > ack. > > > > > "forward_routed" requires an encapsulation permitting to unicast > > > BIER-TE packets to a specific interface address on a target BFR. > > > > > > "encapsulation that permits directing unicast BIER-TE packets" > > > > ack. > > > > > Section 4.4 > > > > > > void ForwardBitMaskPacket_withTE (Packet) > > > { > > > SI=GetPacketSI(Packet); > > > Offset=SI*BitStringLength; > > > for (Index = GetFirstbit position(Packet->BitString); Index ; > > > Index = GetNextbit position(Packet->BitString, Index)) { > > > F-BM = BIFT[Index+Offset]->F-BM; > > > if (!F-BM) continue; [3] > > > BFR-NBR = BIFT[Index+Offset]->BFR-NBR; > > > PacketCopy = Copy(Packet); > > > PacketCopy->BitString &= F-BM; [2] > > > PacketSend(PacketCopy, BFR-NBR); > > > // The following must not be done for BIER-TE: > > > // Packet->BitString &= ~F-BM; [1] > > > } > > > } > > > > > > GetFirstBitPosition and GetNextBitPosition are the spellings used in the > > > RFC 8279 pseudocode; I don't see reason to diverge from them. (The same > > > comment applies to the pseudocode in Figure 6 as well.) > > > > Indeed. strange. fixed. > > > > > To solve both [1] and [2] for BIER, the F-BM of each bit needs to > > > have all bits set that this BFR wants to route across BFR-NBR. [2] > > > > > > Expanded out, "the F-BM of each bit needs to have" doesn't seem to make > > > much sense; would s/bit/bit index/ make more sense? > > > > Yes. > > > > > * The packets BitString is masked with those AdjacentBits before > > > the loop to avoid doing this repeatedly for every PacketCopy. > > > > > > s/packets/packet's/ > > > > ack > > > > > case forward_routed({VRF},neighbor): > > > SendToL3(PacketCopy,{VRF,}l3-neighbor); > > > > > > Should the first line use "l3-neighbor" as well as the second one? > > > > yes. > > > > > Section 4.5 > > > > > > BFR3 sees a BitString of p5,p7,p8,p10,p11,p12. For those BPs, it has > > > only adjacencies for p7,p8. It creates a copy of the packet to BFER1 > > > (due to p7) and one to BFR4 (due to p8). It clears p7, p8 before > > > sending. > > > > > > I think "clears both p7 and p8 in both copies before sending" is more > > > clear. > > > > ack. > > > > > Section 4.6 > > > > > > clear DNC flag, forward_routed() and local_decap. As explained in > > > Section 4.4, these REQUIRED BIER-TE forwarding functions can be > > > implement via the same Forwarding Pseudocode as BIER forwarding > > > > > > s/implement/implemented/ > > > > > > Section 5.1.4 > > > > > > opposite LANs. Adjacencies of such BFRs into their LAN still need a > > > separate bit position. > > > > > > Is this something like "such multi-homed BFRs"? > > > > That is name calling, and i usually hear the term only in > > conjunction with hosts, not routers, so i think it would not be helpfull. > > > > > Section 5.1.9 > > > > > > Figure 17: Reuse of BP > > > > > > Reuse may also save BPs in larger topologies. Consider the topology > > > shown in Figure 20. A BFIR/sender (e.g.: video headend) is attached > > > > > > I suspect that s/20/17/ is intended. > > > > Yes. > > > > > Section 5.1.10 > > > > > > o BP can generally be reused across nodes that do not need to be > > > consecutive in paths, but depending on scenario, this may limit > > > > > > "consecutive in paths" might imply "directly one after the other" to > > > some readers. Perhaps "where it can be guaranteed that no path will > > > ever need to traverse more than one node of the set"? > > > > Right. thanks. > > > > > Section 5.3.3 > > > > > > BIER-TE forwarding does not use the BFR-id, not does it require for > > > > > > s/not does/nor does/ > > > > fixed. > > > > > Section 5.3.6.2 > > > > > > In addition, we use 4 bits in each SI: bia, bib, bea, beb: bit > > > ingress a, bit ingress b, bit egress a, bit egress b. These bits > > > > > > It's probably worth spending a few more words to connect these "a" and > > > "b" back to the 6 different BFR1a/BFR1b through BFR6a/BFR6b of Figure > > > 20. (Figure 20, which appears in §5.3.6.1, is not mentioned at all from > > > this section at present.) > > > > Added reference to picture, highlighted how abbreviations are derived: > > > > In addition, we use 4 bits in each SI: bia, bib, bea, beb: (b)it (i)ngress (a), > > (b)it (i)ngress (b), (b)it (e)gress (a), (b)it (e)gress (b). > > > > > > legs: 1) BFIR to ingress are edge and 2) core to egress area edge. > > > > > > s/are edge/area edge/ > > > > Ack. > > > > > Section 6 > > > > > > hop to each destination Node-SID. What BIER does not allow is to > > > indicate intermediate hops, or terms of SR the ability to indicate a > > > > > > s/terms of SR/in terms of SR/ > > > > ack > > > > > Section 7 > > > > > > In BIER, the standardized methods for the routing underlays as well > > > as to distribute BFR-ids and BFR-prefixes are IGPs such as specified > > > in [RFC8401] for IS-IS and in [RFC8444] for OSPF. Attacking the > > > > > > I can't make a parse tree for this sentence. I think it's just trying > > > to say that RFCs 8401 and 8444 specify how to distribute BFR-ids and > > > BFR-prefixes over the respective IGP, and the respective IGP inherently > > > distributes information needed for routing underlays, but I could be > > > wrong. > > > > > > <t>In BIER, the standardized methods for the routing underlays are IGPs with extensions to distribute BFR-ids and BFR-prefixes. <xref target="RFC8401"/> specifies the extensions for IS-IS and <xref target="RFC8444"/> specifies the extensions for OSPF. > > > > > > against the results of the routing protocol, enabling DoS attacks > > > against paths or addressing (BFR-id, BFR-prefixes) used by BIER. > > > > > > I think s/addressing/the addressing/ > > > > ack. > > > > > > adjacencies, then this is still an attack vector as in BIER, but only > > > for BIER-TE forward_routed() adjacencies, and no other adjacencies. > > > > > > s/and no/and not/ > > > > ack > > > > > the BIER-TE controller/control-plane can and are much more commonly > > > > > > s/can/can be/ > > > > ack > > > > > > forwarding rules are defined to be as strict in clearing bits as they > > > are. The clearing of all bits with an adjacency on a BFR prohibits > > > > > > I think just "defined to be as strict in clearing bits as possible" -- > > > "defined to be as <anything> as they are" is basically a tautology. > > > > true. fixed. > > > > > that a looping packet creates additional packet amplification through > > > the misconfigured loop on the packets second or further times around > > > > > > s/packets/packet's/ > > > > fixed. > > > > > > Deployments especially where BIER-TE would likely be beneficial may > > > include operational models where actual configuration changes from > > > > > > This "especially" seems out of place (I think the sentence would work if > > > it's just dropped, though maybe moving it is preferred). > > > > hmm.. dropped it. > > > > > > the controller are only required during non-productive phases of the > > > > > > Maybe s/productive/production/? > > > > yes. > > > > > > networks life-cycle, such as in embedded networks or in manufacturing > > > > > > s/networks/network's/ (just the first one) > > > > ack > > > > > reverting the network/installation into non-productive state. Such > > > > > > ("production" again) > > > > > > > > > > -- > > --- > > tte@cs.fau.de
- [Bier] Benjamin Kaduk's Discuss on draft-ietf-bie… Benjamin Kaduk via Datatracker
- Re: [Bier] Benjamin Kaduk's Discuss on draft-ietf… Toerless Eckert
- Re: [Bier] Benjamin Kaduk's Discuss on draft-ietf… Carsten Bormann
- Re: [Bier] Benjamin Kaduk's Discuss on draft-ietf… Benjamin Kaduk
- Re: [Bier] Benjamin Kaduk's Discuss on draft-ietf… Greg Mirsky
- Re: [Bier] Benjamin Kaduk's Discuss on draft-ietf… Toerless Eckert
- Re: [Bier] (Carsten) Benjamin Kaduk's Discuss on … Toerless Eckert
- Re: [Bier] (GregM) Benjamin Kaduk's Discuss on dr… Toerless Eckert
- Re: [Bier] Benjamin Kaduk's Discuss on draft-ietf… Benjamin Kaduk