[Bier] Re: [draft-ietf-bier-tether] Shepherding AD document review of draft-ietf-bier-tether-05

Tony Przygienda <tonysietf@gmail.com> Mon, 04 November 2024 16:42 UTC

Return-Path: <tonysietf@gmail.com>
X-Original-To: bier@ietfa.amsl.com
Delivered-To: bier@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88AEFC1D6FBE; Mon, 4 Nov 2024 08:42:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JDSQKwREUDTw; Mon, 4 Nov 2024 08:42:46 -0800 (PST)
Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13DE2C1DA1DC; Mon, 4 Nov 2024 08:42:46 -0800 (PST)
Received: by mail-pl1-x634.google.com with SMTP id d9443c01a7336-20c714cd9c8so44991675ad.0; Mon, 04 Nov 2024 08:42:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730738565; x=1731343365; darn=ietf.org; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=JT/EuK+X3M6bOfHh0Oo/iy9sCTkN7llxyVM5wc1/ftg=; b=QR+QMwwCxt331T39gAax8i7103lZDoq47en62OIq6N8h80M9H96mLuQ2bA4w+ChsIl ODQgQ+PA3sTe/NIOtgkOWYJ+ZK7nGWabF6qvhEbZOI/+hiYO4/ehC+acrcnPytdGSaLX Zfc6FsHWR8MBA/pIN82EQzBmu8FXfHTtAfiMVG/YU7Lj9+si+pRXnEbOEDIL6YoxpsAV rPu7/pQ4GQyy9Bv9WERJGnbua3J45T9zRB68VYm778Mg6FBx+xY6ZLriVdDIAeyVlnTp 5dmi54HT7pSJGOT2wZWi6hFIOnYjxxZQYaaoekJ1SP0qKGeY7xMQt+DIaRzmpPFLA4i6 7DYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730738565; x=1731343365; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=JT/EuK+X3M6bOfHh0Oo/iy9sCTkN7llxyVM5wc1/ftg=; b=fSXt5aop3VIMk9lvMt3JtS+mf8MtMF9dIeGDYF/rTmrESUTEv474OKVyQzSjAdCOE/ yPqf1/1m/GQWM4kAi5iN+auyefS9wMxUkH0KSK+q967dvWQ7LGBvQ447U5aXXv0a3qt3 sOEgHtqKgFYuUCjSpVJfHKWOkT8eiOd8iRiXNZWW6hjdTBmIeRGBxpEhxeEuYlfQanqz etvbllzichOc0oOqHiJ3Cr4E0qyaWHo9xFikL1J5WD42TuFQEZHotPMp+e5ZMy4Q0vcF zId8YBE+IQdlQBFrd9mJAfzg0DrxBsmCcweWl4vfTRtRy3gv8uVbyWNxvis0Vcgg6/Xu Xang==
X-Forwarded-Encrypted: i=1; AJvYcCV2nwtQkh7otAIjGstYSH98f/6hCdpsmA3MpjTm4R55bdJZhoGMlJEOVbH4gUZ0hUZAaCXk@ietf.org
X-Gm-Message-State: AOJu0YyY17zcbhIR9q7ezYhoiA+Radj1SkeIMoBVpLXKGuP5IO0gptsi NP3ksR6kO2wFBIeNdl1YTIM/HVQUSo1NcLdKyMuXsvfL+hTsfRjNmEv/OHpyl2w=
X-Google-Smtp-Source: AGHT+IFLvtfbffLdNMysWTp45wZ/2wEv/oDNLWQwTgPDDgzAGzQah1J2SbyWPzqBPdBp6uFfSrwrgw==
X-Received: by 2002:a17:903:41d1:b0:211:2b2:2086 with SMTP id d9443c01a7336-2111b006e79mr156453385ad.49.1730738565071; Mon, 04 Nov 2024 08:42:45 -0800 (PST)
Received: from smtpclient.apple ([165.225.210.166]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2110570b482sm63129365ad.71.2024.11.04.08.42.42 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 04 Nov 2024 08:42:44 -0800 (PST)
From: Tony Przygienda <tonysietf@gmail.com>
Message-Id: <6835D83C-09DC-4C31-A210-5195DC885C2F@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_087E16CA-4D00-44E7-A46A-1BBAB2DC5914"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51\))
Date: Mon, 04 Nov 2024 16:42:15 +0000
In-Reply-To: <AS1PR07MB8589A23805E5B18D7560762DE0072@AS1PR07MB8589.eurprd07.prod.outlook.com>
To: "Gunter van de Velde (Nokia)" <gunter.van_de_velde=40nokia.com@dmarc.ietf.org>
References: <AS1PR07MB8589A23805E5B18D7560762DE0072@AS1PR07MB8589.eurprd07.prod.outlook.com>
X-Mailer: Apple Mail (2.3776.700.51)
Message-ID-Hash: VU2WV65YBYUGXWPVFEM5ZDHUXF44LAMH
X-Message-ID-Hash: VU2WV65YBYUGXWPVFEM5ZDHUXF44LAMH
X-MailFrom: tonysietf@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-bier.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-bier-tether@ietf.org" <draft-ietf-bier-tether@ietf.org>, BIER WG <bier@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Bier] Re: [draft-ietf-bier-tether] Shepherding AD document review of draft-ietf-bier-tether-05
List-Id: "\"Bit Indexed Explicit Replication discussion list\"" <bier.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/bier/b7nE-8Vp0a9YirYE2gaySBZWs6c>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bier>
List-Help: <mailto:bier-request@ietf.org?subject=help>
List-Owner: <mailto:bier-owner@ietf.org>
List-Post: <mailto:bier@ietf.org>
List-Subscribe: <mailto:bier-join@ietf.org>
List-Unsubscribe: <mailto:bier-leave@ietf.org>

BTW the draft seems to have vanished in the BIER WG document tracker for some reason 

> On 9 Apr 2024, at 12:32, Gunter van de Velde (Nokia) <gunter.van_de_velde=40nokia.com@dmarc.ietf.org> wrote:
> 
> # Gunter Van de Velde, RTG AD, comments for draft-ietf-bier-tether-05
>  
> In the absence of an earlier shepherding AD review pertaining to the
> draft-ietf-bier-tether document, please find my review comments for 
> discussion. These comments are shared prior to the document being
> considered for IESG Telechat.
>  
> In reviewing this document, I start with a broad overview of its
> current status, followed by a detailed discussion of critical technical
> points. I conclude with an analysis performed by idnits, which
> includes annotations for both [minor] and [major] comments. This
> structured approach helps to ensure that all aspects of the document
> are thoroughly examined and addressed.
>  
> Summary:
> ========
> The abstract of this document reads:
>    This document specifies optional procedures to optimize the handling
>    of Bit Index Explicit Replication (BIER) incapable routers, by
>    attaching (tethering) a BIER router to a BIER incapable router.
>  
> The document is not overly long and appears not
> overly complex. However the document reads relative light on formal 
> specification. Additional strict formal usage using BCP14 language
> to prescribing operations, the code points and the spf modification
> will provide better specification.
>  
> The shepherd writeup (4 July 2022) suggest document shepherd
> reviewed draft-ietf-bier-tether-01.
>  
> Implementations: no existing and known future Implementations.
> idnits: no substantial issues shown
>  
> Looking at the email archive, only very few discussions about this
> document happened on the list
>  
> Many thanks to Dan Romascanu (OPSDIR), Wes Hardaker (SECDIR) and Joel
> Halpern (GENART) reviews. I encourage the document authors to
> consider the feedbacks and observations provided.
>  
> Key Technical Issues:
> =====================
>  
> Due to no existing or known future implementations would
> experimental not be more appropriate IETF track then "proposed standard"?
>  
> The comments on the email list from Les about encodings has significant impact:
> https://mailarchive.ietf.org/arch/msg/last-call/tUy5jdA2z62BmvpP-TC-_k-rIws/
> In general there is ongoing effort to be conservative about any IGP
> encoding, however especially with ISIS are TLV resources often constrained.
>  
> IANA code points: why are early code points not considered? It would help to grow experience
> with the solution before requesting final code point allocations. It seems especially when
> encoding descriptions seem not fully firm at the moment.
>  
> Operational guidelines: light specification details about troubleshooting and 
> network behaviour due to diverged paths between multicast and unicast.
> For example, what is the impact on ping/traceroute and other multicast 
> operational tools, convergence impact expectations? What addresses should 
> be used as the helped address? is it possible that unicast SPF has race
> condition with the BIER topology SPF? etc. if BGP is used, any risks for the
> recursive lookups to go wrong?
>  
> Security implications: As indicated in the security directorate review
> it would help the document to add proof points why there are no
> additional security concerns compared to BIER architecture and OSPF/ISIS/BGP
> extensions for BIER signaling. (it is for example possible to insert the TLV on
> a rogue node and add all loopback addresses of the router in the area)
>  
> What is the impact of technologies as LFA/BFD/ECMP impact BIER Tether topology?
>  
> Please find in next section a set of review comments [minor] and [major]
>  
> Detailed review using the idnits rendering of the draft:
> ========================================================
>  
> 17             This document specifies optional procedures to optimize the handling
> 18             of Bit Index Explicit Replication (BIER) incapable routers, by
> 19             attaching (tethering) a BIER router to a BIER incapable router.
>  
> [major] this is incorrect. The draft specifies in addition to operational
> procedures a few IGP TLVs (code points and IGP encodings).
>  
> 76             Consider the scenario in Figure 1 where router X does not support
> 77             BIER.
>  
> [minor] It will be more clear if it is more explicit that this paragraph is
> the explanation of the observed problem space. A few paragraphs later the
> term solution is used. For readability it woul de nice to first get
> description of the problem space, followed by the naturally by the solutin discussion.
>  
> 94             A solution to the inefficient tunneling from BFRs is to attach
> 95             (tether) a BFRx to X as depicted in Figure 2:
>  
> [major] The wording "A solution" implies that there are other solutions to
> the problem possible. However, these are not discussed in the document.
> In the email archives there have been comments questioning why
> draft-ietf-bier-tether solution is better as placing for example
> a BIER router in the forwarding path close to the helped BFR?
> The 'why' is tethering better as the other solutions is unclear
> and undocumented. 
>  
> 111           For BFR1 to tunnel BIER packets to BFRx, the BFR1-BFRx tunnel need to
> 112           be announced in Interior Gateway Protocol (IGP) as a forwarding
> 113           adjacency so that BFRx will appear on the Shortest Path First (SPF)
> 114           tree.  This needs to happen in a BIER specific topology so that
> 115           unicast traffic would not be tunneled to BFRx.  Obviously this is
> 116           operationally cumbersome.
>  
> [minor] an alternative is to place the BFRx into the IGP forwarding path?
> Is the multicast traffoc expected of lesser valume as the unicast traffic?
> Maybe the unicast traffic volume can be neglected compared to the multicast traffic?
>  
> 118           Section 6.9 of BIER architecture specification [RFC8279] describes a
> 119           method that tunnels BIER packets through incapable routers without
> 120           the need to announce tunnels.  However that does not work here,
> 121           because BFRx will not appear on the SPF tree of BFR1.
>  
> [minor] style rewrite: 
> "Section 6.9 of the BIER architecture specification [RFC8279] delineates a
> methodology for tunneling BIER packets through incapable routers without
> the need to explicitely announce tunnels. Nonetheless, this method is
> inapplicable in the current context, as BFRx is not a node in the SPF
> tree rooted at BFR1.
>  
> 123           There is a simple solution to the problem though.  BFRx could
> 124           advertise that it is X's helper and other BFRs will use BFRx (instead
> 125           of X's children on the SPF tree) to replace X during its post-SPF
> 126           processing as described in section 6.9 of BIER architecture
> 127           specification [RFC8279].
>  
> [major] simple is subjective language. The need for code points,
> IGP signalling, usage of multicast only router (=unicast stealth router)
> and topological BIFT abstraction is not that simple. This section is an
> opportunity to present and defend that the tether solution is the most
> optimal solution for the presented use-case.
>  
> 131           While the example shows a local connection between BFRx and X, it
> 132           does not have to be like that.  As long as packets can arrive at BFRx
> 133           without requiring X to do BIER forwarding, it should work.
>  
> [minor] what example is being referenced. From a style perspective it
> is unclear what 'should work' means in a proposed standard document.
> Maybe more formal writing is appropriate? Does "should work" mean it behaves
> as architected or does not behave as architected. What are the conditions
> it would not work as intended?
>  
> 129        2.  Additional Considerations
>  
> [minor] this is odd titled section. The section title is "Additional
> Considerations", but there is no section about "Considerations"?
>  
> 135           Additionally, the helper BRFx can be a transit helper, i.e., it has
>  
> [minor] s/BRFx/BFRx/
>  
> 137           connected to X), as long as BFRx won't send BIER packets tunneled to
> 138           it back towards the tunnel ingress.  Figure 3 below is a simple case:
>  
> [minor] a use-case or a network topology? a little more context helps
> readability on how expected multicast flows wil be steered through
> the topology. How would this impact security and operational implications?
>  
> 151           In the example of Figure 4, there is a connection between BFR1 and
> 152           BFRx.  If the link metrics are all 1 on the three sides of
> 153           BFR1-X-BFRx triangle, loop won't happen but if the BFRx-X metric is 3
> 154           while other two sides of the triangle has metric 1 then BFRx will
> 155           send BIER packets tunneled to it from BFR1 back to BFR1, causing a
> 156           loop.
>  
> [major] This description truely provides an indication that when tether is
> used, that there is divergence between unicast and multicast topologies. How would
> LFA and other fast convergence race conditions impact during instabity?
>  
> 174           Notice that this SPF calculation on BFR1 with BFRx as the root is not
>  
> [minor] unsure what "this spf" referes towards. more formal language will
> help to understand the example better 
>  
> 174           Notice that this SPF calculation on BFR1 with BFRx as the root is not
> 175           different from the SPF done for a neighbor as part of Loop-Free
> 176           Alternate (LFA) calculation.  In fact, BFR1 tunneling packets to X's
> 177           helper is not different from sending packets to a LFA backup.
>  
> [minor] What is the point that is being proved with the comparison to LFA style SPF calculation?
>  
> 179           Also notice that, instead of a dedicated helper BFRx, any one or
> 180           multiple ones of BFR2..N can also be the helper (as long as the
>  
> [minor] upper or lower case n vs N? seems that there is disreptency between
> diagram and text
>  
> 185           highest priority among those satisfying the loop-free condition
> 186           described above.  When there are multiple helpers advertising the
> 187           same priority and satisfying the loop-free condition, any one or
> 188           multiple ones could be used solely at the discretion of BFR1.
>  
> [major] The node BFR1 silently implies that it is the upstream node of the BIER uncapable router (the helped node).
> This is nowhere defined or specified.
>  
> 192           The situation in Figure 5 where a helper BFRxy helps two different
> 193           non-BFRs X and Y also works.  It's just a special situation of a
> 194           transit helper.
>  
> [minor] what does "also works" exactly mean? formal description of the outcome will helps
>  
> 192           The situation in Figure 5 where a helper BFRxy helps two different
> 193           non-BFRs X and Y also works.  It's just a special situation of a
> 194           transit helper.
>  
> [minor] THis is becoming very complex and no longer simple. What are the operational
> implications and how to troubleshoot this now that unicast and multicast
> topology are looking vastly different.
>  
> 214           The procedures in this document apply when a BFRx is tethered to a
> 215           BIER incapable router X as X's helper for BIER forwarding.
>  
> [minor] It would help to formally give the BIER incapable router a name to refer to from documentation perspective.
>  
> 219           Suppose that the BIER domain uses BIER signaling extensions to ISIS
> 220           [RFC8401] or OSPF [RFC8444].  The helper node (BFRx) MUST advertise
> 221           one or more BIER Helped Node sub-sub-TLVs in the BIER Info sub-TLV in
> 222           the case of ISIS or BIER Helped Node sub-TLVs in the BIER sub-TLV in
> 223           the case of OSPF, one for each helped node:
>  
> [minor] s/suppose/when/
>  
> [major] referencing to the comments from Les.
> In addition, having explicit sections for ISIS and OSPF and OSPFv3 will be beter to formalize and document the code-points and associated TLV descriptions.
>  
> [minor] no figure number is provided?
>  
> 225                0                   1                   2                   3
> 226                0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
> 227               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> 228               |    Type       |   Length      |    Priority   |   Reserved    |
> 229               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> 230               |              Address of the Helped Node                       |
> 231               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>  
> [major] WHat is this address of the helped node? is that a interface address? is
> that a loopback? is it a router id? does it have to be a stable address? does
> the address have to exists on the router? must the address be UP and ENABLED
> and PINGABLE on the router? What if multiple helped node addresses are added all over the network (for an attach for example)?
>  
> 243           At step 2, the removed node is added to an ordered list maintained
> 244           with each child that replaces the node.  If the removed node already
> 245           has a non-empty list maintained with itself, add the removed node to
> 246           the tail of the list and copy the list to each child.
>  
> [major] The text at section 6.9 is written formally. if the intent is to
> change the step 2 with alternate logic prescribing when and how to insert the BIER helper
> node. Most correct would be to rewrite using formal BCP14 language the complete 'step 2'
> for the tether use case.
>  
>     (RFC8279 section6.9)
>    2.  If one of the child nodes does not support BIER, BFR-B removes
>        that node from the tree.  The child nodes of the node that has
>        just been removed are then re-parented on the tree, so that BFR-B
>        now becomes their parent.
>  
> 268           If the above procedure finishes without finding any helper, then the
> 269           original BFR next hop via a tunnel is used to reach the BFER.
>  
> [minor] Is this statement also not part of the process that tether modifies the BIER-SPF?
>  
> 273           Suppose that the BIER domain uses BGP signaling
> 274           [I-D.ietf-bier-idr-extensions] instead of IGP.  BFR1..N advertises
>  
> [minor] s/suppose/when/
>  
> 271        3.2.  BGP Signaling
>  
> [major] Can BGP signaling not be seen as another ecoding in addition to the IGP encodings?
>  
> 273           Suppose that the BIER domain uses BGP signaling
> 274           [I-D.ietf-bier-idr-extensions] instead of IGP.  BFR1..N advertises
> 275           BIER prefixes that are reachable through them, with BIER Path
> 276           Attributes (BPA) attached.  There are three situations regarding X's
> 277           involvement:
>  
> [minor] what does "them" reference? 
> [minor] not sure what the BIER prefix is. Is that a special NLRI used for signalling BIER BitString?
> [minor] three situations are mentioned, but only 2 follow?
>  
> 286           To make tethering work well with BGP signalling, the following can be
> 287           done:
>  
> [major] what does "work well" mean? please explain using BCP14 langue how the technology and encodings will work.
> [minor] is there any impact upon how the BIER-SPF is modified using the received BGP derived BIER information.
> [major] are there no BGP code points or encodings specified?
>  
>  
>  
>  
>  
>  
>  
>  
>  
>  
>  
> _______________________________________________
> BIER mailing list
> BIER@ietf.org <mailto:BIER@ietf.org>
> https://www.ietf.org/mailman/listinfo/bier