Re: [Bier] AD Review of draft-ietf-bier-bar-ipa-07

Alvaro Retana <aretana.ietf@gmail.com> Tue, 12 October 2021 19:18 UTC

Return-Path: <aretana.ietf@gmail.com>
X-Original-To: bier@ietfa.amsl.com
Delivered-To: bier@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C8203A0113; Tue, 12 Oct 2021 12:18:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UlGlabRrnFgN; Tue, 12 Oct 2021 12:18:11 -0700 (PDT)
Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4C5C3A0A7B; Tue, 12 Oct 2021 12:17:31 -0700 (PDT)
Received: by mail-ed1-x52d.google.com with SMTP id a25so321567edx.8; Tue, 12 Oct 2021 12:17:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc:content-transfer-encoding; bh=ZVJVDtbAOBgoM09SJWUvFlabcMhgFFll/zuO/wIEQ0g=; b=Z+9yyeNU39gYRmJ5YVn8wJ/x9BQ9EgqPhUBAptWAoqsCbHlCE/paPRrMdEFG57/M9s GaoPMqzP9s3SgDryhOfMJlKgaN43ITK6QCFZKK0uIz8WZPNydQ4rfXOHAp3CNKYbK0+2 XV+CH/Y63tMlJfXuMNSY8PJyXM8FnyoQHSgtljBQYojNtDTY1CogcyUQtKMcjkSke7It cNUts0rcAVZUO7U8LcfQbxpgcSHtgarurkaWxqv5bva6tq699v9faKXsgezD+l2fuItx 2LaYYrKduLg+LUGZXqEVEiBSWyD2L/xc28jQmEFsgWJ/sCtK5CpFXqeHzZ4Z6qqJNk5Q nVog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc:content-transfer-encoding; bh=ZVJVDtbAOBgoM09SJWUvFlabcMhgFFll/zuO/wIEQ0g=; b=kGD0YeODtnxacqGiQiRbE2U4qAg5+3K5Jpop0M1AqaOjtpV+Up9sy3rfhoaaXn/BnT gtztJ2Stn6vAV6cyl2L9nA3Et45gZSHoi2tkx8kkHUe2wkovr8egpPK8f/Aevr7Z1Wn6 A9nj5Q0bP4TNDLJQWCWwDMLV64DS3/Efgqc6Cam99kG3zAUhCK7MTvt2fE9bhJfs+pkE XiqGyjRIN6L72mu5noEOKPXqRgSgfhgMcymt2Y5BXhMA/Js+0MQl2NhMFlF6Z7Ffz9JD 5A58dlhBZUqUuS+8f0rO8GCe/FlUnSSJZy5gqqklR7ZYOo1LiAuJ0/RWh5D7K5nMB12O ljPw==
X-Gm-Message-State: AOAM5307CznLRSdQdAp/BRNc9jTGEwqR2njNnK3fiBRwxh2Hzk7CJhKh UIVUPJhGhTXFC4gktZo3Z040yjgVM5ulyD7rzTwqohtbMX0=
X-Google-Smtp-Source: ABdhPJypa4Zn6URyxxo8C6taKkQs6O2b6ECljzUsAA5htQB1GBo36gJSL6VN0H65I7nZN6WHt1jI82u9Y/qy4znJfqI=
X-Received: by 2002:a50:d4cd:: with SMTP id e13mr2208777edj.29.1634066248052; Tue, 12 Oct 2021 12:17:28 -0700 (PDT)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Tue, 12 Oct 2021 12:17:27 -0700
From: Alvaro Retana <aretana.ietf@gmail.com>
In-Reply-To: <BL0PR05MB5652A54C6F6D96F5D593FE6CD4DD9@BL0PR05MB5652.namprd05.prod.outlook.com>
References: <CAMMESswGdOA=C93TXHvt1vGgVf6koniGm7i=btLZpCmuELbzMg@mail.gmail.com> <BL0PR05MB5652A54C6F6D96F5D593FE6CD4DD9@BL0PR05MB5652.namprd05.prod.outlook.com>
MIME-Version: 1.0
Date: Tue, 12 Oct 2021 12:17:27 -0700
Message-ID: <CAMMESsyc8vg2h-NecqoO4Qy9R1ukLyyqjkrA6zG1Od-hw2hiTg@mail.gmail.com>
To: "Jeffrey (Zhaohui) Zhang" <zzhang@juniper.net>, Greg Shepherd <gjshep@gmail.com>
Cc: BIER WG Chairs <bier-chairs@ietf.org>, Greg Mirsky <gregimirsky@gmail.com>, "bier@ietf.org" <bier@ietf.org>, "draft-ietf-bier-bar-ipa@ietf.org" <draft-ietf-bier-bar-ipa@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/bier/gpa6OIVk9-_BHmQlra3bdfcn6ok>
Subject: Re: [Bier] AD Review of draft-ietf-bier-bar-ipa-07
X-BeenThere: bier@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "\"Bit Indexed Explicit Replication discussion list\"" <bier.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bier>, <mailto:bier-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bier/>
List-Post: <mailto:bier@ietf.org>
List-Help: <mailto:bier-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bier>, <mailto:bier-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Oct 2021 19:18:16 -0000

On September 17, 2021 at 5:03:17 PM, Jeffrey (Zhaohui) Zhang wrote:


Jeffrey:

Hi!

> Please see zzh> below, and the attached diff.

I have a couple of replies in-line myself.

It looks like you may have not looked at the complete review -- your
reply stops at line 131, but the comments continue.  The complete
message is in the archive:
https://mailarchive.ietf.org/arch/msg/bier/xTt9GEW-v3iSV96bx9WbzhNSByc/


...
> My biggest issue is better illustrated by this exchange during the WGLC [1]:
>
> =====
> > But if new BIER algorithms are defined, how would you define BC?
> > Is the idea that the values in the BIER algorithm registry signify
> > both BC and BA?
>
> Yes when a new value is defined, corresponding BC & BA semantics need
> to be given. I will clarify that.
> =====
>
> I read this answer as meaning that the registries will contain the
> information about the constraints *and* the algorithm. This makes
> sense to me because the draft talks about signaling the provisioned
> values, which is related, I assume, to the Update to rfc8401/rfc8444.
> *BUT*, the registries are not updated and it is then not clear
> how/where the information will be documented so that interoperability
> can be possible.
>
> Zzh> To clarify, I did not mean the registry will contain the information.
> Zzh> The registry only records which numbers have been assigned. The
> Zzh> specification that defines a registered number need to clearly specify
> Zzh> the both BC and BA.
>
> Zzh> More below on the inline comments.

Hmm... I still don't see this as clearly as you obviously do.  Let's
get through the rest of the review/comments first before coming back
to this point.

I did see some of your comments later on (and replied to a couple).
If the registries won't reflect the constraints, then we'll want to
make the requirements for a new algorithm (what a future document has
to specify) clearly outlined.


> [Note that this concern applies to both the BAR and the IPA. I based
> my comments below on this interpretation.]
>
> To the Chairs: 6 authors are listed in the front page, but rfc7322
> recommends a limit of 5. Can you please provide justification for
> going over the limit? [In general, I think that 6 is an ok number --
> we just need to cross the T's...]

Greg: I need you to please look into this.


Thanks!

Alvaro.



...
> 18 Abstract
>
> 20 This document specifies general rules for interaction between the BAR
> 21 (BIER Algorithm) and IPA (IGP Algorithm) fields defined in ISIS/
> 22 OSPFv2 Extensions for BIER. The semantics for the BAR and IPA fields
> 23 (when both or any of them is non-zero) defined in this document
> 24 updates the semantics defined in RFC 8401 and RFC 8444.
>
> [major] Why isn’t draft-ietf-bier-ospfv3-extensions considered too?
> It specifies the same behavior as rfc8444.
>
> Zzh> You're right. It should be.

The header needs to also include draft-ietf-bier-ospfv3-extensions.


...
> Zzh> Reference to 5120 is removed.

Remove it from the References section too. ;-)


...
> [major] Given that routers with different BAR/IPA are treated as not
> supporting BIER, it seems that advertising different values would be a
> nice tool to divide the network into multiple independent BIER
> sub-domains. Is this an issue? What about the interaction in the
> domain itself, is having a different view of a sub-domain an issue???
>
> Zzh> It is can indeed be used that way. It is not an issue, but it is
> Zzh> better to define separate sub-domains.

I was thinking about this from an attacker point of view: by
advertising different BAR/IPA values from a set of rogue routers an
attacker can create what looks like different sub-domains (i.e. no one
may have a complete view).


...
> 125 A BAR value corresponds to a BCBA, and an IPA value corresponds to an
> 126 RCRA. Any of the RC/BC/BA could be "NULL", which means there are no
> 127 corresponding constraints or algorithm.
>
> [major] "BAR value corresponds to a BCBA...IPA value corresponds to an RCRA"
>
> Does this mean that every algorithm can have only one set of
> constraints? Or that a different value has to be used to signal the
> same algorithm with a different set of constraints?
>
> Zzh> If you look at FlexAlgo (IPA), each number identifies an tuple. BAR is
> Zzh> like that, too.

I'm looking for text in this document.  FlexAlgo is not even
referenced here (and it probably shouldn't).


> Note that the values of both BAR/IPA already (as defined in
> rfc8401/rfc8665) map to a single BA or RA, the constraints are not
> considered. This change in semantics should result in a change in the
> registries — and a redefinition of the already assigned values.
>
> If the registry created by rfc8665 needs to be updated to track the
> constraints, then rfc8665 should also be formally Updated. What is
> the effect on other work that my use the same registry?
>
> Zzh> Non-zero BAR/IPA value is outside the scope of 8401, which means only
> Zzh> the SPF w/o constraints are used.
> Zzh> This document defines how non-zero BAR/IPA values are used for BIER.
> Zzh> They are considered to have BA/BC and RA/RC semantics, some of which
> Zzh> could be NULL (a NULL BC/RC means no constraints).
> Zzh> As mentioned earlier, registry only recorders numbers not semantics.
>
> Zzh> I don't think 8665 is relevant here. It is specific to SR, which is
> Zzh> orthogonal to BIER. In addition, 8665 says:

The IGP Algorithms Types registry which is what is used for the IPA
was defined in rfc8665.  Even if it is an OSPF/SR RFC, the registry is
more general than that.


>
> +-------+--------------------------------------------+-----------+
> | Value | Description | Reference |
> +=======+============================================+===========+
> | 0 | Shortest Path First (SPF) algorithm based | This |
> | | on link metric. This is the standard | document |
> | | shortest path algorithm as computed by the | |
> | | IGP protocol. Consistent with the | |
> | | deployed practice for link-state | |
> | | protocols, Algorithm 0 permits any node to | |
> | | overwrite the SPF path with a different | |
> | | path based on its local policy. | |
> +-------+--------------------------------------------+-----------+
> | 1 | Strict Shortest Path First (SPF) algorithm | This |
> | | based on link metric. The algorithm is | document |
> | | identical to Algorithm 0, but Algorithm 1 | |
> | | requires that all nodes along the path | |
> | | will honor the SPF routing decision. | |
> | | Local policy at the node claiming support | |
> | | for Algorithm 1 MUST NOT alter the SPF | |
> | | paths computed by Algorithm 1. | |
> +-------+--------------------------------------------+-----------+
>
> Zzh> I would not expect algorithm 1 will be used with BIER; even if it is,
> Zzh> you can see that the RA part is identical to algorithm 0.

You hit here another issue that I have: not all IPAs may ever be used
in a BIER network, and some (I guess!) may not even apply.  Is that
distinction made only when the algorithm is defined?  What should
happen if that specific IPA not applicable to BIER is signaled in the
BIER network?