Re: [Bier] Alvaro Retana's No Objection on draft-ietf-bier-ospf-bier-extensions-14: (with COMMENT)
"Acee Lindem (acee)" <acee@cisco.com> Sat, 10 March 2018 00:56 UTC
Return-Path: <acee@cisco.com>
X-Original-To: bier@ietfa.amsl.com
Delivered-To: bier@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4148126C0F; Fri, 9 Mar 2018 16:56:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.53
X-Spam-Level:
X-Spam-Status: No, score=-14.53 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L1XtM7DkLKo5; Fri, 9 Mar 2018 16:56:52 -0800 (PST)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DCE41242F5; Fri, 9 Mar 2018 16:56:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=50732; q=dns/txt; s=iport; t=1520643411; x=1521853011; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=RSK0SZHLO4J0u8TciZzHBZaARRVvvjQb4IVLLB0Fhh0=; b=hF/KiyAoBYOVfmPjQRIZN5l6fg6C0dXA+rqcAtDxq4QBTxov6WYD5j4S 9iNUG1hpjoCmu8cijgxcKHgEVbTdzpvkC8IozNAjUKLWxEy3QneiHVuP8 SuCEJHgBRh5rnyikJ8vrOznMJIE0q+0MIjuxxSBDDgY4QgGCkDw0QqRq+ o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DqAAB6LKNa/4MNJK1eGQEBAQEBAQEBAQEBAQcBAQEBAYJaRTFmbygKg0aKH41ygVspgRaHJI0QFIIBChgBCoUCAhqCdyE0GAECAQEBAQEBAmsnhSMBAQEEAQEhSwsQAgEIDgMDAQIBIAEGAwICAh8GCxQJCAIEAQ0FhDRMAxUPrDmCJockDYEwghUFhTWCLoM7ASkMgnmCakQBAQMBgUYPLwkGEIJSMIIyBIgcZYo4hmsxCQKGQIZpgzeBY4QziEmHdIIFOYZuAhETAYErAR44gVJwFToqAYIYCYIoHBaBY3eIE4ExgRcBAQE
X-IronPort-AV: E=Sophos; i="5.47,448,1515456000"; d="scan'208,217"; a="81308168"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Mar 2018 00:56:50 +0000
Received: from XCH-RTP-013.cisco.com (xch-rtp-013.cisco.com [64.101.220.153]) by alln-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id w2A0uoso013207 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Sat, 10 Mar 2018 00:56:50 GMT
Received: from xch-rtp-015.cisco.com (64.101.220.155) by XCH-RTP-013.cisco.com (64.101.220.153) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Fri, 9 Mar 2018 19:56:49 -0500
Received: from xch-rtp-015.cisco.com ([64.101.220.155]) by XCH-RTP-015.cisco.com ([64.101.220.155]) with mapi id 15.00.1320.000; Fri, 9 Mar 2018 19:56:49 -0500
From: "Acee Lindem (acee)" <acee@cisco.com>
To: Alia Atlas <akatlas@gmail.com>, "Peter Psenak (ppsenak)" <ppsenak@cisco.com>, "bier-chairs@ietf.org" <bier-chairs@ietf.org>
CC: "Reshad Rahman (rrahman)" <rrahman@cisco.com>, "draft-ietf-bier-ospf-bier-extensions@ietf.org" <draft-ietf-bier-ospf-bier-extensions@ietf.org>, BIER WG <bier@ietf.org>, The IESG <iesg@ietf.org>, Alvaro Retana <aretana.ietf@gmail.com>
Thread-Topic: [Bier] Alvaro Retana's No Objection on draft-ietf-bier-ospf-bier-extensions-14: (with COMMENT)
Thread-Index: AQHTq+kIiua0suPNl0+z4DOZ+vAIHqOw+FYAgABpVICAAOtxAIAKEKBzgAfQFwCABK7hgP//4M+A
Date: Sat, 10 Mar 2018 00:56:49 +0000
Message-ID: <BB87159A-0CF9-4007-ADB9-942A7AE5662B@cisco.com>
References: <151930953951.8224.17290376865607954822.idtracker@ietfa.amsl.com> <5A8EF662.4020304@cisco.com> <CAMMESswM6P1cCYPsHq=PTRV+R8YRHztQr2d2z8SR7oDzgw0JGA@mail.gmail.com> <5A90143E.7020000@cisco.com> <CAMMESszJxgROm1sSthRHjxPHr=XwMm8KR=Nvu7hLCskk7f2GLA@mail.gmail.com> <CA+wi2hMA2+jH9VimfVPeJeVj6Xyz1MtcKM_i9NGOwFrv68TX-w@mail.gmail.com> <CA+wi2hPWGMFsj5hfv8+Jw7YfekwVbmovmAWWkxUJ7j8Ymc_StQ@mail.gmail.com> <CAG4d1rcsxhJ1LDWRPUkHzmSXsjjog3zg1rZLzswPbFNmOs927Q@mail.gmail.com>
In-Reply-To: <CAG4d1rcsxhJ1LDWRPUkHzmSXsjjog3zg1rZLzswPbFNmOs927Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.116.152.196]
Content-Type: multipart/alternative; boundary="_000_BB87159A0CF94007ADB9942A7AE5662Bciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/bier/j35xKGjIZfbI6zDsAmfU854WS60>
Subject: Re: [Bier] Alvaro Retana's No Objection on draft-ietf-bier-ospf-bier-extensions-14: (with COMMENT)
X-BeenThere: bier@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"Bit Indexed Explicit Replication discussion list\"" <bier.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bier>, <mailto:bier-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bier/>
List-Post: <mailto:bier@ietf.org>
List-Help: <mailto:bier-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bier>, <mailto:bier-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Mar 2018 00:56:55 -0000
Hi Alia, Murphy’s law of draft progression timing, Peter has been on PTO for the last week (skiiing I believe but not positive). I’m sure he will respond shortly. Thank, Acee From: BIER <bier-bounces@ietf.org> on behalf of Alia Atlas <akatlas@gmail.com> Date: Friday, March 9, 2018 at 4:48 PM To: "Peter Psenak (ppsenak)" <ppsenak@cisco.com>, "bier-chairs@ietf.org" <bier-chairs@ietf.org> Cc: "Reshad Rahman (rrahman)" <rrahman@cisco.com>, "draft-ietf-bier-ospf-bier-extensions@ietf.org" <draft-ietf-bier-ospf-bier-extensions@ietf.org>, BIER WG <bier@ietf.org>, The IESG <iesg@ietf.org>, Alvaro Retana <aretana.ietf@gmail.com> Subject: Re: [Bier] Alvaro Retana's No Objection on draft-ietf-bier-ospf-bier-extensions-14: (with COMMENT) Hi Peter, I do not see discussion with Eric or Suresh on their Discusses. This draft also has Normative References to RFC 8279 and RFC 8296. The Discusses need to be resolved. The normative reference (where the Status Update was deferred), means that when this is approved, it'll have to have an RFC Editor Note to hold it until that Status Update is approved (or bis versions are issued, if necessary). I do not know if resolving of the Discusses will happen by Weds of IETF. If not, then the draft will not have a Yes ballot (unless Alvaro changes his) and may need to go back through IESG Evaluation. Regards, Alia On Tue, Mar 6, 2018 at 5:17 PM, Tony Przygienda <tonysietf@gmail.com<mailto:tonysietf@gmail.com>> wrote: OK, draft-ietf-bier-isis-extensions-09<https://datatracker.ietf.org/doc/draft-ietf-bier-isis-extensions/> limited last call finished now. I see the document moved to publication. On OSPF I still see Suresh & Eric in discuss. Peter, did we address those comments ? thanks --- tony On Thu, Mar 1, 2018 at 7:57 PM, Tony Przygienda <tonysietf@gmail.com<mailto:tonysietf@gmail.com>> wrote: ok, I went over it once more, all issues seem addressed adequatly. Outstanding points I don't think need addressing further * invalid vs. illegal BFR-id language disparity ospf vs isis signalling. That's really a defect of RFC8279 where we should have been stricter with language. Not a problem of IGP drafts * registry: I think that will be cleaned up during publication process, i.e. registry created and references taken out of the drafts * no /32 /128 length restriction in OSPF which IMO is fine given RFC8279 is not mandating it and OSPF works fine without this restriction. The length clause would not change any other considerations anyway such as behavior when 2 routers advertise the same prefix in an area with conflicting BIER information which is addressed in the draft already. Alvaro, I issue here a 7 days last WG LC just to have it all following procedure the way ISIS draft did and then fwd' back to IESG for publication ... Everyone, this constitutes a 7 days last call limited to changes in versions -14 and -15 thanks --- tony On Fri, Feb 23, 2018 at 6:58 AM, Alvaro Retana <aretana.ietf@gmail.com<mailto:aretana.ietf@gmail.com>> wrote: Peter: Hi! Thanks for addressing my comment! Alvaro. On February 23, 2018 at 8:16:49 AM, Peter Psenak (ppsenak@cisco.com<mailto:ppsenak@cisco.com>) wrote: Hi Alvaro, please see inline (##PP): On 23/02/18 00:14 , Alvaro Retana wrote: > On February 22, 2018 at 11:57:08 AM, Peter Psenak (ppsenak@cisco.com<mailto:ppsenak@cisco.com> > <mailto:ppsenak@cisco.com<mailto:ppsenak@cisco.com>>) wrote: > > Peter: > > Hi! > >> > ---------------------------------------------------------------------- >> > COMMENT: >> > ---------------------------------------------------------------------- >> > >> > (1) The specification of the sub-TLVs still needs some work: >> > >> > - MT-ID: What should a receiver do if the MT-ID is in the 128-255 range? >> >> rfc4915 says these are "Invalid and SHOULD be ignored" Do we nee to say >> the same here again? > > Yes. rfc4915 refers specifically to what to do with the value in the > LSAs when used for MTR. > > What does it mean to ignore the MT-ID in the BIER Sub-TLV? > > For example... "Each BFR sub-domain MUST be associated with one and only > one OSPF topology that is identified by the MT-ID." If the MT-ID is not > known (because it is ignored), then how can we enforce this check? ##PP ok, I have added the following statement: "If the MT-ID value is outside of the values specified in [RFC4915], the BIER Sub-TLV MUST be ignored." > > >> > >> > - "BFR-id...If the BFR is not locally configured with a valid BFR-id, the value >> > of this field is set to invalid BFR-id per [RFC8279]." I looked in rfc8279 for >> > the text about "invalid BFR-id", but found this instead: "The value 0 is not a >> > legal BFR-id." I assume that in this case "invalid" is the same as "not >> > legal". It would be nice to be consistent. >> >> would you agree with: >> >> "the value of this field is set to 0, which is defined as illegal in >> [RFC8279]. > > Yeah, that’s fine. > > Side comment: it’s a shame that rfc8279 chose “illegal” to describe a > value that can be used. > > >> > >> > - "When such duplication is detected all BFRs advertising duplicates MUST be >> > treated as if they did not advertise a valid BFR-id." How are BFRs that >> > advertise an invalid BFR-id treated? >> >> what about: >> >> "as if they did not advertise a legal BFR-id" > > Sorry…the question is: if the BFD-id is 0, then what? What needs to be > done by the receiver? rfc8279, section 5 says: " If BFR-A determines that BFR-B and BFR-C have both advertised the same BFR-id for the same sub-domain, BFR-A MUST log an error. Suppose that the duplicate BFR-id is "N". When BFR-A is functioning as a BFIR, it MUST NOT encode the BFR-id value N in the BIER encapsulation of any packet that has been assigned to the given sub-domain, even if it has determined that the packet needs to be received by BFR-B and/or BFR-C. This will mean that BFR-B and BFR-C cannot receive multicast traffic at all in the given sub-domain until the provisioning error is fixed. However, that is preferable to having them receive each other's traffic. ... If a BFR advertises that it has a BFR-id of 0 in a particular sub-domain, other BFRs receiving the advertisement MUST interpret that advertisement as meaning that the advertising BFR does not have a BFR-id in that sub-domain." So I rewrote the section as: "All BFRs MUST detect advertisement of duplicate valid BFR-IDs for a given MT-ID and Sub-domain-ID. When such duplication is detected by the BFR, it MUST behave as described in section 5 of [RFC8279]." > > >> > >> > - What should a receiver do if the BSL is set to a value not supported in >> > rfc8296? >> >> what about: >> >> "If the BS length is set to a value that does not match any of the >> allowed values specified in [RFC8296], the BIER MPLS Encapsulation >> Sub-TLV MUST be ignored." > > ok > > >> > >> > - "Label ranges within all BIER MPLS Encapsulation Sub-TLVs advertised by the >> > same BFR MUST NOT overlap. If the overlap is detected, the advertising router >> > MUST be treated as if it did not advertise any BIER sub-TLVs." If an overlap >> > is detected, the result is that *all* BFRs (advertising the overlap) are >> > treated as if the BIER sub-TLV was not advertised, right? The text is not >> > clear as to whether the result applies to all or just the BFR that advertised >> > last (and resulted in the detection happening). >> >> above paragraph talks about the case where a single BFR advertises the >> overlapping label ranges in multiple BIER MPLS Encapsulation Sub-TLVs it >> advertises. > > Yeah…sorry…overlooked that first part. > > >> > >> > - "All advertised labels MUST be valid..." What is a "valid" label? >> >> I'm tempted to get rid of the above statement, as we specified earlier >> that the label "A 3 octet field, where the 20 rightmost bits represent >> the first label" and any value should be fine. > > Well…there are some reserved values… rfc3032… > How to deal with the reserved labels by BIER should have been defined in rfc8296 or rfc8279, not in the IGP extension draft really. I have removed the following text: "All advertised labels MUST be valid, otherwise the BIER sub-TLV MUST be ignored. thanks, Peter > > ... > >> > >> > (2) Security Considerations >> > >> > - I support Eric's DISCUSS. It seems to me that an attacker could simply >> > advertise duplicate BFR-IDs or overlapping label ranges and have a significant >> > impact on the network. >> >> that should be taken care of by protocol authentication and existing >> text covers that: >> >> "There can be deployments where potential attackers have access to one >> or more networks in the OSPF routing domain. In these deployments, >> stronger authentication mechanisms such as those specified in [RFC7474] >> SHOULD be used." > > I’ll let Eric handle the DISCUSS and whether he thinks this is ok. > >> > >> > (3) IANA Considerations >> > >> > Section 2.2: "The BIER MPLS Encapsulation Sub-TLV is a Sub-TLV of the BIER >> > Sub-TLV." However, the type for this sub-sub-TLV is allocated from the OSPF >> > Extended Prefix sub-TLV registry...and not from a new registry for sub-TLVs for >> > the BIER Sub-TLV. >> >> The OSPFv2 Extended Prefix TLV Sub-TLVs registry "defines sub-TLVs >> at any level of nesting for OSPFv2 Extended Prefix TLVs". >> >> We have 16 bits for TLV type in OSPF, so we can afford to do so :) > > Ah, I see. That text is buried in rfc7684, and not reflected in the > registry itself. > > We’re good then. > > Thanks! > > Alvaro. > _______________________________________________ BIER mailing list BIER@ietf.org<mailto:BIER@ietf.org> https://www.ietf.org/mailman/listinfo/bier _______________________________________________ BIER mailing list BIER@ietf.org<mailto:BIER@ietf.org> https://www.ietf.org/mailman/listinfo/bier
- [Bier] Alvaro Retana's No Objection on draft-ietf… Alvaro Retana
- Re: [Bier] Alvaro Retana's No Objection on draft-… Peter Psenak
- Re: [Bier] Alvaro Retana's No Objection on draft-… Eric C Rosen
- Re: [Bier] Alvaro Retana's No Objection on draft-… Alvaro Retana
- Re: [Bier] Alvaro Retana's No Objection on draft-… Alvaro Retana
- Re: [Bier] Alvaro Retana's No Objection on draft-… Peter Psenak
- Re: [Bier] Alvaro Retana's No Objection on draft-… Alvaro Retana
- Re: [Bier] Alvaro Retana's No Objection on draft-… Tony Przygienda
- Re: [Bier] Alvaro Retana's No Objection on draft-… Reshad Rahman (rrahman)
- Re: [Bier] Alvaro Retana's No Objection on draft-… Peter Psenak
- Re: [Bier] Alvaro Retana's No Objection on draft-… Tony Przygienda
- Re: [Bier] Alvaro Retana's No Objection on draft-… Alia Atlas
- Re: [Bier] Alvaro Retana's No Objection on draft-… Acee Lindem (acee)
- Re: [Bier] Alvaro Retana's No Objection on draft-… Peter Psenak
- Re: [Bier] Alvaro Retana's No Objection on draft-… Peter Psenak
- Re: [Bier] Alvaro Retana's No Objection on draft-… Alia Atlas
- Re: [Bier] Alvaro Retana's No Objection on draft-… Suresh Krishnan