[Bier] Roman Danyliw's No Objection on draft-ietf-bier-te-arch-10: (with COMMENT)

Roman Danyliw via Datatracker <noreply@ietf.org> Wed, 25 August 2021 18:59 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: bier@ietf.org
Delivered-To: bier@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id F23833A097A; Wed, 25 Aug 2021 11:59:09 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-bier-te-arch@ietf.org, bier-chairs@ietf.org, bier@ietf.org, Xuesong Geng <gengxuesong@huawei.com>, aretana.ietf@gmail.com, gengxuesong@huawei.com
X-Test-IDTracker: no
X-IETF-IDTracker: 7.36.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <162991794995.23572.3252796168660509505@ietfa.amsl.com>
Date: Wed, 25 Aug 2021 11:59:09 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/bier/xXDZP_InW69-X4hFXrjduYe1-GI>
Subject: [Bier] Roman Danyliw's No Objection on draft-ietf-bier-te-arch-10: (with COMMENT)
X-BeenThere: bier@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "\"Bit Indexed Explicit Replication discussion list\"" <bier.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bier>, <mailto:bier-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bier/>
List-Post: <mailto:bier@ietf.org>
List-Help: <mailto:bier-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bier>, <mailto:bier-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Aug 2021 18:59:10 -0000

Roman Danyliw has entered the following ballot position for
draft-ietf-bier-te-arch-10: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-bier-te-arch/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

** Section 2.3.  What is “ships in the nights forwarding”?  Is this intended to
convey that packets are forwarded mutually exclusively either via BIER or
BIER-TE?

** Section 4.4.  I appreciate that this is pseudocode so there isn’t a strict
syntax to reference.  The following syntax of {VRF,}” wasn’t clear to me:

SendToL3(PacketCopy,{VRF,}l3-neighbor

PassTo(PacketCopy,{VRF,}Packet->NextProto);

Is that a typo for “{VRF}?

** Section 5.1.5.  Per “This type of optimization BP could be used for example
when all traffic is broadcast traffic … such as … situational awareness (SA)”,
is SA some notification service (e.g., an emergency alert)?

** Section 7.  Per the Security Considerations of RFC8279, it says:

If the BIER encapsulation of a packet is
   modified (through error or malfeasance) in a way other than that
   specified in this document, the packet may be misdelivered.

In additional, relevant here and in RFC8279 would be that modification of the
BIER encapsulation not only could lead to mis-delivery (noted in RFC8279) but
also routing through an alternative path of the attackers choosing enabling
additional inspection.

** Section 7.
   ... communications
   between controllers and routers such as those to be considered for
   the BIER-TE controller/control-plane can and are much more commonly
   secured with those security properties, for example by using Secure
   SHell (SSH), [RFC4253] for NetConf ([RFC6241]), or via Transport
   Layer Security (TLS), such as [RFC8253] for PCEP, [RFC5440], or
   [RFC7589] for NetConf.

I wasn’t able to discern from the shepherd’s write-up if BIER-TE has
implementations or is seeing deployment.  Especially, if this is a green field
space, can a stronger statement be made about requiring or at least
recommending a secure transport between the controller and routers?  The text
seems to present ample enabling technologies to realize this more secure
communication (i.e. “… for example by using Secure SHell (SSH), [RFC4253] for
NetConf ([RFC6241]), or via Transport Layer Security (TLS), such as [RFC8253]
for PCEP, [RFC5440], or   [RFC7589] for NetConf.”)

** Section 7.

   In
   addition, the security considerations of [RFC4655] apply.

Section 10 (Security Considerations) of RFC4655 uses architectural concepts of
like “inter and intra-domain networks”, “multi-domain network” and “non-local
PCE”.  I wanted to clarify how to overlaying these concepts to the text in this
document.  For example,

-- is operating multiple “BIER sub-domains” correspond to a “multi-domain”
network”?

-- what would a “non-local PCE” be in this BIER-TE architecture?

** Editorial

-- Section 2.1.  Figure 1. Editorial. s/local_decap/local_decap()/

-- Section 2.1.  Editorial.  s/The following picture shows/Figure 2 shows/

-- Section 2.3.  Editorial.  Typo. s/See for example See Section 5.1.3/See
Section 5.1.3/

-- Section 4.3.
   When a fixed mapping from BSL, SD, SI is used without specifically
   distinguishing BIER and BIER-TE, such as proposed for non-MPLS
   forwarding with [RFC8296] in [I-D.ietf-bier-non-mpls-bift-encoding]
   revision 04, section 5., then it is necessary to allocate disjoint
   SDs to BIER and BIER-TE BIFT so that both can be addressed by the
   BIFT-ids.

(a) (Editorial) This sentence doesn’t parse.

(b) I would recommend against citing a specific version of an ID (Section 5 of
-04)

-- Section 4.6.  The phrases “BFR MUST support to configure the BIFT …” and
“Every BP in the BIFT MUST support to have zero …” do not parse.