Re: [CCAMP] AD review of draft-ietf-teas-lsp-attribute-ro
"Adrian Farrel" <adrian@olddog.co.uk> Wed, 21 January 2015 11:57 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: ccamp@ietfa.amsl.com
Delivered-To: ccamp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 442E11A1A22; Wed, 21 Jan 2015 03:57:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KjYjmYEmkMbF; Wed, 21 Jan 2015 03:57:43 -0800 (PST)
Received: from asmtp1.iomartmail.com (asmtp1.iomartmail.com [62.128.201.248]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E58411A1A1E; Wed, 21 Jan 2015 03:57:42 -0800 (PST)
Received: from asmtp1.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp1.iomartmail.com (8.13.8/8.13.8) with ESMTP id t0LBveuw013271; Wed, 21 Jan 2015 11:57:40 GMT
Received: from 950129200 (089144210022.atnat0019.highway.a1.net [89.144.210.22]) (authenticated bits=0) by asmtp1.iomartmail.com (8.13.8/8.13.8) with ESMTP id t0LBvb84013235 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Wed, 21 Jan 2015 11:57:38 GMT
From: Adrian Farrel <adrian@olddog.co.uk>
To: 'Cyril Margaria' <cmargaria@juniper.net>, teas@ietf.org
References: <012001d0274b$d25f3630$771da290$@olddog.co.uk> <D0E49700.1CA67%cmargaria@juniper.net>
In-Reply-To: <D0E49700.1CA67%cmargaria@juniper.net>
Date: Wed, 21 Jan 2015 11:57:37 -0000
Message-ID: <011b01d03571$7526d480$5f747d80$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJNJKbqcA8ICrxY/nQ0vdspVCXFtAG4lZZam8LQ7AA=
Content-Language: en-gb
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-7.1.0.1576-7.5.0.1018-21270.001
X-TM-AS-Result: No--22.294-10.0-31-10
X-imss-scan-details: No--22.294-10.0-31-10
X-TMASE-MatchedRID: Ync95tbzDRmnykMun0J1wtxajlW+zwxCC/ExpXrHizwJW4Re2U2py+50 k+nSYSmWO4Z0ZkXCjJsUPsM54RzshHYIQoHEix+qdrpCZsJVIIUpWss5kPUFdGu9/l5WAy7sbOh vQwxZCUumUhnCmPhVLUlKUqmaZWPdzsxad8fKloYzSlmIs9AhOtEA4SsNDgaiXudxyY/AL0eXNa gpKKGTEzmrSBe3bBipItB1q1kmkIKbdVs/uMg2/8H0JgP/bKWSQa2sDHLkQ040QmmUihPzrJ8zj Z45FG+UwOalMNNoWHYYkIWWLQ+ruev/j3sV8W9mW7gz/Gbgpl4/W/kEeVcLFGjSAumzejoRDgvn ApkxBAVSRo6Tk1CHbLtnawFLb7obvYmC3IHzHcj/VoEOchXiKVXKDhjPZTukMKZRiezcUtMgRPl rGC5FrzzIYciYTdEA3KCE1AIrmzWH6FJxCilEmWbzlCg24oq+h+w9Wz/xXDprEoFtNYg0C4ARql 3UMZ6bVgi2vEnHdgKGDG1lR3xKVq+2LFpqaFp51yMJs9mBCcUvfgjwim9BwsUdzAovpQT/eu5z4 syzGYYu6BdQaUaE9nkNrWD+KBWtoayr11+eKrlRKfej56hSbJsqkCVjbLpJAuVirUrNCL+g0ehM cZ850tJpCbWqQKk2C1MkYihD/gEKT+RHLhCkHMqXjImgj58becvjbu/xDjr3qGsw1oZ+zxwz72z DzvkOCMe3Br715Je4Clh+0goxykq+i9GrWzgshsE+u3nnCfAk227IvqakhftHa1P9/19Uo8WMkQ Wv6iXhWDPiI8D3842j49Ftap9EkGUtrowrXLg=
Archived-At: <http://mailarchive.ietf.org/arch/msg/ccamp/FKuq6Ozw5kcoBva9x0fyxEtiVIM>
Cc: draft-ietf-teas-rsvp-te-li-lb@tools.ietf.org, ccamp@ietf.org, draft-ietf-teas-lsp-attribute-ro.all@tools.ietf.org, draft-ietf-ccamp-wson-signaling@tools.ietf.org
Subject: Re: [CCAMP] AD review of draft-ietf-teas-lsp-attribute-ro
X-BeenThere: ccamp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: adrian@olddog.co.uk
List-Id: Discussion list for the CCAMP working group <ccamp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ccamp>, <mailto:ccamp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ccamp/>
List-Post: <mailto:ccamp@ietf.org>
List-Help: <mailto:ccamp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ccamp>, <mailto:ccamp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jan 2015 11:57:46 -0000
Hi Cyril, Thanks for engaging. [CCAMP - note just one point wrt draft-ietf-ccamp-wson-signaling] > >Section 2.3 needs to describe the processing when an ERO Hop Attributes > >subobject is encountered after a loose hop subobject or a strict hop > >that is an abstract node? > > > >- Is it valid? > >- Is it assumed to apply to all hops in that loose hop or abstract node? > >- Or in the case of a loose hop, does it just apply to the named hop > > itself? > >- What about if the preceding subobject is an interface identifier or a > > label? > > > >I wonder whether reference to 4990 would help at all. > > Following RFC4990, it depends. > In the context of draft-ietf-teas-rsvp-te-li-lb, a loopback after a loose > hop, could be rejected. This should not apply to a label or interface > In the context of draft-ietf-ccamp-wson-signaling-09, a ResourceBlockInfo > should target an explicit Hop, but the WavelengthSelection could appear > after an abstract node or loose hop. > > Future Attributes TLV may apply to interfaces or labels. I think its up to > the document defining the TLV to scope it. > For instance the following text could address that: > Depending on the scope of thea specific Hop attribute TLV, the defining > document SHOULD describe after which kind of hop they are valid, for > instance by describing rules similar to [RFC4990] section 6.1. OK. This is clear. Thanks. I think *this* I-D needs to make it clear what the expectations are: 1. The sub-object is allowed at any point in the ERO 2. The document that specifies a TLV for the sub-object must make it clear where in an ERO a sub-object containing that TLV is allowed and not allowed. That should be an easy edit for you. > For draft-ietf-teas-rsvp-te-li-lb this could be (restricting the TLV to > explicit nodes, precluding link ids): > The Attribute Flags TLV with Loopback Attribute Flag set MUST be present > after an explicit Hop addressing an TE Router ID identifying a specific > node or a Link ID identifying an incoming TE link. it MUST NOT be present > after a loose, abstract node, Link ID identifying an outgoing TE link, > Component Interface ID or Label. Ah, joy! Yes. This needs another fix to draft-ietf-teas-rsvp-te-li-lb. I've made a note in the data tracker and marked that I-D as needing a new revision. > For draft-ietf-ccamp-wson-signaling-09, this could be (restricting the > ResourceBlockInfo to explicit nodes): > > The WSON Processing HOP Attribute TLV with ResourceBlockInfo MUST be > present after an explicit Hop addressing an TE Router ID identifying a > specific node or a Link ID identifying an incoming TE link. it MUST NOT be > present after a loose, abstract node, Link ID identifying an outgoing TE > link, Component Interface ID or Label. > > The WSON Processing HOP Attribute TLV with WavelengthSelection only MUST > be present after an explicit Hop addressing an TE Router ID identifying a > specific node, a Link ID identifying an incoming TE link, loose hop, > abstract node, Link ID identifying an outgoing TE lin or Component > Interface ID. it MUST NOT be present after a Label. > > The WavelengthSelection may apply starting at an abstract node, but not > after a label (as no selection is possible) Phew, this I-D is still pending my review. I'll capture that as I process it. Thanks for doing the work of crafting text. [I added CCAMP to the recipients of this email so they can see this point] > >3.2.1 has > > > > All such > > subobjects MUST be forwarded unmodified by transit LSRs. > > > >That is, of course, the general rule, but I assume that there are > >exceptions. > > > >For example, an ASBR may choose to prune the information that is > >forwarded in an RRO. Similarly, the UNI-N may strip information. > > > >I think the point would be that "If a node forwards an RRO subobject > >for a specific hop, it MUST forward any associated HOP Attributes > >subobjects." > > > >But even this may be too restrictive for a border node that wants to > >report the chosen path but not expose how the internals of its network > >are operated. In this case it may want to strip HOP Attributes > >subobjects from the RRO or even modify them to mask information. > > > >Can you add some clarification about all of this? > > Absolutely, for instance changing the MUST in SHOULD, and adding the > following text: > > "It is noted that a node (e.g. a domain edge node) may edit the RRO to > prune/modify the RRO, including the RRO Hop Attribute subobject before > forwarding due to confidentiality policy or other reasons (for instance > RRO size reduction)." Perfect. > >I think section 5 is a little optimistic. You are introducing a new > >mechanism for the control of the behavior on certain nodes on the path > >of the LSP. Since the control of those nodes may impact the behavior of > >other LSPs passing the node, some care is needed. For example, setting > >optical power levels for one lambda can interfere with the signals on > >other lambdas. Thus, and in general, you have a mechanism that takes > >control away from the node itself and puts it in the hand of the node > >that signaled the LSP. This opens up three security possibilities: > >1. Simple errors in the attributes of an LSP may inadvertently impact > > existing LSPs while still allowing this LSP to be set up. > >2. A malign ingress may signal an LSP down a path and with attributes > > chosen to damage other LSPs from other ingresses. > >3. An attacked Path message may result in damage to other LSPs. > > > >The third of these is mitigated somewhat by existing RSVP-TE security > >mechanisms. The first two (and the third in the case of a subverted > >node) can only be mitigated by allowing policy to be applied at a node > >that implements the HOP Attributes it receives in an ERO. A node must be > >allowed to determine that satisfy the attributes would be inadvisable or > >against local policy even if practically possible. In these cases the > >node has a choice to either reject the Path message (but a new error > >code might be helpful) or to modify the requested attribute (but in this > >case it might be required to report exactly what it has done, presumably > >in the RRO). > > I agree in general, the existing text refer to the hop attributes as > ³functional preferences², as any other RSVP object, this is to be > considered as ³external input², so subject to policy and sanity check. > The document does not define how the TLV have to be applied (Just that the > content must be processed). The aspect of targetting other LSP is, I > think, especially valid for WSON, but less applicable for MPLS-TP. > The same consideration also apply for explicit label control. > > OLD: > "As any RSVP-TE signaling request, the procedures defined in this > document permit the transfer and reporting of functional preferences > on specific node.² > > NEW: > "As any RSVP-TE signaling request, the procedures defined in this > document permit the transfer and reporting of functional preferences > on specific node. > The mechanism added in this document does allow more control of LSP > attributes at a given node. As other inputs, a node should check the Hop > Attributes against his policies and admission procedures. > A node may reject the message using existing RSVP error code like "Policy > Control Failure" or "Admission Control Failure". The node may also, > depending on the specific TLV procedures, modify the requested attribute. > " Perfect. > I think that Attribute modification is TLV-dependant and should be > specified in the defining documents. You should probably also include a statement of this so that people are reminded to do exactly that. > >3.2.3 has some SHOULDs and SHOULD NOTs. This always makes me wonder > > what the exception cases are: under what circumstances MAY an > > implementation vary from these rules? > > If a specific attribute/document allows it. Wouldn¹t a MUST in that case > be too restrictive for those documents? > > Would the following text clarify in which case this may be allowed? > > A node MAY use the RRO Hop Attribute to report a LSP Attribute > signaled in LSP_ATTRIBUTES or LSP_REQUIRED_ATTRIBUTES only if the > following conditions are met : > > Rhe Attribute and its corresponding flag is allowed on both the > LSP_ATTRIBUTES or LSP_REQUIRED_ATTRIBUTES and LSP Hop Attributes > subobject. > > The document defining this Attribute specify this specific > behavior. Like it. s/Rhe/The/ Thanks, Please post the updated version. Adrian
- Re: [CCAMP] AD review of draft-ietf-teas-lsp-attr… Adrian Farrel