IETF Logo Mail Archive

Re: [Dime] AD evaluation of draft-ietf-dime-load-06

Steve Donovan <srdonovan@usdonovans.com> Thu, 12 January 2017 21:06 UTC

Return-Path: <srdonovan@usdonovans.com>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 981291294D8 for <dime@ietfa.amsl.com>; Thu, 12 Jan 2017 13:06:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.12
X-Spam-Level:
X-Spam-Status: No, score=-1.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8hOF5Yp5k5yx for <dime@ietfa.amsl.com>; Thu, 12 Jan 2017 13:06:36 -0800 (PST)
Received: from biz131.inmotionhosting.com (biz131.inmotionhosting.com [74.124.197.190]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7F101294BB for <dime@ietf.org>; Thu, 12 Jan 2017 13:06:36 -0800 (PST)
Received: from cpe-97-99-50-102.tx.res.rr.com ([97.99.50.102]:61194 helo=Steves-MacBook-Air.local) by biz131.inmotionhosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.87) (envelope-from <srdonovan@usdonovans.com>) id 1cRmZp-000IY2-M2; Thu, 12 Jan 2017 13:06:36 -0800
To: Misha Zaytsev <misha.zaytsev.rus@gmail.com>
References: <75a3dd19-bf69-5600-f439-0f544b65508d@cs.tcd.ie> <2ca7e5a2-c157-b548-c680-4c3b26e34112@cs.tcd.ie> <875060e8-aab3-1f75-39ed-615a364d466b@usdonovans.com> <CABPQr24uRf_1H4q8ficWZKM5Vci+AkmCc92f0r=tO_w_Y+2PKA@mail.gmail.com> <6c28f017-612e-3a17-8e23-5b4626d0f341@usdonovans.com> <CABPQr2417MwytGYDCqR+swiV99Oxas0CrROg32BoFdz-0F-8gA@mail.gmail.com>
From: Steve Donovan <srdonovan@usdonovans.com>
Message-ID: <6b755a56-6183-97ff-d306-978a9dce8b3c@usdonovans.com>
Date: Thu, 12 Jan 2017 15:06:28 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.6.0
MIME-Version: 1.0
In-Reply-To: <CABPQr2417MwytGYDCqR+swiV99Oxas0CrROg32BoFdz-0F-8gA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------26456B06B945E93880DCB4FF"
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - biz131.inmotionhosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - usdonovans.com
X-Get-Message-Sender-Via: biz131.inmotionhosting.com: authenticated_id: srdonovan@usdonovans.com
X-Authenticated-Sender: biz131.inmotionhosting.com: srdonovan@usdonovans.com
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: <https://mailarchive.ietf.org/arch/msg/dime/XRSA7mA-xHzzEspBgNNnXgck2pI>
Cc: "dime@ietf.org" <dime@ietf.org>
Subject: Re: [Dime] AD evaluation of draft-ietf-dime-load-06
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dime/>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jan 2017 21:06:38 -0000

Misha,

This draft has completed working group last call, so to some degree the 
comment period has passed.  That said, there are no hard and fast rules 
and we can certainly make changes that improve the draft.  However, once 
it gets into IESG review, which is the next step, it will be more 
difficult to make significant changes.

On your comment below, I don't see the need for the change.  I am 
willing, however, to qualify the word connection to say "Diameter 
connection".

Regards,

Steve

On 1/12/17 11:51 AM, Misha Zaytsev wrote:
> Hi Steve,
>
> Thanks a lot for your explanation!
> My bad that I have not read the draft more carefully - will try to 
> avoid this next time.
>
> Then I can propose another version of statement that will exclude 
> confusing "connection" term.
>
>> This is achieved by comparing SourceID AVP in the Load report with host identity field of the entries from peer table defined in RFC6733.
>
> If SourceID AVP contains the identity of one of the peer nodes (that 
> our node has a direct connection to), then this is what we are looking 
> for, right?
>
> However, I find the term "connection" legal as it is defined in 
> RFC6733, for instance section 5.1 "Peer Connections".
>
> Or it can be easily re-phrased in this way, the term "peer" should not 
> confuse anyone, I guess :)
>
> This is achieved by comparing the DiameterIdentity of the peer from which the message was received with the
> DiameterIdentity included in the SourceID AVP in the Load report.
>
> Btw, what is the due date for providing the comments for this draft?
>
> Best regards,
>
> /Misha
>
> 2017-01-12 20:16 GMT+03:00 Steve Donovan <srdonovan@usdonovans.com 
> <mailto:srdonovan@usdonovans.com>>:
>
>     Misha,
>
>     I've added the DIME WG mailing list.
>
>     See my comments inline.
>
>     Regars,
>
>     Steve
>
>     On 1/11/17 12:03 PM, Misha Zaytsev wrote:
>>     Hi Steve,
>>
>>     I'm a newcomer in DiME working group - so, may not be familiar
>>     with all rules.
>>     So, excuse me in advance if it is not a good manner to comment
>>     the ongoing draft review.
>     SRD> Welcome to the working group!
>>
>>     But let me still put my 5 cents here.
>>
>>     Regarding this question from Stephen:
>>
>>     - 6.2: What is a Diameter "connection?" I thought that
>>     Diameter could use UDP as well as TCP so is that really
>>     the right term? Maybe "message sender" is a better way to
>>     identify the peer?
>>
>>     Why can't we re-phrase the related statement in the following way?
>>
>>     This is achieved by comparing Origin-Host AVP with SourceID AVP in the Load report.
>>
>     SRD> This actually doesn't work for the peer report case.  The
>     Origin-Host AVP is inserted by the Diameter client and it remains
>     the same as the request passes through Diameter agents.  For peer
>     reports, it is necessary to know the peer that sent the request,
>     not the client.  Thus the need to look at the DiameterID
>     associated with the Diameter connection.
>
>>     Also if it does not bother you, could you explain what is the
>>     official way to comment DiME drafts?
>     SRD> The official way is to do exactly what you are doing, but by
>     sending the questions and comments to the DIME WG mailing list.
>
>>
>>     Thanks a lot in advance!
>>
>>     /Misha
>>
>>
>>
>>     2017-01-10 1:28 GMT+03:00 Steve Donovan <srdonovan@usdonovans.com
>>     <mailto:srdonovan@usdonovans.com>>:
>>
>>         Stephen,
>>
>>         Thanks for the review and for the ping. Comments below.
>>
>>         Regards,
>>
>>         Steve
>>
>>         On 1/6/17 10:33 AM, Stephen Farrell wrote:
>>>         Just bumping this, post holidays. I believe the
>>>         ball is not in my court for this one:-)
>>>
>>>         Cheers,
>>>         S.
>>>
>>>         On 16/12/16 17:38, Stephen Farrell wrote:
>>>>         Hiya,
>>>>
>>>>         Thanks for getting this stuff progressed. I've done my
>>>>         AD evaluation and have a few questions I'd like to ask
>>>>         before starting IETF last call. Those are below along
>>>>         with some more nitty comments that can be handled now or
>>>>         later as the authors/WG prefer.
>>>>
>>>>         Cheers,
>>>>         S.
>>>>
>>>>         Things to chat about before starting IETF LC:
>>>>         ---------------------------------------------
>>>>
>>>>         (1) Is "server selection" sufficiently clear? Where is
>>>>         that defined? I was a bit confused as to what this means
>>>>         that is not next-hop selection.
>>         SRD> Server selection is touched on in RFC7638 (DOIC) and the
>>         concept carries over to Load.  It refers to selection of the
>>         specific server instance that will be handling the request. 
>>         This is according to the Diameter Client, Server model.  I
>>         think it is well understood what is meant by those who
>>         understand Diameter and would be implementing this spec.  We
>>         can, if needed, add some definition. That would have been
>>         best do be in the DOIC RFC but it can go here if needed.
>>>>         (2) PEER reports that are first received at a
>>>>         non-supporting node will be left in place and will reach
>>>>         the destination of the message. If that destination is in a
>>>>         different domain then that leaks some internal structure
>>>>         (the SourceID) to outsiders. Is that desirable?  Why not
>>>>         have the first node that does support this AVP delete the
>>>>         PEER report even if the node that added the PEER report is
>>>>         not a peer of this node? (Note: I see this risk is ack'd
>>>>         in section 8, I'm asking if we can avoid it almost
>>>>         entirely by removing PEER reports that are useless.)
>>         SRD> There is no formal mechanism in place in Diameter to do
>>         "topology hiding".  There are many other places where
>>         topology information can leak, so it isn't an issue specific
>>         to Load.  It is addressed today through proprietary
>>         implementations. SRD> Having a node that does not support
>>         would go against the Diameter extensibility strategy.  Nodes
>>         that don't understand an AVP are required to pass it on. 
>>         Nodes that do support the mechanism and see a Load report of
>>         type peer that isn't of type peer are supposed to remove it. 
>>         Doing anything other than this would require a change to the
>>         base Diameter specification.
>>>>         (3) This spec is a bit like RFC7944 (DRMP) in that it
>>>>         defines some but not all of the things one needs to end up
>>>>         with a workable system. That aspect of DRMP caused some
>>>>         discussion during IESG evaluation. Have the authors of
>>>>         this reviewed that discussion to see if we can avoid any
>>>>         likely iterations being needed at that point? I'm hoping
>>>>         that Steve, as an author of both, won't find this too
>>>>         hard to do:-) If that's been done, great. If not, please
>>>>         consider if there's any additional explanatory material
>>>>         that could be added that might help us not to have to
>>>>         iterate to discuss the same kinds of concern.
>>         SRD> I'll go back and review that discussion and see if there
>>         is something that needs to be added.  I'm hoping that the
>>         fact that we made it through the discussion with DRMP will
>>         make it easier to do so with Load (and maybe agent
>>         overload).  I'm doubtful that we can fully inoculate the
>>         draft from some of this level of discussion as we are dealing
>>         with Diameter here.
>>>>         nits (fine to be considered last call comments):
>>>>         -------------------------------------------------
>>         SRD> I'll deal with these as part of last call.
>>>>         abstract: maybe put the 1st sentence last? that might read
>>>>         better
>>>>
>>>>         4.1: the "opinion of the authors" isn't really of interest
>>>>         at this point - is this also the opinion of the WG? (I
>>>>         assume it is)
>>>>
>>>>         section 5 says "The load report includes a value
>>>>         indicating the load of the sending node relative load of
>>>>         the sending node, specified in a manner consistent with
>>>>         that defined for DNS SRV [RFC2782]." I can't parse that.
>>>>
>>>>         - 6.2: What is a Diameter "connection?" I thought that
>>>>         Diameter could use UDP as well as TCP so is that really
>>>>         the right term? Maybe "message sender" is a better way to
>>>>         identify the peer?
>>>>
>>>>         - section 8: "might require a transitive trust model" is
>>>>         far too coy IMO. I think you should say that DOIC and this
>>>>         entirely require transitive trust because we have no
>>>>         Diameter mechanism that allows authenticated adding and
>>>>         removal of AVPs as messages transit a network. (We did try
>>>>         develop that ages ago but it was too complex, so I'm not
>>>>         arguing to try again, just that we clearly ack the fact
>>>>         that this stuff requires transitive trust.)
>>>>
>>>>
>>>>
>>>>
>>>>         _______________________________________________
>>>>         DiME mailing list
>>>>         DiME@ietf.org <mailto:DiME@ietf.org>
>>>>         https://www.ietf.org/mailman/listinfo/dime
>>>>         <https://www.ietf.org/mailman/listinfo/dime>
>>>>
>>>         _______________________________________________
>>>         DiME mailing list
>>>         DiME@ietf.org <mailto:DiME@ietf.org>
>>>         https://www.ietf.org/mailman/listinfo/dime
>>>         <https://www.ietf.org/mailman/listinfo/dime>
>>         _______________________________________________ DiME mailing
>>         list DiME@ietf.org <mailto:DiME@ietf.org>
>>         https://www.ietf.org/mailman/listinfo/dime
>>         <https://www.ietf.org/mailman/listinfo/dime> 
>>

v2.23.0 | Report a Bug | By Email