Re: [Gen-art] Gen-art telechat review - draft-ietf-lisp-19.txt

[Elwyn Davies <elwynd@dial.pipex.com>]

Hi, Dino.

I have had a look at the attached version -20  docs.

Several of the fixes seem to have gone awry, and there are various cases 
where I think there is still discussion needed.

I also spotted a couple more issues:
- I don't know how an ETR can do a return routability check - see 
discussion below
- How does an ITR know a locator is anycast - see right at the end.

Regards,
Elwyn

On 16/01/12 19:50, Dino Farinacci wrote:
>> I am the assigned Gen-ART reviewer for this draft. For background on
>> Gen-ART, please see the FAQ at
>> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
>>
>> Please wait for direction from your document shepherd
>> or AD before posting a new version of the draft.
>>
>> Document: draft-ietf-lisp-19.txt
>> Reviewer: Elwyn Davies
>> Review Date: 20120115
>> IETF LC End Date: 20111130
>> IESG Telechat date: 20120119
>>
>> Summary: This is an updated version of the review I did for Version 16.
>> The status is STILL 'almost ready'. I noticed one additional minor issue
>> (s3, ITRs). I did not receive any explicit reponses to the comments in
>> the previous review although some of the comments have been addressed
>> and I have removed those comments. So...
>>
>> Given that this document is experimental, there don't appear to be any
>> showstopping issues.  However, I found that having the functionality
>> spread over several documents without a really clear overview did not
>> make it easy to follow. There are a number of areas where topics appear
>> unannounced in ways that are not immediately meaningful, and may or may
>> not be clarified later in the document (especially the topics of
>> multicast and anycast).
>>
>> There are areas of the detailed format description that are very dense
>> and difficult to follow, and the split of functionality between this
>> document and ALT does not help.  I got the distinct feeling that extra
>> bits of functionality had been shoe horned into this section over time
>> without really thinking through the system aspects.  However given that
>> we are considering an experimental protocol this is not a major issue,
>> provided that it is cleaned up before becoming a real standard.
>>
>> Major issues: None.
> This is good to know. Thanks for your comments Elwyn. See responses below. I have a new -20 diff file enclosed to make sure I reflected your comments. Please have a look and comment as soon as you can. Thanks.
>
>> Minor issues:
>> s3, Ingress Tunnel Router (ITR): "An ITR is a router which accepts an IP
>> packet with a single IP header": Technically this rules out a site
>> attached to an ITR using any form of IP tunneling (such as VPNs or IP
>> mobility or 6-in-4 tunnels) through the ITR because a tunneled packet
>> would already have more than one IP header. In practice, I think the
>> qualifying statement in brackets immediately after the quoted statement
>> clarifies the situation but this should be rewrittten to avoid
>> ambiguity.
> Fixed.
Hmm.  You have substituted '(more precisely, an IP packet that does not 
contain a LISP header)' by '(typically, the IP packet that does not 
contain an IP header)'.  These are definitely not the same.  Are there 
circumstances where an IP packet coming out of a LISP site would already 
contain a LISP header.  That was not my understanding.  If this is not 
correct then what you have now is even more confusing.  Also in the next 
sentence, the phrase 'this IP destination address' no longer makes sense.
>> s3, EID: "EIDs MUST NOT be used as RLOCs":  But the remainder of the
>> definition goes on to talk about what must/must not happen when they are
>> numerically equivalent. This is still somewhat confusing.
> When they are numerically equivaldent does not mean they are the same definition. Remember there are two namespaces so 10.1.1.1 in one namespace serves a different purpose than 10.1.1.1 in the other namespace.
>
> I made no change here because we revised this definition dozens of times to make the working group happy. So this definition is rough concensus.
Doubtless it is rough concensus, but the piece we are discussing is not 
part of the definition as such.  The point is that seen from point of 
view of the bits on the wire, RLOCs and EIDs are indistinguishable, and 
the later text implies that the same bit pattern can be either depending 
on context.  I think what you need to say is 'It is important that a 
value specified as an EID is only used in contexts where an EID is 
required and never in contexts where an RLOC is required (and vice 
versa).  Since the same bit pattern could be valid for either as 
explained later, it is vital that this logical distinction is maintained 
in implementations.'  I note that there is a context (called out below) 
where the EID is used in a context where an RLOC would normally be expected.
>
>> s3, Data Probe: Some clarification/explanation is needed regarding the
>> fact that a Data Probe uses an EID as its destination address in the
>> core, but EIDs are specifically described as not routable in the core
>> earlier in the document. I understand that ALT puts caveats on the
>> usability of Data Probes, but still potentially offers routability of
>> the EID over the alternative topology. I think some reflection of this
>> discussion would be helpful here.
>
> I added to the definition that when Data Probes are used, the 
> underlying routing system must advertise EIDs. This is not desirable 
> but there are rare cases, it may be used.
I think your new text compounds the problem.  It explicitly contradicts 
earlier statements that EIDs are not globally routable.  ALT moves the 
EID routing problem to a separated overlay network which sidesteps the 
problem, but the new words effectively change a MUST NOT into a MAY.  As 
I said previously, there are words in ALT that probably need to be 
reproduced here.
>
>> s4.1, item 4: ETR "processes as a control message"... does this imply
>> anything about prioritization in the rest of the network?
>
> No different than anything else and doesn't deserve a mention in my 
> opinion.
Maybe not, but why is that the only traditional use of prioritisation 
for IP packets was for router control messages.  It strikes me that 
Map-Requests and Map-Replies need to get quickly to the front of the 
queues in the routers they arrive at like BGP messages when travelling 
on the underlying routing topology.
>
>> s5.3, LISP Nonce: What are the consequences of using the same nonce for
>> 'too long'.. and how can an implementor decide what is too long?
>
> A possible replay attack if a man-in-the-middle can guess a 24-bit or 
> 128-bit nonce.
Guidance to implementers is required.  OK, maybe you don't know yet 'cos 
its an experiment, but the draft ought to state that guidance will be 
given after experiments, if only as a reminder to somebody turning this 
into a standard.
>
>> s6.1: "Implementations MUST be prepared to accept packets when either the
>> source port or destination UDP port is set to 4342 due to NATs
>> changing port number values." I (still) don't understand this. My
>> understanding was that these UDP packets are generated in the ITR with
>> globally routable RLOCs in the headers. Why are they going through NATs?
>> Does this mean when only one of the ports is 4342? (but the previous
>> comments still stands).
>
> An ITR could be behind a NAT. And when it is its "local RLOC" is a 
> private address. When the packet traverses a NAT, the source address 
> will be changed to a global address. The outside world believes the 
> source of the packet is the source RLOC which is globally reachable 
> and advertised in the underlying routing system.
Is the problem a missing 'not'?
> when either the
> source port or destination UDP port is ***not*** (?) set to 4342 due 
> to NATs
> changing port number values.

>
> NATs also translate/change the source port of the outer header. So the 
> if a LISP control packet is returning a reply to a request that had 
> 4342 in the destination port, then the source port would be translated 
> and the requester would not know the packet is a LISP control packet. 
> So if the source port of the request is 4342, the replier can return 
> that in the destination port of the reply without a NAT touching the 
> port (while it is touching the other port).
>
>> s5.3: Copying of TTL/Hop Count fields and Type of service fields: This
>> discussion is somewhat confusing. Initially these are described as
>> SHOULD mostly without any description of why one would not. A couple of
>> paragraphs later they become MUSTs with some minor and explicit
>> exceptions. This should be clarified.
>
> We said should because we were being practical. Some implementations 
> cannot copy the TTL and set it statically. We want those 
> implementations to not violate the spec.
>
> We use MUST later for the Type of Service field. When the TOS is 
> copied, then the sub-parts MUST follow what the text says.
>
OK.  That is correct.   Its possible there is a better wording than 
'caveat' but I can't think of a short form.  Caveat tends to make me 
think of get outs, whereas what you are doing is making it more strict 
for the ECN case. Leave it be.
>> s6.1, last para: "This main LISP specification is the authoritative
>> source for message
>> format definitions for the Map-Request and Map-Reply messages." So
>> what spec is authoritative for Map-Register and Map-Notify? It is later
>> stated that this spec defines the message format of these messages
>> (first paras of s6.1.6/6.1.7). This seems pretty authoritative. I
>> suspect that this para could be dropped wlog.
>
> I will fix this text. Thanks for finding this.
>
>> s6.1.4: S bit: How do I find out how big the Mapping Protocol Data is in
>> order to determine where the extra security fields are located?
>
> This was commented on quite a bit and was used for CONS. Since the 
> commenters won the argument to remove references to CONS, we will 
> remove the Mapping Protocol Data part, which actually is not used by 
> any implementations.
OK.. But, should it go from s6.1.2 as well?
>
>> s6.1.4: M priority/weight: Multicast suddenly makes an appearance. Not
>> sure why?
>
> Because we have to encode multicast priorities. And to get a mapping 
> for an ETR to join an ITR, we use a Map-Request/Map-Reply exchange. I 
> will add a reference to LISP-multicast for each reference to M 
> priority and M weight.
>
>> s10.3: How is a "route-returnability check" performed in LISP?
>
> I added another sentence to the defintion of "Route-returnability".
The new sentence tells the principle of what messages to send - but 
where to send them?  The problem in my mind is that it is apparently the 
ETR performing the check.  Is the check sent to the ITR or the original 
source (EID)?  If to the original source, why should that source believe 
it ought to answer this ETR (which will have to have an EID that the 
return message is sent) when it has never heard from the ETR and has no 
idea whether the ETR is a kosher node?  If the source is behind a 
firewall or NAT there is a good chance the message will never arrive.  
This case differs from the standard route returnability case where 
messages are always end-to-end.
>
>> Nits/editorial comments:
>> General: s/bytes/octets/
>
> Changed throughout.
>
>> General: Figures all need titles and numbers.
>
> There are section titles for the figures. There are no figure numbers 
> just like RFC 2460. I don't see the point since there is no text that 
> back references the figures. And I think we wrote the text to 
> sufficiently introduce the figures that are about to come up.
You can discuss this one with the RFC Editor.
>
>> s3: s/PA addresses are an an address/PA addresses are an address/
>>
>> s3, RLOC: Link to IPv4/v6 specifications needed.
>>
>> s3, EID-to-RLOC Database: "This has no negative implications."
>> Justification?
>>
>> s3, Negative Mapping Entry: Needs cross-reference for Negative Map-Reply.
>
> Changed all the above.
>
>> s3, Data Probe: needs cross-reference(s)
>
> I don't think it does because it is being defined here for the first time.
See discussion above. ALT?
>
>> s3, PITR: The alternative term PTR is now not used at all and can be
>> removed.
>
> Fixed.
>
>> s4.1, item 7: Needs cross references.
>
> Can you be more specific please. Are you asking for a reference for 
> DNS names or for the Map-Reply or for something else?
No.  To the piece that tells about the policies (Section 6.5).
>
>> s5.1 and s5.2 Need references to base IP specifications and notes about
>> the items that are defined in those specifications, and the equivalences
>> between source/destination IP addresses and EIDs/RLOCs. (also applies to
>> s6.1)
>
> We did this in a later update. We put the references in 5.3 where we 
> describe such fields.
Fine.

>
>> s5.3: This section should also refer to the various abbreviations used
>> in the figures (e.g., OH for Outer Header, etc).
>
> It is expanded in the "Packet header descriptions:" part.
>
True but hardly 'first use'.  All it needs is s/Inner header/Inner 
Header (IH)/ and similarly for OH in s5.3. Plus a definition of IHL 
(internet header length).
>> s5.3, LSB: First mention of anycast addresses here. Needs a cross
>> reference or earlier introduction.
>
> I have added a definition for anycast address in the Definition of 
> Terms section.
>
>> s6.x: Encodings of numeric fields not specified.
>
> All fixed. New text enclosed. Please acknowledge. The -20 has not been 
> posted. This is a work in progress -20 waiting Adrian's comments as well.
>
> Dino
>

EXTRA INTRODUCED NIT and EXTRA ISSUE SPOTTED:
s4, first bullet: "get to destination, which in turn, LISP routers 
deliver" has got garbled.  I think something like the following was 
intended:
     assume packets get to their intended destinations.  In a system 
where LISP is deployed, LISP routers intercept EID addressed packets and 
assist in delivering them across the network core where EIDs cannot be 
routed.

s5.3, LISP Locator Status Bits, last sentence:    "If the LSB for an 
anycast locator.." How does the ITR know it is an anycast locator?  They 
are indistinguishable for any other IP address in most cases.
>
>
>
>