Re: [Gen-art] Genart last call review of draft-ietf-opsawg-vpn-common-09
"Joel M. Halpern" <jmh@joelhalpern.com> Fri, 03 September 2021 18:55 UTC
Return-Path: <jmh@joelhalpern.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2837D3A2922; Fri, 3 Sep 2021 11:55:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m_-ZjQQ1izr5; Fri, 3 Sep 2021 11:55:11 -0700 (PDT)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 500983A2921; Fri, 3 Sep 2021 11:55:11 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 4H1RnB6Mlqz1nwjd; Fri, 3 Sep 2021 11:55:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1630695310; bh=CQpzuQccJov+x4N8fUCfTQND6Z4jECzRVFb2DEpcqmU=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=D6gaqgBa+iVrcdkvDMi5iBxi+2J89pfOsI4u71I0Kr2DiDUSe8VmoLPhgpQecrKcp MbNeX0ekHLSxQGr2hwlRgUk79xuEUr5TuTg8UrxAsHmP5SwgPmswtrM2riWsJ4xLHk Sff+DHzi+g8UBbgurn4jKS03rPuukMOdwEgolWdw=
X-Quarantine-ID: <x-iuHqtzwwy6>
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from [192.168.23.64] (50-233-136-230-static.hfc.comcastbusiness.net [50.233.136.230]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 4H1RnB0vwwz1nwhr; Fri, 3 Sep 2021 11:55:09 -0700 (PDT)
To: mohamed.boucadair@orange.com, "gen-art@ietf.org" <gen-art@ietf.org>
Cc: "draft-ietf-opsawg-vpn-common.all@ietf.org" <draft-ietf-opsawg-vpn-common.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
References: <162766305649.15319.17538928770243150922@ietfa.amsl.com> <775_1630672714_6132174A_775_13_1_787AE7BB302AE849A7480A190F8B9330353E875B@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <b3a45f7a-280b-e225-99ee-9bca633e08c1@joelhalpern.com>
Date: Fri, 03 Sep 2021 14:55:08 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0
MIME-Version: 1.0
In-Reply-To: <775_1630672714_6132174A_775_13_1_787AE7BB302AE849A7480A190F8B9330353E875B@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/84-F9nCL6b5KS09lFi5-f15Dg_o>
Subject: Re: [Gen-art] Genart last call review of draft-ietf-opsawg-vpn-common-09
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Sep 2021 18:55:17 -0000
Thank you for the clarifications Med. That all seems good. Yours, Joel On 9/3/2021 8:38 AM, mohamed.boucadair@orange.com wrote: > Hi Joel, > > Thank you for the review. > > Please see inline. > > Cheers, > Med > >> -----Message d'origine----- >> De : Joel Halpern via Datatracker [mailto:noreply@ietf.org] >> Envoyé : vendredi 30 juillet 2021 18:38 >> À : gen-art@ietf.org >> Cc : draft-ietf-opsawg-vpn-common.all@ietf.org; last-call@ietf.org; >> opsawg@ietf.org >> Objet : Genart last call review of draft-ietf-opsawg-vpn-common-09 >> >> Reviewer: Joel Halpern >> Review result: Ready with Issues >> >> I am the assigned Gen-ART reviewer for this draft. The General Area >> Review Team (Gen-ART) reviews all IETF documents being processed by >> the IESG for the IETF Chair. Please treat these comments just like >> any other last call comments. >> >> For more information, please see the FAQ at >> >> <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. >> >> Document: draft-ietf-opsawg-vpn-common-09 >> Reviewer: Joel Halpern >> Review Date: 2021-07-30 >> IETF LC End Date: 2021-08-06 >> IESG Telechat date: Not scheduled for a telechat >> >> Summary: This document is ready for publication as a Proposed >> Standard RFC >> >> Major issues: N/A >> >> Minor issues: >> I just want to confirm that one form of reference is normal for >> YANG >> models? There are a few identities whose meaning is defined by >> I-Ds that >> are under way. The references section of the identity gives the >> I-D name. >> Which is fine. The references at the bottom of the document >> makes those >> informative references. That seems a little odd since those >> references are >> necessary to understand the meaning of those identities. Is >> this a normal >> practice for YANG models? > > [Med] I confirm. We are following this part from RFC8407: > > " If a YANG module > contains reference or "description" statements that refer to an > I-D, then the I-D is included as an informative reference. " > >> I am a little confused as to why the srv6 identity includes in >> its >> references clause RFC 8663 (MPLS SR). Is this a copy-and-paste >> error? > > [Med] Please note that we are referring RFC8663, not RFC8660. This is because we assumed that RFC8663 uses IPv6 as an underlay, but that's may be confusing. > > I suggest to go with this change: > > OLD: > identity srv6 { > base sr; > description > "Transport is based on SR over IPv6."; > reference > "RFC 8663: MPLS Segment Routing over IP > RFC 8754: IPv6 Segment Routing Header (SRH)"; > } > > NEW: > identity srv6 { > base sr; > description > "Transport is based on SR over IPv6."; > reference > "RFC 8754: IPv6 Segment Routing Header (SRH)"; > } > > identity sr-mpls-over-ip { > base sr; > description > "Transport is based on SR over MPLS over IP."; > reference > "RFC 8663: MPLS Segment Routing over IP"; > } > > Please let me know if this is better. Thanks. > >> I hope I am misreading the qos-classification-policy definition. >> It >> appears to have an id, a match rule, and a match action. The >> match rule >> can be a match-flow or a match-application. So far, so good. >> (putting >> aside the nit below on customer-application.) But the match >> rule is a >> choice between an L3 and an L4 rule. > > [Med] This is not a choice between these two, but each of them is a choice in its own. FWIW, here is an excerpt from RFC8340 to distinguish between choices and cases: > > == > <name> is the name of the node > (<name>) means that the node is a choice node > :(<name>) means that the node is a case node > == > > Things would be problematic if we defined L3/L4 as "cases" of the same choice, but we aren't. > > As I understand it, there >> are many >> cases where the actual classification is based on a combination >> of l3 and >> l4 information. How is that to be represented? > > [Med] An example to illustrate how both can be included in shown below (DNS traffic destined to 2001:db8::/32) > > A valid rule for DNS traffic for example is shown below: > > { > "id": "a-rule-id", > "ipv6": { > "destination-ipv6-network": "2001:db8::/32" > }, > "udp": { > "destination-port-range-or-operator": { > "operator": "eq", > "port": 53 > } > } > } > >> >> Nits/editorial comments: >> The "customer-application" identity seems to be asking for >> problems in two >> regards. > > [Med] FYI, we inherited this from service modules (RFC8299 and RFC8466) where these common identities are used. > > It seems that it is a shorthand way of expressing >> some >> combination of protocols and ports. > > [Med] This can be indeed expressed as such, but at more likely at the network level. We are covering both as the common module can be used by both service and network models. > > The larger concern I have >> is that >> there is no reference that explains what classification rules >> should be >> used for any of the derived identities. Which means that for >> an >> interoperable implementation, there seems to be some difficulty >> in ensuring >> that the client and server mean the same thing when using them. >> (For >> example, just what filer corresponds to "voice"?) As a lesser >> issue, the >> current IAB work on path signals and the care that should be >> taken with >> them would seem to suggest that this is a less than desirable >> approach to >> the problem. >> >> > > > _________________________________________________________________________________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. > > This message and its attachments may contain confidential or privileged information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. > Thank you. >
- [Gen-art] Genart last call review of draft-ietf-o… Joel Halpern via Datatracker
- Re: [Gen-art] Genart last call review of draft-ie… mohamed.boucadair
- Re: [Gen-art] Genart last call review of draft-ie… Joel M. Halpern