IETF Logo Mail Archive

Re: [Gen-art] Gen-ART review of draft-atlas-icmp-unnumbered-08

Carlos Pignataro <cpignata@cisco.com> Mon, 28 December 2009 01:23 UTC

Return-Path: <cpignata@cisco.com>
X-Original-To: gen-art@core3.amsl.com
Delivered-To: gen-art@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 17D183A681D for <gen-art@core3.amsl.com>; Sun, 27 Dec 2009 17:23:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j9qkQsjWD68c for <gen-art@core3.amsl.com>; Sun, 27 Dec 2009 17:23:23 -0800 (PST)
Received: from av-tac-rtp.cisco.com (hen.cisco.com [64.102.19.198]) by core3.amsl.com (Postfix) with ESMTP id BA7C83A67C2 for <gen-art@ietf.org>; Sun, 27 Dec 2009 17:23:23 -0800 (PST)
X-TACSUNS: Virus Scanned
Received: from rooster.cisco.com (localhost.cisco.com [127.0.0.1]) by av-tac-rtp.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id nBS1MuNj008281; Sun, 27 Dec 2009 20:22:56 -0500 (EST)
Received: from [10.116.85.235] (rtp-cpignata-87110.cisco.com [10.116.85.235]) by rooster.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id nBS1Mrqv024610; Sun, 27 Dec 2009 20:22:53 -0500 (EST)
Message-ID: <4B38086D.4090008@cisco.com>
Date: Sun, 27 Dec 2009 20:22:53 -0500
From: Carlos Pignataro <cpignata@cisco.com>
Organization: cisco Systems, Inc.
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.23) Gecko/20090812 Thunderbird/2.0.0.23 Mnenhy/0.7.6.0
MIME-Version: 1.0
To: Black_David@emc.com
References: <C2D311A6F086424F99E385949ECFEBCB012C42D7@CORPUSMX80B.corp.emc.com>
In-Reply-To: <C2D311A6F086424F99E385949ECFEBCB012C42D7@CORPUSMX80B.corp.emc.com>
X-Enigmail-Version: 0.96.0
X-Face: *3w8NvnQ|kS~V{&{U}$?G9U9EJQ8p9)O[1[1F'1i>XIc$5FR!hdAIf5}'Xu-3`^Z']h0J* ccB'fl/XJYR[+, Z+jj`4%06nd'y9[ln&ScJT5S+O18e^
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: JR Rivers <jrrivers@alumni.calpoly.edu>, rbonica@juniper.net, gen-art@ietf.org, naiming@cisco.com, jari.arkko@piuha.net, alia.atlas@bt.com
Subject: Re: [Gen-art] Gen-ART review of draft-atlas-icmp-unnumbered-08
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Dec 2009 01:23:25 -0000

David,

Thank you for your time to review, please see inline.

On 12/27/2009 5:52 PM, Black_David@emc.com wrote:
> I have been selected as the General Area Review Team (Gen-ART) 
> reviewer for this draft (for background on Gen-ART, please see 
> http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).
> 
> Please resolve these comments along with any other Last Call
> comments you may receive.
> 
> Document: draft-atlas-icmp-unnumbered-08
> Reviewer: David L. Black
> Review Date: December 27, 2009
> IETF LC End Date: January 1, 2010
> 
> Summary:
> This draft is on the right track, but has open issues, described
> in the review.
> 
> Comments:
> The draft defines an extension to ICMP messages that allows additional
> network interface information to be provided with some ICMP messages.
> The information may be an ifIndex, an IP address, an Interface Name
> and/or an MTU.
> 
> The one open issue in this review involves the use of ifIndex to
> identify an interface.  The motivating use cases in section 3
> involve traceroute, ACL-caused-blockage, and the need to determine the
> MTU - those use cases are "public" in the sense that they clearly
> encompass use of the ICMP messages by other than the network operator
> whose device generated those messages.

I disagree with the intrinsic '"public"' nature and the 'clearly' use
you mention; and so does the I-D, as the Security Considerations section
explicitly negates what you are saying here.

Moreover, the motivation is not (as you say) in the use cases in Section
3. The motivation is spelled out in the Introduction (ifIndex identifies
an unnumbered interface within the router). Section 3 provides exemplary
(and not all inclusive) use cases.

> 
> In this context, IP address, Interface Name and MTU are all clearly
> useful, but I am concerned about ifIndex.  An ifIndex is effectively
> private to the SNMP management infrastructure of the network operator.
> Determining what interface an ifIndex designates generally involves
> SNMP access that a network operator may be reluctant to grant to
> outsiders due to the level of detail that such access may expose.
> 
> I suspect that the ifIndex could be *very* useful to an ifIndex-
> enhanced traceroute issued from a network operator's management station
> as alluded to in paragraphs 3-5 of Section 6 (Security Considerations).
> My open issue is that I should have to go all the way down to the latter
> part of the Security Considerations section in order to find the
> motivations for and intended usage of one of the major features of this
> extension.

OK, so your open issue is that the security concern is addressed in the
Security Considerations? Existing text addresses your concern. We expect
implementors to read the complete spec, including the Security
Considerations. And folks will not implement a spec without
understanding its use.

The details: The motivation is in Section 1, Introduction:

   If all of the following conditions are true, the source address of
   the ICMPv4 message identifies the interface upon which the original
   datagram arrived:

   o  the device sends an ICMPv4 message through the same interface upon
      which the original datagram was received
   o  that interface is numbered

   However, the incoming and outgoing interfaces may be different due to
   an asymmetric return path, which can occur due to asymmetric link
   costs, parallel links or Equal Cost Multipath (ECMP).

and the concern you raise is explicitly addressed in the spec:

   It may be desirable to provide this information to a particular
   network's operators and not to others.

> 
> I suggest adding a Section 3.3 to discuss use of ifIndex with ICMP and
> network management tools (e.g., enhanced traceroute plus an SNMP
> manager)

Thank you for the suggestion.
I strongly disagree with this suggestion.

I highly suspect that doing so would be harmful to the spec, as it would
(implicitly) limit the scope of applicability and use of the extension.
We do not what to spell out potential uses in so much detail, as they
would become obsolete before the spec is. And we do not want to pretend
we cover all use cases.

> by a network operator to debug his/her own network.  This new section
> should also contain some sort of warning that ifIndex information may
> not be available to other than the network operator's management
> applications (with a pointer to the Security Considerations section).

This is understood from the definition (and _Normative_ citation
pointer) of ifIndex in the spec. It would be, IMHO, redundant and
therefore be another distraction to the reader.

> 
> Nits:
> - Section 2: "o  that interface is numbered"  Please add a definition
> 	of "numbered" for an interface.

We could add a pointer to [RFC1812], although I really do not think it
is needed. There is ample precedence that this is not needed, e.g., OSPF
RFCs like RFC2328, RFC5185, etc, etc.

> - Section 4.1: Explain what a C-Type is.  A few words and a reference
> 	to Section 8 of RFC 4884 should suffice.

Again we could add it but... RFC4884 is a _normative reference_, meaning
that (from RFC3967]:

   normative reference specifies a document that must be read to fully
   understand or implement the subject matter in the new RFC, or whose
   ...

Therefore, not needed, as it is defined in the Normative reference.
Another data point, IANA understood waht was meant.

> - Section 5.4: This appears to be poorly stated:

There is no Section 5.4 in the document... I suspect you meant Section 4.5.

>    A single instance of IP Address information MAY be included only in
>    the following circumstances:
> 
>    Included in what? 

It is, I think, self-evident when read in context (including previous
sentence):

   more than one instance of each of these three information
   elements MUST NOT be included per Interface Information Object.

   A single instance of IP Address information MAY be included only in
   the following circumstances:

We can s/be included/be included in an Interface Information Object/ at
expense of being repetitive.

> I presume an Interface Information Object.  Also,
>    MAY ... only is poor usage of RFC 2119 terminology.

Why? We are saying that the item (an IP Address information element) is
truly optional, and the definition of MAY says:

   5. MAY This word, or the adjective "OPTIONAL", mean that an item is
      truly optional...

So how is the usage poor?

>  Here's an
> attempt
>    at better phrasing:  
> 
>    When an Interface Information Object contains an IP Address, one of
>    the following two conditions MUST be true:
> 

Thank you for the suggestion, we will consider it as a nit.

> idnits 2.11.15 did not find any nits.

Ack.

Again, thank you for the time and review !

-- Carlos.

> 
> Thanks,
> --David
> ----------------------------------------------------
> David L. Black, Distinguished Engineer
> EMC Corporation, 176 South St., Hopkinton, MA  01748
> +1 (508) 293-7953             FAX: +1 (508) 293-7786
> black_david@emc.com        Mobile: +1 (978) 394-7754
> ----------------------------------------------------
>

v2.23.0 | Report a Bug | By Email