[Gen-art] GenART review of MPLS LDP drafts
Black_David@emc.com Wed, 22 February 2006 01:49 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBj8S-0000pb-Q0; Tue, 21 Feb 2006 20:49:44 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBj8S-0000pV-4u for gen-art@ietf.org; Tue, 21 Feb 2006 20:49:44 -0500
Received: from mailhub.lss.emc.com ([168.159.213.201]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FBj8R-00076A-Pp for gen-art@ietf.org; Tue, 21 Feb 2006 20:49:44 -0500
Received: from MAHO3MSX2.corp.emc.com (maho3msx2.corp.emc.com [128.221.11.32]) by mailhub.lss.emc.com (Switch-3.1.6/Switch-3.1.7) with ESMTP id k1M1nISR023361; Tue, 21 Feb 2006 20:49:19 -0500 (EST)
Received: by maho3msx2.corp.emc.com with Internet Mail Service (5.5.2653.19) id <D4XKG8AZ>; Tue, 21 Feb 2006 20:49:18 -0500
Message-ID: <F222151D3323874393F83102D614E055013E92F3@CORPUSMX20A.corp.emc.com>
From: Black_David@emc.com
To: gen-art@ietf.org, loa.andersson@acreo.se, loa@pi.se, ina@juniper.net, rhthomas@cisco.com
Date: Tue, 21 Feb 2006 20:49:12 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.3.0.1, Antispam-Data: 2006.02.21.170607
X-PerlMx-Spam: Gauge=, SPAM=1%, Reasons='EMC_FROM_0+ -2, EMC_BODY_1+ -1, NO_REAL_NAME 0, __C230066_P5 0, __CT 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __HAS_X_MAILER 0, __IMS_MSGID 0, __IMS_MUA 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0, __STOCK_CRUFT 0'
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 0770535483960d190d4a0d020e7060bd
Cc: swallow@cisco.com, fenner@research.att.com, Black_David@emc.com
Subject: [Gen-art] GenART review of MPLS LDP drafts
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Errors-To: gen-art-bounces@ietf.org
Background for those who may be unaware of GenART: GenART is the Area Review Team for the General Area of the IETF. We advise the General Area Director (i.e. the IETF/IESG chair) by providing more in depth reviews than he could do himself of documents that come up for final decision in IESG telechat. I was selected as the GenART member to review this document. Below is my review, which was written specifically with an eye to the GenART process, but since I believe that it will be useful to have these comments more widely distributed, others outside the GenART group are included. This review was done as part of IETF Last Call. I apologize for the delay on this review, as Monday was a holiday in the US. Review criteria: "Is this document a reasonable contribution to the area of Internet engineering which it covers? If not, what changes would make it so?" These drafts are on the right track but have open issues, described in the review. All of the significant new issues are IETF process issues. There are also a number of nits in the main LDP draft that need to be corrected, and I found the security issue described in Sam Hartman's Discuss. While Brian Carpenter has already voted No Objection on this draft, I think a Discuss is in order to resolve the process issues. --- draft-ietf-mpls-rfc3036bis-03.txt for Draft Standard (1) This draft has a major process problem - Section 2.9 has a normative dependency on the TCP MD5 signature option. The maturity variance for the TCP MD5 signature option in RFC 4278 is primarily for BGP - RFC 4278 has only this to say about LDP (Section 5): The Label Distribution Protocol (LDP) [RFC3036] also uses [RFC2385]. Deployment practices for LDP are very similar to those of BGP: LDP connections are usually confined within a single autonomous system and most frequently span a single link between two routers. This makes the LDP threat environment very similar to BGP's. Given this, and a considerable installed base of LDP in service provider networks, we are not deprecating [RFC2385] for use with LDP. While that text indicates the IESG's inclination to grant a maturity variance for TCP MD5's usage in LDP, it does not actually grant the variance. The LDP draft attempts to sidestep this by making RFC 2385 a non-normative reference (Section 9.2). That approach is clearly wrong, as Section 2.9 says: This section specifies a mechanism to protect against the introduc- tion of spoofed TCP segments into LDP session connection streams. The use of this mechanism MUST be supported as a configurable option. The mechanism is based on use of the TCP MD5 Signature Option speci- fied in [RFC2385] for use by BGP. The "MUST" in the quoted text requires that RFC 2385 be a normative reference. Hence, the IESG appears to need to grant an explicit standards maturity variance for TCP MD5's use in LDP if Section 2.9 is to remain in the LDP draft. Granting that variance is probably the proverbial "right thing" to do, but it does appear to be necessary to do so. (2) Section 3.6.1.1 allows the U bit to be clear for a vendor-private TLV, so that if the TLV is not understood, the entire message is rejected. This appears to allow mandatory vendor-private extensions, which has been an IESG concern in the past. If mandatory vendor- private TLV elements are not to be allowed, this section would need to require that the U bit always be set for a vendor-private TLV. An analogous issue occurs for the U bit in vendor-private messages in Section 3.6.1.2, but could be addressed by requiring a sender to continue if a vendor-private message is rejected. (3) Sam Hartman's Discuss on Section 5.1 should be supported - an explanation of why something is bad should generally be provided when specifying mitigation measures for it. Nits: Section 2.5.3 uses the acronyms VPI, VCI and DLCI without prior definition. While I'm sure these acronyms are obvious to MPLS experts, expansions should be provided. Expansions are provided later (Sections 3.4.2.2 and 3.4.2.3) and need to be reproduced here. Section 2.8.3 "should" in first line ought to be "SHOULD", but I could be convinced otherwise as this is a requirement on network administrators as opposed to protocol implementers. A number of the TLVs are not aligned lengths (e.g., Hop Count is an odd number of bytes - 5). Section 3.3 implies that there is no padding between TLVs, but it would be useful for Section 3.5 to say that there is no padding at the end of a message (e.g., despite the diagram in Section 3.5, parameters can end on odd-byte boundaries). Section 5.3, subsection 2 contains a number of "should" statements that probably ought to be changed to "SHOULD"s. Section 6 uses the CoS acronym without prior definition or expansion. --- draft-ietf-mpls-ldp-experience-00.txt for Informational This draft appears to be fine. --- draft-ietf-mpls-ldp-survey2002-00.txt for Informational (4) This draft also has a process issue that affects the main LDP draft. Section 4.1.2 of RFC 2026 says the following about the interoperability requirement for advancing to draft standard: The requirement for at least two independent and interoperable implementations applies to all of the options and features of the specification. In cases in which one or more options or features have not been demonstrated in at least two interoperable implementations, the specification may advance to the Draft Standard level only if those options or features are removed. Applying this criterion to the survey draft, Section 1.1 says: At By Cn indicates: - A responders implemented the feature and tested it against another independent implementation (t); So, for a feature to remain at Draft Standard, A must be at least 2. Unfortunately, there are three instances where A is 1: 1t 1y 1n IPv6 Transport Addr TLV 1t 5y 6n Experimental TLV 1t 5y 6n Experimental Msg While I'm not concerned about the experimental value ranges - I think those are good things to have and don't need to be subject to the 2 interoperable implementations test, the IPv6 address TLV looks like a potential problem: 1t 1y 1n(1u 4r 1x) IPv6 Transport Addr TLV 3.5.2 Unless another implementation can be found, it appears that RFC 2026 would require deleting IPv6 support in order to advance to Draft Standard. That would be unfortunate. --------------------------------------- I wish I had real technical issues to report instead of this IETF process <expletive-deleted>. Sorry, --David ---------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 176 South St., Hopkinton, MA 01748 +1 (508) 293-7953 FAX: +1 (508) 293-7786 black_david@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------- _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www1.ietf.org/mailman/listinfo/gen-art
- [Gen-art] GenART review of MPLS LDP drafts Black_David