Re: [Gen-art] Genart last call review of draft-ietf-bess-evpn-na-flags-05
"Rabadan, Jorge (Nokia - US/Mountain View)" <jorge.rabadan@nokia.com> Mon, 31 August 2020 08:46 UTC
Return-Path: <jorge.rabadan@nokia.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42A643A1122; Mon, 31 Aug 2020 01:46:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wiB1tZ54tluV; Mon, 31 Aug 2020 01:46:39 -0700 (PDT)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2122.outbound.protection.outlook.com [40.107.93.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEF6A3A10C7; Mon, 31 Aug 2020 01:46:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Fk0QQmI7NzFfZRPqdsxJcXnW2SpT/EkcCF6y2YLgN5NEHdE5hUf296DmuAvVgWG8qgORnY+05UUNyjeegqsYVntA2EfRtJK1wxcEsrtGAAWq/rvZVSlK8K0XekK3pmG3afn0BrR40NtkoLyI3K8DlI1UIlWWWNwYm4KowjwRGQh1e3CpdXaa+VWg0C+7SLFFbiWTmkorQ+Try52b5sEWpg8G6SsEHxMDDgV5JgKAoRaZW/Pb6cgCRAHKwG7aS3iw817Y2U/OcS3CeN1q+IDiDID2hXqrAqLpBEpQPovDrrMesfZucrzBT51JdtRlSzJMoydZ9a6s/6YVpXipTLep6A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Dp3meMijlwl8ckoNnMxBdw13qmyH/pC0pN9Y0AerJ/4=; b=oL2hjcf2NrybXTcjDrq0xjhRSC3LspXqWApkAX4qAAjCJaqOVqeauHMURNeXNfDbvHbFBGfIe5Rc5f8rO6JEggs/viRAL8GPjsP8alOp0ALov6fR9i88zlXn/h9y/0eG6t2BlRDEKcZG98Z9eY9KrtBmnNB6iZeRt3NEnbxDJR2fyF/Uon8xLIPyy1IHPiufLR0cojHekjk8VjQWgjMSxCv1hPauOC60gLdaYfQI3HVyNlFT5j0VxEI/VDinxBpqT6t95C8iBCCm8w+WDixG/TA3RhV23TXw5w4DTH/ZtMWSDHZh2dzCqPPmqIMEiWx6F0RUtQu3IeKiuOSNSL10/g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Dp3meMijlwl8ckoNnMxBdw13qmyH/pC0pN9Y0AerJ/4=; b=FdTXFedoSNPlMhY1BJIYvr+mNqbjq1cR1sPGohFipgEp8bL61Vyx3LVuoG4T4GaZT0Jw9G0oauRkAce+4xqlJAlEVq8pNCmKg5j1xEKZPGiVk4sOgcaVs3PwXhGyGDZ9Q9EMmDtamrFUd2D6QVva2NZ9ljSLmeHqT3wNmCkMicY=
Received: from MWHPR08MB3520.namprd08.prod.outlook.com (2603:10b6:301:61::15) by MWHPR08MB3408.namprd08.prod.outlook.com (2603:10b6:301:66::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3326.25; Mon, 31 Aug 2020 08:46:29 +0000
Received: from MWHPR08MB3520.namprd08.prod.outlook.com ([fe80::19d8:bf7f:5bfa:e391]) by MWHPR08MB3520.namprd08.prod.outlook.com ([fe80::19d8:bf7f:5bfa:e391%4]) with mapi id 15.20.3326.025; Mon, 31 Aug 2020 08:46:28 +0000
From: "Rabadan, Jorge (Nokia - US/Mountain View)" <jorge.rabadan@nokia.com>
To: Robert Sparks <rjsparks@nostrum.com>, "gen-art@ietf.org" <gen-art@ietf.org>
CC: "draft-ietf-bess-evpn-na-flags.all@ietf.org" <draft-ietf-bess-evpn-na-flags.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "bess@ietf.org" <bess@ietf.org>
Thread-Topic: Genart last call review of draft-ietf-bess-evpn-na-flags-05
Thread-Index: AQHWdXo5Bm3xL6zON0SvfaAwwpa9RalR3cr6
Date: Mon, 31 Aug 2020 08:46:28 +0000
Message-ID: <MWHPR08MB35206C143B85A1D556ABC03DF7510@MWHPR08MB3520.namprd08.prod.outlook.com>
References: <159776707925.23974.18030617296445881198@ietfa.amsl.com>
In-Reply-To: <159776707925.23974.18030617296445881198@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: nostrum.com; dkim=none (message not signed) header.d=none;nostrum.com; dmarc=none action=none header.from=nokia.com;
x-originating-ip: [135.245.20.5]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: b4f16303-8186-4bfd-e55e-08d84d8a5a39
x-ms-traffictypediagnostic: MWHPR08MB3408:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MWHPR08MB3408607D2DA4EFF9EE53BECAF7510@MWHPR08MB3408.namprd08.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: o4Fi9zbUmuZn/tZdCe4uKfmSHBRpptaNK6Xd613KWhk12O/OG5PsiVz/brlwo5LPMsdK7KWr2XluDVgi0+C345BI4Uv7yzJ9pxVEEMZEwR6CkZdJw3Rr2Cwnz5ahLfaRZE015Ko0r32TOL+imjO4/iw2csuaZjzzy3DJjINbj2LZyDhDnTIFp4fPcX4eXSzrDzQyoJmCwhIwBq5xeh+o+HH1ZCIJlyE3TFPUHP9B07yrVmAFjqaRje3B5VplLFw695P/543/c9/cuMSuqkP+NeJGlrSx+SCHpHiFYFxEw9t+xmVApQxzuR7mrL0RcZQvHdiZqyFhVpIx67io2Rhe9RfSg8y7GwT5HIuAPLg1u1zFK5I/o1KKARV+x0HonXGg60XqGnMKfA2Gtpe7tT2fng==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR08MB3520.namprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(366004)(136003)(39850400004)(376002)(396003)(7696005)(64756008)(8676002)(83380400001)(8936002)(71200400001)(33656002)(54906003)(66574015)(316002)(4326008)(166002)(52536014)(5660300002)(110136005)(86362001)(26005)(66476007)(66556008)(66946007)(76116006)(6506007)(66446008)(186003)(2906002)(55016002)(478600001)(53546011)(9686003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: sDUwplNNfz0UQ/eBpNvE8Lt/my5z9qei3C2snP9RO7yuRjlxr/bDzLcoEDi99J+LtTACq1739wtyyQgs/uv12CXV5JDpp4fifr4cDZE+gsFngr0iDUSB9nALUO6yMZD8NkMFkjx4U7TBcZMw3kWAGtQUMXfZPfhFcHFxkVdrMyNbSslQbwNFF8BlmFuFBw8t8tmQa0OIWRrdSsx4EASiNCuDhJNghPwqN7nqTk100C1mmutFBjnz93QIrevGQRJVROQKj0dQ2r35Wewt44UegYIk6qutFXfomWytrkeYUIH30ZwEJH/xh2SyKaOAyqj0fjPWP9gBdDgoFsLEuHwMDMLQf+yjayYITPZ195Qjy3MtK8rLmeYJ183pNgymhIGatM3mlV3wEp0FXyUBzao6VVVwpi38HVlO1N5MTTQbWv313dgMknRL1QE3Qc8vPynmRulSAF4Q9x/x3ipQx/XdPFgpA18NZwSVZCsSwI+3yiROKONOhMqYzW3m8evzy/4viP+z1JPZRsACBL0PEOACmykOPrzmzAXLgl9w8kLsfW80wHJ5foM9YFukdOawfZphP6Z29dZDlQXpucYfqCGnQ53yVB6qHCT+bl5MMfgDPRPAS0kFWY+SYyxecT8mDt7SWrW2QxlheT1Sd3o7CmA83g==
Content-Type: multipart/alternative; boundary="_000_MWHPR08MB35206C143B85A1D556ABC03DF7510MWHPR08MB3520namp_"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MWHPR08MB3520.namprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b4f16303-8186-4bfd-e55e-08d84d8a5a39
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Aug 2020 08:46:28.6155 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: My+dUNwHluOUCiLsnNHFtYUz+G198geRTCB705SzDDDTC8SSDxIdJRT3LM2c08XYAG/WF+iD1gsUNyhjCbaODA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR08MB3408
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/nBiP4UmvGMdGq-N8EoePUV5Ks9c>
Subject: Re: [Gen-art] Genart last call review of draft-ietf-bess-evpn-na-flags-05
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Aug 2020 08:46:42 -0000
Robert, Thank you very much for the review. Great points. Please see in-line with [Jorge]. All the changes will be included in the next revision. Thank you! Jorge From: Robert Sparks via Datatracker <noreply@ietf.org> Date: Tuesday, August 18, 2020 at 6:11 PM To: gen-art@ietf.org <gen-art@ietf.org> Cc: draft-ietf-bess-evpn-na-flags.all@ietf.org <draft-ietf-bess-evpn-na-flags.all@ietf.org>, last-call@ietf.org <last-call@ietf.org>, bess@ietf.org <bess@ietf.org> Subject: Genart last call review of draft-ietf-bess-evpn-na-flags-05 Reviewer: Robert Sparks Review result: Ready with Nits I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. Document: draft-ietf-bess-evpn-na-flags-05 Reviewer: Robert Sparks Review Date: 2020-08-18 IETF LC End Date: 2020-08-28 IESG Telechat date: Not scheduled for a telechat Summary: Ready for publication as a Proposed Standard RFC but with nits to address before publication The protocol being defined seems fine, and the IANA considerations are well constructed. I have a nagging feeling that there are new security concerns this introduces, but haven't been able to identify anything specific. I appreciate that the document discusses what happens when a bad-actor introduces intentionally mis-configured flags. Editorial Issues: The Abstract is full of acronyms that are not universally understood, and it buries the point of the document. Please consider rewriting to focus more specifically on the goal of the draft (see the introduction in the shepherd's writeup), keeping in mind that the abstract should make sense to people who don't know yet what PE stands for. Much of what you currently have in the Abstract can be left to the Introduction. I expect a shorter (two or three sentence) abstract will suit the document better. [Jorge] we simplified the abstract as follows, hopefully it addresses your comment: Ethernet Virtual Private Network (EVPN) uses MAC/IP Advertisement routes to advertise locally learned MAC and IP addresses associated to host or routers. The remote Provider Edge (PE) routers may use this information to populate their Address Resolution Protocol (ARP) or Neighbor Discovery (ND) tables and then reply locally to ARP Requests or Neighbor Solicitation messages on behalf of the owner of the IP address. However, the information conveyed in the MAC/IP route may not be enough for the remote PE to reply to local ARP or ND requests. This document defines an Extended Community that is advertised along with an EVPN MAC/IP Advertisement route and carries information relevant to the ARP/ND resolution, so that an EVPN PE implementing a proxy-ARP/ND function can reply to ARP Requests or Neighbor Solicitations with the correct information. In section 3.2: The list of three things in the list under "R and O Flags processing" are all processing steps. But the list of 6 things under "I Flag processing" are not all processing steps. Please change the list to only include processing steps, and move the examples and commentary to regular paragraphs after the processing has been specified. Consider moving the third top-level bullet in 3.2 ("MUST be ignored") to be the first bullet, and after that bullet say "otherwise". [Jorge] ok, section 3.2 changed as follows: 3.2. Reception of the EVPN ARP/ND Extended Community In addition to the procedures specified in [RFC7432] a PE receiving a MAC/IP Advertisement route will process the EVPN ARP/ND Extended Community as follows: o The R, O and I Flags MUST be ignored if they are advertised along with an EVPN MAC/IP Advertisement route that does not contain an IP (IPv4 or IPv6) address. Otherwise they are processed as follows. o R and O Flags processing: * If the EVPN MAC/IP Advertisement route contains an IPv6 address and the EVPN ARP/ND Extended Community, the PE MUST add the R and O Flags to the ND entry in the ND or proxy-ND table and use that information in Neighbor Advertisements when replying to a Solicitation for the IPv6 address. * If no EVPN ARP/ND Extended Community is received along with the route, the PE will add the default R and O Flags to the entry. The default R Flag SHOULD be an administrative choice. The default O Flag SHOULD be 1. * A PE MUST ignore the received R and O Flags for an EVPN MAC/IP Advertisement route that contains an IPv4->MAC pair. o I Flag processing: * A PE receiving an EVPN MAC/IP Advertisement route containing an IP->MAC and the I Flag set SHOULD install the IP->MAC entry in the ARP/ND or proxy-ARP/ND table as an "Immutable binding". This Immutable binding entry will override an existing non- immutable binding for the same IP->MAC. The absence of the EVPN ARP/ND Extended Community in a MAC/IP Advertisement route indicates that the IP->MAC entry is not an "Immutable binding". * Receiving multiple EVPN MAC/IP Advertisement routes with I=1 for the same IP but different MAC is considered a misconfiguration. * A PE originating an EVPN MAC/IP Advertisement route for IP1->MAC1 with I=1 MAY also originate the route with the Static bit set (in the MAC Mobility Extended Community). In such a case, the IP1->MAC1 binding is not only immutable but it cannot Rabadan, et al. Expires March 5, 2021 [Page 6] Internet-Draft EVPN Neighbor Advertisement Flags September 2020 move as well. Even so, if an update for the same IP1->MAC1 immutable and static, is received from a different PE, one of the two routes will be selected, as in the [RFC7432] case where two MAC/IP routes with Static bit are received for the same MAC from different PEs. In a situation where a host (with an IP->MAC that is configured as Immutable binding in the attached PE) is allowed to move between PEs (that is, the associated MAC is non-static), PEs can receive multiple MAC/IP advertisement routes for the same IP->MAC. In such situations, MAC mobility procedures as in [RFC7432] dictate the reachability of the MAC. As an example of the use of the I Flag, consider PE1, PE2 and PE3 are attached to the same BD. PE1 originates an EVPN MAC/IP Advertisement route for IP1->MAC1 with I=1; later on, PE2 also originates an EVPN MAC/IP Advertisement route IP1->MAC1 with a higher sequence number and I=1. Then all the EVPN PEs attached to the same BD SHOULD retain their IP1->MAC1 ARP/ND binding but update MAC1's forwarding destination to PE2. If for some reason, PE3 originates an EVPN MAC/ IP Advertisement route for IP1->MAC2 (even with a higher sequence number), then the EVPN PEs in the BD SHOULD NOT update their IP1->MAC1 ARP/ND bindings, since IP1 is bound to MAC1 (MAC2 SHOULD still be programmed in the layer-2 BDs). This is considered a misconfiguration in PE3. The use of the Flag I=1 assumes that a given IP is always bound to the same MAC address, and therefore the mobility procedures described in [I-D.ietf-bess-evpn-irb-extended-mobility] for "Host IP move to a new MAC" will not apply. Editorial Nits: I suggest deleting "refers to" in the terminology sentences. In all cases you mean "is" and you don't need to say "is". [Jorge] ok, removed The last phrase in the description of Bit 4 at the end of section 2 was difficult to read. Consider breaking the sentence into two or more. [Jorge] ok, changed to: Bit 4 of the Flags field is defined as the "Immutable ARP/ND Binding Flag". When set, the egress PE indicates that the IP->MAC pair sent in an EVPN MAC/IP Advertisement route (along with the Extended Community) is a configured ARP/ND entry. The IP address in the EVPN MAC/IP Advertisement route can only be bound together with the MAC address specified in the same route. At the end of section 3.1, "does not have any impact on" is confusing. I think you mean "does not change"? At ", including" the sentence becomes awkward. I suggest breaking that into a separate sentence. Perhaps "Specifically the procedures for advertising ... are not changed." [Jorge] good point, changed as suggested.
- [Gen-art] Genart last call review of draft-ietf-b… Robert Sparks via Datatracker
- Re: [Gen-art] Genart last call review of draft-ie… Rabadan, Jorge (Nokia - US/Mountain View)
- Re: [Gen-art] Genart last call review of draft-ie… Robert Sparks
- Re: [Gen-art] Genart last call review of draft-ie… Alissa Cooper