Re: [Gen-art] Genart last call review of draft-ietf-bess-evpn-na-flags-05
Alissa Cooper <alissa@cooperw.in> Thu, 24 September 2020 14:10 UTC
Return-Path: <alissa@cooperw.in>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E42F3A0A3B; Thu, 24 Sep 2020 07:10:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.119
X-Spam-Level:
X-Spam-Status: No, score=-2.119 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=MTApv9NR; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=QTYEbz/n
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wsj0HevGi_vI; Thu, 24 Sep 2020 07:10:00 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4EA823A09DA; Thu, 24 Sep 2020 07:10:00 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id A1D5A5C016A; Thu, 24 Sep 2020 10:09:59 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Thu, 24 Sep 2020 10:09:59 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h= from:message-id:content-type:mime-version:subject:date :in-reply-to:cc:to:references; s=fm1; bh=P+tNBo/U9l2EdYES+rBG/gV 4t6+uRmsOu/B1fkxddFI=; b=MTApv9NRtDOc0Y1Bvl+4CiZFQPivyfWGUel5fZW aJAiRRBh2Ia23Kt02GZHJgJgfMk1iJRj4XJ32EaS//vtCnkqqyNglnCXGAPPgoqs TyBzKYWBdta0TdfDrI8xMHMK9TVvYS0CDcX+bVe8puy/dxB3AskTt7perwmxYKDN in8Vt6pYGbPO+lUvq2h6QOW3hAtelFdOw3VES/lKmD63LIbD/4ZcF2f7eEGUq8mg ULloqrJ6DOq2pkWNy7hqcVeLLhyyDFyLshFP+RJZV9QUNfaVSi0OX0/wbR53r6Cb 9GkRE6aHJ2xx05llnNQyWv/N/Je0myHT1XdC/jKE4a9gwkQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=P+tNBo /U9l2EdYES+rBG/gV4t6+uRmsOu/B1fkxddFI=; b=QTYEbz/nQgR7EbX3MC+Bhg 0Zr63A/TZ/iKnsDShBjoDyaVN0k68RTjQTohuPAifOLqx1vPzOT2Dpe7jwAh+Qmw 48hGxrMt9ASW67rXnVNaixcdkPn7BoPJGIovm6qSPzXCoV05QIvB45eMnTl1a26J KLlYt7r2+aa4AWSZmSlX9k47RZrbob4m4QXocSRa4QQujf3LDo2IoXdZDn7dMHV3 wb7cM3HLAxHEKtlMVJngNuV7+zLR2srOxCP/kTntrGrlCDU/tbnxj9OSzOaeH5Ng T6Q1roSaUuXaOr4P13nK1PS9pQ1I0G5nL/fRTabP1JSwZoxervWBfxnIx9hHdwlQ ==
X-ME-Sender: <xms:tqhsX85F2bxU3VpvZN_yet0Y_1QCfPvLqyXiFMoDAjLHuYur_yjlcw> <xme:tqhsX97oF-MtPDz0DaYUWRNxl91XJ25aM-vN_9S0Npofs7Y3nJsRyrfKFrYJfx2m9 G_Nnql5_EJqSb-87A>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrudekgdejgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefhkfgtggfuffgjvfhfofesrgdtmherhhdtvdenucfhrhhomheptehlihhsshgr ucevohhophgvrhcuoegrlhhishhsrgestghoohhpvghrfidrihhnqeenucggtffrrghtth gvrhhnpeelteekheffkeeuuedutedviedutedvtdffheeigeetjeelhfdtteeiffdvudeu teenucffohhmrghinhepihgvthhfrdhorhhgnecukfhppedujeefrdefkedruddujedrke einecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheprghl ihhsshgrsegtohhophgvrhifrdhinh
X-ME-Proxy: <xmx:tqhsX7fybVSx0MM54lfcGQWQjiUrtJVMqlymW9cvtlJVyTu15g6hhA> <xmx:tqhsXxIueHI7bE5MbuDwKgLf4-7DIflFzQ-L37vJOPnIVD04NqZCJA> <xmx:tqhsXwKOawfjSTNgRIjINSoGcoKc9u4a0YDfW0UbtYl7na2soB9s_Q> <xmx:t6hsX01-vFtUN8KuHWLj8Afq_pWUPGCrWWFszmackyxv8vNCre3qnQ>
Received: from rtp-alcoop-nitro2.cisco.com (unknown [173.38.117.86]) by mail.messagingengine.com (Postfix) with ESMTPA id CDCC83064684; Thu, 24 Sep 2020 10:09:57 -0400 (EDT)
From: Alissa Cooper <alissa@cooperw.in>
Message-Id: <EF44E615-1D93-44B6-839E-B0266D524524@cooperw.in>
Content-Type: multipart/alternative; boundary="Apple-Mail=_A94F4FD3-9DDA-4703-8D84-5C8376AE2AD3"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
Date: Thu, 24 Sep 2020 10:09:57 -0400
In-Reply-To: <696da4c7-9e64-7d6b-0e4c-b6e53c1f04d6@nostrum.com>
Cc: "gen-art@ietf.org" <gen-art@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "bess@ietf.org" <bess@ietf.org>, "draft-ietf-bess-evpn-na-flags.all@ietf.org" <draft-ietf-bess-evpn-na-flags.all@ietf.org>
To: Robert Sparks <rjsparks@nostrum.com>, "Rabadan, Jorge (Nokia - US/Mountain View)" <jorge.rabadan@nokia.com>
References: <159776707925.23974.18030617296445881198@ietfa.amsl.com> <MWHPR08MB35206C143B85A1D556ABC03DF7510@MWHPR08MB3520.namprd08.prod.outlook.com> <696da4c7-9e64-7d6b-0e4c-b6e53c1f04d6@nostrum.com>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/nc8yNXp_I3Le-MC0gXDb_07Gl80>
Subject: Re: [Gen-art] Genart last call review of draft-ietf-bess-evpn-na-flags-05
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Sep 2020 14:10:04 -0000
Robert, thanks for your review. Jorge, thanks for your response. I ran out of time to ballot on this document but I appreciate the document improvements. Alissa > On Aug 31, 2020, at 9:16 AM, Robert Sparks <rjsparks@nostrum.com> wrote: > > Thanks for considering my suggestions Jorge - your edits address all my concerns! > > RjS > > On 8/31/20 3:46 AM, Rabadan, Jorge (Nokia - US/Mountain View) wrote: >> Robert, >> >> Thank you very much for the review. Great points. >> Please see in-line with [Jorge]. All the changes will be included in the next revision. >> Thank you! >> Jorge >> >> From: Robert Sparks via Datatracker <noreply@ietf.org> <mailto:noreply@ietf.org> >> Date: Tuesday, August 18, 2020 at 6:11 PM >> To: gen-art@ietf.org <mailto:gen-art@ietf.org> <gen-art@ietf.org> <mailto:gen-art@ietf.org> >> Cc: draft-ietf-bess-evpn-na-flags.all@ietf.org <mailto:draft-ietf-bess-evpn-na-flags.all@ietf.org> <draft-ietf-bess-evpn-na-flags.all@ietf.org> <mailto:draft-ietf-bess-evpn-na-flags.all@ietf.org>, last-call@ietf.org <mailto:last-call@ietf.org> <last-call@ietf.org> <mailto:last-call@ietf.org>, bess@ietf.org <mailto:bess@ietf.org> <bess@ietf.org> <mailto:bess@ietf.org> >> Subject: Genart last call review of draft-ietf-bess-evpn-na-flags-05 >> >> Reviewer: Robert Sparks >> Review result: Ready with Nits >> >> I am the assigned Gen-ART reviewer for this draft. The General Area >> Review Team (Gen-ART) reviews all IETF documents being processed >> by the IESG for the IETF Chair. Please treat these comments just >> like any other last call comments. >> >> For more information, please see the FAQ at >> >> <https://trac.ietf.org/trac/gen/wiki/GenArtfaq <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>>. >> >> Document: draft-ietf-bess-evpn-na-flags-05 >> Reviewer: Robert Sparks >> Review Date: 2020-08-18 >> IETF LC End Date: 2020-08-28 >> IESG Telechat date: Not scheduled for a telechat >> >> Summary: Ready for publication as a Proposed Standard RFC but with nits to >> address before publication >> >> The protocol being defined seems fine, and the IANA considerations are well >> constructed. I have a nagging feeling that there are new security concerns this >> introduces, but haven't been able to identify anything specific. I appreciate >> that the document discusses what happens when a bad-actor introduces >> intentionally mis-configured flags. >> >> Editorial Issues: >> >> The Abstract is full of acronyms that are not universally understood, and it >> buries the point of the document. Please consider rewriting to focus more >> specifically on the goal of the draft (see the introduction in the shepherd's >> writeup), keeping in mind that the abstract should make sense to people who >> don't know yet what PE stands for. Much of what you currently have in the >> Abstract can be left to the Introduction. I expect a shorter (two or three >> sentence) abstract will suit the document better. >> >> [Jorge] we simplified the abstract as follows, hopefully it addresses your comment: >> >> Ethernet Virtual Private Network (EVPN) uses MAC/IP Advertisement >> routes to advertise locally learned MAC and IP addresses associated >> to host or routers. The remote Provider Edge (PE) routers may use >> this information to populate their Address Resolution Protocol (ARP) >> or Neighbor Discovery (ND) tables and then reply locally to ARP >> Requests or Neighbor Solicitation messages on behalf of the owner of >> the IP address. However, the information conveyed in the MAC/IP >> route may not be enough for the remote PE to reply to local ARP or ND >> requests. This document defines an Extended Community that is >> advertised along with an EVPN MAC/IP Advertisement route and carries >> information relevant to the ARP/ND resolution, so that an EVPN PE >> implementing a proxy-ARP/ND function can reply to ARP Requests or >> Neighbor Solicitations with the correct information. >> >> >> >> >> In section 3.2: The list of three things in the list under "R and O Flags >> processing" are all processing steps. But the list of 6 things under "I Flag >> processing" are not all processing steps. Please change the list to only >> include processing steps, and move the examples and commentary to regular >> paragraphs after the processing has been specified. >> >> Consider moving the third top-level bullet in 3.2 ("MUST be ignored") to be the >> first bullet, and after that bullet say "otherwise". >> >> [Jorge] ok, section 3.2 changed as follows: >> >> 3.2. Reception of the EVPN ARP/ND Extended Community >> >> In addition to the procedures specified in [RFC7432] a PE receiving a >> MAC/IP Advertisement route will process the EVPN ARP/ND Extended >> Community as follows: >> >> o The R, O and I Flags MUST be ignored if they are advertised along >> with an EVPN MAC/IP Advertisement route that does not contain an >> IP (IPv4 or IPv6) address. Otherwise they are processed as >> follows. >> >> o R and O Flags processing: >> >> * If the EVPN MAC/IP Advertisement route contains an IPv6 address >> and the EVPN ARP/ND Extended Community, the PE MUST add the R >> and O Flags to the ND entry in the ND or proxy-ND table and use >> that information in Neighbor Advertisements when replying to a >> Solicitation for the IPv6 address. >> >> * If no EVPN ARP/ND Extended Community is received along with the >> route, the PE will add the default R and O Flags to the entry. >> The default R Flag SHOULD be an administrative choice. The >> default O Flag SHOULD be 1. >> >> * A PE MUST ignore the received R and O Flags for an EVPN MAC/IP >> Advertisement route that contains an IPv4->MAC pair. >> >> o I Flag processing: >> >> * A PE receiving an EVPN MAC/IP Advertisement route containing an >> IP->MAC and the I Flag set SHOULD install the IP->MAC entry in >> the ARP/ND or proxy-ARP/ND table as an "Immutable binding". >> This Immutable binding entry will override an existing non- >> immutable binding for the same IP->MAC. The absence of the >> EVPN ARP/ND Extended Community in a MAC/IP Advertisement route >> indicates that the IP->MAC entry is not an "Immutable binding". >> >> * Receiving multiple EVPN MAC/IP Advertisement routes with I=1 >> for the same IP but different MAC is considered a >> misconfiguration. >> >> * A PE originating an EVPN MAC/IP Advertisement route for >> IP1->MAC1 with I=1 MAY also originate the route with the Static >> bit set (in the MAC Mobility Extended Community). In such a >> case, the IP1->MAC1 binding is not only immutable but it cannot >> >> >> >> Rabadan, et al. Expires March 5, 2021 [Page 6] >> >> Internet-Draft EVPN Neighbor Advertisement Flags September 2020 >> >> >> move as well. Even so, if an update for the same IP1->MAC1 >> immutable and static, is received from a different PE, one of >> the two routes will be selected, as in the [RFC7432] case where >> two MAC/IP routes with Static bit are received for the same MAC >> from different PEs. >> >> In a situation where a host (with an IP->MAC that is configured as >> Immutable binding in the attached PE) is allowed to move between PEs >> (that is, the associated MAC is non-static), PEs can receive multiple >> MAC/IP advertisement routes for the same IP->MAC. In such >> situations, MAC mobility procedures as in [RFC7432] dictate the >> reachability of the MAC. >> >> As an example of the use of the I Flag, consider PE1, PE2 and PE3 are >> attached to the same BD. PE1 originates an EVPN MAC/IP Advertisement >> route for IP1->MAC1 with I=1; later on, PE2 also originates an EVPN >> MAC/IP Advertisement route IP1->MAC1 with a higher sequence number >> and I=1. Then all the EVPN PEs attached to the same BD SHOULD retain >> their IP1->MAC1 ARP/ND binding but update MAC1's forwarding >> destination to PE2. If for some reason, PE3 originates an EVPN MAC/ >> IP Advertisement route for IP1->MAC2 (even with a higher sequence >> number), then the EVPN PEs in the BD SHOULD NOT update their >> IP1->MAC1 ARP/ND bindings, since IP1 is bound to MAC1 (MAC2 SHOULD >> still be programmed in the layer-2 BDs). This is considered a >> misconfiguration in PE3. >> >> The use of the Flag I=1 assumes that a given IP is always bound to >> the same MAC address, and therefore the mobility procedures described >> in [I-D.ietf-bess-evpn-irb-extended-mobility] for "Host IP move to a >> new MAC" will not apply. >> >> >> >> >> Editorial Nits: >> >> I suggest deleting "refers to" in the terminology sentences. In all cases you >> mean "is" and you don't need to say "is". >> >> [Jorge] ok, removed >> >> >> >> The last phrase in the description of Bit 4 at the end of section 2 was >> difficult to read. Consider breaking the sentence into two or more. >> >> [Jorge] ok, changed to: >> >> Bit 4 of the Flags field is defined as the "Immutable ARP/ND Binding >> Flag". When set, the egress PE indicates that the IP->MAC pair sent >> in an EVPN MAC/IP Advertisement route (along with the Extended >> Community) is a configured ARP/ND entry. The IP address in the EVPN >> MAC/IP Advertisement route can only be bound together with the MAC >> address specified in the same route. >> >> >> >> >> At the end of section 3.1, "does not have any impact on" is confusing. I think >> you mean "does not change"? At ", including" the sentence becomes awkward. I >> suggest breaking that into a separate sentence. Perhaps "Specifically the >> procedures for advertising ... are not changed." >> >> [Jorge] good point, changed as suggested. >> >> >> >> >> > _______________________________________________ > Gen-art mailing list > Gen-art@ietf.org <mailto:Gen-art@ietf.org> > https://www.ietf.org/mailman/listinfo/gen-art <https://www.ietf.org/mailman/listinfo/gen-art>
- [Gen-art] Genart last call review of draft-ietf-b… Robert Sparks via Datatracker
- Re: [Gen-art] Genart last call review of draft-ie… Rabadan, Jorge (Nokia - US/Mountain View)
- Re: [Gen-art] Genart last call review of draft-ie… Robert Sparks
- Re: [Gen-art] Genart last call review of draft-ie… Alissa Cooper