Re: [Gen-art] Genart last call review of draft-ietf-bess-evpn-na-flags-05

Alissa Cooper <> Thu, 24 September 2020 14:10 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5E42F3A0A3B; Thu, 24 Sep 2020 07:10:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.119
X-Spam-Status: No, score=-2.119 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key) header.b=MTApv9NR; dkim=pass (2048-bit key) header.b=QTYEbz/n
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Wsj0HevGi_vI; Thu, 24 Sep 2020 07:10:00 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4EA823A09DA; Thu, 24 Sep 2020 07:10:00 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal []) by mailout.nyi.internal (Postfix) with ESMTP id A1D5A5C016A; Thu, 24 Sep 2020 10:09:59 -0400 (EDT)
Received: from mailfrontend2 ([]) by compute4.internal (MEProxy); Thu, 24 Sep 2020 10:09:59 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; h= from:message-id:content-type:mime-version:subject:date :in-reply-to:cc:to:references; s=fm1; bh=P+tNBo/U9l2EdYES+rBG/gV 4t6+uRmsOu/B1fkxddFI=; b=MTApv9NRtDOc0Y1Bvl+4CiZFQPivyfWGUel5fZW aJAiRRBh2Ia23Kt02GZHJgJgfMk1iJRj4XJ32EaS//vtCnkqqyNglnCXGAPPgoqs TyBzKYWBdta0TdfDrI8xMHMK9TVvYS0CDcX+bVe8puy/dxB3AskTt7perwmxYKDN in8Vt6pYGbPO+lUvq2h6QOW3hAtelFdOw3VES/lKmD63LIbD/4ZcF2f7eEGUq8mg ULloqrJ6DOq2pkWNy7hqcVeLLhyyDFyLshFP+RJZV9QUNfaVSi0OX0/wbR53r6Cb 9GkRE6aHJ2xx05llnNQyWv/N/Je0myHT1XdC/jKE4a9gwkQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=P+tNBo /U9l2EdYES+rBG/gV4t6+uRmsOu/B1fkxddFI=; b=QTYEbz/nQgR7EbX3MC+Bhg 0Zr63A/TZ/iKnsDShBjoDyaVN0k68RTjQTohuPAifOLqx1vPzOT2Dpe7jwAh+Qmw 48hGxrMt9ASW67rXnVNaixcdkPn7BoPJGIovm6qSPzXCoV05QIvB45eMnTl1a26J KLlYt7r2+aa4AWSZmSlX9k47RZrbob4m4QXocSRa4QQujf3LDo2IoXdZDn7dMHV3 wb7cM3HLAxHEKtlMVJngNuV7+zLR2srOxCP/kTntrGrlCDU/tbnxj9OSzOaeH5Ng T6Q1roSaUuXaOr4P13nK1PS9pQ1I0G5nL/fRTabP1JSwZoxervWBfxnIx9hHdwlQ ==
X-ME-Sender: <xms:tqhsX85F2bxU3VpvZN_yet0Y_1QCfPvLqyXiFMoDAjLHuYur_yjlcw> <xme:tqhsX97oF-MtPDz0DaYUWRNxl91XJ25aM-vN_9S0Npofs7Y3nJsRyrfKFrYJfx2m9 G_Nnql5_EJqSb-87A>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrudekgdejgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefhkfgtggfuffgjvfhfofesrgdtmherhhdtvdenucfhrhhomheptehlihhsshgr ucevohhophgvrhcuoegrlhhishhsrgestghoohhpvghrfidrihhnqeenucggtffrrghtth gvrhhnpeelteekheffkeeuuedutedviedutedvtdffheeigeetjeelhfdtteeiffdvudeu teenucffohhmrghinhepihgvthhfrdhorhhgnecukfhppedujeefrdefkedruddujedrke einecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheprghl ihhsshgrsegtohhophgvrhifrdhinh
X-ME-Proxy: <xmx:tqhsX7fybVSx0MM54lfcGQWQjiUrtJVMqlymW9cvtlJVyTu15g6hhA> <xmx:tqhsXxIueHI7bE5MbuDwKgLf4-7DIflFzQ-L37vJOPnIVD04NqZCJA> <xmx:tqhsXwKOawfjSTNgRIjINSoGcoKc9u4a0YDfW0UbtYl7na2soB9s_Q> <xmx:t6hsX01-vFtUN8KuHWLj8Afq_pWUPGCrWWFszmackyxv8vNCre3qnQ>
Received: from (unknown []) by (Postfix) with ESMTPA id CDCC83064684; Thu, 24 Sep 2020 10:09:57 -0400 (EDT)
From: Alissa Cooper <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_A94F4FD3-9DDA-4703-8D84-5C8376AE2AD3"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.\))
Date: Thu, 24 Sep 2020 10:09:57 -0400
In-Reply-To: <>
Cc: "" <>, "" <>, "" <>, "" <>
To: Robert Sparks <>, "Rabadan, Jorge (Nokia - US/Mountain View)" <>
References: <> <> <>
X-Mailer: Apple Mail (2.3608.
Archived-At: <>
Subject: Re: [Gen-art] Genart last call review of draft-ietf-bess-evpn-na-flags-05
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 24 Sep 2020 14:10:04 -0000

Robert, thanks for your review. Jorge, thanks for your response. I ran out of time to ballot on this document but I appreciate the document improvements.


> On Aug 31, 2020, at 9:16 AM, Robert Sparks <> wrote:
> Thanks for considering my suggestions Jorge - your edits address all my concerns!
> RjS
> On 8/31/20 3:46 AM, Rabadan, Jorge (Nokia - US/Mountain View) wrote:
>> Robert,
>> Thank you very much for the review. Great points.
>> Please see in-line with [Jorge]. All the changes will be included in the next revision.
>> Thank you!
>> Jorge
>> From: Robert Sparks via Datatracker <> <>
>> Date: Tuesday, August 18, 2020 at 6:11 PM
>> To: <> <> <>
>> Cc: <> <> <>, <> <> <>, <> <> <>
>> Subject: Genart last call review of draft-ietf-bess-evpn-na-flags-05
>> Reviewer: Robert Sparks
>> Review result: Ready with Nits
>> I am the assigned Gen-ART reviewer for this draft. The General Area
>> Review Team (Gen-ART) reviews all IETF documents being processed
>> by the IESG for the IETF Chair.  Please treat these comments just
>> like any other last call comments.
>> For more information, please see the FAQ at
>> < <>>.
>> Document: draft-ietf-bess-evpn-na-flags-05
>> Reviewer: Robert Sparks
>> Review Date: 2020-08-18
>> IETF LC End Date: 2020-08-28
>> IESG Telechat date: Not scheduled for a telechat
>> Summary: Ready for publication as a Proposed Standard RFC but with nits to
>> address before publication
>> The protocol being defined seems fine, and the IANA considerations are well
>> constructed. I have a nagging feeling that there are new security concerns this
>> introduces, but haven't been able to identify anything specific. I appreciate
>> that the document discusses what happens when a bad-actor introduces
>> intentionally mis-configured flags.
>> Editorial Issues:
>> The Abstract is full of acronyms that are not universally understood, and it
>> buries the point of the document. Please consider rewriting to focus more
>> specifically on the goal of the draft (see the introduction in the shepherd's
>> writeup), keeping in mind that the abstract should make sense to people who
>> don't know yet what PE stands for. Much of what you currently have in the
>> Abstract can be left to the Introduction. I expect a  shorter (two or three
>> sentence) abstract will suit the document better.
>> [Jorge] we simplified the abstract as follows, hopefully it addresses your comment:
>>    Ethernet Virtual Private Network (EVPN) uses MAC/IP Advertisement
>>    routes to advertise locally learned MAC and IP addresses associated
>>    to host or routers.  The remote Provider Edge (PE) routers may use
>>    this information to populate their Address Resolution Protocol (ARP)
>>    or Neighbor Discovery (ND) tables and then reply locally to ARP
>>    Requests or Neighbor Solicitation messages on behalf of the owner of
>>    the IP address.  However, the information conveyed in the MAC/IP
>>    route may not be enough for the remote PE to reply to local ARP or ND
>>    requests.  This document defines an Extended Community that is
>>    advertised along with an EVPN MAC/IP Advertisement route and carries
>>    information relevant to the ARP/ND resolution, so that an EVPN PE
>>    implementing a proxy-ARP/ND function can reply to ARP Requests or
>>    Neighbor Solicitations with the correct information.
>> In section 3.2: The list of three things in the list under "R and O Flags
>> processing" are all processing steps. But the list of 6 things under "I Flag
>> processing" are not all processing steps. Please change the list to only
>> include processing steps, and move the examples and commentary to regular
>> paragraphs after the processing has been specified.
>> Consider moving the third top-level bullet in 3.2 ("MUST be ignored") to be the
>> first bullet, and after that bullet say "otherwise".
>> [Jorge] ok, section 3.2 changed as follows:
>> 3.2.  Reception of the EVPN ARP/ND Extended Community
>>    In addition to the procedures specified in [RFC7432] a PE receiving a
>>    MAC/IP Advertisement route will process the EVPN ARP/ND Extended
>>    Community as follows:
>>    o  The R, O and I Flags MUST be ignored if they are advertised along
>>       with an EVPN MAC/IP Advertisement route that does not contain an
>>       IP (IPv4 or IPv6) address.  Otherwise they are processed as
>>       follows.
>>    o  R and O Flags processing:
>>       *  If the EVPN MAC/IP Advertisement route contains an IPv6 address
>>          and the EVPN ARP/ND Extended Community, the PE MUST add the R
>>          and O Flags to the ND entry in the ND or proxy-ND table and use
>>          that information in Neighbor Advertisements when replying to a
>>          Solicitation for the IPv6 address.
>>       *  If no EVPN ARP/ND Extended Community is received along with the
>>          route, the PE will add the default R and O Flags to the entry.
>>          The default R Flag SHOULD be an administrative choice.  The
>>          default O Flag SHOULD be 1.
>>       *  A PE MUST ignore the received R and O Flags for an EVPN MAC/IP
>>          Advertisement route that contains an IPv4->MAC pair.
>>    o  I Flag processing:
>>       *  A PE receiving an EVPN MAC/IP Advertisement route containing an
>>          IP->MAC and the I Flag set SHOULD install the IP->MAC entry in
>>          the ARP/ND or proxy-ARP/ND table as an "Immutable binding".
>>          This Immutable binding entry will override an existing non-
>>          immutable binding for the same IP->MAC.  The absence of the
>>          EVPN ARP/ND Extended Community in a MAC/IP Advertisement route
>>          indicates that the IP->MAC entry is not an "Immutable binding".
>>       *  Receiving multiple EVPN MAC/IP Advertisement routes with I=1
>>          for the same IP but different MAC is considered a
>>          misconfiguration.
>>       *  A PE originating an EVPN MAC/IP Advertisement route for
>>          IP1->MAC1 with I=1 MAY also originate the route with the Static
>>          bit set (in the MAC Mobility Extended Community).  In such a
>>          case, the IP1->MAC1 binding is not only immutable but it cannot
>> Rabadan, et al.           Expires March 5, 2021                 [Page 6]
>> Internet-Draft      EVPN Neighbor Advertisement Flags     September 2020
>>          move as well.  Even so, if an update for the same IP1->MAC1
>>          immutable and static, is received from a different PE, one of
>>          the two routes will be selected, as in the [RFC7432] case where
>>          two MAC/IP routes with Static bit are received for the same MAC
>>          from different PEs.
>>    In a situation where a host (with an IP->MAC that is configured as
>>    Immutable binding in the attached PE) is allowed to move between PEs
>>    (that is, the associated MAC is non-static), PEs can receive multiple
>>    MAC/IP advertisement routes for the same IP->MAC.  In such
>>    situations, MAC mobility procedures as in [RFC7432] dictate the
>>    reachability of the MAC.
>>    As an example of the use of the I Flag, consider PE1, PE2 and PE3 are
>>    attached to the same BD.  PE1 originates an EVPN MAC/IP Advertisement
>>    route for IP1->MAC1 with I=1; later on, PE2 also originates an EVPN
>>    MAC/IP Advertisement route IP1->MAC1 with a higher sequence number
>>    and I=1.  Then all the EVPN PEs attached to the same BD SHOULD retain
>>    their IP1->MAC1 ARP/ND binding but update MAC1's forwarding
>>    destination to PE2.  If for some reason, PE3 originates an EVPN MAC/
>>    IP Advertisement route for IP1->MAC2 (even with a higher sequence
>>    number), then the EVPN PEs in the BD SHOULD NOT update their
>>    IP1->MAC1 ARP/ND bindings, since IP1 is bound to MAC1 (MAC2 SHOULD
>>    still be programmed in the layer-2 BDs).  This is considered a
>>    misconfiguration in PE3.
>>    The use of the Flag I=1 assumes that a given IP is always bound to
>>    the same MAC address, and therefore the mobility procedures described
>>    in [I-D.ietf-bess-evpn-irb-extended-mobility] for "Host IP move to a
>>    new MAC" will not apply.
>> Editorial Nits:
>> I suggest deleting "refers to" in the terminology sentences. In all cases you
>> mean "is" and you don't need to say "is".
>> [Jorge] ok, removed
>> The last phrase in the description of Bit 4 at the end of section 2 was
>> difficult to read. Consider breaking the sentence into two or more.
>> [Jorge] ok, changed to:
>>    Bit 4 of the Flags field is defined as the "Immutable ARP/ND Binding
>>    Flag".  When set, the egress PE indicates that the IP->MAC pair sent
>>    in an EVPN MAC/IP Advertisement route (along with the Extended
>>    Community) is a configured ARP/ND entry.  The IP address in the EVPN
>>    MAC/IP Advertisement route can only be bound together with the MAC
>>    address specified in the same route.
>> At the end of section 3.1, "does not have any impact on" is confusing. I think
>> you mean "does not change"? At ", including" the sentence becomes awkward. I
>> suggest breaking that into a separate sentence. Perhaps "Specifically the
>> procedures for advertising ... are not changed."
>> [Jorge] good point, changed as suggested.
> _______________________________________________
> Gen-art mailing list
> <>
> <>