Re: [i2rs] Benjamin Kaduk's No Objection on draft-ietf-i2rs-yang-l2-network-topology-14: (with COMMENT)

Martin Vigoureux <martin.vigoureux@nokia.com> Tue, 07 July 2020 10:30 UTC

Return-Path: <martin.vigoureux@nokia.com>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 109B93A0A4E; Tue, 7 Jul 2020 03:30:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UJbrPA8IYdM4; Tue, 7 Jul 2020 03:30:40 -0700 (PDT)
Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-eopbgr90123.outbound.protection.outlook.com [40.107.9.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D51B93A0A2A; Tue, 7 Jul 2020 03:30:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bdKLtaMoxsQloreNWvrN762PqaKfqmftqxTJXLgdZp7ZkesAKKyZCaaOnZ4tD3xIunLyutU2KDvDEgcVHPK+8I8IyXIRP5jtCzB910ST71+Atn0udb5u+OTX3UWTGKuWgRM+0P6C9138igE4AGlvUDgfEsG2wkcRJPG8f9SdWVLRYv3eW6UcgTg4/AQH3JvF/7akoq5vXnnqviR1RO8Pcz+u0Yk2rFYcV/8s4uANSPQfk9/i0zPJAWUScTyepVJUTY3webhm0CZFDA8SKJdUW3WFtZyXebGBqgdFPX24fpv3sNgUpDssi+7c0tc6YgnV+AI8O7I+L9ieyRmZMqO1jA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aeBaUHrkbWqDH6eedq5fEIy7ck/r5W0uGwhYL4i32TY=; b=UbwG+acJuiKTFhouy2SOUjvH1FE7TSoUAdI5alVBuNb+K70zUZtXzZSagfxzjAy5Kp/w17eRtYwQi6dp9aHiL7F/PcQtYbt/W455761L37QE0HRR+5BC9fKYzPCDyEzyNOB155vZEzZ9bG7q9S2+hVOCuATd0vhLsOkhUM3KahNakCUIoIbf9wH6Hp88GHSeNBL0TE/JuUhyWMgg0BvqGoQtoD9A/aNgHmZndUkqbH5Zbroa8Bj8sUDV9UB2bQKyMdr9CM32s9PfJkRZxebenXmNzxejdFm5MSIicUuIdH4yNEGHdBv05M4+CsW5lePs3pC8IUwbEDZpSIfa0Kkbpw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aeBaUHrkbWqDH6eedq5fEIy7ck/r5W0uGwhYL4i32TY=; b=j8kFlCRnP8qo+hL0kYb2c7IEFv9LUGVptluvn7h74SybccJWS75T+yGookIeBCU7pOupTCy8+USML9J9JXb1fux6BSFO+X76Yi6JwzyJOZ8y10zBehRsVsNk0Y0rG9ntgq7NsSND3ATK3UGeh9LBRjOYFs+m+nlM3Liv2aleXis=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=nokia.com;
Received: from PR3PR07MB6572.eurprd07.prod.outlook.com (2603:10a6:102:63::18) by PR1PR07MB4844.eurprd07.prod.outlook.com (2603:10a6:102:3::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.12; Tue, 7 Jul 2020 10:30:37 +0000
Received: from PR3PR07MB6572.eurprd07.prod.outlook.com ([fe80::3928:9c67:57e9:20e1]) by PR3PR07MB6572.eurprd07.prod.outlook.com ([fe80::3928:9c67:57e9:20e1%6]) with mapi id 15.20.3174.020; Tue, 7 Jul 2020 10:30:37 +0000
To: Benjamin Kaduk <kaduk@mit.edu>, The IESG <iesg@ietf.org>
Cc: draft-ietf-i2rs-yang-l2-network-topology@ietf.org, i2rs@ietf.org, i2rs-chairs@ietf.org
References: <159408571443.14853.16206496770792413851@ietfa.amsl.com>
From: Martin Vigoureux <martin.vigoureux@nokia.com>
Message-ID: <6d13215c-8437-e1a2-252b-9432bd4be502@nokia.com>
Date: Tue, 7 Jul 2020 12:30:29 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0
In-Reply-To: <159408571443.14853.16206496770792413851@ietfa.amsl.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: fr
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: CH2PR14CA0004.namprd14.prod.outlook.com (2603:10b6:610:60::14) To PR3PR07MB6572.eurprd07.prod.outlook.com (2603:10a6:102:63::18)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [172.30.2.230] (131.228.2.20) by CH2PR14CA0004.namprd14.prod.outlook.com (2603:10b6:610:60::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.20 via Frontend Transport; Tue, 7 Jul 2020 10:30:34 +0000
X-Originating-IP: [131.228.2.20]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 8bfdbd46-af25-430c-445f-08d82260c9a0
X-MS-TrafficTypeDiagnostic: PR1PR07MB4844:
X-Microsoft-Antispam-PRVS: <PR1PR07MB484497F65DFC1A7991671B008C660@PR1PR07MB4844.eurprd07.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: +Wk/WTlSiKZ1otHYRgQRWAigD24azlGLotVehBLm5dwjoZeyGxD7Q9OC0jjDZNz5/va9KKyP2gTippHCs+g0iz8/gKIDTxDqSU8LlL1ifjUCix7aP948c8a52YDYtoh+jZFq01+dbIFcbI2la3oXfnlsRSWXHhpeNB7pZPQ7+p+Vuk9hAfT2IW7+3zCisXE2JhlXi7t5nHEDuZqaljdpm66w9aXpXeiRlA/+Mt3CyT1n2S/BlB+2vCf3J+dSfsM+WlNryGRpfwa6QJ/Cf8YKNg+Uz3gDjM7CCU7AFIJAEqDHKP2LxJTsmM2FGkcMdPaMnluadyb7ebtnliGBkqezmqope9RKW9O3PT/OoqPxXkwPpuXb3OePblDguIJWce+z7SF/Ba6RWsxTpTTKYg9hkr1A/+UtVhgFqiaSeAYdzCbamYC8P7O160s9IwxHl4aPbGZxIIDMrm7B6ZVRE0LGWw==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PR3PR07MB6572.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(136003)(376002)(39860400002)(346002)(396003)(366004)(36756003)(6666004)(66574015)(4326008)(316002)(83380400001)(5660300002)(16576012)(31696002)(86362001)(110136005)(66556008)(66476007)(66946007)(956004)(2616005)(31686004)(478600001)(8676002)(44832011)(26005)(16526019)(6486002)(186003)(966005)(8936002)(52116002)(2906002)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData: 5MXsHqxQFEv2xRxdKas1OWwBjuzZhYEtpbOKPExSf24kzJ0rnXhilsrdkA5kZOdEVTlz6W43vjLQguOLNzcLhPU3g1wQx3joxv0ZOJqHRuVpNyMvGMI6ZOH//35ixvOqxIfluy9uLLGMK6G8PPi5qegjoxobrbEDyoSVCK5jUHktKSbdibRHxP/A18V4F2PQviy823Bg9d9UwF+MnZFyb6BJmXn2PFOsXW1skesDd0wD7evHXbamXsqzivH0olZ/PbIFDnrxLWOkeJeoGWEs+ubX/rVOORiqVkkBMfxqcsGcDFuLXN7fO8eiqsV8hqXF2Qcet86ZWDhHu6MYfmT9jbEoiaqKjtIpQLpQDcFc7eX7YsOtyhW11TzxP35z43MmPYwHFiYjfP+FhgrwoYacJsO9sFAA3ozEYDCB8HWyhIYMa56YJXuwPf/1c94HqDPFxZ7SQfwS2c4j/9f/pJnp+iU0+Y05ZjKFNmwK6d9/g10=
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8bfdbd46-af25-430c-445f-08d82260c9a0
X-MS-Exchange-CrossTenant-AuthSource: PR3PR07MB6572.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Jul 2020 10:30:37.1696 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: oTdH6qFlXiz5g3e8b/eN/GKFDwYNbD+WlIGWwSjUQohufOJ0Ml/KTTiTxRki4crB28WWgFq93sNVnSFMd/B2AnR1lCw9h+t9UI/UjalJAeA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR1PR07MB4844
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2rs/dfmOx0DxAXXqZQKMOFj8oKh5rI8>
Subject: Re: [i2rs] Benjamin Kaduk's No Objection on draft-ietf-i2rs-yang-l2-network-topology-14: (with COMMENT)
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jul 2020 10:30:42 -0000

Ben,

thank you for your review. One comment in-line.

-m

Le 2020-07-07 à 3:35, Benjamin Kaduk via Datatracker a écrit :
> Benjamin Kaduk has entered the following ballot position for
> draft-ietf-i2rs-yang-l2-network-topology-14: No Objection
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-i2rs-yang-l2-network-topology/
> 
> 
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> Why is the "management-address" for a l2-node an IP address?  Does that
> exclude any potential use of this data model for non-IP networks?
> 
> Section 3
> 
>     o  Links in the "ietf-network-topology" module are augmented as well
>        with a set of Layer 2 parameters, allowing to associate a link
>        with a name, a set of Layer 2 link attributes, and flags.
> 
> Interesting that names for links were not part of the core
> network-topology module.  Are there any potential issues if other
> ntework types also specify a link name and there is disagreement between
> them?
> 
> Section 4
> 
> It reads a little oddly to use the flag-identity as the base type of a
> typedef before the identity itself is declared, but I am way out of my
> league here and defer to the YANG experts.
> 
>         description
>           "VXLAN Network Identifier or VXLAN Segment ID.
>            It allows up to 16 M VXLAN segments to coexist
>            within the same administrative domain.
> 
>            The use of value '0' is implementation-specific.";
> 
> Is this intended as a nod to the use of 0 for the management VLAN?/
> (I seem to recall this topic raising to some level of controversy in the
> discussions around draft-ietf-bfd-vxlan.)
There has indeed been a discussion on that value in context of bfd-vxlan.
The issue is that the base VXLAN specification (rfc7348) doesn't specify 
the range and so implementers have been left without clear guidance on 
the use of that specific value.
Some implems support 0 and some don't.
Previously, in that document, the range was specified as 1..16777215.
I have suggested to the authors that it might be more appropriate to 
make it 0..16777215, with 0 being implem specific.


> 
>       /*
> 
>        * Features
>        */
> 
> nit: there seems to be a spurious blank line here.
> 
>       grouping l2-node-attributes {
>           [...]
>           leaf sys-mac-address {
>             type yang:mac-address;
>             description
>               "System MAC address.";
>           }
> 
> Is there only one "System MAC address" per node?
> 
>           leaf delay {
>             type uint32;
>             units "microseconds";
>             description
>               "Link delay in microseconds.";
> 
> I guess we don't expect to use this model for deep-space links :)
> 
>         container l2-termination-point-attributes {
>           description
>             "Containing L2 termination point attributes.";
>           leaf description {
>             type string;
>             description
>               "Port description.";
> 
> Is a termination point always a "port", or should the description be
> modified?
> 
>               list qinq {
>                 [...]
>                 leaf svlan-id {
>                   type dot1q-types:vlanid;
>                   description
>                     "SVLAN ID.";
>                 }
>                 leaf cvlan-id {
>                   type dot1q-types:vlanid;
>                   description
>                     "CVLAN ID.";
> 
> Could we perhaps expand "service" and "customer"?
> 
>             }
>             //case ethernet
> 
> RFC 6020 suggests that YANG comments are "C++-style", which would seem
> to indicate that the single-line comment could start on the same line as
> the closing brace.  This, in turn, would save some confusion since the
> block comments apply to the content after the comment, but these
> comments apply to the content before the comment.
> (Also later on as well.)
> 
>           leaf tp-state {
>             [...]
>               enum others {
>                 value 4;
>                 description
>                   "The termination point is in other state.";
>               }
> 
> Is there a plan for how substructure of these "others" states might be
> added in the future?
> 
> Section 6
> 
> Thank you for updating the privacy considerations in response to the
> secdir review!
> 
>     In the case of a topology that is configured, i.e. whose origin is
>     "intended", the undesired configuration could become effective and be
> 
> Perhaps toss the word "datastore" in here somewhere to remind the
> less-clueful reader (i.e., me) that origin is an NMDA concept?  Though
> if it's sufficiently obvious, no need to do it just for me.
> 
>     reflected in the operational state datastore, leading to disruption
>     of services provided via this topology might be disrupted.  For those
> 
> nit: deduplicate "disruption"/"disrupted".
> 
>     reasons, it is important that the NETCONF access control model is
>     vigorously applied to prevent topology misconfiguration by
>     unauthorized clients.
> 
> Should we condense "NACM" here since we provided the acronym at the
> start of the paragraph?
> 
>     o  l2-node-attributes: A malicious client could attempt to sabotage
>        the configuration of important node attributes, such as the name
>        or the management-address.
> 
> I don't feel a need for a text change here (since "such as" suffices),
> but would a change to the node's MAC address be similarly impactful?
> 
>     Some of the readable data nodes in this YANG module may be considered
>     sensitive or vulnerable in some network environments.  It is thus
>     important to control read access (e.g., via get, get-config, or
>     notification) to these data nodes.  In particular, the YANG model for
>     layer 2 topology may expose sensitive information, for example the
>     MAC addresses of devices.  Unrestricted use of such information can
> 
> I think I've been told that in some environments the topology itself
> (especially VLAN/VXLAN identifiers) can be considered sensitive.  What's
> written here is consistent with that, and I don't insist on a change to
> the text, but wondered if that was seen as a common enough thing to be
> worth mentioning.
> 
> Section 8.1
> 
> RFC 3688 could arguably be demoted to informative, as could RFC 7951.
> 
> Section 8.2
> 
> If we use types defined in [IEEE802.1Qcp], that seems like a normative
> reference to me.
> 
> Noting the discussion at
> https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/
> about even optional features still being normative references, I think
> RFC 7348 would be better placed as a normative reference.  Note that
> there is not a process/downref issue in doing so, since it is already
> listed at https://datatracker.ietf.org/doc/downref/
> 
> I could go either way (informative or normative) for RFC 8342;
> presumably there's a convention to stick to.
> 
> Appendix B
> 
> I was going to reference
> https://www.iab.org/2016/11/07/iab-statement-on-ipv6/ and suggest IPv6
> addresses as example management-addresses, but I have a lingering memory
> that the IPv4 form is still used to identify nodes even in v6-only
> environments.  Do the right thing, of course.
> 
> [Note that I did not do an extensive consistency/sanity check on the
> example topology or try to reconstruct it from the JSON.]
> 
> 
> 
>