Re: [Idr] WG adoption call - draft-li-idr-flowspec-srv6-05,txt

Susan Hares <shares@ndzh.com> Fri, 30 July 2021 13:12 UTC

Return-Path: <shares@ndzh.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26A373A29C6; Fri, 30 Jul 2021 06:12:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.357
X-Spam-Level: *
X-Spam-Status: No, score=1.357 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.399, SPF_NONE=0.001, T_SPF_HELO_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H1cpR7DFsCFP; Fri, 30 Jul 2021 06:12:28 -0700 (PDT)
Received: from hickoryhill-consulting.com (50-245-122-97-static.hfc.comcastbusiness.net [50.245.122.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0884F3A29C8; Fri, 30 Jul 2021 06:12:27 -0700 (PDT)
X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=50.107.119.54;
From: "Susan Hares" <shares@ndzh.com>
To: "'Ketan Talaulikar \(ketant\)'" <ketant@cisco.com>, <idr@ietf.org>, <draft-li-idr-flowspec-srv6@ietf.org>
References: <022201d77fe3$eb9ba9b0$c2d2fd10$@ndzh.com> <MW3PR11MB4570125E6DCFC74FAE544041C1EC9@MW3PR11MB4570.namprd11.prod.outlook.com>
In-Reply-To: <MW3PR11MB4570125E6DCFC74FAE544041C1EC9@MW3PR11MB4570.namprd11.prod.outlook.com>
Date: Fri, 30 Jul 2021 09:12:11 -0400
Message-ID: <00c801d78544$82862a20$87927e60$@ndzh.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_00C9_01D78522.FB791E00"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHSMA+SzG3WNAYeCjdPMBqg8QJxWwKU/A8uq1GAPVA=
Content-Language: en-us
X-Authenticated-User: skh@ndzh.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/-hDVXOqxfcJgx5ER3UShM3iMIJU>
Subject: Re: [Idr] WG adoption call - draft-li-idr-flowspec-srv6-05,txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2021 13:12:33 -0000

Ketan: 

 

The authors have indicated draft-li-idr-flowspec-srv6-05.txt is for v2 (see
my WG Call).   I look forward to the author's response to the remainder of
the questions. 

 

I hope authors will consider presenting at the 9/13/2015 Interim meeting
where we discuss the flow specification v2 base specification and drafts.  

 

Sue 

 

From: Ketan Talaulikar (ketant) [mailto:ketant@cisco.com] 
Sent: Friday, July 30, 2021 8:19 AM
To: Susan Hares; idr@ietf.org; draft-li-idr-flowspec-srv6@ietf.org
Subject: RE: [Idr] WG adoption call - draft-li-idr-flowspec-srv6-05,txt

 

Hello,

 

I have reviewed
https://datatracker.ietf.org/doc/html/draft-li-idr-flowspec-srv6-05 and have
the following questions for the authors before we consider adoption.

 

1.	FlowSpec v1 is supposed to be focussed on the DDOS use-case. I don't
find any text in the draft that clarifies how/why this is related to DDOS
use-case. To me, this seems like something for FlowSpec v2. Per (what I
understood to be) WG consensus, this work is then perhaps deferred to v2.
2.	The draft proposes a new type "Whole SID". My understanding from the
text is that this rule applies to the IPv6 DA and not the segments within
the SRH. If so, then:

a.	What distinguishes a SID from any other IPv6 address in the DA
field? 
b.	Why isn't the existing IPv6 DA type not sufficient?

3.	The draft proposes a new type "Some bits of SID (SBoS)". Again, I
believe this applies to the IPv6 DA again - so the same two Qs above apply
to this type to. What prevents a router (mistakenly) applying this rule to
packets with non-SRv6 SID in their DA.
4.	When the SBoS type is used, the SRv6 SID structure MUST be indicated
as part of the rule. Then the parts of the SID of interest that need to be
matched are also given in the space for the SID. Is my understanding
correct? If so, the text was not very clear to me.
5.	The question of why this SBoS type is required again crops us since
the base FlowSpec rule for DA does allow pattern matching on the IPv6 DA as
well? Perhaps I am mistaken, and if so the document does not provide any
text or justification for why these new types are required.
6.	Finally, there is no text related to the specific applicability
scenarios for these extensions. Exactly why it is difficult to determine
whether this falls under v1 or v2 scope.

 

Thanks,

Ketan

 

From: Idr <idr-bounces@ietf.org> On Behalf Of Susan Hares
Sent: 23 July 2021 22:28
To: idr@ietf.org; draft-li-idr-flowspec-srv6@ietf.org
Subject: [Idr] WG adoption call - draft-li-idr-flowspec-srv6-05,txt

 

This begins a 2 week WG adoption call for draft-li-idr-flowspec-srv6-05.txt.

 

I am missing 3 IPR statements (Zhenbin Li , Lei Li , and Lei Liu).  

These authors should send in their IPR statements in response to this call. 

 

This draft is targeted for the V2 version of flow specification.  

Flow specification v2 draft will be discussed at an interim on 9/13/2021. 

 

If it is adopted, it will be developed as part of the v2 set of drafts. 

 

Please consider if: 

 

1) if this draft is useful for networks, 

2) if you wish to adopt this draft prior to adopting flow specification v2. 

 

Cheerily, Susan Hares