[Idr] Re: AD preliminary review of draft-ietf-idr-ts-flowspec-srv6-policy-04
John Scudder <jgs@juniper.net> Mon, 18 November 2024 15:53 UTC
Return-Path: <jgs@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DAF2C14F60D for <idr@ietfa.amsl.com>; Mon, 18 Nov 2024 07:53:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.149
X-Spam-Level:
X-Spam-Status: No, score=-2.149 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b="KZBfeZzX"; dkim=neutral reason="invalid (public key: not available)" header.d=juniper.net header.b="eiW5B5dS"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WIYFntGPMGXP for <idr@ietfa.amsl.com>; Mon, 18 Nov 2024 07:53:25 -0800 (PST)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) by ietfa.amsl.com (Postfix) with ESMTP id 47A20C151066 for <idr@ietf.org>; Mon, 18 Nov 2024 07:53:25 -0800 (PST)
Received: from pps.filterd (m0108160.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4AIDA2P6002006; Mon, 18 Nov 2024 07:53:23 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h= cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=PPS1017; bh=fwEx+yKEB0uVa2czDNIydDI/Uv NmQcqZq/8paZCgjns=; b=KZBfeZzXmgs9KcLws9m3Gkova/qZ2fH7nSeksBxzRA CoEHeHulho7zZ8No31UWBcYzsCRVPSE6r8hjoJxOZ3xasTOABY0pgf944ezLgOOv ZLDQpGOFqbBNzuOSCGZCtMrpQiwC8B+CG32dDzx7Ip4J0jAH7zSrWh1RVvChBCI6 8InNxoaLMHtzM/T6YaRzZfq8Y/1kP2tMitcPOsIWldMXxlOcEXj2ET/aeSwkZqql Qao04/r+OpkPvKS3XvkpB1X0oDIvvVnLJgMlXPmaGz85nCPGwchFwo4m3Pk0KqnU /HmAfPwBj6yNVKKz+DrwFJuRjnBXwoaowRT19mrMFUkg==
Received: from dm1pr04cu001.outbound.protection.outlook.com (mail-centralusazlp17010007.outbound.protection.outlook.com [40.93.13.7]) by mx0b-00273201.pphosted.com (PPS) with ESMTPS id 42xt6fuv3g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 18 Nov 2024 07:53:22 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=QjXDVwpKxu5U0dYQQDOfcBTMc1RFKaXt0YHXijf4FwuBncMOhrVXJuni2RNMSjZqKhRSFJ3gAo8nn5N/QZp3skC6NydP3+/OdmylRZr4Sby1mXAfOTKA1Y/IikIBNeEtGJ4ZtGSN6i9Gw2XPRZrfpVKtQ+LF5nCmDpFT94ev0Mx/A7aLnEVn9fzoF7Nhydxnts1WljQnUoyjrX7J2sc6O9ZkdZzABYXrXJO9xqd6qQJaIRaVWPt3037dgaaWJ1jF3JH4voidgTXoC6i+Ir9/im/2h7wAXv5rCUfROpCaIYRHOYzjrMmm+DPi6HjCuzVlucT2YqN5SHa42zyVN3bIwg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fwEx+yKEB0uVa2czDNIydDI/UvNmQcqZq/8paZCgjns=; b=argByi3m26ljv6pTj1C/ffyrl+OT0Yq6+ChXrMw1MJ4nuNYqB9ItCXh9oYpVqJR6zANA5fVVOBFsdz0RuCLBXJRvqUqDS41V9zozOOdEUwPty99VOjUpkXeJd/h0+MpYOap+muwkPhRcvVWcp0O/Pcj4jpwPj0NHIQblvgvvMTvLrRvwnTN6pCyU+xLBt03ADyLzMpBuchaTjtgkhmkc73qhj0AM+nuaKuPiqQwprKrVodM2e1RYWiYJVUj8EW+F/PsavjWlS0y3mChPp7QBnlkQYSwxCO/vjnzULX45jzAfN/0l0LwpWhGSaRmuTfktfnBb0dNsWTzKs2I8bAjVhw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fwEx+yKEB0uVa2czDNIydDI/UvNmQcqZq/8paZCgjns=; b=eiW5B5dSXGa+y8ZR1ahHnhy4HBk8pIOMaFM0u1Fru8Los1h0Q/ZCjfUhIBOi7c9d+5MsGl0NDMn6R7Df5iv1oPT5Rcb87wcvL/KPiT8MAYoYkRM9IbeP8AXFiCzorKILQzbuFZC1hVT/1zLLOkrf2cBTwXCwtZJoVqEOv8xVY2s=
Received: from LV8PR05MB10374.namprd05.prod.outlook.com (2603:10b6:408:184::11) by SA1PR05MB7933.namprd05.prod.outlook.com (2603:10b6:806:1a6::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8158.23; Mon, 18 Nov 2024 15:53:19 +0000
Received: from LV8PR05MB10374.namprd05.prod.outlook.com ([fe80::5611:fbeb:b227:6aa9]) by LV8PR05MB10374.namprd05.prod.outlook.com ([fe80::5611:fbeb:b227:6aa9%3]) with mapi id 15.20.8158.021; Mon, 18 Nov 2024 15:53:19 +0000
From: John Scudder <jgs@juniper.net>
To: Hares Susan <shares@ndzh.com>
Thread-Topic: [Idr] AD preliminary review of draft-ietf-idr-ts-flowspec-srv6-policy-04
Thread-Index: AQHbOdH8cOxxvS33sE+K7ZdfTJX9kQ==
Date: Mon, 18 Nov 2024 15:53:19 +0000
Message-ID: <90FBE9EA-2561-45AA-B779-B1DCA2C346E1@juniper.net>
References: <CO1PR08MB66119B54EEAECE4E83F5C333B3272@CO1PR08MB6611.namprd08.prod.outlook.com>
In-Reply-To: <CO1PR08MB66119B54EEAECE4E83F5C333B3272@CO1PR08MB6611.namprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3776.700.51)
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LV8PR05MB10374:EE_|SA1PR05MB7933:EE_
x-ms-office365-filtering-correlation-id: 73073906-741f-4cc5-a32c-08dd07e91f74
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|366016|4022899009|8096899003|38070700018;
x-microsoft-antispam-message-info: CHFb7YoZDSmJVfIbXlJORCdhUbg+l7bHnwC5g8yUQQr9rG+j16mHYtm6GIQfIX4O9Iz3/Ja1jMQwXlyEl3EJbxsyOR/hpIXqJYJzPnI/+KQiwTVC1QUa3XPU2RcVrQhO1RDBTeKMzXW3oOoVvc5tGu3a1EOz/LQTUAI5eDMQ/pIo9g4VvcSotnISoe3rds29vN7+dSR/fy8hc8tZ3rgjhyhqHiREakKpUYjfhTY9bh61l2MI+6U0QYBMn3C+BD3RIKoUusbzEgLh8OGTfqBm2NeiWKNBX73AJE9yBJNuBLPzhE1jvLPwMKttWoOMNpvNRiu6lF/iqDHNON2GOa31nLICnOg2wZn1CXtAz6gyPZPxpTU9Qhm/Yc85AldVsO4RKryFe7CL0OAM2Dztt55XxXyPiukCkLg5tAkge5mt5278IPs/668FF+uq6AOH8w8RjIJv5p5PH307Rg0zPEfXPWbgPh212nkBCilFhe5ulESZ4i1ypOIH7VAVMHrG2BuqsbWfI79GrCinP0KmrKKzT2VZHkCkkQ3LuKm7zVH26iew71JejBAibwczRQ4bn227xXcZ02Dyqw1HpAwPfMQ0trGvDatcDs4fuXi1kJM0mzEI3rp8mvoYmKcdzwbo0TA1/Ne6qtVSpwZa8USbw9aKCqsI5vEQnWMcT7/Dykpi87OlIm9EI/jkU2IHd01OPU5cxFIcG0m2cQB2exTLWWtx8khdaAAgINc1WdzdnILHz/S8q98jNWCrjxrYzEUaSjpMtwgnhS5eQ9YibDc9hHHbv1ZDkP2vhxvX8/0xxe0jLAyCBilQz4b0QyFjnzrgB1NlruwyfSTvI2afSA3kstefDAhJIb52l+w0EPnrDEF2pH1WnX5TpcftxWu0PUbeywV/Kydo18ALoqJgudrGXGFudPN12h5kj3+r+R2loYlxzqj4N2rDW20R0UMH+FDNkygPLhw7714GIQb6aL2imLYGFfofI+7RkXlV2+QpyK1evJjGj1L40xiZjndS/dt/9lceBzwEhJoSV8n0WHxxxYusIMkFU+8zhlepwxxyeceXoJi99qsbP1OIov4sAzimQxxVh05AUPdOIaBIdMKrj8OUdRJZNQByuCTrK6Uqw5ZqdhXoyogXyyrOiH4dbaRMg5JeBjDw9IjG00K0aoaXJEHmI/LKcTCowu5yIeOrNFVbCjL9flKerV2y9nd9XUD0KUQ4zfqopSdl0hitwYvis3CtADhtdC3eJXjhQjH8Rg+X0O5EKmIEfoRWNZcAIMsCzUOn+W/DnpSI0KlWrm1z/ILJPtaWcc8ztcy8J+lNx8RpvWVQdsdB/2BpnA0nbzp3iecRXCGldkbUo0bG3oJ3VhGPhw==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LV8PR05MB10374.namprd05.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(4022899009)(8096899003)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: LoL21mEXzazM7KfNy7e+e3YSKVSN3hQ1Yc2eRn0y6qXpLtusjU/7pFbstre3HQ9W4mhbWQ5xKKCBdPsaL5Ra/8uAJCt/cOa/KCQOJxOS5iydmDuIsckJB51/Q0jo8X0Ok6HMHCcCYXy12uglDMFzrAT8I4r57v/lYf994aya/brJMJrDX9S7Zjr8ldUUThSVvqCYykF71vGaKsYet9BfwuCm5ZGA7r+Gw3n41WcmzDfElgOriCzqIVyT6Wz0PWhsHctxuU2l97Hj48NnP0am0etEGNqDWkkVAsZOs6CpQGnA7wha48TMSeexFv4Ka2IZrROFKaVYEIvMACejAAqx6IP5MZ3jjZtn1bWegj05jPxqJW6lPSlumiKbzZESdMuIpQUD2uBdSNF8SFMwFW9ciogziWHyJmL2qbiSwi4cLvdNYICgcdPLhzyreBhcpJuZ+pe8VB86qggTT5yoiaoJa+C1pUca0bSf15sQDZgR/UYRYMmRhezFyRSdFv4QX2VWAGbF4HNI73QOl+2Vmr2QX2g73DWYxL2KKJNAX6yvby9kNNMTI+fIXaeCC0joyDcIi4dqy0ul1u2FNcQwXUuA1JvsDv4Tt3gLynwCOs8N5XFAcIAvf0H2qNT1DqRWGSpFiNPA5nd8eYUM8xd9FPir4MhNHaXUhWMjPSCIHgA3Xl0pSXuCYCQsiKffWERTm4EIia2cqjVCCHyIOKOIuQgpdz3M3y+Yw47Dd88v7L5+LvfSZUgQvd6VMxyvtoC24kXv2s7pTy5iwaiii8lnu5lbjzfJ70bjGXlEyxcqI/AkHeXPiAVgzK9Yru27Pm6T4RL2P+HSkqSRnPBHHStM6EYm5A/Ov/A/GsRjYyNZschtrZG6Ow5mt6odxA1n5wve2qlTZ6ylX3f34H2DvThF4NMEdCGXFHw18/9VNEod49uzQLSdJqhM+IWj5vGQTKMEoFZeXUKjh4+E/8AAtdOArzQVOepVVyew8hzXjmAJ/j9FcHoy92kOVm+uhv1Zbu2B2/omMk9QSAp+g2ID7U0QFheNJcTatAhduXu+x/XS56avwYpOxQ1Z4bskRRehoXIhFTpUE5xlac+K9Cvc+ImwTK7qr8ltlCerBwSYbcTlvOMuQzBH5Y8ZG0vdY4c0pP9lSzRgad7uAzXGvEK3ZhC1S4JU/MAI8Q9CXRC/g0MicpZPfjXU85RLtF9qNKgUNPB7bxFxVgXko48R1Asrlj42uu5PHXsaYdfC34YnzP27xPkReESuZWju6dmqIGl/s7m+c3onmGnBxiLpGt36Zis7mwL9UE92s1a+zEOFeuA5uf+xVaFcZQW7ZLoHOGGc279/GX6lsySNmSNGrgGkmsXa9pTky5waQcaS8M/2QH4SrtlcisGYkAtUFH1SQRPDeF+BO7KrBBTmSeZjhiiJoQLT6iXoSV66bZ2jD6SccRYsx4cQOLIpZzNGDBVRc9iowhfy8rprAEON8Yg8UP+trK7V9SIunXTlBGK8EHnbTqER/R2AwCl+MslVfPgWj3jvHpJVZ0mj6I2nFIOgISUWVtjJGsuLag8j7l5YrvnN0XIDZ2eq4GeZBwiM068MXoZuFo+6QusL
Content-Type: multipart/alternative; boundary="_000_90FBE9EA256145AAB779B1DCA2C346E1junipernet_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LV8PR05MB10374.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 73073906-741f-4cc5-a32c-08dd07e91f74
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Nov 2024 15:53:19.2604 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: q/dQE8nBWQ10/NYxAa1NUuaAQolaAzhUY/tS3EqHDMV711u3d49LljtWbkcEPxiD
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR05MB7933
X-Proofpoint-ORIG-GUID: N7ZF7bBC19ce6PPTiLv4WlCLMre6Kmas
X-Proofpoint-GUID: N7ZF7bBC19ce6PPTiLv4WlCLMre6Kmas
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-06_09,2024-09-06_01,2024-09-02_01
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 mlxlogscore=999 spamscore=0 clxscore=1015 suspectscore=0 adultscore=0 priorityscore=1501 phishscore=0 malwarescore=0 mlxscore=0 bulkscore=0 impostorscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2411180132
Message-ID-Hash: ZFGNJFXVSAOO2BAOYSV5OWNJXUOMOHZB
X-Message-ID-Hash: ZFGNJFXVSAOO2BAOYSV5OWNJXUOMOHZB
X-MailFrom: jgs@juniper.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-idr.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "idr@ietf.org" <idr@ietf.org>, Keyur Patel <keyur@arrcus.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Idr] Re: AD preliminary review of draft-ietf-idr-ts-flowspec-srv6-policy-04
List-Id: Inter-Domain Routing <idr.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/8bK1wBrTLVoacGNbHys1-qebXxI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Owner: <mailto:idr-owner@ietf.org>
List-Post: <mailto:idr@ietf.org>
List-Subscribe: <mailto:idr-join@ietf.org>
List-Unsubscribe: <mailto:idr-leave@ietf.org>
Hi Sue, Thanks for your reply. I’m top-posting my comments. Regarding your first question, about whether I consulted RFC 9252, no I didn’t. However, RFC 9252 also doesn’t define the use of the Prefix-SID attribute with SAFIs 133 or 134, which is what the present draft proposes doing. So the concern stands, and indeed you captured that in your second question, "Are you concerned solely with the SAFI 133 (FSv1) and SAFI 134 (FSv1 for VPN)?” The answer to that question is, yes, that was my stop-the-presses moment (although not my sole concern). I agree with the analysis in your point 2. Moving on to "Should we make this draft an PS or include the changes in the BESS draft?” it seems like doing it in the present draft is the right way to go: it keeps the necessary functionality and specification together in one place. By contrast, the BESS draft is entitled "SRv6 Argument Signaling for BGP Services” and I don’t think "Traffic Steering using BGP FlowSpec” is plausibly in-scope as a “BGP Service” in the BESS context. So yeah, IMO the present draft should be a PS. For clarity, I don’t think all that is needed is a line somewhere that says “it is OK to attach this attribute to SAFIs 133 and 134”, I think that is necessary but not sufficient. What is also needed is a definition of the procedures to be followed when the attribute is so attached. That leads me to "This document has enough implementations to make it easy to swap to PS”. I guess you mean in terms of IDR process, the implementation requirement won’t hold it up. That’s good. But this does bring me back to my earlier critique, which is, to quote myself, "I am concerned that the draft is so high-level that it wouldn’t be sufficient to enable an implementor to produce an interoperable implementation”. [1] I think the draft needs a scrub to make sure it provides enough detail about its procedures, I'm not confident that all the WG needs to do is change the “intended status” header and resubmit with the new proposed status. (And maybe that wasn’t what you meant!) In any case, it sounds like we have the beginnings of a plan even if we are still iterating on the details/next steps. I’m going to return the doc to the WG so we can move forward. Thanks, —John [1] https://mailarchive.ietf.org/arch/msg/idr/UCRiIaES78Bt9_D6P5lboQlRazM/ On Nov 17, 2024, at 8:55 PM, Susan Hares <shares@ndzh.com> wrote: John: My apologies for the delay in responding to you. Keyur and I were discussing this email. Would you examine the text in draft-ietf-idr-ts-flowspec-srv6-policy-04 to answer two questions: 1. Are you using RFC9252 for your judgement on AFI/SAFIs? Text:/ The BGP Prefix-SID defined in [RFC8669] is utilized to enable SRv6 VPN services [RFC9252]. SRv6 Services TLVs within the BGP Prefix-SID Attribute can be used to indicate the endpoint functions./ Are you using RFC8669 or RFC9252 to judge the AFI/SAFIs? We took this text to imply RFC9252 rules, which allow for the following AFI/SAFIs in section SAFI RFC AFI/SAFI ------------- -------- ---------- SAFI (1) RFC4760 [1/1, 2/1) SAFI (2) RFC4760 (1/2, 2/2) SAFI (4) RFC8277 (1, 4) SAFI (70) RFC7432 (1/70, 2/70) SAFI (71)(BGP-LS) RFC9552 (1/71, 2/71) SAFI (72)(BGP-LS VPN) RFC9552 (1/72, 2/72) SAFI (128) MPLS LU VPN RFC4364, (1/128, 2/128) RFC8277, RFC9252 RFC4659 Text from RFC9552/ When an egress PE is enabled for BGP Services over the SRv6 data plane, it signals one or more SRv6 Service SIDs enclosed in an SRv6 Service TLV(s) within the BGP Prefix-SID attribute attached to Multiprotocol BGP (MP-BGP) Network Layer Reachability Information (NLRI) defined in [RFC4760], [RFC4659], [RFC8950], [RFC7432], [RFC4364], and [RFC9136], where applicable, as described in Sections 5 and 6./ 1. Are you concerned solely with the SAFI 133 (FSv1) and SAFI 134 (FSv1 for VPN)? SAFI 133 - RFC8955, RFC8956, RFC9117 1/133, 2/133 SAFI 134 - RFC8955, RFC8956, RFC9117 1/133, 2/133 You are correct that RFC9252 does not specify FSv1 SAFIs (133 and 134) as one of the possible AFI/SAFIs the BGP prefix can be attached to. Draft-ief-idr-ts-flowspec-srv6-policy-04 states: / For SRv6 scenarios, this document proposes carrying the Color Extended Community, the Flow-spec Redirect to IPv6 Extended Community and BGP Prefix-SID Attribute in the context of a Flowspec NLRI [RFC8955] [RFC8956] to an SRv6 Headend to steer traffic into one SRv6 Policy, as well as to indicate specific Tailend functions./ Here the text says MPLS-SR NLRI: (1/133, 2/133, 1/134, 2/134) Ext-Com: Color, redirect-ipv4 SRv6 NLRI: (1/133, 2/133, 1/34, 2/134) Ext-Com: Color, redirect-ipv6, prefix-SID You are correct that the RFC9252 does included the FS AFI/SAFIs. BESS is updating RFC9252. https://datatracker.ietf.org/doc/draft-ietf-bess-bgp-srv6-args/<https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-bess-bgp-srv6-args/__;!!NEt6yMaO-gk!CvENScMlgABx0XQP4W5ctLi1eO0bogKqwoV3FBl6fsZmnZrSIkLbWle6Q6HbZxmxehQfmrQKHgA$> Should we make this draft an PS or include the changes in the BESS draft? This document has enough implementations to make it easy to swap to PS. We’ll have to do a 1-2 week WG change call. Sue ======================= [Idr] Re: AD preliminary review of draft-ietf-idr-ts-flowspec-srv6-policy-04 John Scudder <jgs@juniper.net<mailto:jgs@juniper.net>> Tue, 29 October 2024 16:31 UTCShow header<https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/msg/idr/Ym-sK8OXVXXdPEKw9i6jkqbag9A/__;!!NEt6yMaO-gk!CvENScMlgABx0XQP4W5ctLi1eO0bogKqwoV3FBl6fsZmnZrSIkLbWle6Q6HbZxmxehQfTFZs4K4$> On reflection, I do have a deeper concern about both the Informational status of the document, and the amount of specificity. This document leans on Prefix-SID. Looking at RFC 8669 where Prefix-SID is defined, I see, ``` The BGP Prefix-SID attribute defined in this document can be attached to prefixes from Multiprotocol BGP IPv4/IPv6 Labeled Unicast ([RFC4760<https://www.rfc-editor.org/rfc/rfc8669.html#RFC4760><https://urldefense.com/v3/__http://rfc4760*3Chttps/www.rfc-editor.org/rfc/rfc8669.html*RFC4760*3E__;JSMl!!NEt6yMaO-gk!CvENScMlgABx0XQP4W5ctLi1eO0bogKqwoV3FBl6fsZmnZrSIkLbWle6Q6HbZxmxehQfwsLfRTo$>] [RFC8277<https://www.rfc-editor.org/rfc/rfc8669.html#RFC8277><https://urldefense.com/v3/__http://rfc8277*3Chttps/www.rfc-editor.org/rfc/rfc8669.html*RFC8277*3E__;JSMl!!NEt6yMaO-gk!CvENScMlgABx0XQP4W5ctLi1eO0bogKqwoV3FBl6fsZmnZrSIkLbWle6Q6HbZxmxehQfQnDwpmY$>] Usage of the BGP Prefix-SID attribute for other Address Family Identifier (AFI) / Subsequent Address Family Identifier (SAFI) combinations is not defined herein but may be specified in future specifications. ``` This document attaches Prefix-SID to routes of a “not defined herein” family (SAFI 133), but falls short of “specifying” the use and semantics. To me, that undermines the case for Informational. I’d be interested in discussion of this point before we proceed further. Thanks, —John On Oct 28, 2024, at 3:42 PM, John Scudder <jgs@juniper.net><mailto:<jgs@juniper.net>> wrote: Hi Authors, Shepherd, WG, I just made an initial read-through of this draft. In reading the shepherd writeup [1], I see that there was a WG discussion of whether the doc should be Informational or Standards Track: ``` One question asked: Should this be standards document? The IDR shepherd/chair will consult AD to determine whether this is an informational or Standards document. That being said, IDR Chairs/Shepherd does believe this draft is an informational document. ``` In reading through the document, I do agree it’s not ready for publication as Standards Track, and if the WG has consensus to publish it as Informational I’m OK with that, with caveats detailed below. I suppose the rationale for publishing as Informational is that it is a recipe for using pre-existing BGP functions to accomplish the task, and that it doesn’t need to define any new functions, messages, etc. Even so, I am concerned that the draft is so high-level that it wouldn’t be sufficient to enable an implementor to produce an interoperable implementation. This is also called out in the Security Area review [2]: ``` However, as an informational RFC, we wouldn't expect interoperability will be achieved via this I-D. Given that caveat, the I-D appears to be ready. ``` I am not quite as relaxed as the Security Area reviewer; normally, I expect any product of the IDR WG to provide enough unambiguous detail to enable an implementor to produce an interoperable implementation. I’m not seeing that. I can see a few ways forward here: 1. Update the draft to supply the needed detail. This will be a non-trivial update, but it would only be a job of filling in missing details, not changing the architecture. If you want to pursue this option, I’ll provide a more detailed review that explains what I think is missing. Even though this is the most work, I think it also would provide the greatest value. 2. Keep the draft as it is, as a high-level overview of the approach. I would accept that if it is the WG’s consensus. If that is the consensus, I would want to make it even clearer that’s what’s being done, though. For example, in the Abstract, OLD: This document introduces the usage of BGP FlowSpec to steer packets into an SR Policy. NEW: This document provides a high-level overview of an approach to using BGP FlowSpec to steer packets into an SR Policy. Maybe that’s what you were already trying to do with “introduces” but I don’t think that’s unambiguous enough if so. Note, I am not certain the IESG as a whole will be happy to approve the document if we choose this option. But, if that’s what the WG wants, I’m willing to try. 3. Convince me I am wrong and that the spec as it stands is of sufficient quality to enable interoperable implementations to be written. Note, I have not checked the mailing list archives in detail, so if there are relevant messages there I should read, please don’t hesitate to refer me to them. Thanks, —John _______________________________________________ Idr mailing list -- idr@ietf.org<mailto:idr@ietf.org> To unsubscribe send an email to idr-leave@ietf.org<mailto:idr-leave@ietf.org>
- [Idr] AD preliminary review of draft-ietf-idr-ts-… John Scudder
- [Idr] Re: AD preliminary review of draft-ietf-idr… Susan Hares
- [Idr] Re: AD preliminary review of draft-ietf-idr… John Scudder
- [Idr] Re: AD preliminary review of draft-ietf-idr… John Scudder
- [Idr] Re: AD preliminary review of draft-ietf-idr… Keyur Patel