[Idr] Comments on draft-li-idr-flowspec-srv6-05
Jeffrey Haas <jhaas@pfrc.org> Fri, 09 July 2021 19:34 UTC
Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56A973A2C66; Fri, 9 Jul 2021 12:34:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cxp6GJN1CdCL; Fri, 9 Jul 2021 12:34:44 -0700 (PDT)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id CB26F3A2C65; Fri, 9 Jul 2021 12:34:40 -0700 (PDT)
Received: by slice.pfrc.org (Postfix, from userid 1001) id 2715B1E28C; Fri, 9 Jul 2021 16:01:12 -0400 (EDT)
Date: Fri, 09 Jul 2021 16:01:11 -0400
From: Jeffrey Haas <jhaas@pfrc.org>
To: draft-li-idr-flowspec-srv6@ietf.org, idr@ietf.org
Message-ID: <20210709200111.GA13108@pfrc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/9NvXdLnXKVhrv86MqhyT4SNsBL8>
Subject: [Idr] Comments on draft-li-idr-flowspec-srv6-05
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jul 2021 19:34:46 -0000
Authors,
I've been selected as the document shepherd from among the IDR chairs for
this draft. Thank you for your patience.
A few questions and comments on your draft version -05:
- Please note per Working Group consensus, this feature MUST implemented in
the Flowspec-v2 work and will not currently be permitted to advance as
part of Flowspec-v1.
- The document is clearly for IPv6 functionality. It would be good to call
out in the document that you would expect to use a Flowspec version that
is IPv6 capable. I.e., AFI=2. See the similar IPv6-only components in
RFC 8956.
- The functionality in this document is intended to operate on the IPv6
destination address in the IP Header. The presumption is that the new
Flowspec match fields are appropriate when the IPv6 destination address is
an IPv6 SID. Would it make sense for the match capabilities of the
proposed features only be permitted to match when there is an accompanying
SR Header?
- In section 3.1, Whole SID, there are three '0' bits:
+ The Operator field shares similar encoding to the Numeric Operator field
from RFC 8955, section 4.2.1.
+ One of these bits overlaps the '0' in that Numeric Operator field. Its
text reads:
"MUST be set to 0 on NLRI encoding and MUST be ignored during decoding"
+ The other two of the '0' bits overlaps the 'len' encoding of the Numeric
Operator field.
+ The text in your draft for these bits reads: "0 - SHOULD be set to 0 on
NLRI encoding, and MUST be ignored during decoding." What is the
motivation to have a SHOULD rather than a similar MUST?
- In section 3.2, Some bits of SID:
+ The value field includes a LOC Length, FUNCT Length, and ARGS Length
field. Since LFA <= 128, is there any desired match behavior on the
bits > LFA when LFA < 128?
+ Related to the prior point, when LFA < 128, there's no "field type" that
matches on LFA. It's understood that when LFA = 128, the feature in
section 3.1 is appropraite.
+ There is no LOC:ARGS field type. Is that intentional?
+ Since the "field type" match has options that can specify sets of fields
that are adjacent, error handling is interesting:
* For LOC match, FUNC Length and ARGS Length are irrelevant. However,
since this is part of BGP NLRI, we have need of a canonical format
when possible for such filters.
* The same also applies for LOC:FUNCT matches, where ARGS Length is
irrelevant.
+ This feature is somewhat complicated and would benefit from encoding
and use examples.
- The behavior of the operator bits has clear symmetry with RFC 8955's
Numeric Operator field. I'd suggest pointing to that portion of the
document to highlight how the combinations of bits are expected to be
encoded to achieve the desired filtering logic.
- Error handling deserves some additional discussion. The Chairs understand
that some of the handling of such behaviors may be deferred to the
Flowspec v2 document. However, it's worth highlighting some known
possible issues:
+ For Some bits of SID, the component length will have similar
considerations.
+ The field type bits are not exhaustively specific in the document. What
is the error condition when receiving an unknown type?
+ The LOC Length, FUNCT Length, and ARGS Length fields are one octet in
size. What is the expected error handling to be when L+F+A > 128?
+ For Whole SID, the component length is expected to variable. If the
full 128 bits is accounted for as L+F+A, the component length would be 1
octet type followed by multiples of 20 octets for the operator byte plus
the 128-bit SID. The minimum component length is 1 octet component
type, one octet operator, and ... 3? octets for L + F + A length?
The text surrounding treating SID as a "Prefix" could generally use
attention as part of addressing the error handling.
- The IANA Considerations refer to RFC 7153. Since this document defines no
Extended Communities, it's not clear why this is present?
-- Jeff
- [Idr] Comments on draft-li-idr-flowspec-srv6-05 Jeffrey Haas
- Re: [Idr] Comments on draft-li-idr-flowspec-srv6-… Huaimo Chen