Re: [Idr] AD Review of draft-ietf-idr-tunnel-encaps-15

John Scudder <jgs@juniper.net> Fri, 11 September 2020 15:25 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1185A3A09B9; Fri, 11 Sep 2020 08:25:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=QCFt8pmt; dkim=pass (1024-bit key) header.d=juniper.net header.b=Rc7haLhW
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LGq0E7YMV7kk; Fri, 11 Sep 2020 08:25:44 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4C7E3A0E55; Fri, 11 Sep 2020 08:25:31 -0700 (PDT)
Received: from pps.filterd (m0108162.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08BFHQlI011819; Fri, 11 Sep 2020 08:25:30 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=CAC27QYrbTxtb5ciclKQ3Cr0wNYl2cGw6uW21a5IfLw=; b=QCFt8pmthfu9fomAddOJALSQttk4kILWV2sB6kNMNWf6lKUwq/PMmSCkdAGJF6RS5nBe Ah9eWherciEkiXoPSub8rnjRkiLgYK4b5j5pfRo61yFAKIHiiF3gCIrI6mAP/UJ4o1jN bi2MbohIEI02bRJG/FbTU3uL+0vtLryv+48IEEQ8MM3mz/VTrqHfazFPP33fmzA2Z67J Ouu+ivHgiar80VifxQSKqI2aBnV0rHMfncWmCKAs9jPIqzsjoe1aIjw5TYZ4pMK/bB9r acBTtD/ivPTt2SobivuG3S0h3RRCHrem+1hztYZJcgWazdxZeO+lLoaTMziodFREj1z8 mg==
Received: from nam02-sn1-obe.outbound.protection.outlook.com (mail-sn1nam02lp2056.outbound.protection.outlook.com [104.47.36.56]) by mx0b-00273201.pphosted.com with ESMTP id 33cs9h9h5b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 11 Sep 2020 08:25:30 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=R+6D9MmqaXEXiQkYhNNHAZA60zrrTXFr8mCcgXnqoJsSBfPfii+t1zyr6yajeWbKN6DU4ATQxfM/MzNvxDf5w4412sR+B5oU+cHP/lY4iWl98oJC+8cYXiNd0TeE4QI/wvf0idPeMQH+lWir1+cwHzNeWGBDMjSWDHcQHBaph9zObFra+z5sEFthV/5V9850MRXjXf5RVtMhaOtScAMHWGTLhyyBMezBz3otpVzg2bQe2ivljpfiepaxT7flDlSaSgjxW6JWsrfkUoXMWKfc/kctO1WXuthY6ddQRoS5rKkDjPaBGjchLm0KBWcyORqnDMkAnov0s2Dk632edqg/hw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CAC27QYrbTxtb5ciclKQ3Cr0wNYl2cGw6uW21a5IfLw=; b=mIyIwsnQVLywp0OXro9LTYMNf0Ml1ifo/xHaYlImZqPaRX4mB60IKrCjxQcsw/KBtR7IqU8MA/X0tbP2AFqLffCq3l2UtineD6nZ4hngnOt1qwr1QR1IvWMaoSXkhqMLd4lFgdRnvxb/ZuWbdLAaIcdl5iLA9nR4ra4Z5W0+c1jEymvjg3IWDSEN/vby3GY44d96CrMM1NjRw56Wk9Ni33pzr4Xf3EivAo2Jk46eTpdLfh2qT/uWiOTwiNJroZY022ZXRadmAzkT5pMVjjICq0BBqn9IwFyudpejE49LRdyhosZTbKldI88+LhOOUd2MZ5hO/J2zEt6M8xaY+KYQhg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CAC27QYrbTxtb5ciclKQ3Cr0wNYl2cGw6uW21a5IfLw=; b=Rc7haLhWVVDSlnQjXjlB8MpE+KF3gD16DY1Pu66slOuzU4n0dZfYvi2TwPf4USp5FqApK7FXUNtNFGDE+BsWwoimqcbODpuSebaaQ6I1xvGRTBdtInUY+URnEV0XjWSsLH9IeqXId9iqmuE696wmCyXOiLchv9HOBPxt+vVRW08=
Received: from BL0PR05MB5076.namprd05.prod.outlook.com (2603:10b6:208:83::12) by MN2PR05MB6959.namprd05.prod.outlook.com (2603:10b6:208:18b::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.6; Fri, 11 Sep 2020 15:25:28 +0000
Received: from BL0PR05MB5076.namprd05.prod.outlook.com ([fe80::50ee:edc0:ac73:b80a]) by BL0PR05MB5076.namprd05.prod.outlook.com ([fe80::50ee:edc0:ac73:b80a%3]) with mapi id 15.20.3391.007; Fri, 11 Sep 2020 15:25:28 +0000
From: John Scudder <jgs@juniper.net>
To: Alvaro Retana <aretana.ietf@gmail.com>
CC: "idr-chairs@ietf.org" <idr-chairs@ietf.org>, "idr@ietf. org" <idr@ietf.org>, "draft-ietf-idr-tunnel-encaps@ietf.org" <draft-ietf-idr-tunnel-encaps@ietf.org>
Thread-Topic: AD Review of draft-ietf-idr-tunnel-encaps-15
Thread-Index: AQHV6LURgETtNTA88kySyYPq0YikO6kL2B+AgB2KoACAO2tkgA==
Date: Fri, 11 Sep 2020 15:25:28 +0000
Message-ID: <612D7795-D53A-498E-BB5E-F231A32954F2@juniper.net>
References: <CAMMESsw09LGWWhqyJ_0=jRimUN+_UuCjaXHCdqF9zkpaxSQgVQ@mail.gmail.com> <4A8D5D53-B3D2-4ACC-876C-F70D2B2EDC46@juniper.net> <CAMMESszqiNNoGpW_=39Jo5UNckFFrWU8=zTk5O2NGTFwnr7=QQ@mail.gmail.com>
In-Reply-To: <CAMMESszqiNNoGpW_=39Jo5UNckFFrWU8=zTk5O2NGTFwnr7=QQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.120.23.2.1)
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [2600:1700:37a8:2010:b4d6:c78f:d45a:985d]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: a4d3bd4c-c572-4d45-89b7-08d85666ea04
x-ms-traffictypediagnostic: MN2PR05MB6959:
x-microsoft-antispam-prvs: <MN2PR05MB6959ED4DCE0EEC5763113B66AA240@MN2PR05MB6959.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: PtJEPTr+XyFmzilWshvI/wteflCgj2CAa3FiA+UeTZK19U4auzrIY6WlyJkQDlp0w3Mhgscz2J1cjFWs9frcQM2T/exy9dC65+1MIpMqAhILSL1CmehgD0EhRza+uOXRGn/MKq396FJoMKjQ/FWIKXCVlCm9SxaM0hFNJRkUX6Yk1mTu+xSsKytnmg8ZbiZqpq/0ZmCYhyjAWFakofh2Jh8zD7WAHP/NZT18aWHjGqtEGGbtgRsy1cNRpljBjBBhB5CxYhN6N9HMH7Nj5dZW8Jgo4VmM4fSmYsZZpkYApzEiGpbWq+ZSMgSHJ7cwrcYEF1NWnse+jIQ7Onb3ErZ/uxZsFIxTzur8hrgDtTgQUxBT+wwNUtyXhoOD2B5D2xE1
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR05MB5076.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(396003)(136003)(346002)(366004)(39860400002)(316002)(54906003)(8936002)(478600001)(6486002)(66574015)(8676002)(6512007)(2906002)(2616005)(71200400001)(83380400001)(5660300002)(186003)(30864003)(4326008)(91956017)(76116006)(6916009)(66556008)(66946007)(66446008)(64756008)(66476007)(33656002)(36756003)(86362001)(6506007)(53546011); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: ScSumCyHFf4wcDXUFUsCeDuPp+qz7xpPq2jhdehzZ7qvciWdCncYXHy+GhR4uOLyWBYSF58qsnJZhyhN/f92CDwdm0oVh4SjWDvaWa3ecigzxBlKAN2q6W8lJE3dbawEt7RZThp/t4iHU4tErLFiT6CODlVdFxjYesSroyzZzfIa8y9F/XV6RglhjisItDMRGxTFo+V2Iqd3I7czAxhdNl9WWjT7VXx4wM8GArIlJeJZYdGKlApL7WOBXzAhiwu/+rVTHz3eoFypSaQs/xhMS2WqLkG0Z60oPFawmPgJCikDVGSNQ2cjBmK1O8KCmyp5ev87Xm0yHBPVKUNz15Vzn1mwcZ8Vh9LfOYAo0rbh4az8WE5j7By0vH5NmsgoHwFCp5eSfeJ4xmbelPo4aoS2/4Lt8fwKN8Bosg4uxR4nVwQFMKDnEfgMsKBm8IfVIbNp3rBnm0Bxf8hefo1E0af4IV2/+Sh8NzUiDvQEl6WNHZYjN9Kf+6jH2kI+fmfkRfcFNcowCLEVJ/0I7jwjmI2u8JbgcWNokmg/knB6mTCjTXMoPRFUYLj4Rb1sMibVKFGO2qi2HOqzlw1d6tbAghpXAaVF6/ehA84Ryyy2aun1cBLQZycoI19Bv2PSnhvjtu3+nYFFTmTs2LPnLFy2oMWEArBnaHzHfs3OT0TmuGxAoPgYkIaHiC0PciG1ncuvHCZ761+RXuk6y9LzuaOXgi1zRA==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <81A4196D9C775E498F984A2F96B28A91@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR05MB5076.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a4d3bd4c-c572-4d45-89b7-08d85666ea04
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Sep 2020 15:25:28.4354 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: /PonrxrV+ccpoa1fsy3P9OM3gVaz88E3TNrNgsr5D+7UwF4hgn/DQqc5ihewm44c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR05MB6959
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-11_05:2020-09-10, 2020-09-11 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 mlxscore=0 malwarescore=0 mlxlogscore=999 lowpriorityscore=0 impostorscore=0 adultscore=0 suspectscore=0 phishscore=0 clxscore=1011 spamscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009110126
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/UgXZLrycW5YVvWRhRZOgs4NRXrA>
Subject: Re: [Idr] AD Review of draft-ietf-idr-tunnel-encaps-15
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Sep 2020 15:25:46 -0000

On Aug 4, 2020, at 4:01 PM, Alvaro Retana <aretana.ietf@gmail.com> wrote:
> 
> [External Email. Be cautious of content]
> 
> 
> On July 16, 2020 at 8:54:11 PM, John Scudder wrote:
> 
> 
> John:
> 
> Hi!

Hi!

>> (And note that I’m replying as a co-author now.)
> 
> Thanks for taking the lead on this document!

You’re welcome.

> ...
>> I found a number of overlooked points as I worked through this reply, so
>> we’ve issued -17 to correct them. This reply is with respect to that
>> version.
> 
> I made some comments/replies below.  And I also made some comments
> in-line in -17 (sent separately); in some cases that seemed clearer.

I’ll reply separately to each review.

> 
> 
> I still have issues with "belonging" and reachability...specially in
> the case of multiple routing tables.  The Scoping section mentions
> that "it is intended that the Tunnel Encapsulation attribute be used
> only within a well-defined scope".  This makes me think: if the scope
> is well-defined (specially in the case of common administration), then
> some of the checks ("belonging", for example) could be easily avoided
> by configuration (policy)...and others (reachability) would be easier
> to constrain.  As I read through the document I can't help but think
> of the general case -- in part because of the transitivity, but also
> because the intended scope is not called out until much later.
> Consider moving the Scoping section closer to the start...and then
> defining some of the behavior in that context.  The intended use is
> just that, "intended", so the general operation will still have to be
> considered, but the normative pieces may become easier to specify.
> 
> [I hope that made sense...]
> 
> 
> Thanks!
> 
> Alvaro.
> 
> 
> ...
>> We added 5566 and 5640 to the list of obsoleted RFCs, along with an
>> explanation.
> 
> [major] The IANA assignments made for those RFCs need to be declared
> obsolete in the IANA Considerations section.

Is “obsolete” an IANA thing? I’ve added a subsection to the IANA section as requested, but asked them to mark the code points as “deprecated”.

> [major] The reference to rfc5640 should be Informative.

Done.

> ...
>>> (4) Use Cases
>>> 
>>> rfc5512 gave an overview of the use case (mostly intra-AS), but this
>>> document doesn't mention use cases either as an introduction to the
>>> problem being solved or in the form of Operational Considerations.
>>> Sections 9 and 10 would be a good start for that type of section, but
>>> having a general description of the problem upfront (in the
>>> Introduction maybe) would be ideal. Again, because this document
>>> Obsoletes rfc5512, then we can't really rely on the information there.
>>> I'm looking for a few paragraphs, mostly directed at readers that may
>>> not be familiar with rfc5512 and the potential applications.
>> 
>> Added Section 1.4, "Use Case for The Tunnel Encapsulation Attribute”.
> 
> [] Consider moving this new section towards the front so the
> motivation is before the text about the changes.

Done; exchanged positions of 1.3 and 1.4.

> [] I also put some inline comments in -17.
> 
> 
> 
>>> (5) When does an IP address "belong" to an AS?
> ...
>> This is completely redone. See Section 3.1.1, “Validating the Address
>> Field”.
> 
> [] The text is now better...but I think some work is still needed in
> terms of clarity (I put comments inline in -17).
> 
> 
> ...
>>> [minor] rfc4271 consistency: s/best path/best route/g
> 
> [] There are a couple of these remaining.

Fixed.

> ...
>>> [nit] s/encapsulation sub-TLV/Encapsulation sub-TLV/g
> 
> [] Some of these are still in the text.

Fixed.

> ...
>>> 1054 4.2. Router's MAC Extended Community
> 
> [] We've been talking about this section in a separate message...

OK. To loop the WG in on the conclusion of that, it appears that draft-ietf-bess-evpn-inter-subnet-forwarding only allows a single Router’s MAC (authors have been asked to clarify) so assuming that’s right, we must pick one or the other if it’s encoded twice in two ways with different values. In -18 I’ve changed the text to say “use the EC” instead of the former “use the sub-TLV”.

> 
> 
> ...
>>> 1080 5. Semantics and Usage of the Tunnel Encapsulation attribute
> ...
>>> 1135 * The tunnel is specified in a TLV whose Tunnel Endpoint sub-TLV
>>> 1136 identifies an IP address that is reachable.
>>> 
>>> [major] How is reachability determined? Where (which table) should
>>> the address be looked up in? In the sequence above, the destination
>>> address of P and the address of the endpoint may be resolvable in
>>> different tables...
>> 
>> Now says:
>> 
>> * The tunnel is specified in a TLV whose Tunnel Egress Endpoint
>> sub-TLV identifies an IP address that is reachable. This IP
>> address may be reachable via one or more forwarding tables.
>> Local policy may determine these forwarding tables and is
>> outside the scope of this document. The reachability condition
>> is evaluated as per [RFC4271].
> 
> The very next sentence says: "Then router R MUST send packet P through
> one of the feasible tunnels..."   This creates a big problem: the
> normative action depends on the feasibility of the tunnel, which
> depends on the reachability of the IP address -- but the mechanism to
> verify that is out of scope. :-(
> 
> How does R know that it is doing the right thing?
> 
>>> [BTW, please also take a look at
>>> draft-ietf-idr-bgp-bestpath-selection-criteria, which I think tries to
>>> define a related, if not the same, concept.]
> 
> I find myself in a quandary:
> 
> - On one hand, the WG has already recognized that clarifying the
> selection criteria is important, specially in the case of multiple
> possible tables.  It did this by requesting publication of
> draft-ietf-idr-bgp-bestpath-selection-criteria.  Ideally we could just
> reference that document here...but if it doesn't progress then we're
> stuck with a Normative reference...
> 
> - OTOH, we can pretend that rfc4271 is clear -- or at least that a
> document will eventually Update it...and not mention what that
> document may be...while knowing that rfc4271 doesn't provide any
> guidance and thus leaving the specification incomplete...
> 
> <sigh>
> 
> 
> draft-ietf-idr-bgp-bestpath-selection-criteria also talks about
> policy...but provides no specifics.  Can you at least provide
> information about possible policies and their effect?

All of this is true. Basically, we can either hang progress of this document up for a potentially long time waiting for something that may never come: a detailed specification of exactly when a route is, and isn’t, resolvable, or we can admit it’s an imperfect world and move forward. I will observe that despite 4271’s lack of prescriptiveness, somehow we have many interoperable implementations of BGP. I suspect this is because when an implementor looks at route resolution, it’s a little like Justice Potter Stewart looking at other material: “[I can’t define it but] I know it when I see it.”

I tried to make the paragraph clearer by adding a final clause. The last sentence now reads, "The reachability condition is evaluated as per [RFC4271], but the essence is that if the router could forward a packet addressed to the IP address, the IP address is "reachable”.” We could absolutely pick this short summary to shreds if we chose — see above. It’s not meant to be prescriptive, only descriptive.

> 
> 
> 
> ...
>>> 1198 If a Tunnel Encapsulation attribute specifies several tunnels, the
>>> 1199 way in which a router chooses which one to use is a matter of policy,
>>> 1200 subject to the following constraint: if a router can determine that a
>>> 1201 given tunnel is not functional, it MUST NOT use that tunnel. In
>>> 1202 particular, if the tunnel is identified in a TLV that has a Tunnel
>>> 1203 Endpoint sub-TLV, and if the IP address specified in the sub-TLV is
>>> 1204 not reachable from router R, then the tunnel MUST be considered non-
>>> 1205 functional. Other means of determining whether a given tunnel is
>>> 1206 functional MAY be used; specification of such means is outside the
>>> 1207 scope of this specification. Of course, if a non-functional tunnel
>>> 1208 later becomes functional, router R SHOULD reevaluate its choice of
>>> 1209 tunnels.
>>> 
>>> [major] "not functional" What does that mean? How can that be
>>> determined? Is a "functional" tunnel the same as "feasible tunnel"
>>> (from earlier in this section)? If so, please use consistent
>>> terminology.
>> 
>> Now says:
>> 
>> If a Tunnel Encapsulation attribute specifies several tunnels, the
>> way in which a router chooses which one to use is a matter of policy,
>> In addition to the reachability to the address of the egress endpoint
>> of the tunnel, other policy factors MAY be used to determine the
>> feasibility of the tunnel. The policy factors are beyond the scope
>> of this document.
> 
> [major] This same section lists 3 conditions for feasibility...and a
> required action (MUST...) following.  This new text adds optional
> extra conditions to the feasibility, creating a Normative
> inconsistency.
> 
> Maybe "Then router R MUST send packet P..." can be softened (SHOULD),
> and the information in this paragraph can be moved closer to better
> position the exception.  Note that the paragraph immediately after
> "Then router R MUST send packet P..." already talks about local policy
> to select between tunnels, so there's some redundancy that should be
> eliminated.

I changed the three criteria for feasibility to four, the last one being "There is no local policy that prevents the use of the tunnel.” And, you are right that the quoted paragraph is redundant with the earlier one. I’ve eliminated the later one.

> 
> 
>>> [major] The paragraph specifies the same thing as about 6-7 paragraphs
>>> above (but calling it feasible). Please specify things only once.
>>> IOW, this paragraph seems redundant (if functional and feasible are in
>>> fact the same thing).
>> 
>> I think this is resolved now.
> 
> The difference is the use of normative language...

It’s not clear to me if you’re saying there’s another outstanding issue, beyond what’s discussed above. I’m going to assume there isn’t.

> 
> 
> 
> ...
>>> 1459 9. Applicability Restrictions
> ...
> 
> I appreciate the changes in this section...  Everything you wrote in
> the document and here is true: there's no substitute for good design,
> and anything can go wrong.  I'm thinking about the overall value of
> this section...I'm ok leaving it, it just feels like it doesn't say
> much that is not covered in the Security Considerations (for example).

OK.

—John