Re: [Idr] AD Review of draft-ietf-idr-bgp-optimal-route-reflection-22
Robert Raszuk <robert@raszuk.net> Tue, 20 April 2021 20:32 UTC
Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24F243A187C for <idr@ietfa.amsl.com>; Tue, 20 Apr 2021 13:32:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hSdQNx_fPbma for <idr@ietfa.amsl.com>; Tue, 20 Apr 2021 13:32:48 -0700 (PDT)
Received: from mail-lj1-f175.google.com (mail-lj1-f175.google.com [209.85.208.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B9163A187E for <idr@ietf.org>; Tue, 20 Apr 2021 13:32:47 -0700 (PDT)
Received: by mail-lj1-f175.google.com with SMTP id u20so45110636lja.13 for <idr@ietf.org>; Tue, 20 Apr 2021 13:32:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hP1H96GlH7c8mKe4/x3HoagaUGw+nuXTJFyb8cgoTBk=; b=JPih5FuS9KpRzNyIYi9yDeKaV5Psw+BafDfR+9ksW+EvxTreb8gqBpsFk9kjPnwkVa dESqp/oO7fr9+9cWjqPTHhFODF5GhEDl2HBxg3lQtvWY8YV4KDUDY6hrqqurtNjCPzkH ky29Dlg0WTlaWx7EAL/T7xgLWh54dd4EbrYuRzqV9JY7xUnlp0Ig6KUI/pVM14UcTUiA GAvVzWCUbPMl09pTMYYCKYLS+b3ALCd4NW9q3OUJKkOOFZ5d/c6NT5jlrvE8ZniHNNuh 5nkpB03MlAlyQ+Wkcy+LD6aZAGw3kUCA2f7bqD1onpxtWpQPMmc/gfvm2K8f+XYJjJQy qaiA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hP1H96GlH7c8mKe4/x3HoagaUGw+nuXTJFyb8cgoTBk=; b=HxkHqwcmnQ/gTh2HeqrsktwFzlW15KCksNFJzIOy6wi9BktPxd86UAiViigxO/5lXo VJ8b2o2J/As9Juw0l/8wlJ/A8+Xqt6O7z8/lr5kaZY0qRuf2Ht/wdplbi5C0rzMIzEGv GfJZkxgMXs2WuzTgX3tATTYq8gaYLxoeRqqLimgdUrJ8N+t0Xofc9eIJyeKhlUjRBqTK 9xvzaCVhcXzFPCxON5lOKTHkj5kFN92zqNtgVOAUVWGwyzYRaVbxFBqpFWiGQ7cwvUOG sGXz2M6s4HQZic5y2ufdBtm+HWE6+1I5wsxWWuGPCamemayY4XD66YnKswOBCLCM8J/t 3D1w==
X-Gm-Message-State: AOAM531CDXmi0ffkjUpSMNBk+kWQubgC3V+bRHxMb4OOHjM3mV1tLKcl Bxx+5RRQtabkvt+zi41U+BdZ19e5j9niyHysV+0/+Q==
X-Google-Smtp-Source: ABdhPJxMT09rd3gNuVoLBCKuefacEBmDzOx0bvE+M6I5LYhvPng7L1T3MHKwZeVcOcZVYoC8jOJnlhV3nJDFR5pBe+Q=
X-Received: by 2002:a2e:87c9:: with SMTP id v9mr16142948ljj.321.1618950763507; Tue, 20 Apr 2021 13:32:43 -0700 (PDT)
MIME-Version: 1.0
References: <CAMMESswK38j+PXQAJ4rDZSNSN-ZjutUSE=fSO0QvoYS3sLRgfA@mail.gmail.com> <CAMMESswVMFL+TQL9G=V6CTgzmk98W0wM4fd4tmQfGhm3UosL_w@mail.gmail.com>
In-Reply-To: <CAMMESswVMFL+TQL9G=V6CTgzmk98W0wM4fd4tmQfGhm3UosL_w@mail.gmail.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Tue, 20 Apr 2021 22:32:32 +0200
Message-ID: <CAOj+MMFKgCOBK_pCe+XW5MzEVDH4SAw6LP6q6Ecqfci4AfxBag@mail.gmail.com>
To: Alvaro Retana <aretana.ietf@gmail.com>
Cc: draft-ietf-idr-bgp-optimal-route-reflection@ietf.org, Susan Hares <shares@ndzh.com>, "idr-chairs@ietf.org" <idr-chairs@ietf.org>, IDR List <idr@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002b04cb05c06d59f1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/cuzjcdA1FpjZ1NjhRyQxyFCVcAQ>
Subject: Re: [Idr] AD Review of draft-ietf-idr-bgp-optimal-route-reflection-22
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Apr 2021 20:32:54 -0000
Ack ! Work in progress ... On Tue, Apr 20, 2021 at 9:29 PM Alvaro Retana <aretana.ietf@gmail.com> wrote: > Ping! > > On March 18, 2021 at 3:32:01 PM, Alvaro Retana (aretana.ietf@gmail.com) > wrote: > > > Dear authors: > > > Thank you for your work on this document. I know that the draft and the > related ideas have been around for a long time. > > I have a couple of significant issues that I want to highlight upfront, > and many comments inline (see below). In general, my focus is to make sure > that the specification of this mechanism is clear, not just to the > experienced reader, but to the casual one as well. I believe that all the > issues should be easy to resolve. > > (1) Terminology. Please use the terminology already defined in > rfc4271/rfc4456 instead of creating new one by indirection. My first > inline comment is about the use of "best path", which is not what rfc4271 > uses -- there are other occurrences later on. > > (2) Deployment Considerations. §6 says that a compliant implementation is > one that allows the operator to configure "a logical location from which > the best path will be computed, on the basis of either a peer, a peer > group, or an entire routing instance". Please spend some time providing > guidance so an operator can decide what best works for their network. [I > pointed below to other places there operational guidance would be ideal.] > > (3) I don't think that §5 (CPU and Memory Scalability) and Appendix A > (alternative solutions with limited applicability) should be part of this > document. To start, comparisons are never good and the work has already > been through the WG so there's no need to keep justifying it by comparing > it to other work. Both sections contain several claims (e.g. "extra cost > in terms of CPU", "implemented efficiently", "expected to be higher but > comparable", "large amount of BGP state and churn", "result in tens of > paths for each prefix") that don't have references, and could be considered > subjective because they are clearly relative and can change depending on > the specific deployment and configuration of the network. I am not saying > that the claims are false, simply requesting to take these two sections > out. > > > Thanks! > > Alvaro. > > > [Line numbers from idnits.] > > ... > 17 Abstract > > 19 This document defines an extension to BGP route reflectors. On route > 20 reflectors, BGP route selection is modified in order to choose the > 21 best path from the standpoint of their clients, rather than from the > 22 standpoint of the route reflectors. Multiple types of granularity > 23 are proposed, from a per client BGP route selection or to a per peer > 24 group, depending on the scaling and precision requirements on route > 25 selection. This solution is particularly applicable in deployments > 26 using centralized route reflectors, where choosing the best route > 27 based on the route reflector IGP location is suboptimal. This > 28 facilitates, for example, best exit point policy (hot potato > 29 routing). > > [major] "best path" rfc4271 doesn't use the term "best path". The > terminology used in this document should, at the very least, match what the > base spec defines. Let's please not create new terminology by indirection > using the "definition of terms" section. > > > [minor] "proposed" This document is in line to be come an RFC; we're far > beyond proposing things. There are a couple of places later on where this > same wording is used. Please change it to specified or at least described > (the latter probably fits best in this specific case). > > > [nit] s/from a per client BGP route selection or to a per peer group/from > per client BGP route selection or per peer group > > > [nit] s/precision requirements on route selection./precision requirements. > > > [nit] s/route reflector IGP location/route reflector's IGP location > > > [major] "IGP location" Before I forget -- please clearly define (not in > the Abstract of course) what an "IGP location" is. > > > ... > 70 1. Definitions of Terms Used in This Memo . . . . . . . . . . . 2 > 71 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 > > [nit] It would be nice if the Introduction came up before the terminology. > > > ... > 91 1. Definitions of Terms Used in This Memo > > [minor] To avoid repeating some terms, it is good practice to indicate > which other RFCs the reader should be familiar with. In this case rfc4271 > and rfc4456 come to mind. > > > ... > 132 2. Introduction > ... > 153 Section 11 of [RFC4456] describes a deployment approach and a set of > 154 constraints which, if satisfied, would result in the deployment of > 155 route reflection yielding the same results as the IBGP full mesh > 156 approach. This deployment approach makes route reflection > compatible > 157 with the application of hot potato routing policy. In accordance > 158 with these design rules, route reflectors have traditionally often > 159 been deployed in the forwarding path and carefully placed on the POP > 160 to core boundaries. > > [nit] s/have traditionally often/have often > Redundant... > > > 162 The evolving model of intra-domain network design has enabled > 163 deployments of route reflectors outside of the forwarding path. > 164 Initially this model was only employed for new address families, > e.g. > 165 L3VPNs and L2VPNs, however it has been gradually extended to other > 166 BGP address families including IPv4 and IPv6 Internet using either > 167 native routing or 6PE. In such environments, hot potato routing > 168 policy remains desirable. > > [minor] "new address families, e.g. L3VPNs and L2VPNs" These are not the > name of the AFs. Maybe call them new services. > > > [minor] "IPv4 and IPv6 Internet" The name of the AF is IP/IP6; again, you > probably mean service/application. > > > [nit] "native routing or 6PE" Not 4PE applications? ;-) It seems to me > that you can save some ink by ending the sentence after "Internet". > > > ... > 194 3. Modifications to BGP Best Path selection > > 196 The core of this solution is the ability for an operator to specify > 197 the IGP location for which the route reflector should calculate > 198 routes. This can be done on a per route reflector basis, per peer/ > 199 update group basis, or per peer basis. This ability enables the > 200 route reflector to send to a given set of clients routes with > 201 shortest distance to the next hops from the position of the selected > 202 IGP location. This provides for freedom of route reflector physical > 203 location, and allows transient or permanent migration of this > network > 204 control plane function to an arbitrary location. > > [major] "ability for an operator to specify the IGP location for which the > route reflector should calculate routes. This can be done on a per route > reflector basis, per peer/update group basis, or per peer basis." > > When should an operator choose per RR vs per peer group vs per peer? > Choice is good, but providing guidance for the deployment is much better. > Please consider adding text to §6 about the considerations to chose one or > the other. > > > [minor] "peer/update group" Where is this defined? Is there a reference > to a non-implementation-specific definition? Can it be called "a group of > peers"? Maybe you also want to include it in the definitions in §1. > > > ... > 215 o it can, and usually will, have a different position in the IGP > 216 topology, and > > [] "usually will" The position in the topology will *always* be > different! > > > ... > 222 This document defines, on BGP Route Reflectors [RFC4456], two > changes > 223 to the BGP Best Path selection algorithm: > > [nit] s/defines, on BGP Route Reflectors/defines, for BGP Route Reflectors > > > ... > 235 A route reflector can implement either or both of the modifications > 236 in order to allow it to choose the best path for its clients that > the > 237 clients themselves would have chosen given the same set of candidate > 238 paths. > > [major] Please provide guidance for the operator to consider then one or > both should be used in their network. > > > 240 A significant advantage of these approaches is that the route > 241 reflector clients do not need to run new software or hardware. > > [nit] s/do not need to run new software or hardware./do not need to be > modified. > > > 243 3.1. Best Path Selection from a different IGP location > > 245 In this approach, optimal refers to the decision made during best > 246 path selection at the IGP metric to BGP next hop comparison step. > It > 247 does not apply to path selection preference based on other policy > 248 steps and provisions. > > [major] Please be specific about what is the "IGP metric to BGP next hop > comparison step". There is no step with that name, or even a string match > in rfc4271. Later you talk about the step e) tie-breaker -- don't wait to > be specific! > > > ... > 263 e) Remove from consideration any routes with less-preferred > 264 interior cost. The interior cost of a route is determined by > 265 calculating the metric from the selected IGP location to the > 266 NEXT_HOP for the route using the shortest IGP path tree rooted at > 267 the selected IGP location. > > [major] Note that the specification talks about "interior cost", but the > descriptions in this document uses "IGP cost" and "IGP metric" to refer to > the same thing. Please be consistent with existing terminology! > > > [major] Related to the definition of "IGP location" and its > configuration. How does the IGP location (and thus the calculation of the > interior cost, as above) change when the configuration is done per > peer/update groups instead than per peer? This is another point where > operators could benefit from guidance (for the peer/update-group and whole > RR cases, of course). > > > ... > 275 The configuration of the IGP location is outside of the scope of > this > 276 document. The operator may configure it manually, an implementation > 277 may automate it based on heuristics, or it can be computed centrally > 278 and configured by an external system. > > [nit] s/outside of the scope/outside the scope > > [major] There are several places later on that talk about the > configuration, even making it a requirement for compliance (§6). I think > that you don't mean the configuration itself, but the way in which the > configuration is instantiated in the router (which could be considered an > implementation detail). As written, the text is not clear. > > > 280 This solution does not require any change (BGP or IGP) on the > 281 clients, as all required changes are limited to the route reflector. > > [] This was also claimed before. > > > 283 This solution applies to NLRIs of all address families that can be > 284 route reflected. > > [] Are there AFs that cannot be reflected? Just wondering if you really > need to say this. > > > 286 3.1.1. Restriction when BGP next hop is BGP prefix > > 288 In situations where the BGP next hop is a BGP prefix itself, the IGP > 289 metric of a route used for its resolution SHOULD be the final IGP > 290 cost to reach such next hop. Implementations which can not inform > 291 BGP of the final IGP metric to a recursive next hop SHOULD treat > such > 292 paths as least preferred during next hop metric comparison. However > 293 such paths SHOULD still be considered valid for best path selection. > > [major] The recursive resolution is already covered in rfc4271 > (§5.1.3/§9.1.2.1). Why isn't that enough? > > There seems to be a difference: if an implementation "can not inform BGP > of the final IGP metric to a recursive next hop...SHOULD still be > considered valid for best path selection." rfc4271 treats these routes as > unresolvable. Do you want to consider unresolvable routes? > > Finally, there are a lot of SHOULDs in this paragraph. Under which > conditions is it ok to not perform the actions? IOW, why are these actions > recommended and not required? > > > 295 3.2. Multiple Best Path Selections > > 297 BGP Route Reflector as per [RFC4456] runs a single best path > 298 selection. Optimal route reflection may require calculation of > 299 multiple best path selections or subsets of best path selection in > 300 order to consider different IGP locations or BGP policies for > 301 different sets of clients. > > [] It hasn't been mentioned before, but the talk about policy made me > think about this: Can a client be present on different sets? How is that > handled in terms of BGP sessions? Do we need multiple sessions? Or is > add-path required? > > > 303 If the required routing optimization is limited to the IGP cost to > 304 the BGP Next-Hop, only step e) as defined [RFC4271] section 9.1.2.2, > 305 needs to be duplicated. > > [major] I'm not sure if this paragraph is referencing §3.1 (where step e) > was just modified), or or you're saying that for each subset (from the last > paragraph) only step e) is considered, or something else. ?? > > > 307 If the routing optimization requires the use of different BGP > 308 policies for different sets of clients, a larger part of the > decision > 309 process needs to be duplicated, up to the whole decision process as > 310 defined in section 9.1 of [RFC4271]. This is for example the case > 311 when there is a need to use different policies to compute different > 312 degree of preference during Phase 1. This is needed for use cases > 313 involving traffic engineering or dedicating certain exit points for > 314 certain clients. In the latter case, the user MAY specify and apply > 315 a general policy on the route reflector for a set of clients. For a > 316 given set of clients, the policy SHOULD in that case allow the > 317 operator to select different candidate exit points for different > 318 address families. Regular path selection, including IGP perspective > 319 for a set of clients as per Section 3.1, is then applied to the > 320 candidate paths to select the final paths to advertise to the > 321 clients. > > [] Similar comment as before... The use of "duplicated" is confusing me. > > > [major] "the user MAY specify..." s/MAY/may It seems to me that you're > simply stating a fact (the user can do this), and not specifying an > optional behavior. > > > [major] "...the policy SHOULD in that case allow the operator to select > different candidate exit points for different address families." There's > no interoperable action that "the policy" can execute. It sounds as if > you're recommending that specific knobs ("allow the operator to...") be > implemented. Please reword. > > > [] You use "IGP perspective" I guess as equivalent to "IGP location" -- is > that right? > > > 323 4. Implementation considerations > > 325 4.1. Likely Deployments and need for backup > > [nit] Do we really need a sub-section if all the text for §4 is in it? > > > 327 With IGP based optimal route reflection, even though the IGP > location > 328 could be specified on a per route reflector basis or per peer/update > 329 group basis or per peer basis, in reality, it's most likely to be > 330 specified per peer/update group basis. All clients with the same or > 331 similar IGP location can be grouped into the same peer/update group. > 332 An IGP location is then specified for the peer/update group. The > 333 location is usually specified as the location of one of the clients > 334 from the peer group or an ABR to the area where clients are located. > 335 Also, one or more backup locations SHOULD be allowed to be specified > 336 for redundancy. Implementations may wish to take advantage of peer > 337 group mechanisms in order to provide for better scalability of > 338 optimal route reflector client groups with similar properties. > > [major] "IGP based optimal route reflection" > > This is the first time you use "IGP based optimal route reflection"; I > peeked forward and see that §5 also mentions "policy based optimal route > reflection". But you didn't define them anywhere -- in fact, the > description before now focuses on the IGP location, which makes me think > about "IGP based". > > I could guess that the "policy based" version is related to §3.2, but (1) > no one should have to guess (!), and (2) the end of that section says that > "IGP perspective...is then applied", making it also "IGP based". ?? > > Please either define these types of ORR earlier in the text, or (better > yet) don't use the terms. Instead, and given that the names are used just > a couple of times, change "policy based" to "the case where a policy is > applied"... > > > [major] "one or more backup locations SHOULD be allowed to be specified > for redundancy" > > (1) §3.1 says that the "configuration of the IGP location is outside of > the scope of this document". If that is true, then you can't recommend > anything related to the configuration. > > (2) If there were "backup locations", how would they be used? > > > [minor] This is the only time that "optimal route reflector client groups" > is used. I had been assuming that a group of clients would correspond to a > specific peer/update group (as mentioned many times before). Is there a > difference between a "client group" and grouping clients to correspond to a > peer/update group? > > > [] "for better scalability of optimal route reflector client groups" What > exactly does this mean? I asked before about references/definitions for > peer/update groups; this point may be related. > > > ... > 373 6. Advantages and Deployment Considerations > > 375 The solutions described provide a model for integrating the client > 376 perspective into the best path computation for route reflectors. > 377 More specifically, the choice of BGP path factors in either the IGP > 378 cost between the client and the nexthop (rather than the IGP cost > 379 from the route reflector to the nexthop) or other user configured > 380 policies. > > [] "solutions"? I only see one, where the "second" one simply adds > policy, which is a pervasive tool in BGP. > > > 382 The achievement of optimal routing relies upon all route reflectors > 383 learning all paths that are eligible for consideration. In order to > 384 satisfy this requirement, path diversity enhancing mechanisms such > as > 385 BGP add-path [RFC7911] may need to be deployed between route > 386 reflectors. > > [mayor] "path diversity enhancing mechanisms...may need to be deployed > between route reflectors" Given that this is the Deployment Considerations > section, please provide guidance on when these mechanisms are needed, and > when they're not. > > > [minor] "path diversity enhancing mechanisms such as BGP add-path > [RFC7911]" Just out of curiosity, what other mechanisms are you thinking > of? Are there deployment considerations, when using ORR, to prefer one? > > > 388 Implementations considered compliant with this document allow the > 389 configuration of a logical location from which the best path will be > 390 computed, on the basis of either a peer, a peer group, or an entire > 391 routing instance. > > [] I guess that "logical location" is another name for IGP location... > > > [major] §3.1 says that the "configuration of the IGP location is outside > of the scope of this document". If that is true, then the configuration > cannot be a consideration for compliance. > > A better wording for compliance would be: "An implementation MUST allow > the configuration..." > > > 393 These solutions can be deployed in traditional hop-by-hop forwarding > 394 networks as well as in end-to-end tunneled environments. In > networks > 395 where there are multiple route reflectors and hop-by-hop forwarding > 396 without encapsulation, such optimizations SHOULD be enabled in a > 397 consistent way on all route reflectors. Otherwise, clients may > 398 receive an inconsistent view of the network, in turn leading to > 399 intra-domain forwarding loops. > > [major] "optimizations SHOULD be enabled in a consistent way on all route > reflectors" > > Is "a consistent way" different than "on all"? s/.../optimizations > SHOULD be enabled on all route reflectors > > When is it ok for all RRs not to be enabled with the optimizations? IOW, > why is it recommended and not required? Avoiding "intra-domain forwarding > loops" sounds like a good reason to require it. > > > ... > 406 As per above, these approaches reduce the amount of state which > needs > 407 to be pushed to the edge of the network in order to perform hot > 408 potato routing. The memory and CPU resources required at the edge > of > 409 the network to provide hot potato routing using these approaches is > 410 lower than what would be required to achieve the same level of > 411 optimality by pushing and retaining all available paths (potentially > 412 10s) per each prefix at the edge. > > [] This paragraph sounds very speculative and doesn't seem necessary. In > line with §5. > > > 414 The solutions above allow for a fast and safe transition to a BGP > 415 control plane using centralized route reflection, without > 416 compromising an operator's closest exit operational principle. This > 417 enables edge-to-edge LSP/IP encapsulation for traffic to IPv4 and > 418 IPv6 prefixes. > > [] "allow for a fast and safe transition" Besides this statement sounding > like a marketing brochure, if you're going to talk about transition, please > talk about it in detail. Please take a look at §2/rfc5706 and include > details about the transition and how it is "fast and safe". > > > 420 Regarding Best Path Selection from a different IGP location, it > 421 should be self evident that this solution does not interfere with > 422 policies enforced above IGP tie-breaking in the BGP best path > 423 algorithm. > > [minor] Don't assume anything is self evident to anyone. > > Suggestion (maybe more appropriate in §3.1)> > The modification specified in Section 3.1 does not impact any previous > considerations in the BGP Decision Process. > > > 425 7. Security Considerations > > 427 Similarly to [RFC4456], this extension to BGP does not change the > 428 underlying security issues inherent in the existing IBGP [RFC4456]. > > [minor] No need to reference rfc4456 twice in the same sentence. > > > 430 It however enables the deployment of base BGP Route Reflection as > 431 described in [RFC4456] to be possible using virtual compute > 432 environments without any negative consequence on the BGP routing > path > 433 optimality. > > [] I'm not sure how this relates to the specification itself (platform > independent), but I'm sure the Security ADs will have a lot of questions > about the security of "virtual compute environments" -- and where the > details are included in this document. IOW, that sounds like an > unnecessary assertion. > > > [major] "without any negative consequence" The new functionality > specified in this document is having the RR run the client's selection for > them (even specific policy) -- there are risks related to the duplication > of the policy, the location of the RRs and the blind trust that the clients > need to have. Or should the clients rerun the policy locally? > > This behavior is not necessarily different from normal RR, but the > instantiation is different. It would be very easy for a rogue RR to > propagate incorrect routing information to its clients -- specially if > policy is offloaded to them. > > In the worst case the result would be a sub-optimal route (maybe even > worse than what the clients get today), but probably not a "real" security > issue. It is probably a good idea to explain why it is not a security > risk. > > > 435 This document does not introduce requirements for any new protection > 436 measures, but it also does not relax best operational practices for > 437 keeping the IGP network stable or to pace rate of policy based IGP > 438 cost to next hops such that it does not have any substantial effect > 439 on BGP path changes and their propagation to route reflection > 440 clients. > > [major] "best operational practices" Like what? It would be good to > provide (at least) informational references. > > > [major] "to pace rate of policy based IGP cost to next hops such that it > does not have any substantial effect on BGP path changes" You will have > to explain this further because the operation of an IGP is not mentioned > anywhere else. > > IMHO, there's no need to go into IGP operational details in this > document. There is nothing special/different about the operation of an > IGP. > > > [End of Review] > > > >
- [Idr] AD Review of draft-ietf-idr-bgp-optimal-rou… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-bgp-optimal… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-bgp-optimal… Robert Raszuk
- Re: [Idr] AD Review of draft-ietf-idr-bgp-optimal… bruno.decraene
- Re: [Idr] AD Review of draft-ietf-idr-bgp-optimal… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-bgp-optimal… Robert Raszuk
- Re: [Idr] AD Review of draft-ietf-idr-bgp-optimal… Gyan Mishra
- Re: [Idr] AD Review of draft-ietf-idr-bgp-optimal… Gyan Mishra
- Re: [Idr] AD Review of draft-ietf-idr-bgp-optimal… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-bgp-optimal… Robert Raszuk
- Re: [Idr] AD Review of draft-ietf-idr-bgp-optimal… UTTARO, JAMES
- Re: [Idr] AD Review of draft-ietf-idr-bgp-optimal… Gyan Mishra
- Re: [Idr] AD Review of draft-ietf-idr-bgp-optimal… Robert Raszuk
- Re: [Idr] AD Review of draft-ietf-idr-bgp-optimal… Gyan Mishra
- Re: [Idr] AD Review of draft-ietf-idr-bgp-optimal… bruno.decraene
- Re: [Idr] AD Review of draft-ietf-idr-bgp-optimal… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-bgp-optimal… bruno.decraene