[Idr] Tsvart last call review of draft-ietf-idr-tunnel-encaps-19

Brian Trammell via Datatracker <noreply@ietf.org> Tue, 29 September 2020 06:32 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: idr@ietf.org
Delivered-To: idr@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C1AC33A08AA; Mon, 28 Sep 2020 23:32:41 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Brian Trammell via Datatracker <noreply@ietf.org>
To: tsv-art@ietf.org
Cc: draft-ietf-idr-tunnel-encaps.all@ietf.org, last-call@ietf.org, idr@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.17.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <160136116174.16215.18136914391238102648@ietfa.amsl.com>
Reply-To: Brian Trammell <ietf@trammell.ch>
Date: Mon, 28 Sep 2020 23:32:41 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/iGtandjR5eGavhpQePTxIlqn3as>
Subject: [Idr] Tsvart last call review of draft-ietf-idr-tunnel-encaps-19
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2020 06:32:42 -0000

Reviewer: Brian Trammell
Review result: Ready with Issues

This document has been reviewed as part of the transport area review team's
ongoing effort to review key IETF documents. These comments were written
primarily for the transport area directors, but are copied to the document's
authors and WG to allow them to address any issues raised and also to the IETF
discussion list for information.

When done at the time of IETF Last Call, the authors should consider this
review as part of the last-call comments they receive. Please always CC
tsv-art@ietf.org if you reply to or forward this review.

This document redefines that BGP Tunnel Encapsulation attribute to 
address issues with the original definition in RFC 5512, including deployability 
and fundamental operational incompatibility with certain kinds of tunnels.

This review is not comprehensive potential issues with the expanded semantics 
of tunnel  encapsulation TLVs which may give a malicious BGP speaker the ability 
to cause unwanted behavior on the data plane managed by another
speaker -- I have no particular reason to suspect problems here (BGP's threat model
is simplified by the fact that the configuration concerns traffic the speaker would like 
to receive), but the semantics are becoming more powerful and I haven't run the 
analysis; will leave this to the SECDIR review. IP in IP tunnel configuration in
particular deserves more attention than I can spare at the moment, as it appears
to allow a BGP speaker to steer a tunnel of its peer to any arbitrary address in
the Internet, which seems like it might open new and interesting forms of hijacking
not protected by RPKI. Security folks should also have a look at section 10 and
think about malicious uses of this design deficiency.

Instead, I'll focus on the most transport-relevant issues:

First and foremost, I was surprised to find no reference to tunnel or MTU 
anywhere in the document, especially given the guidance in section 6 to
stack tunnels. MTU issues are operationally difficulty in single-tunnel
environments and become more likely to cause problems in multiple-tunnel
environments. If the facility is not intended to allow BGP speakers to advertise
the MTUs available on each tunnel directly (i.e. is this information universally
available to all routers from dataplane configuration? on a link, yes, on a tunnel,
I'm not sure) then I'd at least expect an operational considerations section 
letting users of the facility know that MTU discovery is left as an exercise to the
endpoint transport stacks on the tunneled routes, and to the network engineers 
running the routers when the support calls come up.

The sub-TLVs in 3.3.1 and 3.3.2 configure a DSCP and a UDP port, respectively, for 
encapsulations themselves encapsulated over UDP. The standard dataplane 
considerations for using UDP apply, but I don't think we need to reference 8084 from 
here. So this seems OK to me as is.

I'd call this "ready except MTU", so ready with issues.