Re: [Idr] AD Review of draft-ietf-idr-bgp-ls-sbfd-extensions-06
Ketan Talaulikar <ketant.ietf@gmail.com> Tue, 12 April 2022 04:04 UTC
Return-Path: <ketant.ietf@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13F503A195E; Mon, 11 Apr 2022 21:04:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sOp3At0LMbCQ; Mon, 11 Apr 2022 21:04:11 -0700 (PDT)
Received: from mail-vs1-xe35.google.com (mail-vs1-xe35.google.com [IPv6:2607:f8b0:4864:20::e35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C0273A194B; Mon, 11 Apr 2022 21:04:11 -0700 (PDT)
Received: by mail-vs1-xe35.google.com with SMTP id v9so12586121vss.10; Mon, 11 Apr 2022 21:04:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ZP8u2Bt7k6Gw2Z8vMimX5krqfc6Z4+mePlv7bIHGBLY=; b=B+r3jDF4J6g3BOVOmvxKuF/Rvlo5xDf5LAZN9qJ2R597Bci5+CbtWCBGH4XiaA31/R SHpxSqjFtJkpzUGb7d4MMaRDLNVscVcL36u2l3l//uL+bfzZM6G8+bsqrIPetf9Y094V PGtv1GCDTFFp/powEO29SceNAC5+mcuUC4pI2zYzGTKNlPHGBAiAZGHyJ5YIYS3VU2pF LgpaNmwnDIniEcFZGixfvVZOQcdrFAbPqoA53tawGfgHutyQcAaqs//kacRusVl1UqTd pDGZv6X62Yxd7Rodino9EAvPPA9R3JoSXMXyd8clVSKFZyVPlQs51s0tVJk7NvudXoK9 BIHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZP8u2Bt7k6Gw2Z8vMimX5krqfc6Z4+mePlv7bIHGBLY=; b=NJToY5DunIPfFOQNW+EawC9uqtj6tUZbUPywz060yKoja0VrmAxRx/PYqMTBlY0lpm 4tTtMEaJAh/1+tINI3mhTZtt9MaorHlYNZF9FkMYikSFkWJBPLe6lE20jzY2ezyCsVmG qcsIbjz7gECJ+cBQKs/4IKUQMUAN51y0X0kBPfBRst5T1ZOMDKWx3p2ctQJO6DXwz6Ul 7ub+OXQFC6gBWW65pQ6VI+bMRPXlzYpIsICaj5JgxKUsM0IYQK6RSkKTQiNGWXzkNvzW F+7xtZror3Rrzu6/zDwZ81Hdo3Ex1FpxmXFJGPAxF7Ybx7XIodtdSp1nvlv6k50mjdlJ oEig==
X-Gm-Message-State: AOAM530BaAo9ZreVNpzfkcBUfHxbdQr/b4bQvnNVTK/2K5O3veiaPqHv 0Q90qVG5BUp5M3C23fIrGK7KlYPSGhW8qS/D9Vu+iHVlrw0=
X-Google-Smtp-Source: ABdhPJyVyqfcwiexbUVrF4Kmbsd1KoDkAFbDpDwJvaRsY9QzQnuUvKbLZnYsO251yAE7vd06Ot55szgLl8i2YMmqDDc=
X-Received: by 2002:a67:c893:0:b0:325:5b5d:d1dd with SMTP id v19-20020a67c893000000b003255b5dd1ddmr10578167vsk.33.1649736249788; Mon, 11 Apr 2022 21:04:09 -0700 (PDT)
MIME-Version: 1.0
References: <CAMMESsxwDUrTcgWr379+rYoyG_iuWEzVW91mSNzDtU7KbkjvfQ@mail.gmail.com>
In-Reply-To: <CAMMESsxwDUrTcgWr379+rYoyG_iuWEzVW91mSNzDtU7KbkjvfQ@mail.gmail.com>
From: Ketan Talaulikar <ketant.ietf@gmail.com>
Date: Tue, 12 Apr 2022 09:33:57 +0530
Message-ID: <CAH6gdPyYATnE47VMnNK1k=r6HBisDSkMZjDUTPqsd_-A67ccXw@mail.gmail.com>
To: Alvaro Retana <aretana.ietf@gmail.com>
Cc: draft-ietf-idr-bgp-ls-sbfd-extensions@ietf.org, Jeffrey Haas <jhaas@pfrc.org>, idr-chairs@ietf.org, idr@ietf.org
Content-Type: multipart/alternative; boundary="000000000000244e6605dc6d27b7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/jFAwOtktB2oadtNXi-BtufiqTo8>
Subject: Re: [Idr] AD Review of draft-ietf-idr-bgp-ls-sbfd-extensions-06
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Apr 2022 04:04:16 -0000
Hi Alvaro, Thanks for your detailed review and please check inline below for responses to your comments. We've also posted an update with the changes as discussed below: https://datatracker.ietf.org/doc/html/draft-ietf-idr-bgp-ls-sbfd-extensions-07 On Mon, Apr 11, 2022 at 8:11 PM Alvaro Retana <aretana.ietf@gmail.com> wrote: > Dear authors: > > Please take a look at the comments below. I will wait for them to be > addressed before moving this document forward. > > > ** Chairs: 6 authors are listed on the front page. Please provide a > justification for having more than 5. > > > Thanks! > > Alvaro. > > > [Line numbers from idnits.] > > > ... > 81 1. Introduction > ... > 90 For monitoring of a service path end-to-end via S-BFD, the > headend > 91 node (i.e. Initiator) needs to know the S-BFD Discriminator of > the > 92 destination/tail-end node (i.e. Responder) of that service. > The > 93 link-state routing protocols (IS-IS, OSPF and OSPFv3) have been > 94 extended to advertise the S-BFD Discriminators. With this a > 95 Initiator can learn the S-BFD discriminator for all Responders > within > 96 its IGP area/level, or optionally within the domain. With > networks > 97 being divided into multiple IGP domains for scaling and > operational > 98 considerations, the service endpoints that require end to end > S-BFD > 99 monitoring often span across IGP domains. > > [minor] "(IS-IS, OSPF and OSPFv3) have been extended" > > This would be a good place to introduce the references to rfc7883/rfc7884. > KT> Ack > > > [nit] s/a Initiator/an Initiator > KT> Ack > > > ... > 123 3. Problem and Requirement > > [] I appreciate the additional background, but this section is not > needed. The Introduction already does a good job in providing a > justification when it says this: > > With networks being divided into multiple IGP domains for scaling and > operational considerations, the service endpoints that require end to > end S-BFD monitoring often span across IGP domains. > > I strongly suggest that you remove this section. > KT> Ack - removed. > > > I am including other comments below in case you decide to keep it. > > > 125 Seamless MPLS [I-D.ietf-mpls-seamless-mpls] extends the core > domain > 126 and integrates aggregation and access domains into a single MPLS > 127 domain. In a large network, the core and aggregation networks > can be > 128 organized as different ASes. Although the core and aggregation > 129 networks are segmented into different ASes, an end-to-end label > 130 switched path (LSP) can be created using hierarchical BGP > signaled > 131 LSPs based on internal-BGP (IBGP) labeled unicast within each > AS, and > 132 external-BGP (EBGP) labeled unicast to extend the LSP across AS > 133 boundaries. This provides a seamless MPLS transport > connectivity for > 134 any two service end-points across the entire domain. In order > to > 135 detect failures for such end to end services and trigger faster > 136 protection and/or re-routing, S-BFD MAY be used for the Service > Layer > 137 (e.g. for MPLS VPNs, pseudowires, etc. ) or the Transport Layer > 138 monitoring. This creates the need for setting up S-BFD session > 139 spanning across AS domains. > > [major] s/S-BFD MAY be used/S-BFD may be used > > This is just a statement of fact, not a normative statement. > > > [] The Introduction already justified the use of BGP-LS to carry the > IGP-derived information. Do we really need this additional > justification based on a draft that expired more than 7 years ago? > > > 141 In a similar Segment Routing (SR) [RFC8402] multi-domain > network, an > 142 end to end SR Policy [I-D.ietf-spring-segment-routing-policy] > path > 143 may be provisioned between service end-points across domains > either > 144 via local provisioning, or by a controller or signalled from a > Path > 145 Computation Engine (PCE) [RFC4655] . Monitoring using S-BFD can > 146 similarly be setup for such a SR Policy. > > [] Again, these are just use examples of what it already justified. > > > 148 Extending the automatic discovery of S-BFD discriminators of > nodes > 149 from within the IGP domain to cross an administrative domain > using > 150 BGP-LS enables creating S-BFD sessions on demand across IGP > domains. > 151 The S-BFD discriminators for service end point nodes MAY be > learnt by > 152 the PCE or a controller via the BGP-LS feed that it gets from > across > 153 IGP domains, and it can signal or provision the remote S-BFD > 154 discriminator on the Initiator on demand when S-BFD monitoring > is > 155 required. The mechanisms for the signaling of the S-BFD > 156 discriminator from the PCE/controller to the Initiator and > setup of > 157 the S-BFD session are outside the scope of this document. > > [major] s/MAY be learnt/may be learnt > > This is just a statement of fact, not a normative statement. > > > [] This paragraph goes into PCE and other unrelated things to carrying > the IGP-derived information in BGP-LS, and ends up with declaring it > out of scope anyway. > > > 159 Additionally, the service end-points themselves MAY also learn > the > 160 S-BFD discriminator of the remote nodes themselves by receiving > the > 161 BGP-LS feed via a route reflector (RR) [RFC4456] or a > centralized BGP > 162 Speaker that is consolidating the topology information across > the > 163 domains. The Initiator can then itself setup the S-BFD session > to > 164 the remote node without a controller/PCE assistance. > > [major] s/MAY also learn/may also learn > This is just a statement of fact, not a normative statement. > > [] We're now going into how BGP-LS works and deployment models. Is > there anything specific to this extension that would require > additional considerations (vs other BGP-LS information)? > > > 166 While this document takes examples of MPLS and SR paths, the > S-BFD > 167 discriminator advertisement mechanism is applicable for any > S-BFD > 168 use-case in general. > > [] Right!! No need to go into any of these examples!!! > > > 170 4. BGP-LS Extensions for S-BFD Discriminator > > 172 The BGP-LS [RFC7752] specifies the Node NLRI for advertisement > of > 173 nodes and their attributes using the BGP-LS Attribute. The > S-BFD > 174 discriminators of a node are considered as its node level > attribute > 175 and advertised as such. > > [nit] s/considered as its node level attribute/considered a node level > attribute > KT> Ack > > > ... > 200 o Length: variable. Minimum of 4 octets and increments of 4 > octets > 201 there on for each additional discriminator > > [major] NEW> > Length: variable, as defined in [RFC7752]. It MUST be a minimum of 4 > octets and increments of 4 octets for each additional discriminator. > KT> Agree with the change. I don't follow the need for the RFC7752 reference though. Can you please clarify? > > [major] What should the receiver do if the length is wrong? > KT> The base BGP-LS spec, RFC7752 was not clear on such checks - it only talked about fixed-length TLVs. The draft-ietf-idr-rfc7752bis clarifies this aspect and in such case, the TLV would be confirmed malformed and the handling is explained in https://datatracker.ietf.org/doc/html/draft-ietf-idr-rfc7752bis-10#section-7.2.2. This document is referring to fault handling to RFC7752 and I believe the RFC7752 bis should address this question for all BGP-LS specs. > > > 203 o Discriminators : multiples of 4 octets, each carrying a S-BFD > 204 local discriminator value of the node. At least one > discriminator > 205 MUST be included in the TLV. > > [minor] s/Discriminators : multiples of 4 octets, each/Discriminator n > : 4 octets each, > KT> Ack > > > 207 The S-BFD Discriminators TLV can be added to the BGP-LS > Attribute > 208 associated with the Node NLRI that originates the corresponding > 209 underlying IGP TLV/sub-TLV as described below. This > information is > 210 derived from the protocol specific advertisements as below.. > > [nit] s/as below../as follows: > KT> Ack > > > ... > 215 o OSPFv2/OSPFv3, as defined by the S-BFD Discriminators TLV in > 216 [RFC7884]. > > [major] s/S-BFD Discriminators TLV/S-BFD Discriminator TLV > KT> Ack > > > 218 When the node is not running any of the IGPs but running a > protocol > 219 like BGP, then the locally provisioned S-BFD discriminators of > the > 220 node MAY be originated as part of the BGP-LS attribute within > the > 221 Node NLRI corresponding to the local node. > > [major] The subject of including non-IGP information, BGP > specifically, has come up in other BGP-LS-related drafts. The > conclusion has been that the process is currently not specified and > that draft-ietf-idr-bgp-ls-bgp-only-fabric may be the best place to do > that -- at least that was the conclusion the last time we discussed it > [1]. Has anything changed? If not, then please remove the paragraph > above. > KT> Ack - paragraph removed. > > [1] https://mailarchive.ietf.org/arch/msg/idr/7nNtfqJ6OyktdP4QETX2xHSHbTw/ > > > 223 5. IANA Considerations > > 225 This document requests assigning code-points from the registry > "BGP- > 226 LS Node Descriptor, Link Descriptor, Prefix Descriptor, and > Attribute > 227 TLVs" based on table below which reflects the values assigned > via the > 228 early allocation process. The column "IS-IS TLV/Sub-TLV" > defined in > 229 the registry does not require any value and should be left > empty. > > [] NEW> > IANA is requested to permanently allocate the following codepoints from > the "BGP-LS Node Descriptor, Link Descriptor, Prefix Descriptor, and > Attribute TLVs" registry. The column "IS-IS TLV/Sub-TLV" defined in the > registry does not require any value and should be left empty. > KT> Ack > > > 231 +---------------+--------------------------+----------+ > 232 | Code Point | Description | Length | > 233 +---------------+--------------------------+----------+ > 234 | 1032 | S-BFD Discriminators TLV | variable | > 235 +---------------+--------------------------+----------+ > > [minor] Please add a table number. > KT> Ack > > > 237 6. Manageability Considerations > > 239 This section is structured as recommended in [RFC5706]. > > [minor] I don't have a real objection to this sentence, but given that > §6.1 and §6.2 are empty, it may just result in more questions than > needed. I recommend that you eliminate the sentence and the > subsections. > KT> Ack > > > ... > 258 7. Security Considerations > > 260 The new protocol extensions introduced in this document augment > the > 261 existing IGP topology information that was distributed via > [RFC7752]. > 262 Procedures and protocol extensions defined in this document do > not > 263 affect the BGP security model other than as discussed in the > Security > 264 Considerations section of [RFC7752]. More specifically the > aspects > 265 related to limiting the nodes and consumers with which the > topology > 266 information is shared via BGP-LS to trusted entities within an > 267 administrative domain. > > [nit] s/information that was distributed/information that can be > distributed > KT> Ack > > > 269 Advertising the S-BFD Discriminators via BGP-LS makes it > possible for > 270 attackers to initiate S-BFD sessions using the advertised > 271 information. The vulnerabilities this poses and how to > mitigate them > 272 are discussed in [RFC7752]. > > [minor] s/rfc7752/rfc7880 > KT> Ack > > > [major] Please add text (sample below) talking about why it is ok to > transport the new information in BGP. > > The TLV introduced in this document is used to propagate IGP defined > information ([RFC7783] and [RFC7784]). The TLV represents information > used to monitor network resources. The IGP instances originating this > information are assumed to support any required security and > authentication > mechanisms (as described in [RFC7783] and [RFC7784]) in order to prevent > any security issue when propagating the information into BGP-LS. > KT> Ack. Instead of "monitor network resources", "set up of S-BFD" is being used. Thanks, Ketan > > > [EoR -06] >
- [Idr] AD Review of draft-ietf-idr-bgp-ls-sbfd-ext… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-bgp-ls-sbfd… Ketan Talaulikar
- Re: [Idr] AD Review of draft-ietf-idr-bgp-ls-sbfd… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-bgp-ls-sbfd… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-bgp-ls-sbfd… Susan Hares
- Re: [Idr] AD Review of draft-ietf-idr-bgp-ls-sbfd… Jeffrey Haas
- Re: [Idr] AD Review of draft-ietf-idr-bgp-ls-sbfd… Jeffrey Haas
- Re: [Idr] AD Review of draft-ietf-idr-bgp-ls-sbfd… Susan Hares