Re: [Idr] AD Review of draft-ietf-idr-bgp-ls-segment-routing-ext-11
"Ketan Talaulikar (ketant)" <ketant@cisco.com> Thu, 18 April 2019 11:22 UTC
Return-Path: <ketant@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABDDF12009C; Thu, 18 Apr 2019 04:22:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=DJQ2ayfD; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=grddUTk9
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FmTs8G0r-BHq; Thu, 18 Apr 2019 04:22:51 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 858F2120148; Thu, 18 Apr 2019 04:22:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=77470; q=dns/txt; s=iport; t=1555586570; x=1556796170; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=RudfmSTsemttv8oxhWV0d0t+82hL4dYIF+wzqhk0SkM=; b=DJQ2ayfD6EfAQJ8nD6hjZHOs/d0H12mVr8pWTCCakxN/r1inXTYCFIpL AaGZ+tw+kQcASM53ncL2ddQozUVp3mtR43D37/tHTIC+SN422fNmBd7mi w6D4kocboBmNZoYyPTspn3qhqTEsDt9bbavCjFEA78F1GpLhD2hElp7k3 A=;
IronPort-PHdr: 9a23:NNk5rhBwaPZhd7KniG1pUyQJPHJ1sqjoPgMT9pssgq5PdaLm5Zn5IUjD/qg83kTRU9Dd7PRJw6rNvqbsVHZIwK7JsWtKMfkuHwQAld1QmgUhBMCfDkiuL/P2ZiomNM9DT1RiuXq8NBsdFQ==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ATAAClXbhc/4QNJK1lGgEBAQEBAgEBAQEHAgEBAQGBUwMBAQEBCwGBDi8kLANoVSAECyiEDoNHA48Ugld+iDyNYoEuFIFnDgEBJQiEQAIXhgIjNgcOAQMBAQQBAQIBAm0cDIVKAQEBBBoBCAoTAQElDQUBDwIBCA4DAQMBARYLAQYDAgICHxEUAwYIAgQOBQiDG4EdTAMcAQIMnXgCihRxgS+CeQEBBYE2AoNGDQuCDQMGgTIBi0kXgUA/gRABRoFOSTU+ghpHAQEDgRkSAQsHAQkYJAcJCYJLMYImilQSgkiEPYdqjBQGJjcJAoIGhgyEJ4Qng2WCC4YhixqBQY0WhRWBR4wyAgQCBAUCDgEBBYFVATFlcXAVO4Jsgg4MF4NMhRSFPgFygSmMdw8XgiwBAQ
X-IronPort-AV: E=Sophos;i="5.60,365,1549929600"; d="scan'208,217";a="546979789"
Received: from alln-core-10.cisco.com ([173.36.13.132]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 Apr 2019 11:22:48 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by alln-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id x3IBMmbg029922 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 18 Apr 2019 11:22:48 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 18 Apr 2019 06:22:47 -0500
Received: from xhs-aln-002.cisco.com (173.37.135.119) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 18 Apr 2019 07:22:43 -0400
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 18 Apr 2019 06:22:43 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RudfmSTsemttv8oxhWV0d0t+82hL4dYIF+wzqhk0SkM=; b=grddUTk9amTNhItcfOUwcoehaeOAvx3qSLBWAsoFbbZsxxkcttdfmooF4fCR5M3nvnb/yMTy83EBC55uMH4Xp3aIqIAdXrjjPQAr6Duc5N2n6kl2Zq4Y4GNuHjzrpPnnLXPiw8NMaSYijYj0oK1EacZj7mf3Yxs5XSS1HJ2ZsDQ=
Received: from SN6PR11MB2845.namprd11.prod.outlook.com (52.135.93.24) by SN6PR11MB2783.namprd11.prod.outlook.com (52.135.92.158) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.19; Thu, 18 Apr 2019 11:22:42 +0000
Received: from SN6PR11MB2845.namprd11.prod.outlook.com ([fe80::ddd2:508a:e4e8:49b2]) by SN6PR11MB2845.namprd11.prod.outlook.com ([fe80::ddd2:508a:e4e8:49b2%3]) with mapi id 15.20.1792.020; Thu, 18 Apr 2019 11:22:42 +0000
From: "Ketan Talaulikar (ketant)" <ketant@cisco.com>
To: Alvaro Retana <aretana.ietf@gmail.com>
CC: Susan Hares <shares@ndzh.com>, "idr-chairs@ietf.org" <idr-chairs@ietf.org>, "idr@ietf. org" <idr@ietf.org>, "draft-ietf-idr-bgp-ls-segment-routing-ext@ietf.org" <draft-ietf-idr-bgp-ls-segment-routing-ext@ietf.org>
Thread-Topic: AD Review of draft-ietf-idr-bgp-ls-segment-routing-ext-11
Thread-Index: AQHU4AePBv9Wm0CsF0apnvSmlpKCcKZB5TBA
Date: Thu, 18 Apr 2019 11:22:42 +0000
Message-ID: <SN6PR11MB2845DF09F7FEC6E05FBF5AF4C1260@SN6PR11MB2845.namprd11.prod.outlook.com>
References: <CAMMESsxPMj1qnxyxv4R2prqTNbwLQ0+FjDB_-URmx-0=UnvFyQ@mail.gmail.com>
In-Reply-To: <CAMMESsxPMj1qnxyxv4R2prqTNbwLQ0+FjDB_-URmx-0=UnvFyQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ketant@cisco.com;
x-originating-ip: [2001:420:c0e0:1007::17d]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d077971b-3a7d-4582-c8cf-08d6c3f02c52
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:SN6PR11MB2783;
x-ms-traffictypediagnostic: SN6PR11MB2783:
x-ms-exchange-purlcount: 4
x-microsoft-antispam-prvs: <SN6PR11MB27838EAC63C093F88896E060C1260@SN6PR11MB2783.namprd11.prod.outlook.com>
x-forefront-prvs: 0011612A55
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(396003)(366004)(346002)(376002)(136003)(199004)(189003)(51444003)(8936002)(6506007)(53546011)(186003)(229853002)(2906002)(81156014)(53936002)(97736004)(81166006)(102836004)(25786009)(53946003)(46003)(476003)(11346002)(446003)(486006)(66574012)(54896002)(6306002)(7736002)(9326002)(55016002)(33656002)(74316002)(5660300002)(68736007)(99286004)(76176011)(7696005)(52536014)(561944003)(316002)(9686003)(6916009)(54906003)(236005)(4326008)(6246003)(14454004)(966005)(86362001)(6116002)(790700001)(30864003)(8676002)(478600001)(256004)(14444005)(5024004)(606006)(71190400001)(71200400001)(6436002); DIR:OUT; SFP:1101; SCL:1; SRVR:SN6PR11MB2783; H:SN6PR11MB2845.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: SIP3dHiNwsMqKHV8YRm0MtryAxdGlMTRj85pruKJji4MGHAH5Wa87z1z5vTVFihFJ8ULgUqoDA+ZfyySuEJMsxPkNS3jJITwJ6NfXVVRZHj1TAot7dMiCmBNWJOMvo/siSFn/x+HYg+xiEMAGwCTzEnlzLoZz1InXVDBQbXOV0eLFDdTecPl9xNUKl3/mninbEIhiuyM4NSLuTuR3nIiw9hkIz5lGHYuGg6Zw3kQ1gQrcLrTDqxLavRBvyfjhgMkqaW8jtw11BH5RZ/05gKJeA8czDZ7o/8GlRPMemS2jNTbw36M9uHP6jvAop55JHWGXGGLqfPyWVGbDdq5QhEK0qmzKVEWqpcT2GVpBBIzf1UACZf6qrvfzVj1Yw2r6++KDQn/hvBNtBCq/D0moU7cdBsxcNqY23l1EcPfHs9tN+M=
Content-Type: multipart/alternative; boundary="_000_SN6PR11MB2845DF09F7FEC6E05FBF5AF4C1260SN6PR11MB2845namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: d077971b-3a7d-4582-c8cf-08d6c3f02c52
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Apr 2019 11:22:42.1753 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB2783
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.11, xch-rcd-001.cisco.com
X-Outbound-Node: alln-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/qA8vSubJMx_8VNH2Na-UpawNGsk>
Subject: Re: [Idr] AD Review of draft-ietf-idr-bgp-ls-segment-routing-ext-11
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2019 11:22:57 -0000
Hi Alvaro, Thanks for your review and going over some of your comments which are general to BGP-LS but others specific to this draft. I’ve just posted v13 of the doc to address your comments in the email below. https://tools.ietf.org/html/draft-ietf-idr-bgp-ls-segment-routing-ext-13 Please check inline below for details. From: Alvaro Retana <aretana.ietf@gmail.com> Sent: 21 March 2019 22:30 To: Ketan Talaulikar (ketant) <ketant@cisco.com> Cc: Susan Hares <shares@ndzh.com>; idr-chairs@ietf.org; idr@ietf. org <idr@ietf.org>; draft-ietf-idr-bgp-ls-segment-routing-ext@ietf.org Subject: RE: AD Review of draft-ietf-idr-bgp-ls-segment-routing-ext-11 On March 8, 2019 at 10:41:58 PM, Ketan Talaulikar (ketant) (ketant@cisco.com<mailto:ketant@cisco.com>) wrote: Ketan: Hi! ... (1) Consistency in the specification of the new TLVs. Most of the descriptions point at other documents, but they don't do so in a consistent manner: some at the start of the section, others when pointing at the values, etc. Please be consistent! Given that §2.4/2.5 already have a summary, I personally find the information in the individual sections redundant. Instead of a statement at the start of a section, I prefer you to be specific about the values -- see §2.1.2 for an example. [KT] I have made some changes to address this and will wait for some clarification from you on this point. Please check my responses on such points further below. It looks like we have different opinions. :-) Proposal: for consistency, let’s use the approach from rfc7752, ok? In rfc7752 I see a couple of different things: [KT] RFC7752 describes things in many different ways and therefore is not very consistent. (1) For TLVs that are formatted exactly as IGP TLVs: simple tables point at the origin TLV, and (if needed) a short explanation. For example, look for TLV 258 (§3.2.2). The SR Algorithm TLV is an example of this, where the format is exactly the same as the corresponding IGP TLVs. No need to even include a figure for the TLV... Note that others, like the SR Local Block TLV are in a similar situation: the format, with minor exceptions, come from equivalent IGP TLVs. In this case, pointing at the specific IGP TLV and mentioning the difference (no Flags field in OSPF, for example) should be ok. (2) For TLVs that have values that don’t map to a specific IGP TLV: the fields are defined in function of where information comes from. For example, see the Multi-Topology ID TLV (§3.2.1.5). I think that the Source Router Identifier (Source Router-ID) TLV is an example. [KT] While some of the TLVs have straightforward mappings, others don’t. There is also some differences between the IGP encodings. IMO, as an implementor, I’ve found it helpful to have consistent description of the encoding (including TLV format picture) as described in this document. Until we agree on the formatting I’m not considering the related comments (yours or mine) below, with a couple of exceptions. Maybe we can find some time next week to talk about this. ... ... 200 Some of the TLVs defined in this document contain fields (e.g. flags) 201 whose semantics need to be interpreted accordingly to the respective 202 underlying IS-IS, OSPFv2 or OSPFv3 protocol. The receiver of the 203 BGP-LS update for any of the NLRIs MUST check the Protocol-ID of the 204 NLRI and refer to the underlying protocol specification in order to 205 parse such fields. The individual field descriptions in the sub- 206 sections below point to the relevant underlying protocol 207 specifications for such fields. [major] "The receiver of the BGP-LS update for any of the NLRIs MUST check the Protocol-ID of the NLRI and refer to the underlying protocol specification in order to parse such fields." This text is a general statement ("for any of the NLRIs") that seems to want to Update rfc7752, where Protocol-ID is defined...but I don't think that is the intent, right? Note that rfc7752 doesn't explicitly mandate that the "receiver...refer to the underlying protocol specification" -- it just implies it when talking about the Opaque TLVs. [KT] Actually in this case, the protocol needs to be used by the consumer of the information to interpret certain fields in the BGP-LS TLVs. E.g. Adjacency SID in sec 2.2.1, the flags field is different in OSPF and ISIS and based on the flags the SID/index/label field needs to be decoded. IOW, this seems like a significant change as related to other BGP-LS specs. [KT] I will agree that it is a deviation from other BGP-LS specs including the base where we have tried to define IGP agnostic flags. I think the placement of this sentence gives the wrong impression that it wants to update rfc7752. It may be better placed if this was move (and may be repeated) for only those TLV fields where this kind of protocol specific decoding is necessary. I have updated the draft for this. e.g. for sec 2.2.1, I would propose to add the following text at the end of the TLV fields description: "The Flags and, as an extension, the SID/Index/Label fields of this TLV need to be interpreted accordingly to the respective underlying IS-IS, OSPFv2 or OSPFv3 protocol. The consumer of the BGP-LS interested in this TLV information MUST check the Protocol-ID of the BGP-LS Link NLRI and refer to the underlying protocol specification in order to parse these fields." Note also that §5 (Manageability Considerations) has the following text, which I think is in contradiction of the one above: [KT] I think this section should be using the term "consumer of the BGP-LS information" and not "receiver". Fixed this. Because what the consumer does is outside the scope of this document, I think that the best path forward is to simply delete the text above completely. Note that now (placed in the different sections) is, at best, redundant (because the sections specify the fields anyway... [KT] I would remove the normative language used since what the consumer does is outside the scope of BGP-LS. However, including the text as an information is useful and now it has been place at individual TLV level to specify the actual field that needs to be interpreted on a per-protocol basis. ... ... 290 Length: Variable. [major] Yes, it's variable, but it has to be at least 12. What should a router do if the length is < 12? After that, there are only specific valid [KT] I have updated for the minimum length for the TLVs. However, it is not very helpful to try and list all other valid values (in some cases, cannot even say "in multiple of X"). lengths: 12, 13, 19, 21, etc. What if the length is not one of those values? I couldn't find guidance in rfc7752. The closest statement is from §6.2.2 (Fault Management), where one of the "checks for determining if a message is malformed...Does any fixed-length TLV correspond to the TLV Length field in this document?" This TLV is not fixed-length, but the possibilities are finite. Note that rfc7752 says that if the length is not the expected one, then the whole BGP-LS attribute is discarded. For this specific case, it means that the controller wouldn't have complete knowledge of the network, even if the information derived from the IGP is correct... [KT] I would take this in the generic RFC7752 context and not specific for this draft. Yes. I agree with your comments and point of view. About the specific lengths above: yes, it’s hard to characterize the valid lengths. Given the limitations in rfc7752, what I’m trying to do is to be able to characterize these TLVs as having a fixed length because that is the only case covered in rfc7752. ;-) [KT] And I hope we will work on clarifying these aspects in RFC7752bis. ... ... 339 2.1.4. SR Local Block TLV ... 380 Flags: 1 octet of flags. None are defined at this stage. [major] Only the corresponding ISIS sub-TLV has Flags defined -- and I realize that the text above is the same as in draft-ietf-isis-segment-routing-extensions. I think you really don't want this field to evolve independently. IOW, please use a description like the you used for the Flags in the SR-Capabilities TLV. [KT] Actually, I would prefer the BGP-LS flags and encodings to evolve independent of the IGPs (but mapping and encompassing their encodings) so that consumers don't need to be exposed to IGP specifics (where possible) for decoding/interpretation of values that can be modelled in an IGP independent manner. We could not do this for some of the initial TLVs/fields since there wasn't a consensus on this within authors/contributors. I hope we can going forward unless the WG feels differently. I think that the hard/confusing part about this approach would be that some bits in the flags may be important for the BGP-LS consumers…and others not. This means that if the Flags are not in sync, we could run into a case where no more BGP-LS flags exist for a new (and interesting) IGP flag. This specific TLV doesn’t bother me too much because there is a Reserved field in it…so that could be used to diverge, if needed. [KT] The idea is not to diverge the flags of BGP-LS for such TLVs from IGPs. The IGPs themselves differ slightly from each other in some cases, and defining in BGP-LS would make it easier for a consumer to interpret without referring to individual protocol specifications. ... 393 2.1.5. SRMS Preference TLV ... 427 The use of the SRMS Preference TLV is defined in 428 [I-D.ietf-isis-segment-routing-extensions], 429 [I-D.ietf-ospf-segment-routing-extensions] and 430 [I-D.ietf-ospf-ospfv3-segment-routing-extensions]. [major] This document only defines how to carry information in BGP-LS, not what to do with it. IOW, I think that the last paragraph is not needed, it is out of scope of this document... [KT] This is true for almost everything in BGP-LS since it is only a carrier of information. This info is meant for the consumer of the BGP-LS info on how this is used. E.g. it helps pick mapping of one SRMS server over the other - this way the consumer application would be able to get the right label to prefix mapping as advertised by that server. But by providing instructions/hints for the consumer we are going beyond the scope of the document. IOW, if we want the consumer operation, including semantic checks, etc. to be in scope…then let’s make it in scope for everything. [KT] The information for consumer is meant only for information purpose and not normative since their processing is outside the scope of the document. In the specific case of this TLV, I think that knowing the source of the information provides the other background needed and the text above is still not needed. [KT] This text was added specifically to address review from Sue (as shepherd) and Victoria Pritchard (RTGDIR early review), since this information was not readily available in those referred IGP extensions. ... ... 749 2.3.4. Range TLV 751 The range TLV is used in order to advertise a range of prefix-to-SID 752 mappings as part of the Segment Routing Mapping Server functionality 753 [I-D.ietf-spring-segment-routing-ldp-interop], as defined in the 754 respective underlying IGP SR extensions 755 [I-D.ietf-ospf-segment-routing-extensions], 756 [I-D.ietf-ospf-ospfv3-segment-routing-extensions] and 757 [I-D.ietf-isis-segment-routing-extensions]. The Prefix-NLRI to which 758 the Range TLV is attached MUST be advertised as a non-routing prefix 759 where no IGP metric TLV (TLV 1095) is attached. [major] What do you mean in the final sentence? It sounds as if the IGP metric TLV and the Range TLV are mutually exclusive and should never be advertised together. Is that it? If so, what should the receiver do if they are? [KT] I have rephrased this since they are not mutually exclusive. The point about the IGP Metric TLV was that a consumer of a Prefix NLRI originated on account of a SRMS mapping should not mistake this prefix to be like a normal prefix reachability - it can detect this by the absence of the IGP Metric TLV which is included for all "real" prefix reachability advertisements. The updated text says that a “consumer...MUST NOT mis-interpret a Prefix NLRI, that been advertised with a Range TLV...as a normal routing prefix (i.e. prefix reachability) unless there is also an IGP metric TLV (TLV 1095) attached to it.” Here we’re giving instructions to the consumer…and they are not clear: what does “mis-interpret” leads to? Instead, maybe something like this: ...a Prefix NLRI, that been advertised with a Range TLV…is considered a normal routing prefix (i.e. prefix reachability) only when there is also an IGP metric TLV (TLV 1095) attached to it… This way we still convey the purpose, but avoid trying to specify what the consumer should do. [KT] Ack – updated it like above. ... 994 A consumer of the BGP-LS information is retrieving this information 995 from a BGP protocol component that is doing the signaling over a BGP- 996 LS session, via some APIs or a data model (refer Section 1 and 2 of 997 [RFC7752]). The handling of semantic or content errors by the 998 consumer would be dictated by the nature of its application usage and 999 hence is beyond the scope of this document. This document only 1000 introduces new Attribute TLVs and an error in them would result in 1001 only that specific attribute being discarded with an error log. [nit] s/is retrieving this/retrieves this [KT] ack - fixed [minor] "...retrieving this information...over a BGP-LS session, via some APIs or a data model (refer Section 1 and 2 of [RFC7752])." I think that even mentioning that an API or data model can be used instead of BGP-LS is a stretch -- that is not how I interpret the initial sections in rfc7752 (which are just background sections), and there are no formal API/data model definition. [KT] How else would Alto Server or a PCE component get access to the BGP-LS information? There would be some APIs or a model. It may not be formal but there needs to be one? rfc7752 specifies how the consumer uses a BGP-LS session…not anything else. The full sentence is this: "A consumer of the BGP-LS information retrieves this information from a BGP protocol component that is doing the signaling over a BGP-LS session, via some APIs or a data model (refer Section 1 and 2 of [RFC7752]).” A consumer of BGP-LS uses BGP-LS…. This is a minor point anyway. The important part is about semantic checking being out of scope. [KT] Ack – as discussed in Prague, I’ve fixed this language and we will only refer to the “BGP-LS session” to consumer at this point. ... 1009 6. Security Considerations 1011 The new protocol extensions introduced in this document augment the 1012 existing IGP topology information that was distributed via [RFC7752] Hmmm… It looks like this was also truncated — I wonder why that is happening. I put the rest of the review below. Thanks! Alvaro. 1009 6. Security Considerations 1011 The new protocol extensions introduced in this document augment the 1012 existing IGP topology information that was distributed via [RFC7752]. 1013 The Security Considerations section of [RFC7752] also applies to 1014 these extensions. The procedures and new TLVs defined in this 1015 document, by themselves, do not affect the BGP-LS security model 1016 discussed in [RFC7752]. [nit] s/that was distributed/that is distributed [KT] Ack – fixed. 1018 BGP-LS SR extensions enable traffic engineering use-cases within the 1019 Segment Routing domain. SR operates within a trusted domain (refer 1020 Security Considerations section in [RFC8402] for more detail) and its 1021 security considerations also apply to BGP-LS sessions when carrying 1022 SR information.The SR traffic engineering policies using the SIDs 1023 advertised via BGP-LS are expected to be used entirely within this 1024 trusted SR domain (e.g. between multiple AS/domains within a single 1025 provider network). Therefore, precaution is necessary to ensure that 1026 the SR information collected via BGP-LS is limited to specific 1027 controllers or applications in a secure manner within this SR domain. [nit] s/trusted domain (refer Security Considerations section in [RFC8402] for more detail)/trusted domain [RFC8402] [KT] Ack - fixed [nit] s/SR information.The SR traffic/SR information. The SR traffic [KT] Ack – fixed. [major] "SR operates within a trusted domain...[RFC8402]...and its security considerations also apply to BGP-LS sessions when carrying SR information." The Security Considerations in rfc8404 really only talk about the data plane -- I don't see how they apply to the BGP-LS sessions. [KT] The concept of trusted domain in SR is being extended to BGP-LS sessions as well. [major] "...precaution is necessary to ensure that the SR information collected via BGP-LS is limited to specific controllers or applications..." This sounds as if you're referring to information that (once collected) can be shared between controllers -- I think that case is out of scope. If you are trying to talk about the BGP sessions, then I think the language needs a little more work. BTW, the paragraph below also talks about BGP sessions; suggestion: keep the common topics together. [KT] This is about not propagating BGP-LS SR information to controllers and applications that are not part of this SR trusted domain. It is not applicable to general BGP sessions since they might be setup to other networks – e.g. eBGP for Internet. The point was not to setup BGP-LS sessions to other peers which are outside the SR trusted domain. [major] The end of the last sentence says "...in a secure manner within this SR domain". Assuming that we're talking about BGP sessions, what does that mean? Does it mean anything beyond what BGP is normally specified to do? If not, then I would recommend taking that piece of text out to not invite more questions than needed. [KT] As mentioned above, the BGP sessions may be setup outside the SR domain as well. So we are saying that the BGP-LS sessions which exchange the SR information do not go outside the SR domain. [minor] You talk about "controllers or applications", but in the rest of the document you have mostly used "consumer" (which is a good thing because it shows consistency with rfc8402). Suggestion: use "consumers" here as well. [KT] Ack – fixed this. 1029 The isolation of BGP-LS peering sessions is also required to ensure 1030 that BGP-LS topology information (including the newly added SR 1031 information) is not advertised to an external BGP peering session 1032 outside an administrative domain. [major] What does "isolation of BGP-LS peering sessions" mean? Why is it not Normatively REQUIRED? [KT] IMHO this is something that should be clarified in the base RFC7752bis? spec for BGP-LS. Hence didn’t use the normative language here. [major] From prior experience (see draft-ietf-idr-te-pm-bgp), the SecDir/Sec ADs asked for text related to why it is ok to transport the new information in BGP. This is the text that resulted from that discussion: The TLVs introduced in this document are used to propagate IGP defined information ([I-D.ietf-lsr-isis-rfc7810bis] and [RFC7471].) These TLVs represent the state and resource availability of the IGP link. The IGP instances originating these TLVs are assumed to support all the required security and authentication mechanisms (as described in [I-D.ietf-lsr-isis-rfc7810bis] and [RFC7471]) in order to prevent any security issue when propagating the TLVs into BGP-LS. The advertisement of the link attribute information defined in this document presents no additional risk beyond that associated with the existing set of link attribute information already supported in [RFC7752]. Note that this text is complementary to what is already stated in the first paragraph -- but goes into a more explicit explanation and brings in the security considerations from the documents where the IGP extensions are defined. Consider adding something similar here. [KT] Ack – added similar text. ... 1126 9.2. Informative References ... 1159 [RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., 1160 Decraene, B., Litkowski, S., and R. Shakir, "Segment 1161 Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, 1162 July 2018, <https://www.rfc-editor.org/info/rfc8402>. [major] I think this should be a Normative reference. [KT] Ack – fixed.
- [Idr] AD Review of draft-ietf-idr-bgp-ls-segment-… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-bgp-ls-segm… Ketan Talaulikar (ketant)
- Re: [Idr] AD Review of draft-ietf-idr-bgp-ls-segm… Ketan Talaulikar (ketant)
- Re: [Idr] AD Review of draft-ietf-idr-bgp-ls-segm… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-bgp-ls-segm… Ketan Talaulikar (ketant)
- Re: [Idr] AD Review of draft-ietf-idr-bgp-ls-segm… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-bgp-ls-segm… Ketan Talaulikar (ketant)
- Re: [Idr] AD Review of draft-ietf-idr-bgp-ls-segm… Alvaro Retana