[Idr] Re: Review of draft-chen-idr-bgp-ls-sr-policy-nrp

chen.ran@zte.com.cn Wed, 26 June 2024 02:33 UTC

Return-Path: <chen.ran@zte.com.cn>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF9E9C14F6EC; Tue, 25 Jun 2024 19:33:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.896
X-Spam-Level:
X-Spam-Status: No, score=-6.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_TEMPERROR=0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xCSLoZWSnslZ; Tue, 25 Jun 2024 19:33:40 -0700 (PDT)
Received: from mxhk.zte.com.cn (mxhk.zte.com.cn [63.216.63.35]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D692EC15106F; Tue, 25 Jun 2024 19:33:33 -0700 (PDT)
Received: from mxct.zte.com.cn (unknown [192.168.251.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mxhk.zte.com.cn (FangMail) with ESMTPS id 4W85NS5NXYz5DXWh; Wed, 26 Jun 2024 10:33:28 +0800 (CST)
Received: from mse-fl2.zte.com.cn (unknown [10.5.228.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mxct.zte.com.cn (FangMail) with ESMTPS id 4W85Mr5LdFz501gR; Wed, 26 Jun 2024 10:32:56 +0800 (CST)
Received: from njb2app07.zte.com.cn ([10.55.22.95]) by mse-fl2.zte.com.cn with SMTP id 45Q2VVxU027690; Wed, 26 Jun 2024 10:31:31 +0800 (+08) (envelope-from chen.ran@zte.com.cn)
Received: from mapi (njy2app03[null]) by mapi (Zmail) with MAPI id mid203; Wed, 26 Jun 2024 10:31:32 +0800 (CST)
Date: Wed, 26 Jun 2024 10:31:32 +0800
X-Zmail-TransId: 2afb667b7d84ffffffffce2-3d86d
X-Mailer: Zmail v1.0
Message-ID: <20240626103132152P7z2LqJWOcFXXdMAd3t1O@zte.com.cn>
Mime-Version: 1.0
From: chen.ran@zte.com.cn
To: adrian@olddog.co.uk
Content-Type: multipart/mixed; boundary="=====_001_next====="
X-MAIL: mse-fl2.zte.com.cn 45Q2VVxU027690
X-Fangmail-Anti-Spam-Filtered: true
X-Fangmail-MID-QID: 667B7DF8.001/4W85NS5NXYz5DXWh
Message-ID-Hash: PXITRETWYAOGQA4PRF7LRFEXOWBFSP25
X-Message-ID-Hash: PXITRETWYAOGQA4PRF7LRFEXOWBFSP25
X-MailFrom: chen.ran@zte.com.cn
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-idr.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: idr@ietf.org, draft-chen-idr-bgp-ls-sr-policy-nrp@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Idr] Re: Review of draft-chen-idr-bgp-ls-sr-policy-nrp
List-Id: Inter-Domain Routing <idr.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/qWLt2z9KI-9sPfdrCm-UKp0m7sU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Owner: <mailto:idr-owner@ietf.org>
List-Post: <mailto:idr@ietf.org>
List-Subscribe: <mailto:idr-join@ietf.org>
List-Unsubscribe: <mailto:idr-leave@ietf.org>

Hi Adrian,

I'm really sorry, I didn't notice this email and sorry for late reply. 
Please see inline...

Best Regards,
Ran


Original


From: AdrianFarrel <adrian@olddog.co.uk>
To: idr@ietf.org <idr@ietf.org>;
Cc: draft-chen-idr-bgp-ls-sr-policy-nrp@ietf.org <draft-chen-idr-bgp-ls-sr-policy-nrp@ietf.org>;
Date: 2024年06月10日 04:48
Subject: [Idr] Review of draft-chen-idr-bgp-ls-sr-policy-nrp

Hi,
 
There's a lot of healthy discussion of this draft as it works towards
possible Working Group adoption. I confess that I haven't caught up on that
thread yet, so I predict some overlap.
 
I thought now might be a good time to contribute a review with a TEAS slant,
as editor of RFC 9543, and as one of the DEs for BGP-LS.
 
Hope this is helpful and can move us forward for rapid adoption.
Ran:  This is very helpful. Thank you very much.


Cheers,
Adrian
 
===
 
Abstract
 
Need to expand "SR" and "BGP-LS".
 
The first two sentences seem to overlap:
- attribute associated with
- attribute of
 
The statement of what an NRP is seems to be different from what 9543
says. Perhaps steal some brief words from the RFC (cf. your text in the
Introduction) before saying that an identifier of the underlying NRP is
an important attribute.
 
s/enable/enables/
 
Final sentence is ambiguous. I think:
   This document defines a new TLV which enables the headend to report
   (using BGP-LS) the configuration and the states of an SR policy and
   any associated NRP information.
 Ran: Agreed.
---
 
1.
 
s/Segment Routing Policy/Segment Routing (SR) Policy/
 Ran: Agreed.
---


1. Final paragraph
 
Per the change to the Abstract, I think it should be that it is the
identifier of the NRP (not the NRP itself) that is the important
attribute.
 Ran: Agreed.
---


1. Final paragraph
 
   This document defines a new
   TLV which enable the headend to report the configuration and the
   states of an SR policy carrying the NRP information by using BGP-LS.
 
While this statement may be true, the document gives no indication of  
how any information beyond the NRP ID is reported. I know this is an
early version of the work, and the WG can be expected to refine it and
add details, but I think we need some hints.
 
Possibly the thing here is some simple addition like...
 
   Information that describes the NRP and provides information about the
   state of the NRP may be carried in sub-TPVs of the new TLV. These  
   sub-TLVs will be defined in a future version of this document.
 
Something similar to that would also need to be added to section 2.
 
Alternatively, I am misunderstanding the intention here and what you are
doing is just indicating which NRP the SR policy uses: no more
information would be carried and there is no additional status to  
report.
 Ran:The purpose of this draft is to inform only which NRP the SR policy uses:  no moreinformation would be carried and there is no additional status to report. NRP status information 
is reported through other methods and is not considered in this draft.

---
 
2. First paragraph
 
Need to mention the name of the TLV. Something like...
 
   In order to collect configuration and states of the NRP SR policy,
   this document defines a new SR Policy state TLV called the NRP TLV
   which enables the headend to report the state at the SR Policy CP  
   level.Should also expand CP.
Ran:  Agreed.
---


2.
 
s/[RFC9552]associated/[RFC9552]  associated/
s/only one this TLV/only one these TLVs/
 Ran:  Agreed
---


2.
 
You can give a value of 8 for Length.
 
I think the field called 'Flag' should be called 'Flags'.
 
You need some more discussion about 'NRP ID'. How is the value encoded?
What is its scope? Where does the value come from? This might simply be
a reference to another document that contains this information.
 Ran:  Will be added in the next version.
---


3.
 
OLD
   The mechanism specified in this document defines the headend to
   report configuration and states of an SR policy carrying the NRP
   information by using BPG-LS.
NEW
   The mechanism specified in this document defines a mechanism for the
   headend to report configuration and states of an SR policy carrying
   the NRP information by using BPG-LS.
END:
 Ran:  Thanks. Will update it.
---


Thank you for including section 3.
 
I understand how the control plane impact of scaling the number of NRPs
is limited because it is only the headends that report NRP status. The
load is shared across the headends.
 
There are several general issues that arise:
 
1. What is the headend of an NRP? I can understand the headend of a path
   or a traffic flow. But not the headend of an NRP. Probably you are
   talking about the headend of the SR policy.
 Ran:  Yes. Refer to the handed of the SR policy.

2. An NRP may support many SR policies. In this case, do all headends of

   all SR policies that use the NRP report the status of the NRP?
 Ran: Although the proposed mechanism allows an NRP may support many SR policies, 
in normal case the association between an SR Policy and NRP is considered to be 1:1.
In an NRP support many SR policies scenarios, all headends of all SR policies that use the NRP report the 
association between an SR Policy and NRP-ID.



3. The scaling issue is more complex with BGP-LS. The scaling has to be
   considered in terms of the BGP-LS servers and the control plane  
   network around the servers.
 
Some discussion is needed of how often the updated status is reported,
and how many SR policies are reporting the same NRP status information.
 Ran: The purpose of this draft is to inform the association between an SR Policy and NRP-ID, and 
generally, the relationship is relatively stable. 
---


6.
 
It would be worthwhile this section explaining an attack vector that is
introduced as follows.
 
An NRP ID indicates which resources are used by an SR policy and that
allows those resources to be attacked. So, reporting the NRP ID in
association with the SR policy is a risk.
 
Of course, securing BGP-LS and the BGP-LS servers protects against that.
 Ran: Agreed.
_______________________________________________

Idr mailing list -- idr@ietf.org
To unsubscribe send an email to idr-leave@ietf.org