[Idr] Re: Review of draft-chen-idr-bgp-ls-sr-policy-nrp
chen.ran@zte.com.cn Wed, 26 June 2024 02:33 UTC
Return-Path: <chen.ran@zte.com.cn>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF9E9C14F6EC; Tue, 25 Jun 2024 19:33:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.896
X-Spam-Level:
X-Spam-Status: No, score=-6.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_TEMPERROR=0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xCSLoZWSnslZ; Tue, 25 Jun 2024 19:33:40 -0700 (PDT)
Received: from mxhk.zte.com.cn (mxhk.zte.com.cn [63.216.63.35]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D692EC15106F; Tue, 25 Jun 2024 19:33:33 -0700 (PDT)
Received: from mxct.zte.com.cn (unknown [192.168.251.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mxhk.zte.com.cn (FangMail) with ESMTPS id 4W85NS5NXYz5DXWh; Wed, 26 Jun 2024 10:33:28 +0800 (CST)
Received: from mse-fl2.zte.com.cn (unknown [10.5.228.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mxct.zte.com.cn (FangMail) with ESMTPS id 4W85Mr5LdFz501gR; Wed, 26 Jun 2024 10:32:56 +0800 (CST)
Received: from njb2app07.zte.com.cn ([10.55.22.95]) by mse-fl2.zte.com.cn with SMTP id 45Q2VVxU027690; Wed, 26 Jun 2024 10:31:31 +0800 (+08) (envelope-from chen.ran@zte.com.cn)
Received: from mapi (njy2app03[null]) by mapi (Zmail) with MAPI id mid203; Wed, 26 Jun 2024 10:31:32 +0800 (CST)
Date: Wed, 26 Jun 2024 10:31:32 +0800
X-Zmail-TransId: 2afb667b7d84ffffffffce2-3d86d
X-Mailer: Zmail v1.0
Message-ID: <20240626103132152P7z2LqJWOcFXXdMAd3t1O@zte.com.cn>
Mime-Version: 1.0
From: chen.ran@zte.com.cn
To: adrian@olddog.co.uk
Content-Type: multipart/mixed; boundary="=====_001_next====="
X-MAIL: mse-fl2.zte.com.cn 45Q2VVxU027690
X-Fangmail-Anti-Spam-Filtered: true
X-Fangmail-MID-QID: 667B7DF8.001/4W85NS5NXYz5DXWh
Message-ID-Hash: PXITRETWYAOGQA4PRF7LRFEXOWBFSP25
X-Message-ID-Hash: PXITRETWYAOGQA4PRF7LRFEXOWBFSP25
X-MailFrom: chen.ran@zte.com.cn
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-idr.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: idr@ietf.org, draft-chen-idr-bgp-ls-sr-policy-nrp@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Idr] Re: Review of draft-chen-idr-bgp-ls-sr-policy-nrp
List-Id: Inter-Domain Routing <idr.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/qWLt2z9KI-9sPfdrCm-UKp0m7sU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Owner: <mailto:idr-owner@ietf.org>
List-Post: <mailto:idr@ietf.org>
List-Subscribe: <mailto:idr-join@ietf.org>
List-Unsubscribe: <mailto:idr-leave@ietf.org>
Hi Adrian, I'm really sorry, I didn't notice this email and sorry for late reply. Please see inline... Best Regards, Ran Original From: AdrianFarrel <adrian@olddog.co.uk> To: idr@ietf.org <idr@ietf.org>; Cc: draft-chen-idr-bgp-ls-sr-policy-nrp@ietf.org <draft-chen-idr-bgp-ls-sr-policy-nrp@ietf.org>; Date: 2024年06月10日 04:48 Subject: [Idr] Review of draft-chen-idr-bgp-ls-sr-policy-nrp Hi, There's a lot of healthy discussion of this draft as it works towards possible Working Group adoption. I confess that I haven't caught up on that thread yet, so I predict some overlap. I thought now might be a good time to contribute a review with a TEAS slant, as editor of RFC 9543, and as one of the DEs for BGP-LS. Hope this is helpful and can move us forward for rapid adoption. Ran: This is very helpful. Thank you very much. Cheers, Adrian === Abstract Need to expand "SR" and "BGP-LS". The first two sentences seem to overlap: - attribute associated with - attribute of The statement of what an NRP is seems to be different from what 9543 says. Perhaps steal some brief words from the RFC (cf. your text in the Introduction) before saying that an identifier of the underlying NRP is an important attribute. s/enable/enables/ Final sentence is ambiguous. I think: This document defines a new TLV which enables the headend to report (using BGP-LS) the configuration and the states of an SR policy and any associated NRP information. Ran: Agreed. --- 1. s/Segment Routing Policy/Segment Routing (SR) Policy/ Ran: Agreed. --- 1. Final paragraph Per the change to the Abstract, I think it should be that it is the identifier of the NRP (not the NRP itself) that is the important attribute. Ran: Agreed. --- 1. Final paragraph This document defines a new TLV which enable the headend to report the configuration and the states of an SR policy carrying the NRP information by using BGP-LS. While this statement may be true, the document gives no indication of how any information beyond the NRP ID is reported. I know this is an early version of the work, and the WG can be expected to refine it and add details, but I think we need some hints. Possibly the thing here is some simple addition like... Information that describes the NRP and provides information about the state of the NRP may be carried in sub-TPVs of the new TLV. These sub-TLVs will be defined in a future version of this document. Something similar to that would also need to be added to section 2. Alternatively, I am misunderstanding the intention here and what you are doing is just indicating which NRP the SR policy uses: no more information would be carried and there is no additional status to report. Ran:The purpose of this draft is to inform only which NRP the SR policy uses: no moreinformation would be carried and there is no additional status to report. NRP status information is reported through other methods and is not considered in this draft. --- 2. First paragraph Need to mention the name of the TLV. Something like... In order to collect configuration and states of the NRP SR policy, this document defines a new SR Policy state TLV called the NRP TLV which enables the headend to report the state at the SR Policy CP level.Should also expand CP. Ran: Agreed. --- 2. s/[RFC9552]associated/[RFC9552] associated/ s/only one this TLV/only one these TLVs/ Ran: Agreed --- 2. You can give a value of 8 for Length. I think the field called 'Flag' should be called 'Flags'. You need some more discussion about 'NRP ID'. How is the value encoded? What is its scope? Where does the value come from? This might simply be a reference to another document that contains this information. Ran: Will be added in the next version. --- 3. OLD The mechanism specified in this document defines the headend to report configuration and states of an SR policy carrying the NRP information by using BPG-LS. NEW The mechanism specified in this document defines a mechanism for the headend to report configuration and states of an SR policy carrying the NRP information by using BPG-LS. END: Ran: Thanks. Will update it. --- Thank you for including section 3. I understand how the control plane impact of scaling the number of NRPs is limited because it is only the headends that report NRP status. The load is shared across the headends. There are several general issues that arise: 1. What is the headend of an NRP? I can understand the headend of a path or a traffic flow. But not the headend of an NRP. Probably you are talking about the headend of the SR policy. Ran: Yes. Refer to the handed of the SR policy. 2. An NRP may support many SR policies. In this case, do all headends of all SR policies that use the NRP report the status of the NRP? Ran: Although the proposed mechanism allows an NRP may support many SR policies, in normal case the association between an SR Policy and NRP is considered to be 1:1. In an NRP support many SR policies scenarios, all headends of all SR policies that use the NRP report the association between an SR Policy and NRP-ID. 3. The scaling issue is more complex with BGP-LS. The scaling has to be considered in terms of the BGP-LS servers and the control plane network around the servers. Some discussion is needed of how often the updated status is reported, and how many SR policies are reporting the same NRP status information. Ran: The purpose of this draft is to inform the association between an SR Policy and NRP-ID, and generally, the relationship is relatively stable. --- 6. It would be worthwhile this section explaining an attack vector that is introduced as follows. An NRP ID indicates which resources are used by an SR policy and that allows those resources to be attacked. So, reporting the NRP ID in association with the SR policy is a risk. Of course, securing BGP-LS and the BGP-LS servers protects against that. Ran: Agreed. _______________________________________________ Idr mailing list -- idr@ietf.org To unsubscribe send an email to idr-leave@ietf.org