Re: [Idr] Routing directorate review of draft-ietf-idr-flow-spec-v6-17

Jonathan Hardwick <Jonathan.Hardwick@metaswitch.com> Fri, 23 October 2020 08:36 UTC

Return-Path: <Jonathan.Hardwick@metaswitch.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CED753A0A64; Fri, 23 Oct 2020 01:36:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=metaswitch.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TWW_rLApjlUd; Fri, 23 Oct 2020 01:36:33 -0700 (PDT)
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (mail-eopbgr690122.outbound.protection.outlook.com [40.107.69.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD4983A0A62; Fri, 23 Oct 2020 01:36:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=n+OESRU9pbSD1ZaLgNRVb1P0tMTQlkXlKq28sJndVr6uP7K2+qJ//jpctZ/UFuD0FgqwrQF6Q4abas2U6gmWRu2f3o7GZhiu9gtGenUloXi4TvcylTnaR/qMJCgDkAqfzRVedcsecn8zD+m9TY3an1YHQ0QpRYu9LFjbU9q2ZmKTY+iHmgFKupDQK+HYWxvuQZ9SwRTokfP6ctHSNEpFYyRajCA/9Vgfi/Pk71ssxfiNqsyF+pDtAAPtAofR46GDKjpVEMnnzmamhZP8vvdHe/ldBPawM3Jk2Kqy5NBEENhHLfHnF4rDNUaV9U2WLfOOKihQTHgr9RsBZn/gw9mXMg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5AeeyTBF9dfTs6e9MKsknB4lrkTA4QafKsRrq2eyG7I=; b=Lp3kWosVq4h5i/mwopAdN7uvHSxTMFrRYQNjrAVBo9FO6TI7pC+YeMLTu5U2wXAke0xsaHkQk+j18Rd7VZoOLClechKMCcwf5MYlvurhLzLrmg+Ubk9rbnuMxNQIzBXBMBlAuXor/p43x0fxFx3+1VwrbO14kwkMCE8dDGbxE/OTWU9Td+EMLpf0NR39+gixxiijgaEY+bzxdPI6Doeahn99deJzBWBDG79ex3fptcG2/YNauJebZ7Bq+Z1+LlQCLu5S1ZTE8Myxytua3A9f5RRhDtRe3so/SK+J9NqGqX/xd1lik/5NNZj15pwuPo70X1YRoqBCR++2XaNfR+9ZSw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=metaswitch.com; dmarc=pass action=none header.from=metaswitch.com; dkim=pass header.d=metaswitch.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metaswitch.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5AeeyTBF9dfTs6e9MKsknB4lrkTA4QafKsRrq2eyG7I=; b=E4QKwRy/MdRkwI4To9dr7uIeKK+hmfY/ZErJbcNAsUax4jISjH29b90+/7sDg0XIAk9Aq5f53XzueFfe165T4N7GQmEzaieA1RfQORJQ9diQ6MCP4aTSda8rUk0OcSLcnwOLO2l4b7QSOrJFJUC+QEfwtkQgfmX0RaOS/jqqE44=
Received: from SN6PR02MB5101.namprd02.prod.outlook.com (2603:10b6:805:71::11) by SN6PR02MB5008.namprd02.prod.outlook.com (2603:10b6:805:77::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.18; Fri, 23 Oct 2020 08:36:30 +0000
Received: from SN6PR02MB5101.namprd02.prod.outlook.com ([fe80::1919:a7ff:fa4:8c36]) by SN6PR02MB5101.namprd02.prod.outlook.com ([fe80::1919:a7ff:fa4:8c36%7]) with mapi id 15.20.3477.028; Fri, 23 Oct 2020 08:36:30 +0000
From: Jonathan Hardwick <Jonathan.Hardwick@metaswitch.com>
To: Christoph Loibl <c@tix.at>
CC: "rtg-ads@ietf.org" <rtg-ads@ietf.org>, "rtg-dir@ietf.org" <rtg-dir@ietf.org>, "draft-ietf-idr-flow-spec-v6.all@ietf.org" <draft-ietf-idr-flow-spec-v6.all@ietf.org>, "idr@ietf.org" <idr@ietf.org>
Thread-Topic: Routing directorate review of draft-ietf-idr-flow-spec-v6-17
Thread-Index: Adan1t55LQ3RPQQWTmyun/IGjGyU/QAipI6AACzdWEA=
Date: Fri, 23 Oct 2020 08:36:30 +0000
Message-ID: <SN6PR02MB51016EE84141D887283B4E01841A0@SN6PR02MB5101.namprd02.prod.outlook.com>
References: <SN6PR02MB5101DA401EA6480D5BD24207841C0@SN6PR02MB5101.namprd02.prod.outlook.com> <140D33E4-970B-41C5-9CBD-E4357E96DC51@tix.at>
In-Reply-To: <140D33E4-970B-41C5-9CBD-E4357E96DC51@tix.at>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: tix.at; dkim=none (message not signed) header.d=none;tix.at; dmarc=none action=none header.from=metaswitch.com;
x-originating-ip: [86.137.1.33]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 78eba2f4-5ff8-41ba-c246-08d8772ebd79
x-ms-traffictypediagnostic: SN6PR02MB5008:
x-microsoft-antispam-prvs: <SN6PR02MB5008CF3CF97859CC28A06208841A0@SN6PR02MB5008.namprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: D/pwt22HNoIypo7Wf8ZDbBPtKGOg6J9UN3/HQcvqZ15Qa1YPwWKvLzZS0YewXcsY1qF59hS0Y6y3rR6bKlUG0CEbkLwkRlpQ6eORzqRB6hVfrKf0YdIIfV5QBQaO1SevTC+bkOIP8QWflwXgsx3wexxgHMxZWAMM9g7DCDzcY98/mMb9GhEqwA9fVhQx7oFOtMK6u1vzp9bCSA9JJ2iFEabYIePlXR62F96xDWlOnY6+KqXRe0qTeyDMNaCcroEaF0uaoN4tJR6ZO/cZQflT30ebofUyxm0esL86r7261+4bwX8QPGQem0uJHUZPSxABUj1dsI09a+ym+23ij3xxyI2ekJr5N/CG4f3mLtpDEWT6pnu9FNCaK3sthHVHm61vDkJEUTRIfpMcz16qzc5ycw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR02MB5101.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39850400004)(366004)(396003)(136003)(346002)(376002)(6506007)(6916009)(7696005)(26005)(8936002)(54906003)(478600001)(2906002)(86362001)(9686003)(83380400001)(66946007)(5660300002)(52536014)(4326008)(186003)(33656002)(66556008)(66476007)(64756008)(8676002)(55016002)(66446008)(76116006)(71200400001)(316002)(20673002)(781001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: NT7aD8ygbClemz2jj1A52III0l96+65BTS6GcHfkRw2eS1iNiF7bmhYgCJOLs65cYNd3x1JLvwSLUtTlZLhVm0bkxzk+VA/p5rBEpd6MZ8+Du0Q2DSq2a8IQbmQhPAew9NJXIQ5eVNejbAGSTaGtsLbifCAZX2eIldaYb4Rzh7aUgmB+LL5K5gC1NGmp51wFAd6ufaZCj+SPU4pWto3b/6rw9kGLtLOTaKNZwv+gQSYybKA5xhek9bZrxe91DW3SzRmza8VSc5UguAHYf6oPH5yEY9SCtEKW9daBIUl8Ey+o3gKwTLzKuEXiGu2piF9ZfSBrDcgPrrKGXTVIgct3f2/AsyF6PG06F7O6aoA0QXOjaOZqhmTDkuIrSLcJ4CZQNzA2CZSI1jGFpwU6i4jsn0kfaxrmEsI2XMUyHcXroBl6ddtELCiAPgPM9cfiogUDmkgNNnsHpsUbvJPhBX4u698GcOmhvWnqr29Ct82BK0CvMwCtLwrbquZ2EXWEzRoPm5Vy3ongHewK0igValeuTmKsBHndmBUosdahMj5stu9bwkpFBwqN3D5b2/KlTgBMM9pZuRITjcJ/7WwaYuoY/D66FZ34vsr1xkTbZB7a8byhmbjY36V95Iu9UtxNHjmsqS3vml2gebTncrWX6C0fFQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_SN6PR02MB51016EE84141D887283B4E01841A0SN6PR02MB5101namp_"
MIME-Version: 1.0
X-OriginatorOrg: metaswitch.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SN6PR02MB5101.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 78eba2f4-5ff8-41ba-c246-08d8772ebd79
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Oct 2020 08:36:30.2470 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9d9e56eb-f613-4ddb-b27b-bfcdf14b2cdb
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: kxLIL+gWh3jB0fefOXy8oklkEmVurZsXq+NZxlFKqA+XxzE/LmZWpu9jCpz1ac2La+aWVisPqx27pSWKYcS7NQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR02MB5008
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/OHTPLNWgUUIVmJmR_y4fFdTi_sI>
Subject: Re: [Idr] Routing directorate review of draft-ietf-idr-flow-spec-v6-17
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Oct 2020 08:36:35 -0000

Hi Christoph, many thanks for the reply.  Please see [JEH] inline below.
Cheers
Jon

<snip>
Section 3.6
I note that this is consistent with rfc5575bis, but it left me with several questions.
What is an implementation to do if contradictory bits are set in the same bitmask? (IsF & FF)? (FF & LF)?

That depends on the setting of the match-bit in the bitmask operator. If, for example FF and LF are set in the bitmask and the m-bit=0 packets will match where either the FF OR the LF test results in True. If the m-bit=1 both the FF AND the LF test must result in True (which is not possible) and it will never match any packets. Side-note: in the m-bit=1 case also the IsF is taken into account and the result must match the bitmask (0 or 1).

[JEH] OK, thanks. What I was getting at is whether m=1, FF=1, LF=1 should be considered malformed or if an implementation should accept it and never match any packets. Your answer clears this up for me.



Same question if contradictory bits are set in successive bitmasks and the “AND” bit is set in bitmask_op?
What is the effect of setting / clearing the “match” bit in bitmask_op?

See the match-bit above. The numeric operator as well as the bitmask operator allows multiple operations to be chained:


<type (1 octet), [bitmask_op, bitmask]+>

So the encoding can express the following:

0x0c (Type=Fragment), bitmask_op1, bitmask1, bitmask_op2, bitmask2, …

When the AND bit is *not* set match is based on result1 OR result2 (either result1 gives a match OR result2). If the AND bit is set the result of the match is result1 AND result2. Especially in the case of the numeric operator you can use this for matching ranges like this:

(port < 1000) & (port > 2000)

[JEH] Thanks.  Again I was wondering if (FF=1) AND (LF=1) was allowed given that it matches nothing; you have clarified that it is.




Section 3.3
“Type 3 component values SHOULD be encoded as single octet” – why not a MUST?

Simply to have it aligned with rfc5575(bis) where we had no consensus to change this to a MUST. Keeping this in sync may allow reusable code.

[JEH] Agree that there should be consistency between these two drafts and RFC 5575.  I now understand that SHOULD is appropriate in both drafts because RFC 5575 did not comment on whether the IP protocol is encoded in 1, 2, 4 or 8 bytes (hence an implementation of it might have chosen to use >1 bytes).



Nits:

Section 3.1
Suggest rewording “of N first bits of the address” -> “the first N bits of the address”
I find the “length” field oddly named. I misunderstood it at first as the length of the pattern. I think “end_offset” might have been a better choice. Not a big deal though.

This is true - I will add this to the list of potential issues. In case of offset=0 this length-field is very much like the prefix-length in the ipv6 nlri.

[JEH] Thanks.