Re: [Idr] Alvaro's AD Comments on draft-ietf-idr-ls-distribution

"Acee Lindem (acee)" <acee@cisco.com> Sat, 03 October 2015 16:06 UTC

Return-Path: <acee@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 074A31B2B29; Sat, 3 Oct 2015 09:06:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -13.911
X-Spam-Level:
X-Spam-Status: No, score=-13.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_29=0.6, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vSVbTwVL7mLX; Sat, 3 Oct 2015 09:06:00 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92D2E1B2B24; Sat, 3 Oct 2015 09:06:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=20232; q=dns/txt; s=iport; t=1443888360; x=1445097960; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=mWeiVP6RG7d0DuhUIzkqaEbXm4kgku0vQEXxd+53WoY=; b=QRrt5OfAQdxoJK3fqPIAaumIGELQESS2mHTTqwjFHpdVe6v/Y9ctTu8T S8GSF8NHLlMo4kZIIjb4KKArkhvIsQxQC7DcUes+MN/q3NW6p6SROY8YF tmQiwcYkIpKbDKa8W9SS2LWRdFK3fSRzDZ2pSWNEzfCyUp24jQBSCvAHO I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DyAQBC/A9W/4oNJK1egydUbga+AAENgVoXCoIeg1sCHIENOBQBAQEBAQEBgQqEJQEBAwEBAQEgETMEAwsQAgEIGgImAgICJQsVEAEBBAENBYgmCA21EJQxAQEBAQEBAQEBAQEBAQEBAQEBAQEBEwSBIolJgQaEIQgMJRgWBQeCaYFDBYc3hU6IdwGIBYURgVaEOIMjh02CH4RXg28fAQFCghEdgVRxAYs/QoEGAQEB
X-IronPort-AV: E=Sophos;i="5.17,628,1437436800"; d="scan'208";a="194300792"
Received: from alln-core-5.cisco.com ([173.36.13.138]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 03 Oct 2015 16:05:59 +0000
Received: from XCH-ALN-012.cisco.com (xch-aln-012.cisco.com [173.36.7.22]) by alln-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id t93G5x2n017714 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Sat, 3 Oct 2015 16:05:59 GMT
Received: from xch-aln-012.cisco.com (173.36.7.22) by XCH-ALN-012.cisco.com (173.36.7.22) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Sat, 3 Oct 2015 11:05:58 -0500
Received: from xhc-rcd-x13.cisco.com (173.37.183.87) by xch-aln-012.cisco.com (173.36.7.22) with Microsoft SMTP Server (TLS) id 15.0.1104.5 via Frontend Transport; Sat, 3 Oct 2015 11:05:58 -0500
Received: from xmb-aln-x06.cisco.com ([169.254.1.127]) by xhc-rcd-x13.cisco.com ([173.37.183.87]) with mapi id 14.03.0248.002; Sat, 3 Oct 2015 11:05:58 -0500
From: "Acee Lindem (acee)" <acee@cisco.com>
To: "adrian@olddog.co.uk" <adrian@olddog.co.uk>, "Alvaro Retana (aretana)" <aretana@cisco.com>
Thread-Topic: [Idr] Alvaro's AD Comments on draft-ietf-idr-ls-distribution
Thread-Index: AdD9yQO60fpcSwLyRE2qgwPvotAKewANMDUA
Date: Sat, 3 Oct 2015 16:05:57 +0000
Message-ID: <D2357211.33B9C%acee@cisco.com>
References: <022901d0fdc9$0ea4ce80$2bee6b80$@olddog.co.uk>
In-Reply-To: <022901d0fdc9$0ea4ce80$2bee6b80$@olddog.co.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [173.36.7.29]
Content-Type: text/plain; charset="utf-8"
Content-ID: <5981EB9DF1E5F14DA057087D7E5B583B@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/tDtf3CAkNzdWgiYKwrVBmjCErD0>
Cc: "idr@ietf.org" <idr@ietf.org>, "draft-ietf-idr-ls-distribution@ietf.org" <draft-ietf-idr-ls-distribution@ietf.org>
Subject: Re: [Idr] Alvaro's AD Comments on draft-ietf-idr-ls-distribution
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Oct 2015 16:06:04 -0000

Hi Adrian, Alvaro, 

See one inline below…

On 10/3/15, 6:48 AM, "Idr on behalf of Adrian Farrel"
<idr-bounces@ietf.org on behalf of adrian@olddog.co.uk> wrote:

>Thanks, Alvaro, for your review of (I think) version -10 of the draft.
>
>Here are some answers to your questions.
>
>> Major:
>>
>> Section 5 (IANA Considerations)
>> I didn't see this comment as part of IANA's review, but the text about
>>the
>Designated Experts
>>  should be clarified.  There is some guidance in RFC5226.
>
>You're right.
>I think we should add a new subsection 5.1...
>
>5.1  Guidance for Designated Experts
>
>In all cases of review by Designated Expert (DE) described here, the DE is
>expected to ascertain the existence of suitable documentation (a
>specification)
>as described in RFC5226, and to verify the permanent and publically
>readily
>available of the document. The DE is also expected to check the clarity of
>purpose and use of the requested code points. Lastly, the DE must verify
>that
>any specification produced in the IETF that requests one of these code
>points
>has been made available for review by the IDR working group, and that any
>specification produced outside the IETF does not conflict with work that
>is
>active or already published within the IETF.
>
>> "Note to RFC Editor: this section may be removed on publication as an
>>RFC."
>The IANA 
>> considerations section should remain because there are in fact
>>considerations
>there.
>
>Yes, this text is a hang-over from the document template.
>
>> I would like to have Designated Experts in place soon.  It seems to me
>>that
>having 2 of the
>> authors volunteer (primary and backup) would be ideal.  Please let me
>>know if
>you want to do it.
>
>I think the absence of an answer speaks for itself.
>
>> 6.1.2 (Installation and Initial Setup): [default] "maximum rate at which
>Link-State NLRIs will
>> be advertised/withdrawn from neighbors is set to 200 updates per
>>second."
>Where did the
>> number come from?  It does look very big.  Are you assuming just
>>changes or
>startup as well?
>> One of my concerns is the interaction with other BGP stuff (like regular
>routing!).  
>> In fact, in 6.1.5 (Impact on Network Operation) you wrote:  "Frequency
>>of
>Link-State NLRI
>> updates could interfere with regular BGP prefix distribution.  A network
>operator MAY use
>> a dedicated Route-Reflector infrastructure to distribute Link-State
>>NLRIs."  
>> Why not use SHOULD?  If there may be significant operational impact I
>>think
>you should be
>> more direct with the guidance.
>
>There are several questions folded in here.
>
>Firstly, understand that the maximum rate described here is the default
>rate if
>not overridden by an operator or by an implementation that knows better.
>So we
>shouldn't get too hung up on it. Although, obviously, there is a
>reasonable
>expectation that if an implementation uses this default value the function
>should work.
>
>Why 200? Not sure where that came from. I have no evidence that 200 is a
>problem
>and given that IDR has done quite a bit of implementation and interop
>without
>anyone screaming, I assume this is OK.
>https://www.ietf.org/id/draft-ietf-idr-ls-distribution-impl-04.txt doesn't
>mention any problems. Are you aware of implementations where this is a
>problem?
>
>Could BGP-LS advertisements impact on "other BGP stuff"? Well, that
>really is an
>implementation and deployment issues? Will the BGP-LS speaker doing the
>advertisements also advertise "other BGP stuff" on the same session? Is
>the
>advertisement higher cost than the consolidation of IGP-TE information
>and the
>application of policy to determine what LS information to advertise.
>Could the
>advertisements be prioritised? This has been something of a recent thread
>on the
>IDR list and, although you are raising interesting questions, I don't
>believe we
>have any way to draw a line unless someone reports real problems that are
>not
>caused by implementation choices, yet we are required (by the IESG) to
>supply
>defaults for configurable parameters.
>
>Why "MAY" use a dedicated RR rather than "SHOULD"? Because there really
>doesn't
>appear to be any indication that this is a problem in all networks with
>all BGP
>implementations. 
>
>> 6.2.2 (Fault Management). "If an implementation of BGP-LS detects a
>>malformed
>attribute, then
>> it SHOULD use the 'Attribute Discard' action.."  Doesn't this mean that
>>the
>information may be
>> useless, completely missing, or in the best case incomplete?  Aren't we
>>better
>off just resetting
>> the session or at least requesting a route refresh?
>
>I don't think we are assuming corruption. So the malformed attribute
>comes as
>the result of an implementation difference or a bug at the sender.
>Requesting a
>refresh runs a significant risk of simply thrashing the advertisement
>since each
>time it is sent it will contain the same malformed attribute. This
>problem is
>considerably worsened if the session is reset because then we thrash the
>whole
>session.
>
>> Minor:
>>
>> 3.1 (TLV Format): "Unrecognized types are preserved and propagated."
>>This
>statement sounds necessary
>> for interoperability and the correct propagation of the information.
>>Should
>it have a "MUST" in it?
>
>Isn't this standard behavior for unknown TLVs in BGP?
>E.g., 5512 section 4 "Unknown types are to be ignored and skipped upon
>receipt."
>That said, 5512 section 4 also says "When the TLV is being processed by a
>BGP
>speaker that will be performing encapsulation, any unknown sub-TLVs MUST
>be
>ignored and skipped."
>Since the behavior described here is new in as much as it describes
>processing
>of a new NLRI, I think using "MUST" would be OK.
>
>> 3.1 (TLV Format): "If there are more TLVs of the same type, then the
>>TLVs MUST
>be ordered
>> in ascending order of the TLV value within the TLVs with the same type."
>Ordered by value?
>>  How is that done?  Some TLVs contain sub-TLVs in the value field, but
>>others
>don't.
>
>We could say "treating the entire value field an opaque hexadecimal
>string and
>comparing leftmost octets first regardless of the length of the string."
>
>> 3.2.1 (Node Descriptors):  The BGP-LS Identifier is used, but it is
>>defined
>later in 3.2.1.4. 
>> Please add a reference so that it is not mistaken for the "Identifier"
>>(in the
>NLRIs
>> themselves in Section 3.2).
>
>Per Alia's comment replacement text is...
>  BGP-LS uses the Autonomous System (AS) Number and BGP-LS Identifier
>  (see Section 3.2.1.4) to disambiguate the Router-IDs, as described in
>  Section 3.2.1.1.
>
>> 3.3.2 (Link Attribute TLVs):  The attributes used are defined for ISIS,
>>some
>are easily 
>> derived from OSPF, but other don't map to anything.  For example,
>"administrative
>> group (color)".  How are these types of undefined parameters in OSPF
>>figured
>out?
>> I suspect the easy answer is to just say that it is out of scope, but
>>the fact
>remains
>> that there can be information there that doesn't exist in the original
>protocol.  It
>> should at least be clarified what is expected.  Note that in 3.3.2.5
>>(Shared
>Risk Link
>> Group TLV) a different case of this shows up: the text seems to
>>indicate that
>> because there is no SRLG TLV in OSPD-TE, then this information wouldn't
>>be 
>> available.  Again, please clarify if there may be procedures outside
>>the scope
>of
>> the document that could apply.
>
>I'm not sure the missing attributes should be "figured out". The job of
>BGP-LS
>is to collect and distribute information from the IGP. If the information
>is not
>there, it would not be invented by the
>BGP-LS speaker.
>
>The SRLG case has been fixed in -11: it was an error.
>
>> 3.3.2.2 (MPLS Protocol Mask TLV)
>> OLD>  
>>   Generation of the MPLS Protocol Mask TLV is only valid for
>>   originators which have local link insight, like for example Protocol-
>>   IDs 'Static' or 'Direct' as per Table 2.  The 'MPLS Protocol Mask'
>>   TLV MUST NOT be included in NLRIs with protocol-IDs 'IS-IS L1', 'IS-
>>   IS L2', 'OSPFv2' or 'OSPFv3' as per Table 2.
>> NEW>
>>   Generation of the MPLS Protocol Mask TLV is only valid for
>>   originators which have local link insight, like for example Protocol-
>>   IDs 'Static' or 'Direct' as per Table 2.  The 'MPLS Protocol Mask'
>>   TLV MUST NOT be included in NLRIs with other protocol-Ids.
>
>Why?
>Certainly your proposal appears right: there are only four protocols
>listed in
>Table 2, but there is the question of future IDs. So we could write...
>
>   Generation of the MPLS Protocol Mask TLV is only valid for
>   originators which have local link insight, like for example Protocol-
>   IDs 'Static' or 'Direct' as per Table 2.  The 'MPLS Protocol Mask'
>   TLV MUST NOT be included in NLRIs with the other Protocol-IDs
>   listed in Table 2.
>
>I don't object to this change, but struggle to see the value.
>
>>  "LINK_STATE attribute" shows up in 3.3.2 and 3.3.3.  What is it?
>
>Thanks for this catch. Old text. Should now read "BGP-LS attribute with a
>link
>NLRI"
>
>> In 3.3.1.1 (Node Flag Bits TLV) you included the ISIS Overload Bit, but
>>didn't
>> say anything about OSPFv3's R-bit or v6-bit; and in 3.3.3.1 (IGP Flags
>>TLV)
>you
>> included the IS-IS Up/Down Bit in this TLV, but I didn't see the OSPF
>>DN-bit
>> anywhere.  Are these opportunities to reuse the same bit with a more
>>generic
>> definition while covering a similar option in OSPF?  I know you can't
>>cover
>all
>> the options, but these two are well-known and seem low hanging fruit.
>
>Although no-one was asking for this and no-one will have implemented it,
>I can
>see no reason not to change to read...
>
>3.3.1.1.  Node Flag Bits TLV
>
>   The Node Flag Bits TLV carries a bit mask describing node attributes.
>   The value is a variable length bit array of flags, where each bit
>   represents a node capability.
>
>      0                   1                   2                   3
>      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>     |              Type             |             Length            |
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>     |O|T|E|B|R|V| Rsvd|
>     +-+-+-+-+-+-+-+-+-+
>
>                   Figure 15: Node Flag Bits TLV format
>
>   The bits are defined as follows:
>
>            +----------+-------------------------+-----------+
>            |   Bit    | Description             | Reference |
>            +----------+-------------------------+-----------+
>            |   'O'    | Overload Bit            | [RFC1195] |
>            |   'T'    | Attached Bit            | [RFC1195] |
>            |   'E'    | External Bit            | [RFC2328] |
>            |   'B'    | ABR Bit                 | [RFC2328] |
>            |   'R'    | Router Bit              | [RFC5340] |
>            |   'V'    | V6 Bit                  | [RFC5340] |
>            | Reserved | Reserved for future use |           |
>            +----------+-------------------------+-----------+
>
>                    Table 8: Node Flag Bits Definitions
>
>
>And similarly no-one has asked for the DN-bit from 2328 or 5340 in section
>3.3.3.1. I am less sanguine about adding this as I am not quite sure that
>it is
>useful in BGP-LS, but it would certainly be easy to add. With this bit,
>and with
>other potential additions to both bit fields, I suggest we wait for the
>need/desire and folk can write new drafts.

The DN-bit is not really applicable to at the Node level in OSPF and
IS-IS. It is applicable to prefixes and is included in the flags in
section 3.3.3.1 (See the D-bit). For extra credit, you could add a
reference to OSPF and RFC 4576. This document started out with very few
references to the applicable OSPF RFCs but quite a few have been added by
Alia and me. 

Thanks,
Acee





>
>> 6.2.5.  (Performance Management)  It might be nice to include
>>updates/second
>as 
>> one of the performance indicators.
>
>I think that we add to the bottom of 6.2.5 as follows:
>
>"These statistics should be recorded as absolute counts since system or
>session
>start time. An implementation MAY also enhance this information by also
>recording peak per-second counts in each case."
>
>> Section 8 (Security Considerations) "The principal attack a consumer
>>may apply
>is to 
>> attempt to start multiple sessions either sequentially or
>>simultaneously."
>Isn't this
>> an attack that any other node can try?  Why limit the discussion only to
>consumers?
>
>I think you have to be a recognised peer for this attack to have any
>significant
>value that is specific to *this* document.
>
>> Looking at the references, it seems to me that the following changes
>>could
>> be made: 
>> Make Informative: RFC1918
>Sure
>> Make Normative: I-D.ietf-idr-error-handling
>Yes, and this is now RFC7606
>
>> Curious question:  When encoding a "normal" size node using BGP-LS,
>>what is
>the
>> resulting size of the UPDATE?
>
>I'll leave this as an exercise for the reader.
>
>> Nits:
>> 3.2: s/'Static' protocol types/'Static configuration' protocol types
>> Again
>in 3.3.2.2.
>> 3.2.1 and 6.2.3 : What does "Paragraph 2" refer to?
>> 3.2.1.2: "mandatory TLV in all three types of NLRIs"  I assume you're
>referring to Node,
>> Link and Prefix NLRIs, right?  However, it is confusing because there
>>are in
>fact 4 types
>> defined.  Please correct.
>> 3.2.1.4: "IGP Router ID.mandatory TLV"  Should be sub-TLV.
>> 3.2.3.1: "The Route Type TLV allows to discrimination of these
>advertisements./The
>> Route Type TLV allows the discrimination of these advertisements.
>> 3.3.2.2: Please be consistent in the name.  Is it "MPLS Protocol Mask
>>TLV" or
>just
>> "MPLS Protocol TLV"?
>> The description of the example in 3.7 is easier to read (because of the
>formatting) than
>> the one in 3.6.  It would be nice to be consistent.
>> 3.8 seems to be a better example of simply ships in the night than
>>migration
>as the
>> emphasis is put on identifying the common links of the two processes.
>> 4.1 s/"see" the full topology of AS/"see" the full topology of AS2
>
>I'll work through the nits as well.
>New revision "soon".
>
>Thanks,
>Adrian
>
>
>_______________________________________________
>Idr mailing list
>Idr@ietf.org
>https://www.ietf.org/mailman/listinfo/idr