Re: [Idr] AD Review of draft-ietf-idr-bgpls-segment-routing-epe-17
"Ketan Talaulikar (ketant)" <ketant@cisco.com> Sun, 24 March 2019 15:43 UTC
Return-Path: <ketant@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16D3A1200ED; Sun, 24 Mar 2019 08:43:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=JQ8iFpX+; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=illI+Raj
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U4Rx0XcmSF1A; Sun, 24 Mar 2019 08:43:03 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97439130E00; Sun, 24 Mar 2019 08:43:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=195618; q=dns/txt; s=iport; t=1553442182; x=1554651782; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=JDaF6nG7UPrcz++2FkgUPWyTM/YwWk7jmODX0NBhNTg=; b=JQ8iFpX+INi/6gOYX3ozDYJcVoHon5Heq6U91ge4zuc1T/uXDv9dahvq ZFc1VR0qb2fQtOT8AZHNXe81NuT9Rvo/pRDkVmq3IDcZgyqtvhWe8TbBI Gd8zqmAunZkcfVr7XHAYMmjMHwv3tH7xqhRLy29AwK2peNc5fU9bqAG/1 U=;
IronPort-PHdr: 9a23:pfhQFhwMCPmCyZLXCy+N+z0EezQntrPoPwUc9psgjfdUf7+++4j5YR2N/u1j2VnOW4iTq+lJjebbqejBYSQB+t7A1RJKa5lQT1kAgMQSkRYnBZuGBFHyKuLCZC0hF8MEX1hgrDm2
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AKAAB+pJdc/49dJa1jGgEBAQEBAgEBAQEHAgEBAQGBUwMBAQEBCwGBDi8kLANodAQLJ4QOg0cDjyeCV36IOY1VgS4UgRADVA0BASUHhEACF4RlIjYHDQEBAwEBCQEDAm0cDIVKAQEBBA4MAQgKEwEBIwILBwEPAgEGAg4DAQMBASEBBgMCAgIfERQDBggCBA4FCBODCIERTAMVAQIMkDuQXwKKFHGBL4J4AQEFgTUCg0INC4IMAwWBLwGLMReBQD+BEUaCFzU+ghpHAQECAYEaDAUBCwcBBwIYDB8JAoJSMYImihsSgkaEH4dGi2YlNgkCh2GECoQNg1iCAoV8BYNHiDSKWoFZhG6BOokQglsCBAIEBQIOAQEFgVQFLGVbDghwFTuCbIIKDBeDS4UUhT4BcgEBgSaMHQINFweCIAEB
X-IronPort-AV: E=Sophos;i="5.60,256,1549929600"; d="scan'208,217";a="539211406"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 24 Mar 2019 15:42:59 +0000
Received: from XCH-RCD-003.cisco.com (xch-rcd-003.cisco.com [173.37.102.13]) by rcdn-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id x2OFgxee016380 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Sun, 24 Mar 2019 15:42:59 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-RCD-003.cisco.com (173.37.102.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 24 Mar 2019 10:42:58 -0500
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 24 Mar 2019 11:42:57 -0400
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Sun, 24 Mar 2019 11:42:57 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JDaF6nG7UPrcz++2FkgUPWyTM/YwWk7jmODX0NBhNTg=; b=illI+Raju26AAFR89GljZzFPaLc8GgMM/FolRYvJ1jGbmyV3u105iA4AxGJLC1s26yrOd+fO9CBHCZ27y4gtIah06LJzzX2Ik6ho2cRuqzqzcubWhNHhjeFmGlnfw6UXutQZa9V11Bpte3Q8/pJfWYKRmm+k4oW4Et84W6hyLhc=
Received: from SN6PR11MB2845.namprd11.prod.outlook.com (52.135.93.24) by SN6PR11MB2685.namprd11.prod.outlook.com (52.135.91.161) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1730.19; Sun, 24 Mar 2019 15:42:54 +0000
Received: from SN6PR11MB2845.namprd11.prod.outlook.com ([fe80::ddd2:508a:e4e8:49b2]) by SN6PR11MB2845.namprd11.prod.outlook.com ([fe80::ddd2:508a:e4e8:49b2%3]) with mapi id 15.20.1730.017; Sun, 24 Mar 2019 15:42:54 +0000
From: "Ketan Talaulikar (ketant)" <ketant@cisco.com>
To: Alvaro Retana <aretana.ietf@gmail.com>
CC: "draft-ietf-idr-bgpls-segment-routing-epe@ietf.org" <draft-ietf-idr-bgpls-segment-routing-epe@ietf.org>, "idr-chairs@ietf.org" <idr-chairs@ietf.org>, "idr@ietf.org" <idr@ietf.org>, Hares Susan <shares@ndzh.com>
Thread-Topic: AD Review of draft-ietf-idr-bgpls-segment-routing-epe-17
Thread-Index: AQHU0Ha9/G2LBJn9e02rUnXHkkHljaX7BV+QgAbqlaCACKWBgIABuVog
Date: Sun, 24 Mar 2019 15:42:54 +0000
Message-ID: <SN6PR11MB2845B881F9911DE0745EF259C15D0@SN6PR11MB2845.namprd11.prod.outlook.com>
References: <CAMMESsw-8R=+K7CH-rkZVWXXYTA_iNXLG2SVJexCUs7g795Jdw@mail.gmail.com> <SN6PR11MB28459C76158F5E7832107FCAC1710@SN6PR11MB2845.namprd11.prod.outlook.com> <SN6PR11MB2845BD0B75C5EEEC9E53DEF6C14D0@SN6PR11MB2845.namprd11.prod.outlook.com> <CAMMESszf7POyp92Bpeb--Z4UgQ_7QJ0UWyyOjOTqphEfN2SeOQ@mail.gmail.com>
In-Reply-To: <CAMMESszf7POyp92Bpeb--Z4UgQ_7QJ0UWyyOjOTqphEfN2SeOQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ketant@cisco.com;
x-originating-ip: [2001:420:c0e0:1002::253]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: df259507-af81-4ec7-3060-08d6b06f619c
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:SN6PR11MB2685;
x-ms-traffictypediagnostic: SN6PR11MB2685:
x-ms-exchange-purlcount: 5
x-microsoft-antispam-prvs: <SN6PR11MB2685E525FA86BEFECC09DAC7C15D0@SN6PR11MB2685.namprd11.prod.outlook.com>
x-forefront-prvs: 09860C2161
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(346002)(396003)(39860400002)(366004)(136003)(199004)(189003)(51444003)(9326002)(966005)(81166006)(8676002)(478600001)(81156014)(6506007)(53546011)(102836004)(97736004)(229853002)(8936002)(99286004)(186003)(6436002)(5660300002)(6916009)(606006)(316002)(54906003)(105586002)(76176011)(7696005)(52536014)(6116002)(790700001)(74316002)(2906002)(7736002)(33656002)(14454004)(68736007)(106356001)(93886005)(486006)(66574012)(71200400001)(71190400001)(53936002)(476003)(86362001)(5024004)(6246003)(256004)(14444005)(53946003)(25786009)(446003)(11346002)(4326008)(30864003)(46003)(6306002)(54896002)(55016002)(9686003)(236005)(569006); DIR:OUT; SFP:1101; SCL:1; SRVR:SN6PR11MB2685; H:SN6PR11MB2845.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: M1X57rDDGL49lLS4VD8L7rsVwnir8N4rHbdIEtOcnkW9aR4NLla27M0E+1hRLRhgn7j7yW40F2bjt284hdVCLwgtzuw8uUQKPmfSi2/LGd2XR89rznDKJUMDkOKKpAPe7qdAE1yToOVR3NUuWb6g11Bs7l0PhffN9NKOTQfyuqUaA8betNSoePyT6VKk1CHdhmjo0rTLtMTbMBMeJ8X03xiH6+d1Wtz3ft5oj5zWhZFteVSGjXs/tWDv1NToURby4eZt4hQj+aCsqOwYiyCjr6jZmEjcr0oFpJ1xnMowmia1/Hu8LLlCNtmldyINqv+/WAeeZO53sLdPIGAAs2g8+0iCG8LgzXgblGcMBuMqfJnA2nObYCwqBle8NvH2GQJJagsRzLp9oPrHuhsNISlUm0tBoRVtV1LeCD+wi9+8fRc=
Content-Type: multipart/alternative; boundary="_000_SN6PR11MB2845B881F9911DE0745EF259C15D0SN6PR11MB2845namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: df259507-af81-4ec7-3060-08d6b06f619c
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Mar 2019 15:42:54.2736 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB2685
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.13, xch-rcd-003.cisco.com
X-Outbound-Node: rcdn-core-7.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/v06dGsM_Ot01XK8eyEQX_dw8uYQ>
Subject: Re: [Idr] AD Review of draft-ietf-idr-bgpls-segment-routing-epe-17
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Mar 2019 15:43:15 -0000
Hi Alvaro, Thanks for your review and for your comments/feedback on this document. Please find responses inline below and I’ve also posted an updated version 18 of the draft to address the comments as discussed below. https://tools.ietf.org/html/draft-ietf-idr-bgpls-segment-routing-epe-18 Thanks, Ketan From: Alvaro Retana <aretana.ietf@gmail.com> Sent: 14 March 2019 09:36 To: Ketan Talaulikar (ketant) <ketant@cisco.com>; draft-ietf-idr-bgpls-segment-routing-epe@ietf.org Cc: Susan Hares <shares@ndzh.com>; idr-chairs@ietf.org; idr@ietf. org <idr@ietf.org> Subject: RE: AD Review of draft-ietf-idr-bgpls-segment-routing-epe-17 On March 9, 2019 at 12:05:25 AM, Ketan Talaulikar (ketant) (ketant@cisco.com<mailto:ketant@cisco.com>) wrote: Ketan: Sorry for the delay… I’ve been traveling. I get the impression that your review and comments might have got truncated in the email that you sent below. It goes only till Sec 4.2 and you have referred to Sec 5 at the start of your email. Could you please check/confirm that you have sent your entire set of review comments? Yes, it looks like it. I’m attaching it again below. Thanks! Alvaro. ==== Dear authors: I just finished reviewing this document. Please take a look at in-line comments below. In general, I think that the document needs work in being consistent with terminology and its use. Also, more details are needed in the Management and Security sections. I have major concerns about the references to draft-ietf-spring-segment-routing-central-epe. In the current text, draft-ietf-spring-segment-routing-central-epe is not only referenced as an example of the use of the SIDs defined here, but in a Normative way to indicate how the TLVs should be treated. The obvious question is about the applicability of the extensions (see the text in §5 about "other use cases"). The importance given to I-D.ietf-spring-segment-routing-central-epe in this document, which should elevate it to a Normative reference, is probably more than it deserves since it just "illustrates the application of Segment Routing to solve the BGP Egress Peer Engineering (BGP-EPE) requirement" and it doesn’t contain a list of protocol requirements nor it mandates how the new TLVs should be used. Note also that draft-ietf-spring-segment-routing-central-epe refers normatively to this document to explain the use case, so pointing Normatively back to it creates a loop.... Please treat draft-ietf-spring-segment-routing-central-epe as what is should be: a good Informative reference — I put specific comments in Sections 3 and 5 below. [KT] Ack – I’ve removed the over-reliance on draft-ietf-spring-segment-routing-central-epe. The BGP Peering SIDs are actually defined in RFC8402 and the Central EPE document is just an informative use-case illustration. I will wait for at least the major items to be addressed before starting the IETF Last Call. Thanks! Alvaro. [The line numbers come from idnits.] ... 32 Requirements Language 34 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 35 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 36 document are to be interpreted as described in RFC 2119 [RFC2119]. [major] Please use the rfc8174 template. [KT] Ack – fixed. ... 103 1. Introduction ... 113 The SR architecture [RFC8402] defines three types of BGP Peering 114 Segments that may be instantiated at a BGP node: 116 o Peer Node Segment (Peer-Node-SID) : instruction to steer to a 117 specific peer node 119 o Peer Adjacency Segment (Peer-Adj-SID) : instruction to steer over 120 a specific local interface towards a specific peer node 122 o Peer Set Segment (Peer-Set-SID) : instruction to load-balance to a 123 set of specific peer nodes [major] rfc8402 doesn't use the same names as above. Please be consistent with the language already defined there. Here, and across the rest of the document. [KT] Ack – fixed to use the names per RFC8402. ... 138 One use-case for these BGP Peering Segments is to enable computation 139 of SR paths that enable Central BGP-EPE as described in 140 [I-D.ietf-spring-segment-routing-central-epe]. This use-case 141 comprises of a centralized controller that learns the BGP Peering 142 SIDs via BGP-LS and then uses this information to program a SR policy 143 [I-D.ietf-spring-segment-routing-policy] at any node in the domain to 144 perform traffic steering via a specific BGP egress node to a specific 145 EBGP peer(s) optionally also over a specific interface. [minor] I-D.ietf-spring-segment-routing-central-epe doesn't mention I-D.ietf-spring-segment-routing-policy anywhere. [KT] Ack - it uses the term "BGP-EPE Policy" which is actually realized with the SR Policy framework. I have clarified this in the text. 147 This document introduces a new BGP protocol type for BGP-LS NLRI and 148 defines new BGP-LS Node and Link description TLVs to facilitate 149 advertising BGP-LS Link NLRI that represent the BGP peering topology. 150 Further, it specifies the BGP-LS Attribute TLVs for advertisement of 151 the BGP Peering Segments (i.e. Peer Node SID, Peer Adjacency SID, 152 and Peer Set SID) to be advertised in the same BGP-LS Link NLRI. [major] s/introduces a new BGP protocol type for BGP-LS NLRI/introduces a new BGP-LS Protocol-ID [KT] Fixed [minor] s/Node and Link description TLVs/Node and Link Descriptor TLVs [KT] Fixed [minor] s/Link NLRI/Link-State NLRI/g [KT] Link NLRI is correct in this case because we are referring to the BGP-LS Link NLRI specifically. 154 2. Segment Routing Documents 156 The main reference is the SR architecture defined in [RFC8402]. 158 The SR BGP-EPE architecture and use-case is described in 159 [I-D.ietf-spring-segment-routing-central-epe]. [nit] This section doesn't add anything that hasn't been already mentioned. Please consider removing it. [KT] Removed it. 161 3. BGP Peering Segments 163 As described in [I-D.ietf-spring-segment-routing-central-epe], a BGP- 164 EPE enabled Egress PE node MAY advertise SIDs corresponding to its 165 attached peers. These SIDs are called BGP peering segments or BGP 166 Peering SIDs. In case of EBGP, they enable the expression of source- 167 routed inter-domain paths. [major] "As described in [I-D.ietf-spring-segment-routing-central-epe], a BGP-EPE enabled Egress PE node MAY advertise SIDs..." I-D.ietf-spring-segment-routing-central-epe is just an illustrative document; it uses Normative language just to describe the requirements for the solution, and not to specify behavior (as suggested above). In this case the "MAY" seems to be used to describe the use case: s/MAY/may [KT] Ack and updated - the reference should be actually for rfc8402 since that specifies and describes the BGP peering segments. 169 An ingress border router of an AS may compose a list of SIDs to steer 170 a flow along a selected path within the AS, towards a selected egress 171 border router C of the AS, and to a specific EBGP peer. At minimum, 172 a BGP-EPE policy applied at an ingress PE involves two SIDs: the Node 173 SID of the chosen egress PE and then the BGP Peering SID for the 174 chosen egress PE peer or peering interface. 176 Each BGP session MUST be described by a Peer Node SID. The 177 description of the BGP session MAY be augmented by additional Peer 178 Adjacency SIDs. Finally, multiple Peer Node SIDs or Peer Adjacency 179 SIDs MAY be part of the same group/set in order to group EPE 180 resources under a common Peer-Set SID. [minor] Please add forward references to the sections where more details are provided. [KT] Added forward reference. 182 When the extensions defined in this document are applied to the EPE 183 use-case defined in [I-D.ietf-spring-segment-routing-central-epe], 184 then the following BGP Peering SIDs need to be instantiated on a BGP 185 router for each of its BGP peer sessions that are enabled for EPE [major] I-D.ietf-spring-segment-routing-central-epe is being used as Normative (below) justification for the definition of peering segments. If possible, please describe the specification in general terms... The text above and in §5 (where it talks about different behaviors for "other use cases") raises the question of whether this document applies in general to any (known) use of the segments defined here, or only to BGP-EPE. IOW, what are those "other use cases"? Where are they described to guarantee that the specification applies to them? [KT] Removed the reference to the Central EPE draft. It is actually not necessary to reference that here. 187 o One Peer-Node-SID MUST be instantiated to describe the BGP peer 188 session. 190 o One or more Peer-Adj-SID MAY be instantiated corresponding to the 191 underlying link(s) to the directly connected BGP peer session. 193 o A Peer-Set-SID MAY be instantiated and additionally associated and 194 shared between one or more Peer-Node-SIDs or Peer-Adj-SIDs. 196 While an egress point in a topology usually refers to EBGP sessions 197 between external peers, there's nothing in the extensions defined in 198 this document that would prevent the use of these extensions in the 199 context of IBGP sessions. However, unlike EBGP sessions which are 200 generally between directly connected BGP routers which are also along 201 the traffic forwarding path, IBGP peer sessions may be setup to BGP 202 routers which are not in the forwarding path. As such, when the IBGP 203 design includes sessions with route-reflectors, a BGP router SHOULD 204 NOT instantiate a BGP Peering SID for those sessions to peer nodes 205 which are not in the forwarding path since the purpose of BGP Peering 206 SID is to steer traffic to that specific peers. Thus, the 207 applicability for IBGP peering may be limited to only those 208 deployments where the IBGP peer is also along with forwarding data 209 path. Further details and the use-cases of BGP Peering SIDs and 210 their BGP-LS extensions to IBGP deployments are beyond the scope of 211 this document. [nit] s/along with forwarding data path/along the forwarding data path [KT] fixed [major] "...details...of BGP Peering SIDs and their BGP-LS extensions to IBGP deployments are beyond the scope of this document." The text in the same paragraph says: "nothing...would prevent the use of these extensions in the context of IBGP sessions". I think that is a contradiction because there are already descriptions in this document. Solution: take out the last sentence. [KT] ack – took the last sentence out. 213 The BGP Peering SIDs instantiated as described above are then 214 advertised via BGP-LS Link NLRI as described in the sections below. [minor] I think that what you meant is something like this: "Any instantiated BGP Peering SIDs are then advertised using BGP-LS, as described in the following sections." [KT] fixed 216 4. BGP-LS NLRI for BGP [minor] Perhaps "BGP Protocol-ID", there's no new NLRI for BGP [KT] I've rephrased to "BGP-LS NLRI Advertisement for BGP Protocol " [minor] s/BGP-LS NLRI/BGP-LS Link-State NLRI/g The NLRI is called "Link-State", not "BGP-LS". [KT] ack - I have introduced the abbreviation : BGP Link-State NLRI (BGP-LS NLRI). 218 This section describes the BGP-LS NLRI encodings that describe the 219 BGP peering and link connectivity between BGP routers. 221 This document specifies the advertisement of BGP peering topology 222 information via BGP-LS NLRI which requires use of a new BGP protocol 223 identifier. [minor] s/BGP protocol identifier/BGP-LS Protocol-ID The new definition is for BGP-LS, not BGP. [KT] Fixed 225 Protocol-ID : BGP (codepoint 7 Early Allocation by IANA Section 8 226 from the registry "BGP-LS Protocol-IDs") [nit] Consider using a table. [KT] Changed to use of table. ... 271 Value: 4 octet unsigned non-zero integer representing the BGP 272 Identifier as defined in [RFC4271] and [RFC6286]. [minor] rfc6286 Updated rfc4271, so there's no need to include both. s/BGP Identifier as defined in [RFC4271] and [RFC6286]./BGP Identifier [RFC6286]. [KT] fixed ... 282 Value: 4 octet unsigned non-zero integer representing the 283 Member ASN inside the Confederation [RFC5065]. [major] rfc5065 uses "Member-AS Number", please be consistent: s/Member ASN inside the Confederation [RFC5065]./Member-AS Number [RFC5065]. [KT] fixed 285 4.2. Mandatory BGP Node Descriptors ... 293 o Autonomous System Number, which contains the ASN or confederation 294 identifier (ASN), if confederations are used, of the local BGP 295 node. [minor] Is this TLV new, or are you referring to TLV 512 [rfc7752]? Please include the TLV number (and a reference, if appropriate) to avoid confusion. [KT] It is TLV 512 - have clarified in the text. 297 Note that [RFC6286] (section 2.1) requires the BGP identifier 298 (router-id) to be unique within an Autonomous System and non-zero. 299 Therefore, the <ASN, BGP Router-ID> tuple is globally unique. [nit] I'm not sure how this paragraph is relevant at this point...unless you're implying that the receiver should check...if so, how should the information be used? [KT] I’ve added the following clarification text to explain the point – “Their use in the Node Descriptor helps map Link-State NLRIs with BGP protocol-ID to a unique BGP router in the administrative domain where BGP-LS is enabled” ... 311 4.3. Optional BGP Node Descriptors 313 The following Node Descriptors TLVs MAY be included in BGP-LS NLRI as 314 Local Node Descriptors when distributing BGP information: 316 o Member-ASN, which contains the ASN of the confederation member, if 317 BGP confederations are used, of the local BGP node. [major] This description matches the definition of the TLV (§4.1), but it also matches the description of the ASN descriptor in §4.2. What is the difference? What if the contents are different? [Same question applies below.] [KT] With ref to rfc5065, in the case of confederations, the TLV 512 carries the AS Confederation Identifier while the TLV 517 carries the Member-AS Number. I’ve fixed the terminologies to more accurately reflect those from rfc5065 and also included additional reference to rfc5056 in TLV 512 use description. ... 327 o Node Descriptors as defined in defined in [RFC7752]. [nit] s/as defined in defined in/as defined in [KT] fixed. 329 5. BGP-LS Attributes for BGP Peering Segments ... 370 Figure 3: BGP-LS Peering SIDs TLV Format [minor] s/BGP-LS Peering SIDs/BGP Peering SIDs [KT] fixed ... 376 o Length: variable. [major] According to the description below, the length is variable, but also known: it's either 7 or 8. Please indicate the specific valid values. What should the receiver do if the length is not valid? [KT] Clarified that valid values are 7 or 8. The handling of invalid TLVs would be as per base BGP-LS spec. There is nothing specific to this TLV that we want to say. ... 393 * B-Flag: Backup Flag. If set, the SID refers to a path that is 394 eligible for protection. [major] There's no description of how this flag should be used. When should this flag be set? [KT] The FRR backup for BGP peering SID use-case is described in https://tools.ietf.org/html/draft-ietf-spring-segment-routing-central-epe-10#section-3.6. It is actually a local policy/implementation aspect. I have added text and reference to explain this flag. BGP-LS, in general, carries information that is stored in routing protocol databases, including BGP. Where is this flag derived from? 396 * P-Flag: Persistent Flag: If set, the SID is persistently 397 allocated, i.e., the SID value remains consistent across router 398 restart and session/interface flap. [minor] There's text below that says that SIDs "SHOULD be persistent". I then imagine that the setting of this flag reflects the ability of the node to persistently maintain the allocations...vs a SID-by-SID indication. IOW, I guess that a node either can persistently maintain the allocations or it can't (for all SIDs). Is that correct? If so, it seems to make more sense that this indication would be at a Node level. [No change needed, just wanting to better understand...] [KT] This would be something that is implementation specific. So the persistency may be an ability of the node and in that case it can apply for all SIDs. However, it could be also that an implementation may ensure persistency using an explicit configuration support for specific SIDs – in this case, it could be on a per-SID basis. The specification allows for both these flavour and perhaps other variations as well. 400 * Rsvd bits: Reserved for future use and MUST be zero when 401 originated and ignored when received. [minor] Do you intend for the Reserved bits to be assigned by IANA (in later documents)? Should they be kept in sync? [KT] I am not sure if we generally use IANA for assignment of reserved bits in such flags. Since this is a “leaf” TLV (i.e. it does not have any sub-TLVs), we would not get into a scenario where bits are assigned out of for in an entirely different context than BGP Peering SIDs. Such a document would need to update this one. 403 o Weight: 1 octet. The value represents the weight of the SID for 404 the purpose of load balancing. An example use of the weight is 405 described in [RFC8402]. [major] Where does this value come from? [KT] This is implementation specific. It could come from an explicit configuration or determine by some other mechanisms e.g. in case of peer adjacency SID, it may be determined based on the link bandwidth. 407 o SID/Index/Label. According to the TLV length and to the V and L 408 flags settings, it contains either: [minor] draft-ietf-idr-bgp-ls-segment-routing-ext defines an SID/Label Sub-TLV. Why wasn't that reused here? [Again, just trying to understand.] [KT] This isn’t a sub-TLV really but just a field. It is similar to https://tools.ietf.org/html/draft-ietf-idr-bgp-ls-segment-routing-ext-12#section-2.2.1 410 * A 3 octet local label where the 20 rightmost bits are used for 411 encoding the label value. In this case, the V and L flags MUST 412 be SET. [major] What should the receiver do if the V-flag is not set, but the Length is 7? Or when the V-Flag is set, but the Length is not 7? It seems to me that the V-Flag is not needed because the Length by itself can determine the contents. [KT] Btw this applies to all encoding of SR-MPLS SIDs across multiple protocol specifications. The V-flag is an explicit indication that the encoded is an MPLS label and so can be used as such. It is actually possible (though incorrect) to encode the label also as a 4 octet value. [major] What if the Length is set to 7, the V-Flag is set, but the L-Flag isn't? There are more possible error combinations... [KT] There can be several ways in which a TLV encoding can be done wrongly. I would expect that the receiver (the consumer of the BGP-LS information) interprets wrong/unexpected encodings as invalid. The error handling for this would be application specific but quite likely the information in the TLV is not usable. This is not really specific to this TLV. 414 * A 4 octet index defining the offset in the SRGB (Segment 415 Routing Global Block as defined in [RFC8402] advertised by this 416 router. In this case, the SRGB MUST be advertised using the 417 extensions defined in 418 [I-D.ietf-idr-bgp-ls-segment-routing-ext]. [major] Does this text mean that the "SR-Capabilities TLV" MUST be included in the BGP-LS Attribute...OR...that I-D.ietf-idr-bgp-ls-segment-routing-ext MUST also be implemented (and the information defined there received by the consumer)? [KT] It means that I-D.ietf-idr-bgp-ls-segment-routing-ext must be implemented and the SR-Capabilities TLV advertised. [minor] s/SRGB (Segment Routing Global Block as defined in [RFC8402]/Segment Routing Global Block (SRGB) [RFC8402] [KT] fixed [minor] If an index is included, the V-Flag is unset, what about the L-Flag? [KT] L-flag should be unset. 420 The values of the Peer-Node-SID, Peer-Adj-SID, and Peer-Set-SID Sub- 421 TLVs SHOULD be persistent across router restart. 423 The Peer-Node-SID TLV MUST be included in the BGP-LS Attribute for 424 the BGP-LS Link NLRI when advertising BGP peering information for the 425 use case described in [I-D.ietf-spring-segment-routing-central-epe] 426 and MAY be omitted for other use cases. 428 The Peer-Adj-SID and Peer-Set-SID TLVs MAY be included in the BGP-LS 429 Attribute for the BGP-LS Link NLRI when advertising BGP peering 430 information for the use case described in 431 [I-D.ietf-spring-segment-routing-central-epe] and MAY be omitted for 432 other use cases. [major] See my comments in §3 about the references to I-D.ietf-spring-segment-routing-central-epe. [KT] Fixed by removing the reference. ... [minor] I think the explanation in the sub-sections below is useful. However, please consider changing their titles to "Advertisement of the Peer-Node-SID/Peer-Adj-SID/Peer-Set-SID". [KT] updated. 438 5.1. Peer-Node-SID ... 444 The Peer-Node-SID, at the BGP node advertising it, has the following 445 semantics: 447 o SR header operation: NEXT (as defined in [RFC8402]). 449 o Next-Hop: the connected peering node to which the segment is 450 associated. [minor] Because the description above comes from rfc8402, maybe the reference should be at the start, and not just specific to NEXT. IOW, put the reference after "semantics". [KT] fixed [nit] rfc8402 talks about "SR operation", not "SR header operation". [KT] fixed [Comments apply to the other subsections below.] ... 485 5.2. Peer-Adj-SID ... 513 o Link Descriptors MUST include the following TLV, as defined in 514 [RFC7752]: 516 * Link Local/Remote Identifiers (TLV 258) contains the 4-octet 517 Link Local Identifier followed by the 4-octet Link Remote 518 Identifier [RFC5307]. The value 0 is used by default when the 519 link remote identifier is unknown. [minor] The reference to rfc5307 is not needed because that relationship is resolved in rfc7752. [KT] agree – fixed. ... 561 6. Illustration [major] Isn't this the same example as in draft-ietf-spring-segment-routing-central-epe. Please point to that (maybe in the Introduction) instead of copying the text here. Otherwise, there doesn't seem to be value in draft-ietf-spring-segment-routing-central-epe. [KT] ... 751 7. Implementation Status [major] Unfortunately, this section says nothing. At least please put a link to the implementation report: https://trac.ietf.org/trac/idr/wiki/draft-ietf-idr-bgpls-segment-routing-epe%20 [KT] I will remove this section. The implementation reports are tracked for all drafts at the IDR trac wiki. ... 860 9. Manageability Considerations ... 868 Specifically, the malformed NLRI attribute tests for syntactic checks 869 in the Fault Management section of [RFC7752] now apply to the TLVs 870 for the BGP-LS NLRI TLVs defined in this document. The semantic or 871 content checking for the TLVs specified in this document and their 872 association with the BGP-LS NLRI types or their associated BGP-LS 873 Attributes is left to the consumer of the BGP-LS information (e.g. an 874 application or a controller) and not the BGP protocol. [nit] s/the malformed NLRI attribute tests/the malformed attribute tests [KT] Fixed to read “Link-State NLRI and BGP-LS Attribute” [minor] s/apply to the TLVs for the BGP-LS NLRI TLVs defined in this document/apply to the TLVs defined in this document [KT] fixed 876 A consumer of the BGP-LS information is retrieving this information 877 from a BGP protocol component, that is doing the signaling over a 878 BGP-LS session, via some APIs or a data model (refer Section 1 and 2 879 of [RFC7752]). The handling of semantic or content errors by the 880 consumer would be dictated by the nature of its application usage and 881 hence is beyond the scope of this document. It may be expected that 882 an error detected in the NLRI descriptor TLVs would result in that 883 specific NLRI update being unusable and hence its update to be 884 discarded along with an error log. While an error in Attribute TLVs 885 would result in only that specific attribute being discarded with an 886 error log. [nit] s/is retrieving this/retrieves this [KT] fixed [minor] "...retrieving this information...over a BGP-LS session, via some APIs or a data model (refer Section 1 and 2 of [RFC7752])." I think that even mentioning that an API or data model can be used instead of BGP-LS is a stretch -- that is not how I interpret the initial sections in rfc7752 (which are just background sections), and there are no formal API/data model definition. [KT] How else would Alto Server or a PCE component get access to the BGP-LS information? There would be some APIs or a model. It may not be formal but there needs to be one? [major] "...an error detected in the NLRI descriptor TLVs would result in that specific NLRI update being unusable and hence its update to be discarded along with an error log." According to rfc7752, this statement is true only for syntactic errors, not semantic ones. [KT] This is about the TLV validation by the consumer – which can also perform semantic checks. This aspect is one that needs clarification in the fault management section of RFC7752. The text on validation by consumer was added to this draft to prevent gating it on this gap in RFC7752. Semantic errors ("left to the consumer", as mentioned above) means that the BGP-LS session can be used to transport trash (trash-in-trash-out). This issue is bigger than this document -- but (because we don't have a current solution) I would like to see it mentioned somewhere as a potential issue (maybe in the Management or Security Considerations sections, your choice). [major] "...an error detected in the NLRI descriptor TLVs would result in that specific NLRI update being unusable and hence its update to be discarded..." This text says that an error in a TLV results in the whole update (not just the TLV or the BGL-LS attribute) being discarded. This action goes beyond what is specified in rfc7752, which doesn't really specify what do to in those cases. If that is what is expected here, then please make this behavior more prominent...use Normative language, etc.. [KT] I agree. As mentioned above, this was an interim text as mentioned above. I am open to suggestions. My concern is that multiple BGP-LS extensions don’t need to do this and I would rather have the normative language in an update to RFC7752. [major] rfc7752 does mandate the use of "attribute discard" (rfc7606). I would really like to see a discussion (or at least a mention) around the fact that discarding an attribute may result in the receiver not having complete information. In the case of SR, this implies that the controller may not have complete information to calculate the paths. I think this is an issue bigger than this document, so I am not asking you to solve it...I'm just asking for the document to acknowledge that it exists and to mention what the potential impact may be. [KT] Ack. Since this is similar to the BGP-LS SR extensions, I am going to introduce similar text here. ... 895 BGP Peering Segments are associated with the normal BGP routing 896 peering sessions. However, the BGP peering information along with 897 these Peering Segments themselves are advertised via a distinct BGP- 898 LS peering session. It is expected that this isolation as described 899 in [RFC7752] is followed when advertising BGP peering topology 900 information via BGP-LS. [major] rfc7752 doesn't talk about this type of isolation (it only talks about isolation through dedicated RRs). See also comment in the Security Considerations section related to isolation. [KT] Agree – this is the outcome of the discussions in the IDR WG and shepherd review. Ideally this should have been captured in RFC7752 and not individual extension documents. ... 915 10. Security Considerations 917 [RFC7752] defines BGP-LS NLRI to which the extensions defined in this 918 document apply. The Security Considerations section of [RFC7752] 919 also applies to these extensions. [minor] Add something like this: "The procedures and new TLVs defined in this document, by themselves, do not affect the BGP-LS security model discussed in [RFC7752]." [KT] fixed. 921 BGP-EPE enables engineering of traffic when leaving the 922 administrative domain via an egress BGP router. Therefore precaution 923 is necessary to ensure that the BGP peering information collected via 924 BGP-LS is limited to specific controllers or applications in a secure 925 manner. By default, Segment Routing operates within a trusted domain 926 (refer Security Considerations section in [RFC8402] for more detail) 927 and its security considerations also apply to BGP Peering Segments. 928 The BGP-EPE policies are expected to be used entirely within this 929 trusted SR domain (e.g. between multiple AS/domains within a single 930 provider network). [nit] s/trusted domain (refer Security Considerations section in [RFC8402] for more detail)/trusted domain [RFC8402] [KT] fixed [major] "...precaution is necessary to ensure that the BGP peering information collected via BGP-LS is limited to specific controllers or applications..." This sounds as if you're referring to information that (once collected) can be shared between controllers -- I think that case is out of scope. [KT] Actually the intention here is to highlight that since EPE can be used to engineer the path out of a domain at the BGP router, this information about the EPE SIDs should be maintained in a secure manner. The knowledge of EPE SIDs may be used to influence traffic flows both within and egressing outside the domain. If you still think this is out of scope and should be taken out then I will do so. [minor] You talk about "controllers or applications" (here and in other places in the document). rfc8402 talks about "consumers" to refer to the same thing. Please be consistent. Suggestion: use "consumers" here as well. [KT] Ack – will change to consumers. 932 The isolation of BGP-LS peering sessions is also required to ensure 933 that BGP-LS topology information (including the newly added BGP 934 peering topology) is not advertised to an external BGP peering 935 session outside an administrative domain. [major] What does "isolation of BGP-LS peering sessions" mean? Why is it not Normatively REQUIRED? [KT] Isolation of BGP-LS peering sessions would mean setting up different sessions using say a different loopback address – such that errors and churn in BGP-LS does not impact the other NLRI types. Regarding normative use, please refer to my previous comments about having this covered by base BGP-LS spec. [major] From prior experience (see draft-ietf-idr-te-pm-bgp), the SecDir/Sec ADs asked for text related to why it is ok to transport the new information in BGP. This is the text that resulted from that discussion: The TLVs introduced in this document are used to propagate IGP defined information ([I-D.ietf-lsr-isis-rfc7810bis] and [RFC7471].) These TLVs represent the state and resource availability of the IGP link. The IGP instances originating these TLVs are assumed to support all the required security and authentication mechanisms (as described in [I-D.ietf-lsr-isis-rfc7810bis] and [RFC7471]) in order to prevent any security issue when propagating the TLVs into BGP-LS. The advertisement of the link attribute information defined in this document presents no additional risk beyond that associated with the existing set of link attribute information already supported in [RFC7752]. Consider adding something similar here. [KT] This doesn’t quite apply here because the information advertised by this document is not related to IGPs. It is related to BGP peering and only being advertised via BGP-LS. ... 991 13.2. Informative References ... 1000 [I-D.ietf-idr-bgp-ls-segment-routing-ext] 1001 Previdi, S., Talaulikar, K., Filsfils, C., Gredler, H., 1002 and M. Chen, "BGP Link-State extensions for Segment 1003 Routing", draft-ietf-idr-bgp-ls-segment-routing-ext-09 1004 (work in progress), October 2018. [major] This reference must be Normative. [KT] Ack ... 1018 [RFC7752] Gredler, H., Ed., Medved, J., Previdi, S., Farrel, A., and 1019 S. Ray, "North-Bound Distribution of Link-State and 1020 Traffic Engineering (TE) Information Using BGP", RFC 7752, 1021 DOI 10.17487/RFC7752, March 2016, 1022 <https://www.rfc-editor.org/info/rfc7752>. [major] This reference should be Normative. [KT] ofcourse! Not sure how we missed this one …
- [Idr] AD Review of draft-ietf-idr-bgpls-segment-r… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-bgpls-segme… Ketan Talaulikar (ketant)
- Re: [Idr] AD Review of draft-ietf-idr-bgpls-segme… Ketan Talaulikar (ketant)
- Re: [Idr] AD Review of draft-ietf-idr-bgpls-segme… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-bgpls-segme… Ketan Talaulikar (ketant)
- Re: [Idr] AD Review of draft-ietf-idr-bgpls-segme… Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-bgpls-segme… Ketan Talaulikar (ketant)