Re: [Idr] AD Review of draft-ietf-idr-bgpls-segment-routing-epe-17

"Ketan Talaulikar (ketant)" <ketant@cisco.com> Thu, 04 April 2019 15:48 UTC

Return-Path: <ketant@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25A001200A0; Thu, 4 Apr 2019 08:48:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.499
X-Spam-Level:
X-Spam-Status: No, score=-9.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, GB_SUMOF=5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=cqxc6uGZ; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=D1fI3/dF
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LNyE7TZn7BLG; Thu, 4 Apr 2019 08:48:26 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 012ED12007A; Thu, 4 Apr 2019 08:48:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=48862; q=dns/txt; s=iport; t=1554392906; x=1555602506; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=NIDqTJX9DPBUHXuI2E1Ydzl96bhNNisSDJ3cg+fKMEA=; b=cqxc6uGZOJEYi3ndAca7Tm96A+Il3bx5Fj6J7GDkoXN3565KrM2pmdpr bISq3+Ne8njnQAkE7alV0HAovnvRdm3mAlQjpRIQ80c8/i+GOR23ZOewa zrAdE2vtkFShtUmYpPiC2OirASVAbB7MiKmpYjdNl4oTQwrEXdjDMpn2m o=;
IronPort-PHdr: =?us-ascii?q?9a23=3A16hlbB39fKQJiPF8smDT+zVfbzU7u7jyIg8e44?= =?us-ascii?q?YmjLQLaKm44pD+JxGOt+51ggrPWoPWo7JfhuzavrqoeFRI4I3J8RVgOIdJSw?= =?us-ascii?q?dDjMwXmwI6B8vQCkDnJfj2Ryc7B89FElRi+iLzPA=3D=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0A7AAD8JaZc/5pdJa1lGwEBAQEDAQE?= =?us-ascii?q?BBwMBAQGBUQYBAQELAYEOLyQsA2hUIAQLJ4QOg0cDhFKKUYJXfog6jV2BLoE?= =?us-ascii?q?kA1QOAQEsgwWBOwIXhTYiNAkNAQEDAQEJAQMCbRwMhUoBAQEBAyMKEwEBJRI?= =?us-ascii?q?BDwIBCA4DAQMBASEBBgMCAgIfERQDBggCBA4FCBODCIERTAMVAQKjIgKKFHG?= =?us-ascii?q?BL4J5AQEFhQgNC4IMCIEwAYsyF4FAP4ERRoIXNT6CGoIDERg0glQxgiaNDoQ?= =?us-ascii?q?ph1qMJjYJApA0g16CBYYUg1yHGYFBjGeGR4wRAgQCBAUCDgEBBYFPOIFWcBW?= =?us-ascii?q?DJ4IKg2+KUgFygSiMcwIkB4IgAQE?=
X-IronPort-AV: E=Sophos;i="5.60,308,1549929600"; d="scan'208,217";a="254464230"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 04 Apr 2019 15:48:24 +0000
Received: from XCH-ALN-006.cisco.com (xch-aln-006.cisco.com [173.36.7.16]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id x34FmOk7011962 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 4 Apr 2019 15:48:24 GMT
Received: from xhs-aln-002.cisco.com (173.37.135.119) by XCH-ALN-006.cisco.com (173.36.7.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 4 Apr 2019 10:48:23 -0500
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 4 Apr 2019 10:48:23 -0500
Received: from NAM05-DM3-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 4 Apr 2019 10:48:23 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NIDqTJX9DPBUHXuI2E1Ydzl96bhNNisSDJ3cg+fKMEA=; b=D1fI3/dFVTgiKY8hexS2wpQPXUMdW9+JVZB/TuA7JpLu5FdfpwowaAQorPk7H3G9wABML9+2pzaJe3E6TJGEGzdqnwwijpP4u7Ix/tftsz9AJN7gkzIt0J3PivJabWyUBYrhsh7WwEjGGLIYY45887MvtU6T/92DeYuelIpSeqM=
Received: from SN6PR11MB2845.namprd11.prod.outlook.com (52.135.93.24) by SN6PR11MB2976.namprd11.prod.outlook.com (52.135.124.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.16; Thu, 4 Apr 2019 15:48:22 +0000
Received: from SN6PR11MB2845.namprd11.prod.outlook.com ([fe80::ddd2:508a:e4e8:49b2]) by SN6PR11MB2845.namprd11.prod.outlook.com ([fe80::ddd2:508a:e4e8:49b2%3]) with mapi id 15.20.1771.016; Thu, 4 Apr 2019 15:48:22 +0000
From: "Ketan Talaulikar (ketant)" <ketant@cisco.com>
To: Alvaro Retana <aretana.ietf@gmail.com>
CC: Hares Susan <shares@ndzh.com>, "idr-chairs@ietf.org" <idr-chairs@ietf.org>, "draft-ietf-idr-bgpls-segment-routing-epe@ietf.org" <draft-ietf-idr-bgpls-segment-routing-epe@ietf.org>, "idr@ietf.org" <idr@ietf.org>
Thread-Topic: AD Review of draft-ietf-idr-bgpls-segment-routing-epe-17
Thread-Index: AQHU0Ha9/G2LBJn9e02rUnXHkkHljaX7BV+QgAbqlaCACKWBgIABuVoggB5yTQCAAZN1IA==
Date: Thu, 4 Apr 2019 15:48:22 +0000
Message-ID: <SN6PR11MB2845A831878623C8EAF4E734C1500@SN6PR11MB2845.namprd11.prod.outlook.com>
References: <CAMMESsw-8R=+K7CH-rkZVWXXYTA_iNXLG2SVJexCUs7g795Jdw@mail.gmail.com> <SN6PR11MB28459C76158F5E7832107FCAC1710@SN6PR11MB2845.namprd11.prod.outlook.com> <SN6PR11MB2845BD0B75C5EEEC9E53DEF6C14D0@SN6PR11MB2845.namprd11.prod.outlook.com> <CAMMESszf7POyp92Bpeb--Z4UgQ_7QJ0UWyyOjOTqphEfN2SeOQ@mail.gmail.com> <SN6PR11MB2845B881F9911DE0745EF259C15D0@SN6PR11MB2845.namprd11.prod.outlook.com> <CAMMESsyWt051WnH+avo_Q18Z0yb+0q33_x1W4zuXkB+rv51b-A@mail.gmail.com>
In-Reply-To: <CAMMESsyWt051WnH+avo_Q18Z0yb+0q33_x1W4zuXkB+rv51b-A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ketant@cisco.com;
x-originating-ip: [2405:201:1800:c69c:8914:7d70:928d:adf1]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e622bb00-beac-4885-4f9b-08d6b914f796
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(2017052603328)(7193020); SRVR:SN6PR11MB2976;
x-ms-traffictypediagnostic: SN6PR11MB2976:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <SN6PR11MB29765DD380F8F543F34F9860C1500@SN6PR11MB2976.namprd11.prod.outlook.com>
x-forefront-prvs: 0997523C40
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(39860400002)(396003)(366004)(346002)(136003)(51444003)(189003)(199004)(6916009)(6506007)(105586002)(53546011)(99286004)(8676002)(102836004)(7736002)(81166006)(68736007)(93886005)(81156014)(186003)(76176011)(33656002)(25786009)(7696005)(446003)(11346002)(476003)(316002)(46003)(4326008)(486006)(9326002)(54906003)(2906002)(8936002)(229853002)(790700001)(6116002)(14454004)(256004)(14444005)(6306002)(54896002)(478600001)(55016002)(236005)(53936002)(9686003)(5660300002)(66574012)(6436002)(86362001)(106356001)(71200400001)(71190400001)(97736004)(74316002)(52536014)(6246003); DIR:OUT; SFP:1101; SCL:1; SRVR:SN6PR11MB2976; H:SN6PR11MB2845.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: Zy2o3UMm9685MRUMwmBFZ96EyGHcjgyFdR6WHLYH8GI2NyrSFqgculWtn2MT6Av8v6Ms4MtwTh80pi21NzqYkMPdbhM1gFz7hWd/d0K5Mx6EoPPUKen5yLmtgQ22FGTIAQIwLvE2bs6+mbyGDb6X+iJ07I0db5pBO5ke3r67pYp3F69jPQPzmSX+qe/h1Xu7dUe/RZZSlHf99K/1Ch46ABEmz0ry+pgZfSpDszELx2ElK2rEPRxjpuvcFagbTeiHf0xQQspQp0XnjrAuuYsPlSh9N+iB+dzJj+KGM69jaMX6eXitgMGBFk83uSRHkybqmCoKL058UToMvBJ7fJ6k5wa/Iku+yjy67zQYuzkoOz1KwXdkxZxct6cEXvBBjFs6OK3O31EIxWivhAEu2eAjtN5slLhM+eztu//HcTxl5ws=
Content-Type: multipart/alternative; boundary="_000_SN6PR11MB2845A831878623C8EAF4E734C1500SN6PR11MB2845namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: e622bb00-beac-4885-4f9b-08d6b914f796
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Apr 2019 15:48:22.2920 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB2976
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.16, xch-aln-006.cisco.com
X-Outbound-Node: rcdn-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/w-kxD9mndoffgmgU9-FJxy6LBLw>
Subject: Re: [Idr] AD Review of draft-ietf-idr-bgpls-segment-routing-epe-17
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2019 15:48:29 -0000

Hi Alvaro,

Please check inline below.

From: Alvaro Retana <aretana.ietf@gmail.com>
Sent: 03 April 2019 20:52
To: Ketan Talaulikar (ketant) <ketant@cisco.com>
Cc: Hares Susan <shares@ndzh.com>om>; idr-chairs@ietf.org; draft-ietf-idr-bgpls-segment-routing-epe@ietf.org; idr@ietf.org
Subject: RE: AD Review of draft-ietf-idr-bgpls-segment-routing-epe-17

On March 24, 2019 at 11:43:02 AM, Ketan Talaulikar (ketant) (ketant@cisco.com<mailto:ketant@cisco.com>) wrote:

Ketan:

Hi!

Thanks for your work on this document!

I still have a couple of comments, specially related to Manageability/Security…and a couple of new nits.  I am starting the IETF LC as I think these can be addressed with any other incoming comments.
[KT] Thanks. Please see further below.

Thanks!

Alvaro.


...
316   o  Member-ASN, which contains the ASN of the confederation member, if
317      BGP confederations are used, of the local BGP node.

[major] This description matches the definition of the TLV (§4.1), but it also matches the description of the ASN descriptor in §4.2.  What is the difference?  What if the contents are different?  [Same question applies below.]
[KT] With ref to rfc5065, in the case of confederations, the TLV 512 carries the AS Confederation Identifier while the TLV 517 carries the Member-AS Number. I’ve fixed the terminologies to more accurately reflect those from rfc5065 and also included additional reference to rfc5056 in TLV 512 use description.

Ok.

I think we may need a reference to rfc7752 when TLV 512 is mentioned because that is where it is defined.

[KT] Ack – will fix in next update.

...
860 9.  Manageability Considerations
...
868   Specifically, the malformed NLRI attribute tests for syntactic checks
869   in the Fault Management section of [RFC7752] now apply to the TLVs
870   for the BGP-LS NLRI TLVs defined in this document.  The semantic or
871   content checking for the TLVs specified in this document and their
872   association with the BGP-LS NLRI types or their associated BGP-LS
873   Attributes is left to the consumer of the BGP-LS information (e.g. an
874   application or a controller) and not the BGP protocol.

[nit] s/the malformed NLRI attribute tests/the malformed attribute tests
[KT] Fixed to read “Link-State NLRI and BGP-LS Attribute”

rfc7752 doesn’t cover the NLRI in the Fault Management section.

[KT] Actually, it does – please see the text below which is about the link-state NLRI and TLVs therein. However, we can’t do “attribute discard” handling really for malformed NLRI and I hope we can fix all this in RFC7752bis.
   o  Does the sum of all TLVs found in the BGP MP_REACH_NLRI attribute
      correspond to the BGP MP_REACH_NLRI length?

   o  Does the sum of all TLVs found in the BGP MP_UNREACH_NLRI
      attribute correspond to the BGP MP_UNREACH_NLRI length?

   o  Does the sum of all TLVs found in a Node, Link or Prefix
      Descriptor NLRI attribute correspond to the Total NLRI Length
      field of the Node, Link, or Prefix Descriptors?

   o  Does any fixed-length TLV correspond to the TLV Length field in
      this document?

...
[minor] "...retrieving this information...over a BGP-LS session, via some APIs or a data model (refer Section 1 and 2 of [RFC7752])."  I think that even mentioning that an API or data model can be used instead of BGP-LS is a stretch -- that is not how I interpret the initial sections in rfc7752 (which are just background sections), and there are no formal API/data model definition.
[KT] How else would Alto Server or a PCE component get access to the BGP-LS information? There would be some APIs or a model. It may not be formal but there needs to be one?

We talked about this (rfc7752 refers to BGP-LS) while in Prague.

[KT] Ack – will update this text to “A consumer of the BGP-LS information retrieves this information from a BGP Speaker, over a BGP-LS session”


[major] "...an error detected in the NLRI descriptor TLVs would result in that specific NLRI update being unusable and hence its update to be discarded along with an error log."  According to rfc7752, this statement is true only for syntactic errors, not semantic ones.
[KT] This is about the TLV validation by the consumer – which can also perform semantic checks. This aspect is one that needs clarification in the fault management section of RFC7752. The text on validation by consumer was added to this draft to prevent gating it on this gap in RFC7752.

I rather that is addressed in rfc7752bis.  I think that the new text at the end of this section covers enough.

[KT] Ack


Semantic errors ("left to the consumer", as mentioned above) means that the BGP-LS session can be used to transport trash (trash-in-trash-out).  This issue is bigger than this document -- but (because we don't have a current solution) I would like to see it mentioned somewhere as a potential issue (maybe in the Management or Security Considerations sections, your choice).
[major] "...an error detected in the NLRI descriptor TLVs would result in that specific NLRI update being unusable and hence its update to be discarded..."  This text says that an error in a TLV results in the whole update (not just the TLV or the BGL-LS attribute) being discarded.  This action goes beyond what is specified in rfc7752, which doesn't really specify what do to in those cases.  If that is what is expected here, then please make this behavior more prominent...use Normative language, etc..
[KT] I agree. As mentioned above, this was an interim text as mentioned above. I am open to suggestions. My concern is that multiple BGP-LS extensions don’t need to do this and I would rather have the normative language in an update to RFC7752.

Agreed — as we discussed in Prague.  Same comment as above.

[KT] Ack



...
...
895   BGP Peering Segments are associated with the normal BGP routing
896   peering sessions.  However, the BGP peering information along with
897   these Peering Segments themselves are advertised via a distinct BGP-
898   LS peering session.  It is expected that this isolation as described
899   in [RFC7752] is followed when advertising BGP peering topology
900   information via BGP-LS.

[major] rfc7752 doesn't talk about this type of isolation (it only talks about isolation through dedicated RRs).  See also comment in the Security Considerations section related to isolation.
[KT] Agree – this is the outcome of the discussions in the IDR WG and shepherd review. Ideally this should have been captured in RFC7752 and not individual extension documents.

Right.  The major point was that the reference to rfc7752 is misleading because this type of isolation is not discussed there.

[KT] Ack – I would not have any reference to RFC7752 for this text. But will keep it so that this document can progress w/o dependency on the RFC7752bis. This being BGP-EPE, it was felt that this text was required as part of the shepherd review/feedback.

...

[major] "...precaution is necessary to ensure that the BGP peering information collected via BGP-LS is limited to specific controllers or applications..."  This sounds as if you're referring to information that (once collected) can be shared between controllers -- I think that case is out of scope.
[KT] Actually the intention here is to highlight that since EPE can be used to engineer the path out of a domain at the BGP router, this information about the EPE SIDs should be maintained in a secure manner. The knowledge of EPE SIDs may be used to influence traffic flows both within and egressing outside the domain. If you still think this is out of scope and should be taken out then I will do so.

I think it is.  The SR Architecture already talks about the use inside a domain…so I think that could be opening a can of worms with this that we really don’t want to open.

[KT] Sure. The text only talks about inside the SR domain – I’ve fixed a nit which might have given the impression that it is otherwise.

...

§1: [nit] s/Link State NLRI/Link-State NLRI

§3: [nit] s/his section/This section

[nit]: The length in Figure 2 is not needed.
[KT] Fixed all of the above.

Thanks,
Ketan