[Idr] AD Review of draft-ietf-idr-rpd-15
Alvaro Retana <aretana.ietf@gmail.com> Wed, 28 December 2022 21:47 UTC
Return-Path: <aretana.ietf@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC867C1516ED; Wed, 28 Dec 2022 13:47:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2czLUid1Y4Mw; Wed, 28 Dec 2022 13:47:16 -0800 (PST)
Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com [IPv6:2607:f8b0:4864:20::436]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A581AC1516E8; Wed, 28 Dec 2022 13:47:16 -0800 (PST)
Received: by mail-pf1-x436.google.com with SMTP id y21so9313411pfo.7; Wed, 28 Dec 2022 13:47:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date :mime-version:from:from:to:cc:subject:date:message-id:reply-to; bh=HkDEyd8gnLZwuD8YYAqPk9JTBNLcsLlhEqcUI/U19YY=; b=N6pqQGErS/S/PjUUzO8Yy7qgefOZWgkpHVao87vvl2W0xg+xCLb/7ECIrFv/+xS2bM EUdbNeeLg7Sh5olZBg1uxtN1CwIOA5lU1HJVPO34H5t5cfTwGPpbSrItgTTNRn9sbSVN zyGweuNQSWA0jf+1cA1gYWVHw/OFCDPbP+yinRBiAgDNHNx3cwdlhDj5ao+x0WpCjwyg 1liPWsF9TI6JWaUNxxgz2HlJSNopqCutxmuGWEG77HaFiD32SlSUzuOny7ocl7Zc8QMr P5xAYOsku+S357br8xQmwMRiR9GI6b4X79mF65g5HJA55FDCcj6mnatYERbpl1kKvC0q /aHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date :mime-version:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=HkDEyd8gnLZwuD8YYAqPk9JTBNLcsLlhEqcUI/U19YY=; b=j7DBehfs0mCzvrCwKXZNFCql7Qll6ti14W4I+2lkiWsw+dXgZC+Xm98RSrUmqtPcjp 9mTehrOPWjmCnpN1eCccSVaMEM/7RpssGg+r0zpYfLOnQbv4hOedQG/BgPltB9kqSzAz 5vPF1UHnHcp6yZe8VoMhTWah0RznWGYZLNEH+umYUUcvJaekTQyWfnH/Ee2sqB7dTrZ9 2UYDclwenoJZAn+n4peh7JouLT4KwZBehGuWpmSvA68ZZqEhk6rngFckRh/EWTCK+qZA 5Gi0rP/MtjWl2MvJL/wjalZHq7U9LqS+NW2Ujam4fEksrFhhyClIKEEAc2fYhOmJRe1E r/YA==
X-Gm-Message-State: AFqh2kqwxjYq8HVDjx7opVXJzNVQMJT9bcOQLAWqMewVGlmz175kBTpX Dn2dLQQY1uqQcVvCfBaxRG+4meK2NUS0VGk9bhkIfHuGf7k=
X-Google-Smtp-Source: AMrXdXuE87yVgcYjBOGRLy0+Ty8O92lSqJL6le0zlqcqpmOxT06vcRTmV2hfCCww/Jq6m/DOO18YNl7xEo+ZIjxIASA=
X-Received: by 2002:a05:6a00:1d95:b0:57e:1a5b:d40 with SMTP id z21-20020a056a001d9500b0057e1a5b0d40mr1688732pfw.23.1672264034287; Wed, 28 Dec 2022 13:47:14 -0800 (PST)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Wed, 28 Dec 2022 15:47:13 -0600
From: Alvaro Retana <aretana.ietf@gmail.com>
MIME-Version: 1.0
Date: Wed, 28 Dec 2022 15:47:13 -0600
Message-ID: <CAMMESsyw1-nCnvfd4hnseOXkRGOf2b-4uYZ9WqXHCkg5uri6Zg@mail.gmail.com>
To: draft-ietf-idr-rpd@ietf.org
Cc: Keyur Patel <keyur@arrcus.com>, idr-chairs@ietf.org, idr@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/xVpyW2ikQlo7lGJ5BPJb2Rvxfpo>
Subject: [Idr] AD Review of draft-ietf-idr-rpd-15
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Dec 2022 21:47:20 -0000
Dear Authors, Shepherd, Chairs, WG: This draft has been in my queue for a while—apologies for the delay in getting to it, and thank you for your patience. I have many comments/concerns about the specification and the application. Significant work is still needed! When reviewing a document (any document), I read it and then check the mailing lists. My concerns with the application align with the objections brought up during the first WGLC [1]. While they were not repeated with the same energy during the second WGLC [2] [3], those concerns have still not been addressed! Addressing objections to this solution doesn't necessarily imply abandoning the work. No solution is perfect! Where possible, I expect changes in the text to clarify the behavior and mention issues and potential mitigations. The fact that implementations and deployments exist or that some of the questions have been responded to on the mailing list doesn't mean that the draft is clear or the issues have been addressed. The focus is on what the document says! One example of this point is related to security -- unfortunately, the Security Considerations section says this (and only this): Protocol extensions defined in this document do not affect BGP security other than as discussed in the Security Considerations section of [RFC8955]. But this work is not related to rfc8955! <sigh> As I said, significant work is needed! This document mixes the specification of Wide Community Atoms and their use in the Routing Policy Distribution (RPD) application. The Atoms seem (mostly) in line with the Wide Community specification [4]. The application is similar to the AS_PATH prepending example [5]. A problem arises when the specification of the Atoms is made to (only) fit the application, even if their use can be generalized. Therefore, the document should be clear about the separation between Wide Community Atoms (which can be reused elsewhere, etc.) and the application itself (i.e., the new NLRI). It might be a good idea to separate the work into two documents. [See specific comments in §4.] Other high-level issues: (1) The document attempts to separate RPD from other policies, insisting that an "RPD route is not a configuration". However, it does not provide any comments or guidance on which mechanism to select or their co-existence. (1a) How does RPD interact/co-exist with other policies? I'm thinking of manual configuration, PCEP, rfc9067 (YANG Data Model for Routing Policy) + draft-ietf-idr-bgp-model, and even Wide Communities tagging specific routes [5]. Consider the guidance in §2/rfc5706 [6]. (1b) The mailing list contained several statements related to the suitability of RPD with respect to other solutions. Please include some of the considerations in the document. The goal here is not to put other solutions down but to highlight why an operator may want to consider this one. (2) The Problem Statement mentions Inbound and Outbound Traffic Control, but the RPD mechanism only applies to the inbound direction. Please trim the justification to include what the document addresses. (3) §4.2.1 defines the RouteAttr Atom with several TLVs used to describe a route. Given that the Wide Communities draft includes other Atoms that can be used similarly, why aren't the TLVs defined as Atoms? Unfortunately, the intent of draft-ietf-idr-wide-bgp-communities is not followed here, making it harder to reuse the defined mechanisms. (4) The document could greatly benefit from an Operational Considerations section. Please scan the text for several places (at least 5!) where I suggest the same. Before moving this document forward, I'll wait for a revised ID and for this review to be addressed. If it becomes necessary to talk live about a specific point, please feel free to look for time in my calendar: https://fantastical.app/aretana-tJ8Q/open-time Thanks! Alvaro. [1] https://mailarchive.ietf.org/arch/msg/idr/0gfjwluhnCcbRto7LowK5Xy0vLE/ [2] https://mailarchive.ietf.org/arch/msg/idr/MLkALnz0PbBF9gcLnnR2XU9dTnw [3] https://mailarchive.ietf.org/arch/msg/idr/TcQ9nYJCC4v3iX-_W3cgivDQ4FM [4] https://datatracker.ietf.org/doc/draft-ietf-idr-wide-bgp-communities/ [5] https://datatracker.ietf.org/doc/html/draft-ietf-idr-wide-bgp-communities-08#name-example [6] https://datatracker.ietf.org/doc/html/rfc5706#autoid-8 [Line numbers from idnits.] 2 Network Working Group Z. Li 3 Internet-Draft Huawei 4 Intended status: Standards Track L. Ou 5 Expires: 29 July 2022 Y. Luo 6 China Telcom Co., Ltd. 7 S. Lu 8 Tencent 9 G. Mishra 10 Verizon Inc. 11 H. Chen 12 Futurewei 13 S. Zhuang 14 H. Wang 15 Huawei 16 25 January 2022 [major] There are 8 authors listed. Per the guidance from rfc7322, there should not be more than 5. Please reduce the list to 5 (or less), or identify en Editor (or 2). The rest of the authors can be listed in the Contributors section. ... 21 Abstract 23 It is hard to adjust traffic and optimize traffic paths in a 24 traditional IP network from time to time through manual 25 configurations. It is desirable to have a mechanism for setting up 26 routing policies, which adjusts traffic and optimizes traffic paths 27 automatically. This document describes BGP Extensions for Routing 28 Policy Distribution (BGP RPD) to support this. [minor] It is not clear from the text above what "this" (last sentence) is. The extensions can be used "for setting up routing policies", but it would be out of scope to claim that the mechanism "adjusts traffic and optimizes traffic paths automatically". ... 98 1. Introduction 100 It is difficult to optimize traffic paths in a traditional IP network 101 because of the following: [] I think there's some background missing to quality what a "traditional IP network" is and separate it from "non-traditional" (?). Also, what type of optimizations are considered? 103 * Complex. Traffic can only be adjusted device by device. The 104 configurations on all the routers that the traffic traverses need 105 to be changed or added. There are already lots of policies 106 configured on the routers in an operational network. There are 107 different types of policies, which include security, management 108 and control policies. These policies are relatively stable. 109 However, the policies for adjusting traffic are dynamic. Whenever 110 the traffic through a route is not expected, the policies to 111 adjust the traffic for that route are configured on the related 112 routers. It is complex to dynamically add or change the policies 113 to the existing policies on the special routers to adjust the 114 traffic. Some people would like to separate the stable route 115 policies from the dynamic ones even though they have configuration 116 automation systems (including YANG models). [nit] "traffic through a route" This phrase doesn't sound right to me. Maybe traffic through a path (in the network), or even through a specific router... [nit] "It is complex to dynamically add or change the policies to the existing policies on the special routers to adjust the traffic." You're explaining why the optimization is complex by saying that it is complex... It sounds like a circular definition: Why is it complex? Because it is complex. Also, "change the policies to the existing policies" doesn't mean anything to me. [minor] "Some people would like to separate the stable route policies from the dynamic ones even though they have configuration automation systems (including YANG models)." Is there relevance to this sentence? How does it contribute to explaining complexity? 118 * Difficult maintenance. The routing policies used to adjust 119 network traffic are dynamic, posing difficulties to subsequent 120 maintenance. High maintenance skills are required. [minor] What in the dynamic nature of the policies makes them difficult to maintain? Again, the justification is circular: it is difficult because it is difficult... [minor] "High maintenance skills are required." What are "High maintenance skills"? [] Are the justifications for "complex" and "difficult" the same? 122 * Slow. Adding or changing some route policies on some routers 123 through a configuration automation system for adjusting some 124 traffic to avoid congestions may be slow. [minor] Again...it is slow because it is slow... Only that in this case it "may be slow", which begs the question: can it also be fast and easy? ;-) 126 It is desirable to have an automatic mechanism for setting up routing 127 policies, which can simplify routing policy configuration and be 128 fast. This document describes extensions to BGP for Routing Policy 129 Distribution to resolve these issues. [] As mentioned in the Abstract, the automatic part is not really achieve by defining some extensions (which could be triggered manually!). Also, the text above doesn't present a compelling reason to want to make things simpler and faster... :-( 131 2. Terminology [] Only NLRI and RPD are used in the text. Both can be expanded on first use. This section is not necessary. 133 The following terminology is used in this document. 135 * ACL: Access Control List [nit] Not used. 137 * BGP: Border Gateway Protocol [RFC4271] [minor] BGP is a well-known term. 139 * FS: Flow Specification [nit] Not used. 141 * NLRI: Network Layer Reachability Information [RFC4271] 142 * PBR: Policy-Based Routing [nit] Not used. 144 * RPD: Routing Policy Distribution 146 * VPN: Virtual Private Network [nit] Not used. 148 3. Problem Statement 150 Providers have the requirement to adjust their business traffic 151 routing policies from time to time because of the following: 153 * Business development or network failure introduces link congestion 154 and overload. 156 * Business changes or network additions produce unused resources 157 such as idle links. 159 * Network transmission quality is decreased as the result of delay, 160 loss and they need to adjust traffic to other paths. 162 * To control OPEX and CPEX, they may prefer the transit provider 163 with lower price. [] There is a significant disconnect between this problem statement and the justification presented in the Introduction! In short, there is no clear path from the business problem described here to the problems with traffic optimization (from the Introduction). For example, there's no speed component mentioned here... Instead of adding more, it would be better to unify the justification/background. 165 3.1. Inbound Traffic Control 167 In Figure 1, for the reasons above, the provider P of AS100 may wish 168 the inbound traffic from AS200 to enter AS100 through link L3 instead 169 of the others. Since P doesn't have any administrative control over 170 AS200, there is no way for P to directly modify the route selection 171 criteria inside AS200. [major] Mechanisms do exist! Besides using MED, inter-AS agreements for community-to-local-preference translation seems popular. As mentioned at the start, please indicate (in an operational considerations section) why/when RPD should be considered over other mechanisms. ... 201 3.2. Outbound Traffic Control 203 In Figure 2, the provider P of AS100 prefers link L3 for the traffic 204 to the destination Prefix2 among multiple exits and links to AS200. 205 This preference can be dynamic and might change frequently because of 206 the reasons above. So, provider P expects an efficient and 207 convenient solution. [minor] Again, the mechanisms exist! For example, configuring local-pref on the IGW2 router (single point, one line configuration) sounds efficient and convenient to me. Also, the focus of the rest of the draft seems to be on the Inbound direction. This section (or mention of outbound control) may not be needed. ... 236 4. Protocol Extensions 238 This document specifies a solution using a new AFI and SAFI with the 239 BGP Wide Community for encoding a routing policy. [minor] Extend AFI and SAFI on first use. [major] Please add a reference to rfc4760 and draft-ietf-idr-wide-bgp-communities above. [major] Note that rfc4760 uses the "<AFI, SAFI>" notation instead of "AFI and SAFI". 241 4.1. Using a New AFI and SAFI [major] Given that the new <AFI,SAFI> basically creates a "configuration session", should there be a recommendation about keeping the session independent of routing information? See the text in rfc7752bis: https://datatracker.ietf.org/doc/html/draft-ietf-idr-rfc7752bis#autoid-68 ... 265 NLRI Length: 1 octet represents the length of NLRI. If the Length 266 is anything other than 9 or 21, the NLRI is corrupt and the 267 enclosing UPDATE message MUST be ignored. [major] The NLRI, as defined in rfc4760, includes the "NLRI Length" field, so defining this field as "the length of NLRI" is incorrect, as the size would be 10 or 22 octets. [major] Please specify that the length is in octets. 269 Policy Type: 1 octet indicates the type of a policy. 1 is for 270 Export policy. 2 is for Import policy. If the Policy Type is any 271 other value, the NLRI is corrupt and the enclosing UPDATE message 272 MUST be ignored. [major] The Peer IP indicates which peers "a BGP speaker will apply the policy in the message to". This sounds as an Export policy to me. There seems to be no use case (or valid setting) of the Peer IP with an Import policy. 274 Distinguisher: 4 octet unsigned integer that uniquely identifies the 275 content/policy. It is used to sort/order the polices from the 276 lower to higher distinguisher. They are applied in ascending 277 order. A policy with a lower/smaller distinguisher is applied 278 before the policies with a higher/larger distinguisher. [minor] Please be consistent on the naming: Distinguisher vs distinguisher. [major] Who sets this value? The originator? What are the issues with multiple originators? [major] "applied in ascending order" Even if using a reliable transport, ordered delivery of BGP UPDATES is not deterministic. Also, more than one source may originate UPDATES. This means that a policy may be applied before all its components are present. How can this be mitigated? What is the effect of transient or incomplete policies? [major] Multiple BGP speakers may generate an UPDATE for the same Peer IP with the same Distinguisher. Which UPDATE should be applied? 280 Peer IP: 4/16 octet value indicates IPv4/IPv6 peers. Its default 281 value is 0, which indicates that when receiving a BGP UPDATE 282 message with the NLRI, a BGP speaker will apply the policy in the 283 message to all its IPv4/IPv6 peers. [] Use this part to describe the field, not the operation (which should be described later). [major] What should the receiver do if the value is not a valid IP address (and not 0)? [major] "BGP speaker will apply the policy" Should this statement be Normative? SHOULD/MUST? [major] Are the policies applied equally to internal and external peers? [minor] I assume that the Targets TLV may also provide some additional details of where a policy should be applied, specially in the case of 0, right? [major] The Peer IP field (whether indicating a specific address or not) applies to existing peers only. What I mean is that if a BGP session is not up then there is no peer, right? This means that we have a chicken and egg scenario where the policy would apply to an existing peer, but the peer would have to already be up for the policy to apply: when a session goes up, UPDATES are sent....but in this case the policy UPDATES may not have been received...and when they are the advertisements may change. What is the impact of these transient advertisements? Should the policies be also applied when a session goes up? rfc8212 talks about not advertising routes until an Export Policy has been applied for an eBGP peer. However, Export Policy is defined as "a local policy". This document repeatedly separates this new mechanism from "configuration" (which is what I would characterize as a "local policy"). 285 Under RPD AFI/SAFI, the RPD routes are stored and ordered according 286 to the keys (Policy type, Distinguisher, Peer IP). Under IPv4/IPv6 287 Unicast AFI/SAFI, there are IPv4/IPv6 unicast routes learned and 288 various static policies configured. In addition, there are dynamic 289 RPD policies from the RPD AFI/SAFI when RPD is enabled. [major] "RPD routes are stored and ordered according to the keys (Policy type, Distinguisher, Peer IP)" rfc4271 has a conceptual model for route storage, but ordering is not considered. How does this specification interact with the RIB model from rfc4271? What is the significance of the ordering? The description of the Distinguisher says that it is "used to sort/order the polices...[which]...are applied in ascending order", but this text includes other keys. IOW, the Distinguisher description implies that the application depends (only!) on its value and not on the policy type. The text is contradictory! [minor] I'm not sure what purpose the last two sentences serve in the context of defining the new NLRI. It seems to me that the text is not needed, and can cause confusion. 291 Before advertising an IPv4/IPv6 Unicast AFI/SAFI route, the 292 configured policies are applied to it first, and then the RPD Export 293 policies are applied. [major] Should this text be Normative? [major] rfc4271 doesn't account for different types of policies (for example, configured or not). What are "configured policies"? Is Routing Policy provisioned using rfc9067+draft-ietf-idr-bgp-model considered a "configured policy" or an "RPD export policy"? 295 The NLRI containing the Routing Policy is carried in MP_REACH_NLRI 296 and MP_UNREACH_NLRI path attributes in a BGP UPDATE message, which 297 MUST also contain the BGP mandatory attributes and MAY contain some 298 BGP optional attributes. [major] Besides the NLRI, the MP_REACH_NLRI attribute contains a Next Hop. How should it be set? [minor] Please move this mention of where the NLRI is carried to the top of this section, and reference rfc4760. [major] "...which MUST also contain the BGP mandatory attributes and MAY contain some BGP optional attributes." This behavior is specified elsewhere, and there's no need to repeat it here again. Please remove this last part. 300 When receiving a BGP UPDATE message with routing policy, a BGP 301 speaker processes it as follows: [nit] The text uses "routing policy" and "RPD policy" to refer to the same thing. Please pick one and be consistent about its use. [major] Should any of this behavior be Normative? 303 * If the peer IP in the NLRI is 0, then apply the routing policy to 304 all the remote peers of this BGP speaker. [nit] s/peer IP/Peer IP/g [major] The behavior is also specified above when the Peer IP field was described. Please specify things only once! Suggestion: use the description to describe the fields and specify the behavior elsewhere. [minor] This text uses "remote peer" -- when is a peer not remote? 306 * If the peer IP in the NLRI is non-zero, then the IP address 307 indicates a remote peer of this BGP speaker and the routing policy 308 will be applied to it. [major] s/then the IP address/if the IP address [major] Just to confirm... If the policy applies to some (eBGP peers, for example), but not all, then the sender would have to originate one UPDATE per peer, right? The Withdraw case would be similar. If so, can the ASN List or IPv4 Prefix List Atom (or even the Neighbor Class List) be used in the Targets TLV to narrow down the peers to use (while using 0 as the Peer IP field)? Operationally, when would it be better to use a specific Peer IP? Please include this type of information in an Operational Considerations section. ... 312 4.2. BGP Wide Community and Atoms 314 The BGP wide community attribute is defined in 315 [I-D.ietf-idr-wide-bgp-communities]. This document specifies how two 316 wide communities associate the routing policy NLRI to Routing Policy 317 NLRI (section 4.1) to distribute routing policy to BGP peers. The 318 wide communities which define routing policy are: [] s/BGP wide community/BGP Wide Community/g Keep the capitalization in line with I-D.ietf-idr-wide-bgp-communities. [minor] "BGP wide community attribute" -- it is not an attribute (just take that word out). [minor] "associate the routing policy NLRI to Routing Policy NLRI" s/ This document specifies how two wide communities associate the routing policy NLRI to Routing Policy NLRI (section 4.1) to distribute routing policy to BGP peers. The wide communities which define routing policy are: / This document specifies two BGP Wide Communities to distribute routing policy to BGP peers, as follows: 320 * MATCH AND SET ATTR (TBD1) 322 * MATCH and NOT ADVERTISE (TBD2) 324 These wide communities are passed in the BGP wide community container 325 in the wide community attribute. These communities support three of 326 the optional TLVs: Target TLV, Exclude Target TLV, and Parameter TLV. 327 The value of each of these TLVs comprises a series of Atoms, each of 328 which is a TLV (or sub-TLV). [minor] The first sentence (which uses outdated terminology) is not needed because it restates what I-D.ietf-idr-wide-bgp-communities does. Same for the last one. Please keep the terminology in sync. Suggestion> These BGP Wide Communities support all three TLVs defined in [I-D.ietf-idr-wide-bgp-communities]: Targets TLV, Exclude Targets TLV, and Parameters TLV. [major] I-D.ietf-idr-wide-bgp-communities requires that new Wide Community definitions specify which TLVs and Atoms area applicable. Please do so. 330 A new wide community Atom is defined for BGP Wide Community Target(s) 331 TLV (RouteAttr), and two new Atoms are defined for BGP Wide Community 332 Parameter(s) TLV. For your reference, the format of the TLV is 333 illustrated below: [minor] The format is not necessary here as it is repeated later. Also, please point at the corrresponding sections. Suggestion> A new Atom is defined for the Targets TLV (Section xxx), and two new Atoms for the Parameters TLV (Section yyy). [] Please reorder the specification sections so that the Community Values are defined first, then then the Atoms. For example: 4.2.1. BGP Wide Communities 4.2.2. Atoms 4.2.2.1. RouteAttr 4.2.2.2. MED Change 4.2.2.3. AS-Path Change Note also that this section (4.2) is just an introduction to the subsections (4.2.*). You could also move the text to §4 and eliminate one of the levels: 4.2. BGP Wide Communities 4.3. Atoms 4.3.1. RouteAttr 4.3.2. MED Change 4.3.3. AS-Path Change [See the comments later on about the RouteAttr TLVs and how they should be defined as Atoms too.] ... 344 4.2.1. RouteAttr atom Sub-TLV [major] Please don't mix Atoms and Sub-TLVs. While Atoms are carried in TLVs, I-D.ietf-idr-wide-bgp-communities is clear to call them Atoms (and not Sub-TLVs). s/RouteAttr atom Sub-TLV/Atom Type TBD3, The Route Attributes (RouteAttr) ...to be in line with I-D.ietf-idr-wide-bgp-communities. Please use a similar title for the other sections defining Atoms. 346 A RouteAttr Atom sub-TLV (or RouteAttr sub-TLV for short) is defined 347 and may be included in a Target TLV. It has the following format. [major] "is defined and may be included in a Target TLV." There should be two parts to the specification: a definition of what the Atom is (this section), and a statement on its applicability to specific Wide Communities. This last part should be specified in the description of the Wide Communities (not in the description of the Atom or the TLV). IOW, the specification of the Atom should be general while the Wide Community species whether it is defined to be used with it, and how. Please indicate what the RouteAttr is used for (to describe the attributes of a route or group of routes). 349 0 1 2 3 350 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 351 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 352 | Type (TBD3) | Length (variable) | 353 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 354 | sub-sub-TLVs ~ 355 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 357 Figure 5: Format of RouteAttr Atom sub-TLV [minor] For consistency, please use the same format as in §5/I-D.ietf-idr-wide-bgp-communities. 359 The Type for RouteAttr atom is TBD3. In RouteAttr sub-TLV, four sub- 360 sub-TLVs are defined: IPv4 Prefix, IPv6 Prefix, AS-Path, and 361 Community sub-sub-TLV. [minor] Please separate the second sentence into its own paragraph. [minor] Because RouteAttr is not a sub-TLV, please use sub-TLV (instead of sub-sub-TLV) -- or just TLV. [minor] Consider describing each sub-TLV in a separate section. 363 An IP prefix sub-sub-TLV gives matching criteria on IPv4 prefixes. 364 Its format is illustrated below: [major] "matching criteria" When used with the Wide Communities specified in this document, this sub-TLV in the RouteAttr Atom is used to match. However, the general use is to describe the IPv4 prefixes associated with a route or group of routes. Note that the use (in the context of this document) should be described when the Wide Community is defined. [] Suggestion> The IPv4 Prefix sub-TLV describes the IPv4 prefixes associated with a route (or group of routes). [major] RouteAttr is the first Atom to have sub-TLVs. Please indicate the general format before defining the first one. ... 386 Length: N x 8, where N is the number of tuples <M-Type, Flags, IPv4 387 Address, Mask, GeMask, LeMask>. If Length is not a multiple of 8, 388 the Atom is corrupt and the enclosing UPDATE message MUST be 389 ignored. [minor] Move the tuple description to the definition of this sub-TLV to indicate that it carries a list of "IPv4 prefix descriptions". [major] This sub-TLV contains a list of route descriptions. What does it mean to have more than one? Note that I-D.ietf-idr-wide-bgp-communities defines the semantics for Atoms of List type (which is why I'm suggesting that you describe this sub-TLV as a list) -- does that apply? 391 M-Type: 4-bit field specifying match type. The following four 392 values are defined. IPaddress is the IP address in the sub-sub- 393 TLV while IProute is the IP route being matched. [nit] s/specifying match type/specifying the match type [major] "IProute is the IP route being matched" In general, this sub-TLV describes a route. The description can then be used (with the Wide Communities defined here) to compare (and match) according to the function. Please specify the sub-TLV in terms of what it describes -- the Wide Community specification should define how each TLV, Atom, etc. is used with it. Suggestion> M-Type: 4-bit field specifying the route format type. The values are specified below. [See other suggestions below.] [] For some reason rfc8955 is mentioned in the Security Considerations section. This reminded me that rfc8955 already defines a numeric-op that could have been reused in this case (without having to redefine the logic). Was this considered? [] Move the definition of the M-types to *after* all the fields have been introduced, and before the example. 395 M-Type = 0: Exact match with the Mask length IP address prefix. 396 GeMask and LeMask MUST be sent as zero and ignored on receipt. [] Suggestion> M-Type = 0: The route described corresponds to the IP Address with the specified Mask length. GeMask and LeMask MUST be sent as zero and ignored on receipt. [] Type 0 is equivalent to using the IP Prefix List Atoms. 398 M-Type = 1: Matches if the Mask number of prefix bits exactly 399 match between IPaddress and IProute and the actual prefix 400 length of IProute is greater than or equal to GeMask. LeMask 401 MUST be sent as zero and ignored on receipt. [] Suggestion> M-Type = 1: Describes a set of routes that correspond to the prefix represented by the IP Address/Mask combination and a mask greater than or equal to GeMask. LeMask MUST be sent as zero and ignored on receipt. 403 M-Type = 2: Matches if the Mask number of prefix bits exactly 404 match between IPaddress and IProute and the actual prefix 405 length of IProute is less than or equal to LeMask. GeMask MUST 406 be sent as zero and ignored on receipt. [] Suggestion> M-Type = 2: Describes a set of routes that correspond to the prefix represented by the IP Address/Mask combination and a mask less than or equal to LeMask. GeMask MUST be sent as zero and ignored on receipt. 408 M-Type = 3: Matches if the Mask number of prefix bits exactly 409 match between IPaddress and IProute and the actual prefix 410 length of IProute is less than or equal to LeMask and greater 411 than or equal to GeMask. [] Suggestion> M-Type = 3: Describes a set of routes that correspond to the prefix represented by the IP Address/Mask combination and a mask greater than or equal to GeMask and less than or equal to LeMask. 413 Flags: 4 bits. No flags are currently defined. They MUST be sent 414 as zero and ignored on receipt. [major] Do you expect IANA to manage the assignments of any future flags? Or would a better name for this field be "Reserved"? 416 IPv4 Address: 4 octets for an IPv4 address. [] See the comment below about the NLRI encoding. Suggestion> IPv4 Address: 4 octets that describe an IPv4 prefix. This field, together with the Mask follow the same semantics as the NLRI encoding from [rfc4271], except that the trailing bits in the IP Address fill the 4-octet field. 418 Mask: 1 octet for the IP address prefix length that needs to exactly 419 match between the IP address in the sub-sub-TLV and the route. [] It would be better (an in line with rfc4271 and I-D.ietf-idr-wide-bgp-communities) if the Mask was replaced with "Prefix Length" (just as in the NLRI encoding). Then the explanations can be simplifier. This adds the ability to indicate "all IP addresses" with a Mask of 0. Suggestion> Mask: 1 octet field that represents the Prefix Length of the IP Address, as specified in §4.3/rfc4271. 421 GeMask: 1 octet for route prefix length match range's lower bound, 422 MUST not be less than Mask or be 0. [major] "MUST not" is not an rfc2119 keyword [] Suggestion> GeMask: 1-octet field that represents the lowest bound of the IP Address' mask. This field MUST be greater than, or equal to, the Mask, or be 0. [major] What should a receiver do if the value is not set correctly? 424 LeMask: 1 octet for route prefix length match range's upper bound, 425 MUST be greater than Mask or be 0. [] Suggestion> LeMask: 1-octet field that represents the upper bound of the IP Address' mask. This field MUST be greater than, or equal to, the Mask, or be 0. [major] What should a receiver do if the value is not set correctly? [major] In the examples, use the documentation addresses from rfc6890. 427 For example, tuple <M-Type=0, Flags=0, IPv4 Address = 1.1.0.0, Mask = 428 22, GeMask = 0, LeMask = 0> represents an exact IP prefix match for 429 1.1.0.0/22. [minor] s/represents an exact IP prefix match for 1.1.0.0/22./represents 1.1.0.0/22. 431 <M-Type=1, Flags=0, IPv4 Address = 16.1.0.0, Mask = 24, GeMask = 24, 432 LeMask = 0> represents match IP prefix 16.1.0.0/24 greater-equal 24 433 (i.e., route matches if route's first Mask=24 bits match 16.1.0 and 434 24 =< route's prefix length =< 32). [minor] s/represents.../represents the set of routes that include 16.1.0.0/24 with a prefix length greater than, or equal to, 24 bits (up to and including 32 bits). 436 <M-Type=2, Flags=0, IPv4 Address = 17.1.0.0, Mask = 24, GeMask = 0, 437 LeMask = 26> represents match IP prefix 17.1.0.0/24 less-equal 26 438 (i.e., route matches if route's first Mask=24 bits match 17.1.0 and 439 24 =< route's prefix length <= 26). [minor] s/represents.../represents the set of routes that include 17.1.0.0/24 with a prefix length less than, or equal to, 26 bits (up to and including 24 bits). 441 <M-Type=3, Flags=0, IPv4 Address = 18.1.0.0, Mask = 24, GeMask = 24, 442 LeMask = 30> represents match IP prefix 18.1.0.0/24 greater-equal 24 443 and less-equal 30 (i.e., route matches if route's first Mask=24 bits 444 match 18.1.0 and 24 =< route's prefix length <= 30). [minor] s/represents.../represents the set of routes that include 18.1.0.0/24 with a prefix length greater, or equal to, 24 bits, and less than, or equal to, 30 bits. [] As mentioned before, consider describing each sub-TLV (Atom) in a separate section. 446 Similarly, an IPv6 Prefix sub-sub-TLV represents match criteria on 447 IPv6 prefixes. Its format is illustrated below: ... 465 Figure 7: Format of IPv6 Prefix sub-sub-TLV [] Add: The fields are described as in Section xxx. [] It would be very nice if a corresponding example for IPv6 was presented. ... 486 AS-Path Regex String: AS-Path regular expression string. [major] Where are the regular expressions defined? What format are they represented in? 488 A community sub-sub-TLV represents a list of communities to be 489 matched all. Its format is illustrated below: [major] "a list of communities" Please be clear (and include a reference) about which type of communities you're talking about. Why only those? ... 514 4.2.2. Sub-TLVs of the Parameters TLV 516 This document introduces 2 community values: [major] The specification of the new Community Values is hidden back here. :-( As suggested above, put this in its own section. 518 MATCH AND SET ATTR (TBD1): If the IPv4/IPv6 unicast routes to a 519 remote peer match the specific conditions defined in the routing 520 policy extracted from the RPD route, then the attributes of the 521 IPv4/IPv6 unicast routes will be modified when sending to the 522 remote peer per the actions defined in the RPD route. [] Suggestion> MATCH AND SET ATTR (TBD1): This BGP Wide Community is used to advertise a set of policy conditions and attribute modifications. If routes match the conditions, their attributes are modified. 524 MATCH AND NOT ADVERTISE (TBD2): If the IPv4/IPv6 unicast routes to a 525 remote peer match the specific conditions defined in the routing 526 policy extracted from the RPD route, then the IPv4/IPv6 unicast 527 routes will not be advertised to the remote peer. [] Suggestion> MATCH AND NOT ADVERTISE (TBD2): This BGP Wide Community is used to advertise a set of policy conditions that result in the advertisement suppression. If routes match the conditions, they will not be advertised. [major] In general, the text above is just a description, not a specification of the new Wide Communities. Among other things, a specification should indicate how the operation is achieved -- as required by [I-D.ietf-idr-wide-bgp-communities], a statement indicating which TLVs and Atoms can be used and their semantics. 529 For the Parameter(s) TLV, two action sub-TLVs are defined: MED change 530 sub-TLV and AS-Path change sub-TLV. When the community in the 531 container is MATCH AND SET ATTR, the Parameter(s) TLV can include 532 these sub-TLVs. When the community is MATCH AND NOT ADVERTISE, the 533 Parameter(s) TLV's value is empty. [major] "For the Parameter(s) TLV, two action sub-TLVs are defined" There should be two parts to the specification: a definition of what the Atoms are (this section), and a statement on its applicability to specific Wide Communities. This last part should be specified in the description of the Wide Communities (not in the description of the Atom or the TLV). IOW, the specification of the Atom should be general while the Wide Community species whether it is defined to be used with it, and how. 535 A MED change sub-TLV indicates an action to change the MED. Its 536 format is illustrated below: [minor] Expand MED on first use. Note that the attribute is called MULTI_EXIT_DISC in rfc4271 -- please use existing terminology. [major] Note that this Atom has a specific action in mind for the application defined in this document, but it can be generalized to an Atom that adds/subtracts a value. A Wide Community can then specify how to use it in its context. [In fact, the Unsinged Integer32 List Atom could be used for the same purpose -- with Wide Community-specific semantics. The first value indicates addition, the second subtraction, one must be 0, etc...] 538 0 1 2 3 539 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 540 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 541 | Type 1 | Length (5) | OP | 542 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 543 | Value | 544 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 546 Figure 10: Format of MED Change sub-TLV [major] Please represent this new Atom according to the format in §5/draft-ietf-idr-wide-bgp-communities. 548 Type: 1 for MED Change. [major] You are defining a new Atom. This value needs to come from the Atom Types registry, and not from the registry defined in the IANA section. ... 553 OP: 1 octet. Three are defined: [major] Does "OP" have a meaning? Is it a bit-field or a field carrying a number? [minor] s/Three are defined/Three values are defined [minor] Consider moving the description of the values to *after* all the fields are defined. As it is now, the Value is used in the operation of OP before it is defined. 555 OP = 0: assign the Value to the existing MED. [major] "assign the Value to the existing MED" If the MED exists, the action is to replace. What if the MED attribute doesn't exist? 557 OP = 1: add the Value to the existing MED. If the sum is greater 558 than the maximum value for MED, assign the maximum value to 559 MED. [major] "add the Value to the existing MED" Again, what if the MED attribute doesn't exist? [minor] s/If the sum is greater than the maximum value for MED, assign the maximum value to MED./If the sum is greater than the maximum allowed value, use that maximum value instead. 561 OP = 2: subtract the Value from the existing MED. If the 562 existing MED minus the Value is less than 0, assign 0 to MED. [major] "subtract the Value from the existing MED" Again, what if the MED attribute doesn't exist? [minor] s/If the existing MED minus the Value is less than 0, assign 0 to MED./If the result is less than 0, use 0 instead. 564 If OP is any other value, the sub-TLV is ignored. [major] Other error conditions above resulted in discarding the whole UPDATE. Why is this different? What is the effect of ignoring vs discarding? 566 Value: 4 octets. [major] What is the format of this information? 568 An AS-Path change sub-TLV indicates an action to change the AS-Path. 569 Its format is illustrated below: [major] rfc4271 uses AS_PATH to refer to the attribute. Please be consistent. ... 589 Type: 2 for AS-Path Change. [major] You are defining a new Atom. This value needs to come from the Atom Types registry, and not from the registry defined in the IANA section. 591 Length: n x 5. If Length is not a multiple of 5, the sub-TLV is 592 corrupt and the enclosing UPDATE MUST be ignored. [major] This Atom contains a list of ASN + count. What does it mean to have more than one? Note that I-D.ietf-idr-wide-bgp-communities defines the semantics for Atoms of List type -- does that apply? 594 ASi: 4 octet. An AS number. 596 Counti: 1 octet. ASi repeats Counti times. [minor] Please desribe this Atom as a list of ASN/Count units and then define one of those units -- using AS/Count (not ASi/Counti). 598 The sequence of AS numbers are added to the existing AS Path. [major] "sequence of AS numbers are added to the existing AS Path" This Atom seems to want to include a set of ASNs to prepend the AS_PATH with. Besides the local ASN, why would other ASNs be prepended to a route? In general, prepending an ASN other than the local one seems to be an act directly related to forging the AS_PATH. How would adding ASNs other than the local one work with BGPSec? What if the route doesn't have an AS_PATH? [] The example in I-D.ietf-idr-wide-bgp-communities manages to prepend the local ASN without the need for an extra Atom. Why is a new mechanism needed? 600 4.3. Capability Negotiation [major] rfc4760 already defines Capability Negotiation for multiple <AFI,SAFI> pairs. Why isn't that enough? ... 627 Send/Receive: This field indicates whether the sender is (a) willing 628 to receive Routing Policies from its peer (value 1), (b) would like 629 to send Routing Policies to its peer (value 2), or (c) both (value 3) 630 for the <AFI, SAFI>. If Send/Receive is any other value, that tuple 631 is ignored but any other tuples present are still used. [major] As mentioned before, rfc4760 already defines Capability Negotiation for this case, including support for unidirectional advertisement (when only one side advertises the capability). Why isn't that enough? ... 638 5.1. Application Scenario [] I think that this section would fit better closer to the Problem Statement to show the way this extension can be used. ... 662 The controller connects the RR through a BGP session. There is a BGP 663 session between the RR and each of routers A, B and C in AS1, which 664 is shown in the figure. Other sessions in AS1 are not shown in the 665 figure. [nit] s/connects the RR through a BGP session/peers with the RR using a BGP session [nit] s/is shown/are shown 667 There is router X in AS2. There is a BGP session between X and each 668 of routers A, B and C in AS1. [nit] s/There is router X in AS2./Router X is in AS2. 670 There is router Y in AS3. There is a BGP session between Y and 671 router C in AS1. [nit] s/There is router Y in AS3./Router Y is in AS3. 673 The controller sends a RPD route to the RR. After receiving the RPD 674 route from the controller, the RR reflects the RPD route to routers 675 A, B and C. After receiving the RPD route from the RR, routers A, B 676 and C extract the routing policy from the RPD route. If the peer IP 677 in the NLRI of the RPD route is 0, then apply the routing policy to 678 all the remote peers of routers A, B and C. If the peer IP in the 679 NLRI of the RPD route is non-zero, then the IP address indicates a 680 remote peer of routers A, B and C and such routing policy is applied 681 to the specific remote peer. The IPv4/IPv6 unicast routes towards 682 router X in AS2 and router Y in AS3 will be adjusted based on the 683 routing policy sent by the controller via a RPD route. [nit] s/to the RR. After receiving the RPD route from the controller, the RR reflects the RPD route to routers A, B and C./to the RR which reflects it to routers A, B and C. [minor] "If the peer IP in the NLRI..." Because this is an example, it would be nice if it demonstrated how the routes could be "adjusted based on the routing policy sent by the controller via a RPD route", instead of just saying so. What are the possible applications? For example, look at the example in draft-ietf-idr-wide-bgp-communities; it presents what an operator may want to do and then shows how. 685 The controller uses the RT extend community to notify a router 686 whether to receive a RPD policy. For example, if there is not any 687 adjustment on router B, the controller sends RPD routes with the RTs 688 for A and C. B will not receive the routes. [minor] Using the RT is not specifically part of this specification -- and in this context part of the example. Even so, it feels out of place. This type of operational consideration should go into it's own section in the form of a recommendation to operators to use a mechanism to allow the selective application of policy (when not applying it directly -- as in this case with a RR). The RT mechanism would be an example -- it needs an Informative reference. Also, the Peer IP (if not 0) should provide some type of filtering as well: if the Peer IP address doesn't represent any of the local peers then the policy doesn't apply to the local router... 690 The process of adjusting traffic in a network is a close loop. The 691 loop starts from the controller with some traffic expectations on a 692 set of routes. The controller obtains the information about traffic 693 flows for the related routes. It analyzes the traffic and checks 694 whether the current traffic flows meet the expectations. If the 695 expectations are not met, the controller adjusts the traffic. And 696 then the loop goes to the starter of the loop (The controller obtains 697 the information about traffic ...). [] Nice, but not part of this specification. If you want to leave it as part of an operational considerations section, please illustrate with examples how the monitoring can be done, etc.. 699 5.2. About Failure 701 This section describes some details about handling a failure related 702 to a RPD route being applied. [nit] s/handling a failure/handling failure I haven't read the rest of this section yet -- but I'm hopping it talks about failure in general. 704 A RPD route is not a configuration. When it is sent to a router from 705 a controller, no ack is needed from the router. The existing BGP 706 mechanisms are re-used for delivering a RPD route. After the route 707 is delivered to a router, it will be successful. This is guaranteed 708 by the BGP protocols. [minor] I'm not sure what not being "a configuration" (??) has to do with a reliable transport. [major] "After the route is delivered to a router, it will be successful." What do you mean by the route being "successful"? If you're talking about the transport, then there's no need for most of this paragraph as everyone working with BGP knows that it is reliable. But if you're referring to the application of the policy being successful, that is a very different thing! How would the sender know this? In fact, how does the sender know the initial (or current) policy state? Among other things, it is possible for the routes to have changed by the time the RPD policy arrives... >From the text above about monitoring, my guess is that the current policy is inferred from the observation of the traffic. Is that right? If so, prepending an already prepended route (for example) may not have any effect on the traffic. How can the sender tell the difference between a failure in the application of the policy vs an ineffective policy? 710 If there is a failure for the router to install the route locally, 711 this failure is a bug of the router. The bug needs to be fixed. [major] "install the route locally" In the context of RPD, what does this mean? 713 For the errors mentioned in [RFC7606], they are handled according to 714 [RFC7606]. These errors are bugs, which need to be resolved. [major] rfc7606 applies to all BGP UPDATES, so it is not necessary to mention it here unless there are exceptions. Or if you want to add other processing. In this case, you should point to the additional error handling in draft-ietf-idr-wide-bgp-communities. Even if it also assumed. [major] "These errors are bugs, which need to be resolved." While most of the errors may be bugs, rfc7606 doesn't explicitly categorize them that way. Let's not do it here either. 716 When the controller fails while a RPD route is being applied such as 717 on the way to the router, some existing mechanisms such BGP Graceful 718 Restart (GR) [RFC4724] and BGP Long-lived Graceful Restart (LLGR) can 719 be used to let the router keep the routes from the controller for 720 some time. 722 With support of "Long-lived Graceful Restart Capability" 723 [I-D.ietf-idr-long-lived-gr], the routes can be retained for a longer 724 time after the controller fails. 726 After the controller recovers from its failure, the router will have 727 all the routes (including the RPD route being applied) from the 728 controller. [minor] For these 3 paragraphs...are you recommending that LLGR (or at least GR) be used? Should it be Normative? [minor] This text should limit itself to describe what the normal operation is (controller fails, then the route is withdrawn), and maybe suggest mitigation. This is in line with operational considerations. [major] BGP's operation is such that routes are withdrawn when a session goes down -- the same would happen here, resulting in the removal of policy. The mechanisms mentioned above need to be configured everywhere in the network to even start a conversation about persistence. What is the effect of non-persistent policies? Either because of normal BGP operation, mis-configuration or partial deployment of the the features mentioned above, filtering... More for an Operational Considerations section. 730 In the worst case, the controller fails and the RPD routes for 731 adjusting the traffic are withdrawn. The traffic adjusted/redirected 732 may take its old path. This should be acceptable. [] "This should be acceptable." ..?? [major] This draft specifies a way to match/identify routes and then as-path-prepend and/or change the MED to influence incoming traffic. It is well known that while these mechanisms may work, the unknown nature of the neighboring AS's policy renders them useless in many situations. Specifically, if LOCAL_PREF is used then none of this is useful. See rfc1998 and draft-ietf-grow-as-path-prepending. Please include some text (maybe in an operational considerations section) about the issues. [BTW, I know there was a discussion about not referencing draft-ietf-grow-as-path-prepending. That is fine. But the point that this document recommends prepending and that there are issues with it remains.] 734 6. Contributors [minor] Please see §4/rfc7322 on the recommended order of the sections in an RFC and reorder acoordingly. 736 The following people have substantially contributed to the definition 737 of the BGP-FS RPD and to the editing of this document: [] "BGP-FS RPD" ??? ... 743 7. Security Considerations 745 Protocol extensions defined in this document do not affect BGP 746 security other than as discussed in the Security Considerations 747 section of [RFC8955]. [major] What?! What is the relationship between this work and rfc8955? [major] In writing a proper Security Consideration section you should consider which other considerations apply. In this case, draft-ietf-idr-wide-bgp-communities is a clear requirement. [major] You should also consider the effect of the the new functionality. In this case, from changing the attributes in existing routes, to attempting to influence the routing policy in neighboring ASes, etc.. Some of the effects may be pre-existing -- at least show that you through about them!! [major] Using the mechanisms in this document, any router that can successfully negotiate the new AFI/SAFI can change the policies. In the sample scenarios presented, that would be all the routers in the network. What prevents a (rogue) router from advertising an incorrect/undesired policy change? What are the potential effects of that? Or major concern is the use of the MATCH AND NOT ADVERTISE Wide Community. ... 756 9. IANA Considerations 758 9.1. Existing Assignments 760 IANA has assigned an AFI of value 16398 from the registry "Address 761 Family Numbers" for Routing Policy. [major] This section uses "Routing Policy", the registry and §4.1 use "Routing Policy AFI". Which one do you want to use? Please be consistent! 763 IANA has assigned a SAFI of value 75 from the registry "Subsequent 764 Address Family Identifiers (SAFI) Parameters" for Routing Policy. [major] The registry says "Routing Policy SAFI", this section "Routing Policy", and §4.1 nothing. Please be consistent! 766 IANA has assigned a Code Point of value 72 from the registry 767 "Capability Codes" for Routing Policy Distribution. 769 9.2. Registered IANA Wide Communities 771 IANA Should assign from the Registered Wide Community Values" the 772 following values: [major] The name of the registry is "Registered Type 1 BGP Wide Community Community Types". But please keep an eye on draft-ietf-idr-wide-bgp-communities to make sure this is the final name. ... 782 9.3. RouteAttr Atom Type 784 IANA is requested to assign a code-point from the registry "BGP 785 Community Container Atom Types" as follows: 787 +---------------------+------------------------------+-------------+ 788 | Atom Code Point | Description | Reference | 789 +---------------------+------------------------------+-------------+ 790 | TBD3 (48 suggested) | RouteAttr Atom |This document| 791 +---------------------+------------------------------+-------------+ [major] The values in this registry are expressed in hex. Do you mean 0x48? 793 9.4. Route Attributes Sub-sub-TLV Registry [] As mentioned before, these sub-TLVs should be defined as Atoms. 795 IANA is requested to create a registry called "Route Attributes Sub- 796 sub-TLV" under RouteAttr Atom Sub-TLV. The allocation policy of this 797 registry is "First Come First Served (FCFS)". [major] Where should this registry be located? [major] Please add a Normative reference to rfc8126 when referring to Registration Policies. ... 817 9.5. Attribute Change Sub-TLV Registry 819 IANA is requested to create a registry called "Attribute Change Sub- 820 TLV" under Parameter(s) TLV. The allocation policy of this registry 821 is "First Come First Served (FCFS)". [major] This registry is not needed. See comments above. ... 877 10.2. Informative References ... 886 [I-D.ietf-idr-registered-wide-bgp-communities] 887 Raszuk, R. and J. Haas, "Registered Wide BGP Community 888 Values", Work in Progress, Internet-Draft, draft-ietf-idr- 889 registered-wide-bgp-communities-02, 31 May 2016, 890 <https://www.ietf.org/archive/id/draft-ietf-idr- 891 registered-wide-bgp-communities-02.txt>. == Unused Reference: 'I-D.ietf-idr-registered-wide-bgp-communities' is defined on line 886, but no explicit reference was found in the text ... 898 [RFC7606] Chen, E., Ed., Scudder, J., Ed., Mohapatra, P., and K. 899 Patel, "Revised Error Handling for BGP UPDATE Messages", 900 RFC 7606, DOI 10.17487/RFC7606, August 2015, 901 <https://www.rfc-editor.org/info/rfc7606>. [major] This reference should be Normative. [EoR -15]
- [Idr] AD Review of draft-ietf-idr-rpd-15 Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-rpd-15 Alvaro Retana
- Re: [Idr] AD Review of draft-ietf-idr-rpd-15 Huaimo Chen