[Idr] Review of draft-ietf-idr-error-handling-18
"Alvaro Retana (aretana)" <aretana@cisco.com> Mon, 09 March 2015 17:45 UTC
Return-Path: <aretana@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EFAC1A9092; Mon, 9 Mar 2015 10:45:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WzW9YCQ6Yinf; Mon, 9 Mar 2015 10:45:15 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50CC21A908C; Mon, 9 Mar 2015 10:45:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8745; q=dns/txt; s=iport; t=1425923116; x=1427132716; h=from:to:cc:subject:date:message-id:mime-version; bh=8RL8NjgF5S6iGl+QBQ0mnxs0k44pcLYBYObFJsjSUcg=; b=ZzX6cCev0vQniIhVGPSL5qMgB1fkbNy2y010lY3TdlAyrIIJngHt+HXZ PS3t+bwSGfe6ibdqXDRPrlZt0/6VZCAwHdKMBNnXRaK1JBChGMBTtEMzB AuPNEtBPYczYzNzGwLw+JDfLWbtCm3AyqSCRfN0+eA9M32A1CGIClfkDC E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AIBQC82/1U/4YNJK1bgkNDgTDIWYEsTQEBAQEBAXyEFnkSARZqJwQOIQOIEMEfAQEBAQEFAQEBAQEBARuLF4RuhDQFjg2CAolTgRqFfIV/hl8jg26BcQY8fwEBAQ
X-IronPort-AV: E=Sophos;i="5.11,368,1422921600"; d="scan'208,217";a="130295896"
Received: from alln-core-12.cisco.com ([173.36.13.134]) by alln-iport-2.cisco.com with ESMTP; 09 Mar 2015 17:45:15 +0000
Received: from xhc-aln-x13.cisco.com (xhc-aln-x13.cisco.com [173.36.12.87]) by alln-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id t29HjEiS013917 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 9 Mar 2015 17:45:14 GMT
Received: from xmb-aln-x15.cisco.com ([169.254.9.60]) by xhc-aln-x13.cisco.com ([173.36.12.87]) with mapi id 14.03.0195.001; Mon, 9 Mar 2015 12:45:14 -0500
From: "Alvaro Retana (aretana)" <aretana@cisco.com>
To: Alia Atlas <akatlas@gmail.com>
Thread-Topic: Review of draft-ietf-idr-error-handling-18
Thread-Index: AQHQWpDLKAsEqqfj4UCra5AsX2rR0w==
Date: Mon, 09 Mar 2015 17:45:13 +0000
Message-ID: <D1235488.9A4A0%aretana@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.117.15.9]
Content-Type: multipart/alternative; boundary="_000_D12354889A4A0aretanaciscocom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/zqurlkwGUwccKahaoD2ZrqFcIiU>
Cc: "idr@ietf.org" <idr@ietf.org>, "idr-chairs@ietf.org" <idr-chairs@ietf.org>, "rob.shakir@bt.com" <rob.shakir@bt.com>, "draft-ietf-idr-error-handling.all@ietf.org" <draft-ietf-idr-error-handling.all@ietf.org>
Subject: [Idr] Review of draft-ietf-idr-error-handling-18
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2015 17:45:17 -0000
Alia: Hi! As part of my AD training, I have done a review of this draft. I have some comments, none of which should delay the publication. 1. This document is marked as updating many RFCs. It would be very nice if there was a section that summarized the updates — pointing to the details is ok. Section 3 does a good job in detailing the changes to rfc4271, but there are other updates elsewhere (section 7.7, for example). What I’m suggesting is a section that basically says: "rfc4271 is updated by changing the handling of path attribute errors (Section 3), the ORIGIN (Section 7.1), etc.” Maybe it’s just me, but I like to be able to find the updates in one place (at least a summary). 2. Nit: s/revised/updated Related to the last point, when looking through a document for updates, searching for the work “update” makes it easier.. The authors chose the word “revised”, which is a perfectly good word, but it is not the “official” term used when an RFC is changed. Yes, it’s a nit.. 3. Section 3 talks about updates to rfc4271, and it includes this text in bullet h: "When multiple attribute errors exist in an UPDATE message, if the same approach (either "session reset", "treat-as-withdraw” or "attribute discard") is specified for the handling of these malformed attributes, then the specified approach MUST be used. Otherwise the approach with the strongest action MUST be used.” Given that multiple RFCs are updated, it seems to me like this consideration is applicable not just to rfc4271 (even though it is the base), so it might be a good idea to include the same (or at least similar) text in Section 2 (where the approaches are defined and discussed). 4. Section 6 (Operational Considerations) includes several rfc2119 keywords. I read the thread with Brian Haberman about clarifying what is expected from the operator and what the implementation should do; I agree that this section should be clarified so that the operational recommendations are clear and separate from the actions that an implementation can take. For example: “.. such facilities MUST include logging an error listing the NLRI involved, and containing the entire malformed UPDATE message when such an attribute is detected. The malformed UPDATE message SHOULD be analyzed, and the root cause SHOULD be investigated.” Logging is definitely the job of the implementation..while other actions such as investigating clearly would fall on the operator.. 5. Security Considerations (Section 10). It is true that malformed optional transitive attributes should not cause remote session resets. Are remote withdrawals a new threat? Following the logic in the introduction, an update with a malformed optional transitive attribute may not be properly checked for several hops..but once the error is detected then the NLRI may use Treat-as-withdraw.. Assuming an AS-level granularity in checking, this won’t cause loops or major disruptions, but nonetheless it can result in not everyone receiving the information it should.. Thanks! Alvaro.
- [Idr] Review of draft-ietf-idr-error-handling-18 Alvaro Retana (aretana)
- Re: [Idr] Review of draft-ietf-idr-error-handling… Jeffrey Haas
- Re: [Idr] Review of draft-ietf-idr-error-handling… Alvaro Retana (aretana)