Re: [lisp] OPS-Dir review of draft-ietf-lisp-introduction-11

"Joel M. Halpern" <jmh@joelhalpern.com> Thu, 12 February 2015 14:20 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B768F1A88D9; Thu, 12 Feb 2015 06:20:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.302
X-Spam-Level:
X-Spam-Status: No, score=-1.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_36=0.6, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6gUwGR83YoNH; Thu, 12 Feb 2015 06:20:48 -0800 (PST)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05E811A8857; Thu, 12 Feb 2015 06:20:48 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 89B181C049F; Thu, 12 Feb 2015 06:20:47 -0800 (PST)
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from Joels-MacBook-Pro.local (pool-70-106-135-240.clppva.east.verizon.net [70.106.135.240]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 7BA8A1C059F; Thu, 12 Feb 2015 06:20:16 -0800 (PST)
Message-ID: <54DCB679.8060606@joelhalpern.com>
Date: Thu, 12 Feb 2015 09:19:37 -0500
From: "Joel M. Halpern" <jmh@joelhalpern.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Luigi Iannone <ggx@gigix.net>
Subject: Re: [lisp] OPS-Dir review of draft-ietf-lisp-introduction-11
References: <hmrnc76l2jt0ubjwmjvb3c9s.1423706346606@email.android.com> <1A8253CB-7E12-4949-BBAB-45BD6DF2F496@gigix.net>
In-Reply-To: <1A8253CB-7E12-4949-BBAB-45BD6DF2F496@gigix.net>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/FulmDZXPUlpvTduuyZpTNR9---U>
Cc: ops-dir@ietf.org, ietf@ietf.org, acabello@ac.upc.edu, david.black@emc.com, farinacci@gmail.com, Damien Saucez <damien.saucez@inria.fr>, lisp@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Feb 2015 14:20:55 -0000

That proposed text works for me.
Yours,
Joel

On 2/12/15 3:28 AM, Luigi Iannone wrote:
> Hi,
>
> Aren’t we going into to much details for the intro document?
>
> What if we change the sentence in the following way:
>
> OLD (suggested by David)
>
> "in the specific case of a VM/mobile node the EID-prefix should be /32
> or /128 (IPv4 or IPv6 respectively)”
>
> NEW
>
> "In the mobility case the EID-prefix can be as small as a full /32 or
> /128 (IPv4 or IPv6 respectively) depending on the mobility use-case
> (e.g., subnet mobility vs single VM/Mobile node mobility)"
>
>
> Opinions?
>
>
>> On 12 Feb 2015, at 02:59, Jmh.direct <jmh.direct@joelhalpern.com
>> <mailto:jmh.direct@joelhalpern.com>> wrote:
>>
>> Temeber that an EID prefix represents a site.  A tenant network in a
>> data center is a viable site.  So the prefix as registered for that.
>>  Mobiluty of VMs with the tenant network can be handled internally.
>>
>> Ypu could instead advertise each VM EID.  Tge fact that both cased
>> work makes doing an introductory description a bit tricky.
>>
>> Yours,
>> Joel
>>
>>
>> Sent from my Samsung smartphone on AT&T
>>
>>
>>
>> -------- Original message --------
>> Subject: RE: [lisp] OPS-Dir review of draft-ietf-lisp-introduction-11
>> From: "Black, David" <david.black@emc.com <mailto:david.black@emc.com>>
>> To: "Jmh.direct" <jmh.direct@joelhalpern.com
>> <mailto:jmh.direct@joelhalpern.com>>,"acabello@ac.upc.edu
>> <mailto:acabello@ac.upc.edu>" <acabello@ac.upc.edu
>> <mailto:acabello@ac.upc.edu>>
>> CC: "farinacci@gmail.com <mailto:farinacci@gmail.com>"
>> <farinacci@gmail.com
>> <mailto:farinacci@gmail.com>>,"jmh@joelhalpern.com
>> <mailto:jmh@joelhalpern.com>" <jmh@joelhalpern.com
>> <mailto:jmh@joelhalpern.com>>,"damien.saucez@inria.fr
>> <mailto:damien.saucez@inria.fr>" <damien.saucez@inria.fr
>> <mailto:damien.saucez@inria.fr>>,"ops-dir@ietf.org
>> <mailto:ops-dir@ietf.org>" <ops-dir@ietf.org
>> <mailto:ops-dir@ietf.org>>,"ietf@ietf.org <mailto:ietf@ietf.org>"
>> <ietf@ietf.org <mailto:ietf@ietf.org>>,"lisp@ietf.org
>> <mailto:lisp@ietf.org>" <lisp@ietf.org <mailto:lisp@ietf.org>>,"Black,
>> David" <david.black@emc.com <mailto:david.black@emc.com>>
>>
>>
>> > In the VM case, am entire service network may be moved to the data
>> center, and so the EID block for that set can be moved.
>>
>> For a single VM, that would apply if the VM is using an entire EID
>> block - most individual VMs aren’t/don’t.  Individual /32 and /128
>> addresses are common for individual VMs, so that’s what’s needed in
>> general for individual VM movement.
>>
>> I’d expect the EID block move case to apply for movement of a group of
>> VMs that are using such a block (e.g., as a subnet), but VM live
>> migrations cannot be synchronized in general (cold migrations of
>> powered-off VMs can be, obviously), so even in this case where the
>> entire EID block moves, if live VM migrations are involved, there are
>> intermediate stages where the EID block is split between LISP sites
>> ... and hence /32 and /128 prefixes are still what’s wanted.
>>
>> Thanks,
>> --David
>>
>> *From:*Jmh.direct [mailto:jmh.direct@joelhalpern.com]
>> *Sent:* Wednesday, February 11, 2015 7:19 PM
>> *To:* Black, David; acabello@ac.upc.edu <mailto:acabello@ac.upc.edu>
>> *Cc:* farinacci@gmail.com <mailto:farinacci@gmail.com>;
>> jmh@joelhalpern.com <mailto:jmh@joelhalpern.com>;
>> damien.saucez@inria.fr <mailto:damien.saucez@inria.fr>;
>> ops-dir@ietf.org <mailto:ops-dir@ietf.org>; ietf@ietf.org
>> <mailto:ietf@ietf.org>; lisp@ietf.org <mailto:lisp@ietf.org>
>> *Subject:* RE: [lisp] OPS-Dir review of draft-ietf-lisp-introduction-11
>> *Importance:* Low
>>
>> I thinl we may want to separate VM mobility from mobile devices.  Om
>> the VM case, am entire setvice network may be moved to the data
>> center, and so the EID block for that set can be moved.  In the case
>> of individually mobile debices or some vatiations on data center
>> mobility, there is a need to mske sure the full EID is advertised in
>> the mapping system.
>>
>> Yours,
>>
>> Joel
>>
>>
>>
>> Sent from my Samsung smartphone on AT&T
>>
>>
>>
>>
>> -------- Original message --------
>> Subject: RE: [lisp] OPS-Dir review of draft-ietf-lisp-introduction-11
>> From: "Black, David" <david.black@emc.com <mailto:david.black@emc.com>>
>> To: "acabello@ac.upc.edu <mailto:acabello@ac.upc.edu>"
>> <acabello@ac.upc.edu <mailto:acabello@ac.upc.edu>>
>> CC: Dino Farinacci <farinacci@gmail.com
>> <mailto:farinacci@gmail.com>>,"Joel M. Halpern" <jmh@joelhalpern.com
>> <mailto:jmh@joelhalpern.com>>,Damien Saucez <damien.saucez@inria.fr
>> <mailto:damien.saucez@inria.fr>>,"ops-dir@ietf.org
>> <mailto:ops-dir@ietf.org>" <ops-dir@ietf.org
>> <mailto:ops-dir@ietf.org>>,"ietf@ietf.org <mailto:ietf@ietf.org>"
>> <ietf@ietf.org <mailto:ietf@ietf.org>>,"lisp@ietf.org
>> <mailto:lisp@ietf.org>" <lisp@ietf.org <mailto:lisp@ietf.org>>,"Black,
>> David" <david.black@emc.com <mailto:david.black@emc.com>>
>>
>> Hi Albert,
>>
>> As noted below, on the EID prefix for mobility issue, a simple
>> statement in Section 5 to the effect that “in the specific case of a
>> VM/mobile node the EID-prefix should be /32 or /128 (IPv4 or IPv6
>> respectively)” will suffice.  Details on what to do when that advice
>> is ignored can be left to other documents.
>>
>> Thanks,
>> --David
>>
>> *From:*Albert Cabellos [mailto:albert.cabellos@gmail.com]
>> *Sent:* Wednesday, February 11, 2015 6:33 PM
>> *To:* Black, David
>> *Cc:* Dino Farinacci; Joel M. Halpern; Damien Saucez; ops-dir@ietf.org
>> <mailto:ops-dir@ietf.org>; ietf@ietf.org <mailto:ietf@ietf.org>;
>> lisp@ietf.org <mailto:lisp@ietf.org>
>> *Subject:* Re: [lisp] OPS-Dir review of draft-ietf-lisp-introduction-11
>>
>> Hi David
>>
>> Thanks for your comments, I am parsing them and I´ll suggest new text
>> aiming to address them ASAP.
>>
>> I would also like to better understand [A] before doing this.
>>
>> With LISP an EID-preifx can have an arbitrary length and can move
>> (i.e., change its RLOC bindings), in the specific case of a VM/mobile
>> node the EID-prefix should be /32 or /128 (IPv4 or IPv6 respectively).
>> What doesn't work is the mobility of a node (assigned with a /32 or
>> /128) *within* a coarser EID-prefix, in this case you need to split
>> the prefix into more specifics and register them independently in the
>> Mapping System, effectively creating new EID-prefixes.
>>
>> Please let me know if this clarifies your comment, in this case I will
>> suggest new text for Section 5.
>>
>> Albert
>>
>> On Thu, Feb 12, 2015 at 12:07 AM, Black, David <david.black@emc.com
>> <mailto:david.black@emc.com>> wrote:
>>
>> Dino - thanks for the response.
>>
>> On the major issues, it looks like both [A] and [B] involve only the text
>> in this draft and nothing beyond, which is good news.  I have a simple
>> text
>> suggestion for [A], but it looks like [B] is going to require some careful
>> editing, as one of the primary causes is that the draft is sloppy in using
>> the same symbol "G" to represent both EID and RLOC multicast groups.
>>
>> On the minor issues, I have text suggestions for three of the four, and
>> I'd like to temporarily defer further discussion the IPv6 UDP zero
>> checksum "tarpit" in favor of resolving everything else first.
>>
>> On the nits/editorial comments, all the suggestions in your email are fine
>> with me.  FWIW, I regard that portion of a review as almost entirely
>> subject to the draft authors' discretion (and editorial taste).
>>
>> > >> [A] EID mobility vs. EID prefixes
>> >
>> > ... from the start of the LISP design (circa 2007), an prefix is
>> what moves.
>> > And a specific EID is simply a /32 or /128 prefix. Here is a practical
>> > example:
>>
>> A statement that the mobility use cases need to employ /32 and /128
>> prefixes,
>> and not anything coarser should suffice.  That should be added to
>> Section 5.
>>
>> > >> [B] LISP Multicast vs. EID/RLOC separate
>> > >>
>> > >> - 6. Multicast
>> > >>
>> > >> This is interesting, multicast addresses (G) look like they're an
>> exception
>> >
>> > They are really not.
>>
>> My concern is that as I read the draft, it leaves me with the strong
>> impression
>> that the same multicast addresses (G) are being used in both the overlay
>> (as EIDs) and the underlay (as RLOCs).  From your response, I conclude
>> that this
>> is not the case (and I have no argument with that).  Rather, Section 6
>> needs to
>> bluntly state that multicast addresses are mapped between EID and RLOC
>> space at
>> both ITRs and ETRs, so that the following inference is obvious from
>> the text
>> (it's currently not obvious):
>>
>> > So it makes perfect sense to register multicast addresses to the mapping
>> > system as EIDs and they can map to RLOCs of sites that have joined
>> the group.
>>
>> As part of this, I strongly recommend moving away from use of "G" to
>> refer to
>> multicast groups in both the overlay and underlay.  Careful use of G-EID
>> and G-RLOC would significantly improve clarity.
>>
>> ---
>> If the above are done for [A] and [B] in Sections 5 and 6, then the
>> text for the
>> use cases in Section 7 should not need further attention.
>> ---
>>
>> > >> -- Minor Issues --
>> > >>
>> > >> There seems to be an implicit assumption that the end host and its
>> > >> ITR (xTR) are in the same domain or Autonomous System.  For
>> incremental
>> >
>> > This is true when you call the domain a "LISP site". But if the site is
>> > unchanged and one uses PITRs, maybe even close to the site, like in a PE
>> > router, then the PITR is definitely in another AS.
>>
>> Looking at the text, it seems that "LISP site" and "domain" are the same
>> concept for this draft.  That would be useful to state, IMHO but I'll
>> leave
>> the decision on whether to do so to you and the draft authors.
>>
>> On rereading, my concerns seem to be triggered mostly by this sentence in
>> Section 3.2:
>>
>>    The edge consists of LISP sites (e.g., an
>>    Autonomous System) that use EID addresses.
>>
>> I think a small change to the last sentence in that paragraph would
>> resolve
>> my concern without distracting from the narrative:
>>
>> OLD
>>    EIDs do not
>>    contain inter-domain topological information and because of this,
>>    EIDs are usually routable at the edge (within LISP sites) or in the
>>    non-LISP Internet.
>> NEW
>>    EIDs do not
>>    contain inter-domain topological information and because of this,
>>    EIDs are usually routable at the edge (within LISP sites) or in the
>>    non-LISP Internet; see Section 3.5 for discussion of LISP site
>>    internetworking with non-LISP sites and domains in the Internet.
>>
>> > >> Despite multiple  mentions of incremental deployment, I did not
>> > >> see a discussion of how that might be accomplished.
>> >
>> > There are PxTRs and NATs. And references to the LISP interworking RFC.
>>
>> Ok, can we just say so in Section 3.5?  Adding the following sentence
>> to the end of the section would suffice:
>>
>>    PITRs, PETRs and LISP-NAT support incremental deployment of LISP
>>    by providing significant flexibility in location of the boundaries
>>    between the LISP and non-LISP portions of the network, and making
>>    it reasonable to change those boundaries over time.
>>
>> > >> - 3.3.1.  LISP Encapsulation
>> > >>
>> > >>    the source port is selected by
>> > >>    the ITR and ignored on reception.
>> > >>
>> > >> Please mention multipathing (e.g., ECMP and LAG) as possible
>> influences
>> > >> on how source ports are selected, as this imposes some limits on
>> what an
>> > >> ITR can reasonably do.
>> >
>> > ECMP/LAG don't influence which source port is selected. It is a
>> 5-tuple hash
>> > of the inner header that selects a source port that influences how
>> an underlay
>> > router would load-split traffic.
>>
>> Please state that a 5-tuple hash is used.  ECMP/LAG is among the important
>> reasons why, but that doesn't need to be stated if you prefer not to.  An
>> example of something that needs to be excluded is that using a random
>> number generator to set the source port would be wrong - I could suggest
>> citing draft-ietf-dart-dscp-rtp for related discussion (and lots more
>> details), but I don't think that's necessary.
>>
>> -- IPv6 zero UDP checksum
>>
>> > My head spins every time I hear about this subject. This subject has
>> been
>> > talked about from 100s of people for a decade. We have CRC on links,
>> we have
>> > apps that use TCP and UDP checksums. Nuf said.
>>
>> Understood - there's more than one set of scars on this one :-(.
>> Let's come back
>> to this topic after we've resolved everything else, and please keep in
>> mind
>> that I tagged this as a minor issue, not a major one (e.g., the above
>> changes
>> for [A] and [B] are far more important, IMHO).
>>
>> Thanks,
>> --David
>>
>> > -----Original Message-----
>> > From: Dino Farinacci [mailto:farinacci@gmail.com <mailto:farinacci@gmail.com>]
>> > Sent: Wednesday, February 11, 2015 2:19 PM
>> > To: Joel M. Halpern
>> > Cc: Black, David; Albert Cabellos; Damien Saucez;ops-dir@ietf.org <mailto:ops-dir@ietf.org>;
>> >ietf@ietf.org <mailto:ietf@ietf.org>; lisp@ietf.org <mailto:lisp@ietf.org>
>> > Subject: Re: [lisp] OPS-Dir review of draft-ietf-lisp-introduction-11
>> >
>>
>> > > I will leave most of these for the authors to comment on.
>> >
>> > See my comments inline. Thanks David for your detailed review and
>> commentary.
>> >
>> > > With regard to your question about incremental deployment, that is the
>> > domain of the LISP Deployment document, and was deliberately only
>> lightly
>> > covered here.  I am not sure what we can do to address your comment
>> without
>> > duplicating the entirety of that document.
>> >
>> > That is the risk we may have with many of your comments. We have a
>> lot of
>> > detail in the already 9 published RFCs  and this document really is
>> to take
>> > all that detail and summarize as an easily understandable
>> description of a
>> > cohesive design.
>> >
>> > > With regard to UDP Zero, this was approved by the IESG and
>> published as an
>> > RFC.  It is part of the way the protocol is defined.  If there are
>> specific
>> > changes you would like to see in the explanatory text, I am sure
>> >
>> > Definitely agreed. In fact we instigated UDP zero. And I continually
>> talk to
>> > hardware engineers and they all believe we made the right decision.
>> So hats
>> > off to the IETF for being practical.
>> >
>> > > we could include them.  If you are looking for a change in the
>> behavior,
>> > this document can not make changes to the LISP behavior.
>> >
>> > Yes, an important point.
>> >
>> > >> I found a couple of major issues that I hope arise from the
>> > >> summarization of LISP in this draft, as opposed to being problems in
>> > >> the actual LISP protocols.  I also found a few minor issues, the most
>> > >> important of which is the need for additional security considerations
>> > >> discussion on misdelivery, with particular attention to VPNs.
>> >
>> > Thanks a ton.
>> >
>> > >> -- Major issues --
>> > >>
>> > >> [A] EID mobility vs. EID prefixes
>> > >>
>> > >> - 5. Mobility
>> > >>
>> > >> I understand how this works when mapping is per-EID, but how does
>> this work
>> > >> when the EID of the system that moves is part of an EID prefix, as
>> > discussed
>> > >> in Section 3.4.1?  Even if the answer is a long version of "Don't
>> do that!"
>> > >> it should be explained.
>> >
>> > No, from the start of the LISP design (circa 2007), an prefix is
>> what moves.
>> > And a specific EID is simply a /32 or /128 prefix. Here is a practical
>> > example:
>> >
>> > You have a cluster of servers that communicate together for a particular
>> > application. They application cluster is running in a set of VMs.
>> Those VMs
>> > are assigned EIDs from a common power-of-2 EID-prefix. Those VMs are
>> currently
>> > running in a brick-and-mortar data center. Now there is a desire to
>> move the
>> > VM cluster to a cloud provider. What is moved is the EID-prefix of the
>> > cluster. The mapping system is told that the EID-prefix is changing
>> its RLOC-
>> > set from the brick-and-mortar xTRs to the cloud providers xTRs.
>> >
>> > >>
>> > >> - 7.4.  LISP for Virtual Machine Mobility in Data Centers
>> > >>
>> > >> I don't understand how this works when EID prefixes are used, as
>> each VM
>> > >> has its own EID or EIDs, hence the entire prefix range does not
>> move when
>> > >> the VM moves.
>> > >>
>> > >> For OPS-Dir, this EID prefix issue [A] falls under A.1.1 in
>> Appendix A
>> > >> of RFC 5706:  Has deployment been discussed? and specifically under:
>> > >>
>> > >>        *  Is the proposed specification deployable?  If not, how
>> could
>> > >>           it be improved?
>> > >>
>> > >> as EID prefixes appear to be undeployable for Mobility and VM
>> Mobility
>> > usage.
>> >
>> > See above example.
>> >
>> > >> [B] LISP Multicast vs. EID/RLOC separate
>> > >>
>> > >> - 6. Multicast
>> > >>
>> > >> This is interesting, multicast addresses (G) look like they're an
>> exception
>> >
>> > They are really not. Since multicast addresses *identify* a group of
>> > receivers, it is very much an EID and aheres to the definition of an
>> EID.
>> > Multicast addresses never had topological signficance but the state
>> > representing a distribution tree does tell you were the members are
>> (but the
>> > identity of the members are not know in multicast).
>> >
>> > So it makes perfect sense to register multicast addresses to the mapping
>> > system as EIDs and they can map to RLOCs of sites that have joined
>> the group.
>> > See draft-farinacci-signal-free-multicast as just one example.
>> RFC6831 and
>> > draft-farinacci-lisp-mr-signaling are other examples.
>> >
>> > >> to the EID/RLOC separation as the same destination IP multicast
>> address
>> > >> is used for both purposes.  This could use some more discussion,
>> as it's
>> > >> unexpected based on the contents of the draft up to this point.
>> >
>> > I believe the level of detail we have in the introduction document
>> is at the
>> > right level or we'll err on having way too many details crop in.
>> >
>> > >> - 7.2.  LISP for IPv6 Co-existence
>> > >>
>> > >>    LISP encapsulations allows to transport packets using EIDs from a
>> > >>    given address family (e.g., IPv6) with packets from other address
>> > >>    families (e.g., IPv4).
>> > >>
>> > >> How does that work for multicast traffic, where the destination
>> address
>> > >> (G) has to be the same in both the inner and outer headers?  Are ETRs
>> > >> and ITRs expected to map IPv6 multicast addresses to IPv4 and v.v.?
>> >
>> > The mapping system can map an (S-EID-ipv6, group-ipv6) 2-tuple to a
>> RLOC set
>> > that looked like this (ipv4-multicast, ipv4-unicast) mean the ITR that
>> > receives the packet from S-EID-ipv6 would replicate the packet and
>> multicast
>> > encapsulate to ipv4-multicast and unicast encapsualte to ipv4-unicast.
>> >
>> > >> - 7.3.  LISP for Virtual Private Networks
>> > >>
>> > >> This also has multicast problems, as there is only one instance
>> of each
>> > >> multicast address (G) in the underlay network.  I think I can
>> figure out
>> > how
>> >
>> > You can map from EID-G to RLOC-G one to one. But we have seen over
>> the last
>> > decade in a half that with general multicast deployment that
>> many-to-1 is
>> > desirable. Hence, now that we have a way to map with a network-based
>> database,
>> > we can map multiple EID-Gs to a single (or multiple) RLOC-Gs.
>> >
>> > >> to make multicast work for this use case, but it's not
>> immediately obvious,
>> > >> and the result when the same underlay multicast address is used
>> by more
>> > >> than one VPN could well deliver some traffic to ETRs that have to
>> discard
>> >
>> > This is a necessary evil when the underlay is state challenged. But
>> it is a
>> > state/bandwidth tradeoff. We have found with MVPN deployment that
>> the network
>> > admin configures the underly or simply unicasts.
>> >
>> > >> it because the Instance ID is wrong (and that excessive delivery is a
>> > >> security consideration, see minor issue on Section 8 below).  I
>> think an
>> > >> explanation is in order.
>> >
>> > There are just too many combinations to make a high-level
>> description simple
>> > to understand. The current introduction text does a find job providing
>> > references for someone to go off and get the details.
>> >
>> > >> -- Minor Issues --
>> > >>
>> > >> There seems to be an implicit assumption that the end host and its
>> > >> ITR (xTR) are in the same domain or Autonomous System.  For
>> incremental
>> >
>> > This is true when you call the domain a "LISP site". But if the site is
>> > unchanged and one uses PITRs, maybe even close to the site, like in a PE
>> > router, then the PITR is definitely in another AS. But note I said
>> PITR and
>> > not ITR. The reason being is because an ITR is configured with database-
>> > mapping prefixes that is uses to encapsulate packets from such
>> addresses.
>> > Versus the PITR being an ITR with *no database-mappings* providing a
>> much more
>> > larger/or more aggregtable service.
>> >
>> > >> deployment, I don't think that's always the case, but I think
>> that only
>> > >> has editorial impact on this document, as I don't think any of the
>> > >> fundamental LISP mechanisms are affected.  The authors should
>> look for
>> > >> use of "domain" and "Autonomous System" and ensure that the text is
>> > >> generalized to the case where the end host and ITR are more widely
>> > >> separated.
>> >
>> > We are overloaded with terms that create topological or organization
>> boundary.
>> > Hence why we created "LISP site" which is also the same as a "LISP
>> VPN site".
>> > Where a "LISP site" that has multiple tennants would be multiple
>> "LISP VPN
>> > sites".
>> >
>> > >> Despite multiple  mentions of incremental deployment, I did not
>> > >> see a discussion of how that might be accomplished.  There is some
>> >
>> > There are PxTRs and NATs. And references to the LISP interworking RFC.
>> >
>> > >> useful content in Section 3.5, but that's at best an incomplete
>> > >> explanation.  This is an OPS-Dir review concern - it falls under
>> > >> A.1.3 in Appendix A of RFC 5706: Has the migration path been
>> discussed?
>> > >>
>> > >> - 3.3.1.  LISP Encapsulation
>> > >>
>> > >>    the source port is selected by
>> > >>    the ITR and ignored on reception.
>> > >>
>> > >> Please mention multipathing (e.g., ECMP and LAG) as possible
>> influences
>> > >> on how source ports are selected, as this imposes some limits on
>> what an
>> > >> ITR can reasonably do.
>> >
>> > ECMP/LAG don't influence which source port is selected. It is a
>> 5-tuple hash
>> > of the inner header that selects a source port that influences how
>> an underlay
>> > router would load-split traffic.
>> >
>> > >> For OPS-Dir, this multipathing concern falls under A.1.4 in
>> Appendix A of
>> > >> RFC 5706: Have the Requirements on other protocols and functional
>> > >>        components been discussed?
>> > >>
>> > >>    This decision was made because the
>> > >>    typical transport protocols used by the applications already
>> include
>> > >>    a checksum, by neglecting the additional UDP encapsulation
>> checksum
>> > >>    xTRs can forward packets more efficiently.
>> > >>
>> > >> Groan!  I have an exquisite set of scars on UDP zero checksums
>> for IPv6
>> > >> from working on the MPLS in UDP draft, so I may be overly
>> sensitive to
>> > >> this concern.  The downside of this efficiency is that there is no
>> > >> checksum coverage of the IPv6 header when zero UDP checksums are
>> used.
>> > >> That should at least be mentioned here, with a summary of why
>> that's ok
>> > >> - the detailed justification for why that's ok can be left to other
>> > >> documents.
>> >
>> > My head spins every time I hear about this subject. This subject has
>> been
>> > talked about from 100s of people for a decade. We have CRC on links,
>> we have
>> > apps that use TCP and UDP checksums. Nuf said.
>> >
>> > >>
>> > >> -- Nits/Editorial Comments --
>> > >>
>> > >> - Top of p.4:
>> > >>
>> > >>    The initial motivation in the LISP effort is to be find in the
>> > >>
>> > >> "find" -> "found"
>> > >>
>> > >> - Section 3.1, first bullet item
>> >
>> > We will certainly fixe these. Thanks.
>> >
>> > >>
>> > >>       Devices are assigned with relatively opaque identity
>> > >>       meaningful addresses that are independent of their topological
>> > >>       location.
>> > >>
>> > >> I don't understand "relatively opaque identity meaningful" and
>> > >> suggest rewriting the sentence.  In particular - opaque to what?
>> > >> meaningful to what in what manner?
>> >
>> > Well beacuse it is as accurate as it can be. If automobiles are
>> going to be
>> > assigned EIDs from a VIN number allocation from a manufacture, the
>> address is
>> > relatively opaque. If a VM in a data-center is going to be assigned
>> an EID
>> > from the set of prefixes already being used and allocated to that
>> data-center,
>> > then there is a good chance that address is in a power-of-2 block
>> that is
>> > summarizable in the IGP.
>> >
>> > >>
>> > >> - Section 3.2, second paragraph
>> > >>
>> > >> Judging from the figure, xTRs are the common case, with single-
>> > >> function ITRs and ETRs being rare.  It might be good to say that
>> > >> and discuss when ITRs and ETRs that are not xTRs are appropriate
>> > >> to use.
>> >
>> > When you want egress path selection to happen further out in the
>> toplogical
>> > from the source location, then you put an ITR-only system there.
>> Where ingress
>> > to the same source (destination in this direction), the ETR can be
>> closer to
>> > the destination.
>> >
>> > >>
>> > >> - 3rd paragraph on p.7:
>> > >>
>> > >>
>> > >>    Finally, the LISP architecture emphasizes a cost effective
>> > >>    incremental deployment.
>> > >>
>> > >> I'd delete "cost effective" here and look for other occurrences
>> > >> of "cost" as candidates for deletion.  This is supposed to be
>> > >> a technical document, so discussion of costs is a bit off-target.
>> >
>> > Fair enough.
>> >
>> > >> - First item after Figure 2:
>> > >>
>> > >>    1.  HostA retrieves the EID_B of HostB, typically querying the DNS
>> > >>        and obtaining and A or AAAA record.
>> > >>
>> > >> "and A" -> "an A"  (spelling checkers don't catch everything).
>> >
>> > Already noted and will be fixed.
>> >
>> > >>
>> > >> - 3.3.1.  LISP Encapsulation
>> > >>
>> > >>    On the other hand, Recursive
>> > >>    tunnels are nested tunnels and are implemented by using
>> multiple LISP
>> > >>    encapsulations on a packet.
>> > >>
>> > >> The above sentence seems out of place in the middle of a
>> paragraph about
>> > >> Re-encapsulating tunnels and routers - I suggest moving it down
>> into its
>> > >> own paragraph and perhaps adding a sentence about where/how Recursive
>> > >> tunnels may be useful.
>> >
>> > Good suggestion and makes sense.
>> >
>> > >> - 3.3.2.  LISP Forwarding State
>> > >>
>> > >>    In the LISP architecture, ITRs keep just enough information to
>> route
>> > >>    traffic flowing through it.
>> > >>
>> > >> "it." -> "them."
>> > >>
>> > >>    Meaning that, ITRs retrieve from the
>> > >>    LISP Mapping System mappings between EID prefixes and RLOCs
>> that are
>> > >>    used to encapsulate packets.
>> > >>
>> > >> This is the first use of the notion of EID prefixes.  That
>> concept should
>> > >> be explained before it is used, although a forward reference to
>> section
>> > >> 3.4.1 may suffice.  It might be better to rewrite this paragraph
>> in terms
>> > >> of EIDs and leave the notion of EID prefixes to section 3.4.1.
>> >
>> > Hmm, I'll let Albert and Damien decide if we should state "EID-prefixes"
>> > everywhere instead of just "EID".
>> >
>> > >>
>> > >> - 4.4.  MTU Handling
>> > >>
>> > >>    Additionally, LISP also recommends inferring reachability of
>> locators
>> > >>    by using information provided by the underlay, in particular:
>> > >>
>> > >> It'd be useful to add a sentence or two about how LISP and the
>> techniques
>> > >> in this section interact with host use of PMTUD and PLPMTUD.
>> >
>> > This is a lot of detail because in RFC6830 we have 3 positions or
>> options on
>> > the subject. And we did provide a reference to RFC6830 for this topic.
>> >
>> > >> - Next to last paragraph on p.17:
>> > >>
>> > >>    Additionally, LISP also recommends inferring reachability of
>> locators
>> > >>    by using information provided by the underlay, in particular:
>> > >>
>> > >> This looks like it's a paragraph early and needs to be moved down to
>> > >> after the paragraph that follows it.
>> >
>> > Agree.
>> >
>> > >> idnits 2.13.01 didn't find any nits.
>> > >>
>> > >> Thanks,
>> > >> --David
>> >
>> > Thanks again David.
>> >
>> > Dino
>>
>