Review of draft-ietf-spring-segment-routing-msdc-03

Susan Hares <shares@ndzh.com> Mon, 06 March 2017 16:25 UTC

Return-Path: <shares@ndzh.com>
X-Original-To: ietf@ietf.org
Delivered-To: ietf@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9102C129568; Mon, 6 Mar 2017 08:25:29 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Susan Hares <shares@ndzh.com>
To: rtg-dir@ietf.org
Subject: Review of draft-ietf-spring-segment-routing-msdc-03
X-Test-IDTracker: no
X-IETF-IDTracker: 6.46.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <148881752958.15101.3565092696759250024.idtracker@ietfa.amsl.com>
Date: Mon, 06 Mar 2017 08:25:29 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/drp7ExEci585neLA5wXskP1l0yU>
Cc: draft-ietf-spring-segment-routing-msdc.all@ietf.org, spring@ietf.org, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Mar 2017 16:25:29 -0000

Reviewer: Susan Hares
Review result: Has Issues

The RTG-DIR has the categories:  minor concerns or major concerns
regarding "issues", I wil differentiate my issues by this quality. 
I also have editorial nits regardign under specified text. 

Major concerns: 
1) The security section is not sufficient for any review by the
Security area 

This draft depends on IDR WG draft (ietf-idr-bgp-prefix-sid) that
defines the BGP Segment attribute.  If this attribute is used with
IPv6, this simply gives more infromation about a link to a next. 
However, the combination of this information with the information
passed using draft-ietf-idr-bgpls-segment-routing-epe-09 that utilizes
BGP to pass BGP topologies in BGP - requires a better security
section.  BGP-LS was described to be an "information gathering"
function handled by a few routers on the edge of the network to obtain
link-state topology information.  The BGP peers would carry this
information in a separate informational stream.  With this constraint,
it was approved by the IESG.   
draft-ietf-idr-bgpls-segment-routing-epe  expands the initial concept
of BGP-LS from "information gathering" to a full-routing scheme of BGP
within BGP for data centers and for data center interconnection to the
network.   This extension takes it out of the approved range of the
BGP-LS.  Therefore, the security sections in both the IDR WG drafts
and this draft need to describe the new threat scenarios and describe
threat mitigation strategies for deployments.  

In addition, the information by BGP-LS
(draft-ietf-idr-bgpls-segment-routing-epe) or in draft-ietf-bgp-sid
may have privacy issues - so these need to be described the security
section. 

2) through-out the text you use words such as "ebgp3107" or BGP 3107
updates"

This phrase is inaccurate.  The base RFC3107 support will not provide
BGP-Prefix support (as supported in bgp-idr-bgp-prefix.   Some texts
goes on to clarify the addition of the BGP SID Prefix attribute.  It
would be better to invent a new phrase or term.  

In section 8.1, the authors state:
"The Prefix Segement is a lightweight extension to the BGP Labelled
Unicast".  As noted in my #1 major concern, this "hand-waving"
description either needs to be refined to be accurate.  If the MPLS
usage only uses the BGP-Prefix label and does not extend to the
Egress, it is simplier.  However, it is not clear that is what section
8.1 is about.   If 8.1 includes the
draft-ietf-idr-bgpls-segment-routing-epe, then BGP-LS addition does
have a number of prefixes and rules.   The trade-off between BGP-LS +
BGP-LS SID (draft-ietf-idr-bgp-sid) handling + BGP LS egress peer
engineering draft (draft-ietf-idr-bgp-segment-routing-epe) and a
signalling protocol is more complex than the hand-wave.  It may be the
right choice based on current implementations and management issues,
but these need to be laid specifically. 

3) Why are you defining 2-byte Private Use AS when there are plenty of
4-Byte Private Use AS (p. 5). 

This usage increases the confusion regarding 2-byte/4-byte ASN.  IDR
specifically worked on 4 byte ASN. 

Minor concerns  
1) It is not clear what happens in section 4.2.2 and figure 3-5

What happens if the traffic goes to node 3 instead of node 4 on the
ECMP path? 
What happens if the traffic goes to node 8 instead of node 7 on the
ECMP Path? 

Is there something missing in the stroy? 

2) section 4.3 - IBGP Labeled Unicast. 

The phrase "iBGP3107 reflection with nhop-self" needs to be explicitly
spelled out as IBGP Route-Reflection with next-hop self.  If that is
not what the authors mean, then it needs to be further spelled out. 
It is unclear where the central IBGP nodes are that share fully the
information learned from the three clusters. (nodes:5-8 cluster 1,
nodes 3-4 cluster 2, nodes 9-10 cluster 3).  

This section has hints of a solution, but it is miss a great deal. 
Please upgrade to specific solution.  A diagram might help. 

3) Load Sharing hints (Section 7.1) 

Elephant flow and mice flows are good descriptions.  Flowlets and VL2
should either warrant a 1 sentence explanation that actually describes
these features in a 22 page draft, or be removed.  

4)  The lack of a manageability or operations section (TBD in version
-02) - concerns me.  The operational issues may be well known to the
data centers and devices manufacturers who have implement this
specification, but this is an interoperability specification for IETF.
 Some manageabilty comments should be included or a BCP pointed to. 

Editorial issues: 

#1 - The following 4 abbrevitions need to be initially expanded when
first used:  CLOs (p.3),  SRGB(p.6), flowlets (p. 14), and VL2 (p.
14). 

#2 - page 7, section 4.2 last paragraph 
Old/: assuming the IP Addresses, AS and label-index allocation
previously described, the"
New/: assuming the IP address with the AS and label-index allocation
previously described, the" 
[Comma is optional]

#3 - page 14, section 7.1 paragraph 4,  /(e.g. spine switch Node1)/  -
by the diagram it should be node 5-8 or an error.  Please check the
number 

#4 - page 17, section 8.2 paragraph 2. 

Old/
This is easily accomplished by encapsulating the trafffic either 
directly at the host or the source ToR node by pushing the BGP-
Prefix-SID of the destination ToR for intra-DC traffic, or border 
node for inter-DC or DC-to-outside-world traffic./

New/
This is easily accomplished by encapsulating the trafffic either 
directly at the host or the source ToR node  by pushing  the BGP-
Prefix-SID of the destination ToR for intra-DC traffic, or
the BGP-Prefix-SID for the the border node for inter-DC or
DC-to-outside-world traffic./
 
If this is not the correct logic, then you can reword this further. 
I read it 4 or 5 times. 

#5 - Adding a diagram to section 4.3 might help your description.