[Int-area] AD review of draft-ietf-intarea-gue

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Mon, 05 October 2020 13:38 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEFD43A0AD3 for <int-area@ietfa.amsl.com>; Mon, 5 Oct 2020 06:38:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.597
X-Spam-Level:
X-Spam-Status: No, score=-9.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=bvw+7+Ak; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=RAqZi9Sl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iQuaVdVPZCAe for <int-area@ietfa.amsl.com>; Mon, 5 Oct 2020 06:38:27 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B85513A0AC8 for <int-area@ietf.org>; Mon, 5 Oct 2020 06:38:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=39419; q=dns/txt; s=iport; t=1601905107; x=1603114707; h=from:to:cc:subject:date:message-id:mime-version; bh=G7spD1SZH0NnOAUhafl0zitSO5BFoOC1O2Xo5uBSg0U=; b=bvw+7+AkwGqn6OZ3DAHqUv7MPdoJYtvEj47qXpSITGUeRyTW3/0Q+K6Q 0HI+hkXjBvOe9XDMsb6pA7SDkEvpSIlkAYQwCaSeQKy8AohnTQ1uQnXXz 2E/oCp71aSyf2pyoXtkEBVLrkAqc0UicIICZ44167Vg/8Xm14fOzA0FcO 8=;
IronPort-PHdr: =?us-ascii?q?9a23=3AdChbgheWGVqjEbiRlbFz5RlYlGMj4e+mNxMJ6p?= =?us-ascii?q?chl7NFe7ii+JKnJkHE+PFxlwaTA9fb5uhOhvDKt6nmVSoL5pPS+HwBcZkZUR?= =?us-ascii?q?gDhI1WmgE7G8eKBAX9K+KidC01GslOFToHt3G2OERYAoDyMlvVpHDh7TMIEB?= =?us-ascii?q?jlKQ58IOizEYnX3Iy70umo8MjVZANFzDO2fbJ1KkCwqgPc/skbiIdvMOA/0B?= =?us-ascii?q?zM93BJYO9Rg2hvIAGe?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CDCQAkIXtf/5JdJa1gg3svKSgHcFk?= =?us-ascii?q?vLIQ9g0YDjnGXeYFCgREDVQsBAQENAQElCAIEAQGEShmCIQIlOBMCAwEBCwE?= =?us-ascii?q?BBQEBAQIBBgRthS8IJQyFdRYRHQEBNwERAUAKAgQwJwQBDSeDBAGBfk0DLgE?= =?us-ascii?q?OnFcCgTmIYXaBMoMBAQEFgTMBg2AYghADBoE4gnKDaYZWG4FBP4ERJxyCGIJ?= =?us-ascii?q?wXwKBKgELBwGDODOCLZAPAoJvATyHAoMlmW0KgmeIfoZYiwsDH4MOigIElAu?= =?us-ascii?q?TFIpulSgCBAIEBQIOAQEFgWsjZ3BwFTsqAYIKAQEyUBcCDYZAh2sXgQIBBIJ?= =?us-ascii?q?HhRSFQnQ3AgYBCQEBAwl8iwYCJgeBOF8BAQ?=
X-IronPort-AV: E=Sophos;i="5.77,338,1596499200"; d="scan'208,217";a="574309791"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 05 Oct 2020 13:38:26 +0000
Received: from XCH-ALN-005.cisco.com (xch-aln-005.cisco.com [173.36.7.15]) by rcdn-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id 095DcQvc019156 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 5 Oct 2020 13:38:26 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-ALN-005.cisco.com (173.36.7.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 5 Oct 2020 08:38:26 -0500
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 5 Oct 2020 09:38:25 -0400
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 5 Oct 2020 08:38:24 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZB0ATiT5Ye2FtJK+nA71w1a96Ttx0BFhKtl4Q7tb7cZ35OfH28pJXe+tqhQDYNOV/j6sMv4UVtSIHZgGb7HYXBzt0yO+nJWRK4Nl9o7LAWsctzApdHYKljZMTtzaHvwINjVaebjYfgFlMQXWkMt454BB2BfffbeTWMtz7JvqnsHXKNzIruLsJkdR1csFNV5AE1he/ef/eORf0jNRBodv+4LoTSjeAdrNerOwCcOrc4YYhXgWl3LOr53qYakmsDFK+Qas3pwbLFudBVjjjOlGyZtSx0mSTFp/eh6cblalDG01M7k3kQvRQHTPU60Sw4lMcXWj1Fcy4WNyjqY8/REuQg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=G7spD1SZH0NnOAUhafl0zitSO5BFoOC1O2Xo5uBSg0U=; b=G8fyErMLvcGLlWZxCA+2f0Gcy7kR4aI1EsqYJ6fmo2/dfpB/FobKad4OYpYNurO7+r7B3XRTkucgmjjr10FqrPf5HMbv3QxEooRVLGARtrXhS9UDu+OXTQpOmqBdOIVqJXzBMIv+sgYoAnR+F//IVBa2eeMHzuNcZjzZsO0KAq1oqtqB+OhQJwDKeSEm7Mt1Qz7jw2l0qUj6WPfnivOrvZixCJq2F+MAGru63aw7TMgU1ujbcNGhK6blciXsNbfFg5xaY3VpCTBU0saw43ey75TM/Ck9k67jG8JKbEyRxHgd6CUtx4tehi02xwYJTf5c/2u2VjCeNTlO3Wy75I9ZNg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=G7spD1SZH0NnOAUhafl0zitSO5BFoOC1O2Xo5uBSg0U=; b=RAqZi9SltHXgV96Cfj5FUVG6CvyEzemWa54+YERF0dZvSZ4AP2ZYKb9h0KELqvL9GVA/cImtPyHrvP5zNo3wQSq6TIqmpmOZ5SDI2yG1oAVbFjoGwUSs0VWerybrEn87CB7gMRMQ4o8cifornbLJjslJKFj9xb5a2hXe1fdPzLs=
Received: from BN6PR11MB1844.namprd11.prod.outlook.com (2603:10b6:404:103::20) by BN8PR11MB3633.namprd11.prod.outlook.com (2603:10b6:408:8a::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.32; Mon, 5 Oct 2020 13:38:23 +0000
Received: from BN6PR11MB1844.namprd11.prod.outlook.com ([fe80::d525:a81a:74e0:12e7]) by BN6PR11MB1844.namprd11.prod.outlook.com ([fe80::d525:a81a:74e0:12e7%12]) with mapi id 15.20.3433.044; Mon, 5 Oct 2020 13:38:23 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: "tom@herbertland.com" <tom@herbertland.com>, "lucy_yong@yahoo.com" <lucy_yong@yahoo.com>, "osamaz@microsoft.com" <osamaz@microsoft.com>
CC: Suresh Krishnan <suresh.krishnan@gmail.com>, Erik Kline <ek.ietf@gmail.com>, "fred.l.templin@boeing.com" <fred.l.templin@boeing.com>, Wassim Haddad <wassim.haddad@ericsson.com>, Juan Carlos Zuniga <juancarlos.zuniga@sigfox.com>, int-area <int-area@ietf.org>, "Black, David" <David.Black@dell.com>, Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Thread-Topic: AD review of draft-ietf-intarea-gue
Thread-Index: AQHWmxzLdBAQRDM7CU+5rZjxVZ2zlg==
Date: Mon, 5 Oct 2020 13:38:23 +0000
Message-ID: <6D36704E-EF85-41F4-B9C2-A7158B86842A@cisco.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.41.20091302
authentication-results: herbertland.com; dkim=none (message not signed) header.d=none;herbertland.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2a02:578:8557:600:307c:8a6f:8083:9682]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d6ba38de-2606-47d9-4d02-08d86933ee2a
x-ms-traffictypediagnostic: BN8PR11MB3633:
x-microsoft-antispam-prvs: <BN8PR11MB3633CA87D65F8E26615762C9A90C0@BN8PR11MB3633.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: oX9QBJUmpfddlYzIEJ7qB0Tgjc2Aovc2SkZLsTMZ3+w+nvwyeg9fW4hYzMxngNstTZhuzj7+TSK9CESzFCPKiy5fPe4/EYN0mopOwDCm3iH8IdaUzLSrJ6BKSC4b7eYUQsQhgZrrWlaVqnC1dz84IErmW++CRN5WPr8pdiwrHdF0MgIJh2vae0UW2DtcOxYcZ0CdeydrQyS1d0oY049QTLb2hcyllj3Emj+DvLa/sZAkhF6SEZdb4+qiD7GquxefiJw+0Q9dSzBq0GOp0Da+xqPyL9JB7U1aMzVyORXdoNfT22LQAGDIsKKcE8dnlJd46O2M17iFvLE4zblHv/YWf5ZLvGGauS1Djh+821xOXyMcCCqcykxNPpyQahQo70deSipO31yl7ppf4yDVYCys+Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR11MB1844.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(39860400002)(396003)(376002)(346002)(366004)(8936002)(66574015)(71200400001)(2906002)(966005)(36756003)(6486002)(86362001)(8676002)(186003)(7416002)(76116006)(91956017)(6506007)(54906003)(110136005)(66446008)(64756008)(83380400001)(4326008)(316002)(6512007)(478600001)(66556008)(2616005)(66476007)(5660300002)(83080400001)(66946007)(33656002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: IfAH48PXxWQKIo+74TbXk2Lew9F5dSbnyQzPbKYl40wgybPM/vmqbMIvjZ6xQMuFvNO23lHDWs4E0rbXooEgIdbmDpq91qzYPjzlMsjkKYDxIGXfVJ/Xbp3GVJfLfz/8EGX62+fB/52KaZOiTLeJjFpjQNkO6sKa9YPhKRVbzz1hb0nXK6+2zDG4+XGnDwLK76L4mYFak6CV8o+Zx8xSnCL0tJv+mtVPX2jkIllH+Dk3ZBcrgM7UcfAX8zQrCbHqf2JQi9owQdoZfS1AOhQsxlv7eoXgaQ6bn6TpnUbAIzPjMEn7N8b1N455IGI0HVOVDCqq1XTUAn4nT32QsPIjallTHsH9TO4jwDBedD9ePkQ6loxQDsEGtrYajLNHI/BNzlOZZaqRmQy08MmYcGHYxEtZWVTto0XI1NQZkqbXGVICgTJ4ameI5mTwwhmDrvqIsq6yBVSRP4Hgswselopntr719UPOD1U/ilRvNfiIqHMMcel3pSrjP6HoUaVdaIH634xli6tU2WPwnJ1P7Jb6+cZmL6nDJPhgI+Hw19zy5fTttUnXjAa41feBwKKpDFdAxqdq4ZKBKcy4u8yqIADi5sxcU/BoOykfr+RTs8fumrEaRb20vyHfP5JO9o+PfpK7MptMTd8mWwcePj5320eMSw798Gm50H/AiWM8HwVLYb5P7oiV0WAUeR1ct9awg9JLjbDLZFjnIotTJT1F9wzstw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_6D36704EEF8541F4B9C2A7158B86842Aciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN6PR11MB1844.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d6ba38de-2606-47d9-4d02-08d86933ee2a
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Oct 2020 13:38:23.2523 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ZVylhffQ+S1s37Cu92Tims4llI19zM1/LDaJmY2HG2mJ/e97lgnakxho3hN2z7whjt1svelt3jOmxZsUiTPf/w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3633
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.15, xch-aln-005.cisco.com
X-Outbound-Node: rcdn-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/G-xGFvZv5nMXwHfbtP1mw7FaLV8>
X-Mailman-Approved-At: Mon, 05 Oct 2020 06:59:36 -0700
Subject: [Int-area] AD review of draft-ietf-intarea-gue
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2020 13:38:31 -0000

Tom, Lucy, Osama,

As you probably know by now, I have become the responsible AD for this document for a couple of months (since I replaced Suresh who is in cc).

As usual, I do an AD review before launching the IETF Last Call step. So, here are my comments.

The first one is really about what is the added value of GUE wrt to so many already specified encapsulations. Of course, UDP-encapsulation guarantees a better middle-box traversal (being NAT or firewall or ...) but L2TPv2, Geneve/NVO3, IPsec, VxLAN, GRE over UDP, ... already apply the same UDP envelope (albeit for very specific tunneling techniques and to encapsulate a layer-2 frame). As the intarea WG has adopted this document and the WGLC was positive, I will go forward with the publication process anyway; but, I fear that the IETF Last Call and IESG evaluation will bring this discussion again. Section 6 should perhaps be moved forward as well.

I failed to see any reply to David Blake's early review for tsvart: https://mailarchive.ietf.org/arch/msg/int-area/Z67X78mJyzijDmt4GlCktndInzI/

In Tom's reply to Gory's review in https://mailarchive.ietf.org/arch/msg/int-area/66jAlVmJ-JqO_yy9utivM6bGhHg/ there is "I will reply to comments in time", and I have not seen a reply (possibly a bad search of mine).

In one email from Tom, it seems that GUE is implemented in Linux for years. This could become part of an implementation status section that is always useful for an intended PS status.

Where is described the process of receiving an ICMP by the encapsulator about a GUE packet?

Abstract: I wonder what is "specialized capabilities in networking hardware for efficient handling of UDP packets" except perhaps for ECMP ? Probably worth being specific even in the abstract.

Introduction: the text is about 'optional data' and 'extensions' and is not really clear whether they are identical, especially when the text is split in two paragraphs. Suggest to merge the last 2 paragraphs.

Section 1.2: why is this 'implicitly' for 'control' rather than 'explicitly' and nothing is said for 'data'. C-bit is an 'explicit' way of declaring this packet as 'control', or did I miss something?

Section 1.2: "control the state or behavior of a tunnel", humm I had in mind that GUE is not only for tunnels

Section 1.2: suggest to also define primary and extension fields (even if those terms can be inferred/guessed)

Section 1.2: "Proto/ctype" there is no protocol number in IPv6

Section 1.3: please use BCP 14 and RFC 8174

Section 3.1: about the UDP source port, is a 'RECOMMENDED' recommended in the choice of source port ?

Section 3.1: please add "and ignored at reception" when describing the 'Flags' field.

Section 3.2.1 in the last paragraph: 'nodes' is rather vague... is it the decapsulating node ? And beside 'MUST NOT parse', should the packet be dropped silently ? or dropped and ICMP generated ? or ?

Section 3.2.2: "Control messages will be defined in an IANA" should rather be "Control messages are defined in an IANA". Also, "and may be defined in standards" is not the usual wording for extensions.

Section 3.3: draft-ietf-intarea-gue-extensions seems to be expired... and MUST be normative, IMHO, as " [GUEEXTEN] defines an initial set of GUE extensions." indicates it.

Section 3.3.1: while the exact meaning of "Extension fields are placed in order of the flags" can be guessed, strongly suggest to be clear about this 'order of the flags'.

Section 3.2.2: unsure whether a copy & paste of another not-really-active document is wise. Suggest to remove this section completely.

Section 3.4: is "optional integrity check" defined in this document ? Else, I suggest to remove this text

Section 3.5.1: "implicitly" or "explicitly" because C-flag is set and the dest address is obviously the decapsulator

Section 3.5.2: we are well deep in the document and it is still unclear how the encapsulation can be done with variant 0. Is it a 'virtual' removing of UDP & GUE header ? I.e., leaving the outer IP header intact ?

Section 4: it is really smart to use the IP version field to indicate variant 1 (assuming that Internet Stream Protocol is no more used)

Section 5.2: why "should be co-resident with the hosts" ? Isn't it obvious then, rather than using "should be", let's use "are"

Section 5.2: "and the transport packet." how would ICMP qualify as it is rather layer 3 and not really 'transport' ?

Section 5.2: "Note that the transport layer ports " => "Note that the transport layer ports (if any) "

Section 5.2: I am afraid that some text about IPv6 extension headers is required here (and possibly for IPv4 options)

Section 5.3: "intended target (decapsulator)" why not simply writing "decapsulator" ?

Section 5.3: suggest s/it SHOULD follow standard conventions /it MUST follow standard conventions /

Section 5.3: must include the normative references to 'standard conventions'

Section 5.3: what about MTU considerations as packet size is increased ?

Section 5.4: should an ICMP message be generated when packet is not validated and should it be dropped ? rate limited of course ;-)

Section 5.4: s/GUE packet is received by a decapsulator with unknown flags, the packet MUST be dropped./GUE packet is received by a decapsulator with unknown flags set, the packet MUST be dropped/

Section 5.4: should an ICMP message be generated when dropping GUE packets ?

Section 5.4.1: must be explicit about the processing of any IPv6 extension headers

Section 5.4.1: suggest to also indicate the inner/outer src and dst IPv4 addresses

Section 5.4.2: should/may an ICMP be generated ?
"
Section 5.5: unsure whether a section about middle box is required/useful because those will do whatever they want (typically evil). Also, "A middlebox MUST NOT drop a GUE packet merely because there are flags unknown to it." is wishful thinking as firewalls tend to block what they do not recognize.

Section 5.6.2: would a section on NAT64 be useful ?

Section 5.7: RFC 4459 is informational and will cause a down ref (that is OK) as the reference should be normative. As mentioned by David Blake in his review, RFC 4459 is about to be updated by draft-ietf-intarea-tunnels, the later should probably be mentioned as well.

Section 5.8.2: replace RFC 2460 by RFC 8200 ;-)

Section 5.8.2: while I am unsure whether the considerations about when using no UDP checksum are relevant/useful, it is probably shared by IPv4 and IPv6, so, move this part outside of 5.8.2 ?

Section 5.9.1: up to the authors, but I would use a "SHOULD NOT" in "a GUE tunnel MUST NOT be deployed to carry non-congestion-controlled traffic over the Internet"

Section 5.10: even after reading carefully the document, I am unclear about what are the "GUE parameters and properties" required to decapsulate

Section 5.10: is it useful to specify whether anycast traffic is supported?

Section 5.11.1: is "connection semantics"  already defined? Not the first time it is mentioned but its definition should either occur before or a forward internal reference pointer added

Section 5.11.1: "corresponds to the flow of the inner packet" seems to indicate a 1:1 mapping between outer source port and internal 5-tuple. Suggest to use a different word than "corresponds"

Section 5.11.1: "is set" or "SHOULD be set" ?

Section 5.11.1: please add references to ESP & AH RFC

Section 5.11.2: would it be useful to specify that the "flow entropy" should be constant for the same inner flow (= 5-tuple) ?

Section 6: this is really a useful section, IMHO, it should appear earlier in the document.

Section 6.1: "Standardized optional data ... are defined" ... where ?

Section 6.2: I would try to prioritize the list, i.e., imho flow entropy is important, the multiplexing also exists notably in GRE so is less important.

IANA: please use RFC 8126 rather than RFC 5226 ;-)

Possibly a couple of nits (but please bear in mind that English is not my native language):

  *   s/UDP based protocol/UDP-based protocol/
  *   s/four byte header/four-octet header/ (at least use 'octet' rather than 'byte' as some ADs are very strict on this use)
  *   Section 2: about OAM, typically we use the expanded version and put the acronym later, not the other way round.


Hope this helps

-éric