[Int-dir] Re: Intdir early review of draft-ietf-idr-sdwan-edge-discovery-17
Antoine FRESSANCOURT <antoine.fressancourt@huawei.com> Thu, 16 January 2025 08:15 UTC
Return-Path: <antoine.fressancourt@huawei.com>
X-Original-To: int-dir@ietfa.amsl.com
Delivered-To: int-dir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 317C5C18DB91; Thu, 16 Jan 2025 00:15:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9KNFKQ1Fo0Gu; Thu, 16 Jan 2025 00:15:05 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C6C0C18DB80; Thu, 16 Jan 2025 00:15:05 -0800 (PST)
Received: from mail.maildlp.com (unknown [172.18.186.216]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4YYbBj303Jz6K9W4; Thu, 16 Jan 2025 16:10:05 +0800 (CST)
Received: from frapeml100004.china.huawei.com (unknown [7.182.85.167]) by mail.maildlp.com (Postfix) with ESMTPS id DA561140AA7; Thu, 16 Jan 2025 16:15:02 +0800 (CST)
Received: from frapeml500003.china.huawei.com (7.182.85.28) by frapeml100004.china.huawei.com (7.182.85.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.39; Thu, 16 Jan 2025 09:15:02 +0100
Received: from frapeml500003.china.huawei.com ([7.182.85.28]) by frapeml500003.china.huawei.com ([7.182.85.28]) with mapi id 15.01.2507.039; Thu, 16 Jan 2025 09:15:02 +0100
From: Antoine FRESSANCOURT <antoine.fressancourt@huawei.com>
To: Susan Hares <shares@ndzh.com>, Antoine FRESSANCOURT <antoine.fressancourt=40huawei.com@dmarc.ietf.org>, Antoine Fressancourt <antoine@aft.network>, "int-dir@ietf.org" <int-dir@ietf.org>
Thread-Topic: Intdir early review of draft-ietf-idr-sdwan-edge-discovery-17
Thread-Index: AQHbOC3B0tmuz3y30EqKKo1gB2saNrLASkGwgFg+IwCAAORgcA==
Date: Thu, 16 Jan 2025 08:15:02 +0000
Message-ID: <c79f2f4658ba494fb10236f5ce2134d7@huawei.com>
References: <173028310233.76447.9399728875049130196@dt-datatracker-84cf84bdcc-xfz57> <CO1PR08MB661184A5784530FF969330DAB3252@CO1PR08MB6611.namprd08.prod.outlook.com> <6dc163bd21a2454191144bc4733f97fd@huawei.com> <CO1PR08MB6611BC254E82425E3F1E8D9CB3192@CO1PR08MB6611.namprd08.prod.outlook.com>
In-Reply-To: <CO1PR08MB6611BC254E82425E3F1E8D9CB3192@CO1PR08MB6611.namprd08.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.206.215.65]
Content-Type: multipart/alternative; boundary="_000_c79f2f4658ba494fb10236f5ce2134d7huaweicom_"
MIME-Version: 1.0
Message-ID-Hash: O7GOI7YMDEMIOZHMI6LAKW5XKXBQ53MY
X-Message-ID-Hash: O7GOI7YMDEMIOZHMI6LAKW5XKXBQ53MY
X-MailFrom: antoine.fressancourt@huawei.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-int-dir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-idr-sdwan-edge-discovery.all@ietf.org" <draft-ietf-idr-sdwan-edge-discovery.all@ietf.org>, "idr@ietf.org" <idr@ietf.org>, John Scudder <jgs@juniper.net>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Int-dir] Re: Intdir early review of draft-ietf-idr-sdwan-edge-discovery-17
List-Id: "This list is for discussion between the members of the Internet Area directorate." <int-dir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-dir/Wk6m7cgLDd8Nf265BQivmuUKBGI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-dir>
List-Help: <mailto:int-dir-request@ietf.org?subject=help>
List-Owner: <mailto:int-dir-owner@ietf.org>
List-Post: <mailto:int-dir@ietf.org>
List-Subscribe: <mailto:int-dir-join@ietf.org>
List-Unsubscribe: <mailto:int-dir-leave@ietf.org>
Hello Susan, Sorry for my delay in answering. I will review the changes you have made by the end of this week, and answer you about those changes. Best regards, Antoine Fressancourt From: Susan Hares <shares@ndzh.com> Sent: mercredi 15 janvier 2025 20:36 To: Antoine FRESSANCOURT <antoine.fressancourt=40huawei.com@dmarc.ietf.org>; Antoine Fressancourt <antoine@aft.network>; int-dir@ietf.org Cc: draft-ietf-idr-sdwan-edge-discovery.all@ietf.org; idr@ietf.org; John Scudder <jgs@juniper.net> Subject: RE: Intdir early review of draft-ietf-idr-sdwan-edge-discovery-17 Antoine: Thank you again for your excellent review of draft-ietf-idr-sdwan-edge-discovery-17. I believe that the revisions in -20 of the draft address all your concerns. Would you please review draft-ietf-idr-sdwan-edge-discovery-20. Thank you, Susan Hares From: Antoine FRESSANCOURT <antoine.fressancourt=40huawei.com@dmarc.ietf.org<mailto:antoine.fressancourt=40huawei.com@dmarc.ietf.org>> Sent: Wednesday, November 20, 2024 10:26 AM To: Susan Hares <shares@ndzh.com<mailto:shares@ndzh.com>>; Antoine Fressancourt <antoine@aft.network<mailto:antoine@aft.network>>; int-dir@ietf.org<mailto:int-dir@ietf.org> Cc: draft-ietf-idr-sdwan-edge-discovery.all@ietf.org<mailto:draft-ietf-idr-sdwan-edge-discovery.all@ietf.org>; idr@ietf.org<mailto:idr@ietf.org>; John Scudder <jgs@juniper.net<mailto:jgs@juniper.net>> Subject: RE: Intdir early review of draft-ietf-idr-sdwan-edge-discovery-17 Hello, Thanks for your answers to the comments I made in the review of the document. I will answer some requests for clarification and discuss some of your answers inline with the text of your previous message. My comments and answers are prefixed with [AFT]. I stripped some text that was not necessary to understand the discussion from this answer. Best regards, -- Antoine [....] [Discuss-1] * In section 3.3.1, two types of encoding for the Client Route UPDATE messages are given, "Barebones" and Tunnel Encaps Attribute, while they are described only in section 5. [Sue:] RFC9012 defines two forms of a Tunnel Encapsulation attribute: 1: An Extended Community with just the Tunnel ID defined in RFC9012 as "Barebones", 2: a Tunnel Encapsulation Attribute. So, are you asking for these definitions to be reiterated in the definitions? [AFT] In the text, I think that the one paragraph description that basically states what you write in your answer should be placed before the first use or presentation of BGP messages using either encoding. A more detailed description can be avoided with a reference to RFC 9012, but for the sake of clarity, I think positioning this simplified definition before section 3.3.1 is better. ---- [Discuss-2] * In section 3.4, the behavior of the RR mentions authorized BGP peers, but the document does not give an idea about where and how those authorized BGP peers are set. [Sue:] Most BGP drafts concerning RR authorized peers assume local configuration specifies 1. peer address, and b) some secure link. Are you asking that "authorized BGP peers" be defined prior to the use of the term in section 3.4. [AFT] Providing the explanation you give as an answer to this point in the text would make the text clearer in my view. Besides, if this behavior is clearly explained in another document, I think it would be interesting to point to this document as an informative reference. ---- [Discuss-3] * In section 4.2, the text mentions that the RR speaks to the BGP clients over IPSec while section 3.4 mentions a secure transport session (e.g. TLS) Sue: BGP works over Transport layer. Contrary to the actual specification many implementations use TLS or TCP over IP-SEC or other means of securing the text. Would adding this level of detail to section 3.4 resolve this "DISCUSS" level issue? Or are you looking for something else? [AFT] My remark stems from an inconsistency between the text in sections 3.4 and 4.2. For the sake of clarifying, I think that you should clearly state the assumptions you are making about the security and integrity of the channel you are using to convey the BGP messages, and point to the documents describing the secure transport mechanisms you would use. ---- [Discuss-4] * In section 8, the text refers to the IPSec-SA-ID, and assumes it has been set but very little details are given in the document as to how this ID is set, negotiated or provisioned in the IPSec SA endpoints. References are made to other RFCs, but the text would benefit from a description of the mechanism the authors are considering using. [Sue-2] First of all, BGP is not setting up the IPsec tunnel. It is only passing parameters so the tunnel can be set-up. Second, if it is helpful to provide a description of the mechanism, it can be added. However, it seems you have something in mind. Would you mind providing 4 bullet points on what you'd like added. [AFT] The only thing I have in mind is the objective to make the document's text clear enough to allow implementers to develop interoperable implementations
- [Int-dir] Intdir early review of draft-ietf-idr-s… Antoine Fressancourt via Datatracker
- [Int-dir] Re: Intdir early review of draft-ietf-i… Susan Hares
- [Int-dir] Re: Intdir early review of draft-ietf-i… Antoine FRESSANCOURT
- [Int-dir] Re: Intdir early review of draft-ietf-i… Susan Hares
- [Int-dir] Re: Intdir early review of draft-ietf-i… Susan Hares
- [Int-dir] Re: Intdir early review of draft-ietf-i… Susan Hares
- [Int-dir] Re: Intdir early review of draft-ietf-i… Antoine FRESSANCOURT
- [Int-dir] Re: Intdir early review of draft-ietf-i… Antoine FRESSANCOURT
- [Int-dir] Re: Intdir early review of draft-ietf-i… Susan Hares