IETF Logo Mail Archive

[Int-dir] An IOT DIR review of draft-ietf-anima-autonomic-control-plane

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Mon, 26 February 2018 17:26 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: int-dir@ietfa.amsl.com
Delivered-To: int-dir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C54C12025C; Mon, 26 Feb 2018 09:26:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.53
X-Spam-Level:
X-Spam-Status: No, score=-14.53 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IRhONc5wkzgf; Mon, 26 Feb 2018 09:26:02 -0800 (PST)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AAFC12D77D; Mon, 26 Feb 2018 09:26:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=57301; q=dns/txt; s=iport; t=1519665961; x=1520875561; h=from:to:cc:subject:date:message-id:mime-version; bh=tFZ0xaeUeP7ECzpRSVbK9+qDkHj8Jj483zpVFmrzrvo=; b=cmLs+/AYf1Hao8tz0lJPsbShtMHJVG+mPgCOgIOmzqGGJndekm/BO/kd yNOCN6oW+2hYyjCh5gmUoIqMSwoMutUagxRtrY1LxgN7/wpwlxZUxW58R ZJkNBuRJ+U5mcjIc/N2uKznTVNWVFw0OuOzVKoklpXA79GPH+qUVPvLDq I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AqAQARQpRa/5FdJa1dGQEBAQEBAQEBAQEBAQcBAQEBAYJadWZwMo1sjX6DGJYFFIICCQEjhRCCR1QYAQIBAQEBAQECayiFRA0GTBIBQAE/JgEEAQ0NE4QRZBCtJDqIbYIUAQEBAQEBAQEBAQEBAQEBAQEBAQEBGAWGKIEagVeBZoIfhDwBAQOBUgSGCgWKIggPhnWBW45YCQKHN4EZi0WCD4Vmg2WHD4xRiHcCERkBgS4BHjiBUXAVGSGCMwEQgkEBHIF7jDuBFwEBAQ
X-IronPort-AV: E=Sophos;i="5.47,397,1515456000"; d="scan'208,217";a="142865849"
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Feb 2018 17:25:59 +0000
Received: from XCH-ALN-004.cisco.com (xch-aln-004.cisco.com [173.36.7.14]) by rcdn-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id w1QHPxmY024780 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 26 Feb 2018 17:25:59 GMT
Received: from xch-rcd-001.cisco.com (173.37.102.11) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Mon, 26 Feb 2018 11:25:58 -0600
Received: from xch-rcd-001.cisco.com ([173.37.102.11]) by XCH-RCD-001.cisco.com ([173.37.102.11]) with mapi id 15.00.1320.000; Mon, 26 Feb 2018 11:25:58 -0600
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: iot-dir <iot-dir@ietf.org>, "ops-dir@ietf.org" <ops-dir@ietf.org>, "int-dir@ietf.org" <int-dir@ietf.org>
CC: "anima@ietf.org" <anima@ietf.org>, "draft-ietf-anima-autonomic-control-plane@ietf.org" <draft-ietf-anima-autonomic-control-plane@ietf.org>
Thread-Topic: An IOT DIR review of draft-ietf-anima-autonomic-control-plane
Thread-Index: AdOnCBzSJMKw+zXyQYGzXbZB1Jtadg==
Date: Mon, 26 Feb 2018 17:25:58 +0000
Deferred-Delivery: Mon, 26 Feb 2018 17:25:22 +0000
Message-ID: <449b7e2f10094531b325919710696754@XCH-RCD-001.cisco.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.61.212.148]
Content-Type: multipart/alternative; boundary="_000_449b7e2f10094531b325919710696754XCHRCD001ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-dir/foSfMmYlsI0mM4PadIvT9bcvopM>
Subject: [Int-dir] An IOT DIR review of draft-ietf-anima-autonomic-control-plane
X-BeenThere: int-dir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This list is for discussion between the members of the Internet Area directorate." <int-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-dir>, <mailto:int-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-dir/>
List-Post: <mailto:int-dir@ietf.org>
List-Help: <mailto:int-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-dir>, <mailto:int-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Feb 2018 17:26:08 -0000

Reviewer: Pascal Thubert on behalf of IOT-DIR;



I am an assigned IoT directorate reviewer for draft-ietf-anima-autonomic-control-plane-13.



These comments were written primarily for the benefit of the INT and OPS Areas Directors from the IoT perspective. Document editors and shepherd(s) should treat these comments just like they would treat comments from any other IETF contributors and resolve them along with any other Last Call comments that have been received. For more details on the IoT Directorate, please see https://datatracker.ietf.org/group/iotdir/about/ and for Directorates in general please see https://www.ietf.org/about/groups/directorates/.



I'll be away for  the next 2 weeks and could not finish the review in time for this heavy document, but at least I made it through till the RPL section. In the interest of time, let me share what I already have.



Summary

-------------



The summary of the review is that the document is Ready for Publication, with comments.





Major comments

------------------------



-          " in-band" and "out of band network "

should be defined since it is fundamental to understand that the ACP takes place in the same physical links as the data plane, as opposed to dedicated management ports (correct?);



-          Section 3; the IOT certainly could use an ACP. It would be useful to scope the feature that is proposed in this document, whether it is compatible of not with constrained environments, whether it needs adaptations, point on Michael's enrollment draft. It would also be useful to indicate whether the ACP works between L3 bridges, IOW whether ACP operates the same (over IP) regardless of the packet forwarding layer in the data plane;



-         " Inside the ACP VRF, each node sets up a loopback interface with its ULA IPv6 address"
This is the first time, IPv6 is discussed; would have been nice to introduce that the Node has IPv6, that it needs a ULA and that ACP assigns it. This discussion could be done in conjunction with the comment above;



-         About  "The ttl

parameter SHOULD be 3.5 times the period so that up to three

consecutive messages can be dropped before considering an

-           announcement expired. "

This is the only discussion on the ttl field of the M_FLOOD. Though its meaning is quite obvious, the behavior associated to it should be defined.



-         "In the above (recommended) example the period of sending of the"

Is this RECOMMENDED IOW normative??



-         Text P 25 says "At this time in the lifecycle of ACP nodes, it is unclear whether it

is feasible to even decide on a single MTI (mandatory to implement)

security association protocol across all ACP nodes"

but then P27 "It MUST support ESP

with AES256 for encryption and SHA256 hash and MUST NOT permit weaker

crypto options."

and then "   A baseline ACP node MUST support IPsec natively and MAY support IPsec

via GRE. A constrained ACP node MUST support dTLS.  ACP nodes

connecting constrained areas with baseline areas MUST therefore

support IPsec and dTLS."

Seems that text P25 should go?





-           "Use-ULA: For loopback interfaces of ACP nodes, we use Unique Local

Addresses (ULA), specifically ULA-Random, as defined in [[RFC4193]

with L=1]."

This needs to be more crisp. ULA is defined in RFC 4193 but the term ULA-Random is not. I think you mean that 3.2.2.  of RFC 4193 is the way addresses are formed, if so please say so.  The best practice RFC 8064 recommends use of RFC 7217. I understand that privacy is not a concern but does it hurt? Anyway please point at section 6.10 and 6.11.1.11





-           "

RPL Mode of Operations (MOP): mode 3 "Storing Mode of Operations with multicast support".  Implementations should support also other modes.

Note: Root indicates mode in DIO flow"

Why "should" ? there is no much point supporting the other modes is there? Section 6.11.1.13 says that SRH is not used so this is inconsistent. You only need MOP 2 or 3, 3 is you do multicast which at the moment does not appear to be the case. SO I would MUST a MOP of 2 and MAY a MOP of 3 which is a superset of MOP 2, and that's it (see 6.3.1 of RFC 6550).





-           "The lack of a RPI (the header defined by [RFC6553]), means that the

data-plane will have no rank value that can be used to detect loops.

As a result, traffic may loop until the TTL of the packet reaches

zero. "

Since we have reliable links and no stretch (section 6.11.1.7), loops should be exceedingly rare. It could be recommended to send the DIOs 2-3 times to inform children when losing the last parent. Note that the technique in section "8.2.2.6.  Detaching" of RFC 6550 should be favored over that in section "8.2.2.5.  Poisoning" because it allows local connectivity. Also, It should be said that a node should select more than one parent, at least 3 if possible, and send DAOs to all of then in parallel. This provides multi





-           "ACP nodes MUST perform standard IPv6 operations across ACP virtual

interfaces including SLAAC (Stateless Address Auto-Configuration -

RFC4862])"

They may actually prefer Optimistic DAD RFC 4429 since address duplication is highly improbable as long as you .





Minor comments

------------------------





-         About "[RFC7575] defines the fundamental ...  "

for readability, it may be nicer to indicate the title of an RFC when it is referenced first; e.g. the text above would become

" Autonomic Networking: Definitions and Design Goals" [RFC7575] defines the fundamental ...



-         about "or network plane (there is no well-established name  for this)"

The term network plane is not used again in the document. This text may go away. You may consider using "security and transport substrate" instead, since it is used elsewhere in the document. Also, please be consistent on whether you use hyphen or not and use that globally, e.g. for the above, and pane like in "forwarding plane" or "out of band network ";



-         "data-plen"

Typo?



-         "OAM applications ("Operations Administration and Management)"

Consider using "Operations Administration and Management (OAM) applications " instead; same goes for SDN, ASA, VRF, etc...



-          "   MIC:  "Manufacturer Installed Certificate".  Another word not used in this document to describe an IDevID."

MIC is not used in the document, maybe inform of this equivalence in the IDevID definition instead; same goes for SUDI. Note that UDI is use just once and may not need an entry here.



-               "RPL:  \"IPv6 Routing Protocol for Low-Power and Lossy Networks\".  The routing protocol used in the ACP."

Maybe point on [RFC6550]?


-         "Connecting over non-ACP Layer-3 clouds initially requires a tunnel between ACP nodes."

I understands that it is one tunnel between each pair of adjacent ACP nodes, correct? I read "a tunnel" as an end-to-end tunnel, which sounds different



-          "ACP relies on group security"

Add "The"



-          "An ACP node MUST have keying

   material consisting of a certificate (LDevID), with which it can

     cryptographically assert its membership in the ACP domain and trust

     anchor(s) associated with that certificate with which it can verify

     the membership of other nodes (see Section 6.1.2)."

This is convoluted. Could you make it 2 sentences?



-         "  Note: LDevID ("Local Device IDentification") is the term used to

     indicate a certificate that was provisioned by the owner of a node as

opposed to IDevID ("Initial Device IDentifier") that may has been

loaded on the node during manufacturing time.  Those IDevID do not

include owner and deployment specific information to allows autonomic

establishment of trust for the operations of an ACP domain (e.g.:

between two ACP nodes without relying on any third party)."

LDevID was already defined in the terminology. This text may move there or go away.



-          "   This document uses the term ACP in many places where its reference

document use the word autonomic."

Add [RFC7575] after "reference document"





-          "   "routing-subdomain" is the autonomic subdomain that is used to

calculate the hash for the ULA prefix of the ACP address of the node."

Do you mean ULA suffix?



-          "   o  If the node certificates indicate a CDP (or OCSP) then the peer's

certificate must be valid according to those criteria. e.g.: OCSP

check across the ACP or not listed in the CRL retrieved from the

CDP."

Please define CDP and OSCP, and/or reference a RFC is possible.

Helper: Online Certificate Status Protocol (OCSP)  Certificate Revocation List (CRL) Distribution Point (CDP)



-          "enrolment"

Typo



-          "This can

use a single GRASP M_FLOOD message as shown in above example."

Actually the example is now below. Please reference the figure.



-           "The protocol could for example could have been"

Typo





-           "if the IPsec connecting"

Typo?



-           "ACP wide service discovery"

ACP-wide


-           "if the IPsec connecting In most other solution

designs such distributed discovery does not exist at all or was added

as an afterthought and relied upon inconsistently"

Consider removing or rephrasing : )



-         Maybe consider moving the discussion on multicast P29 -30 to annex? Why Multicast is not used is an interesting discussion but not critical for the protocol operation.



-           "it is not quite clear yet what exactly the implications are

to make GRASP flooding depend on RPL DODAG convergence and how

difficult it would be to let GRASP flooding access the DODAG

information"

Let's chat then. There's work on reliable multicast for RPL using BIER.



-         "In the terminology of GRASP ([I-D.ietf-anima-grasp]), the ACP is the

security and transport substrate for the GRASP instance run inside

the ACP ("ACP GRASP"). "

"running" inside the ACP? Maybe rephrase more globally?

-





-           "OAM protocols no not require IPv4: The ACP may carry OAM "

Typo no->do





-           "Consider a network that has multiple NOCs in different locations.

Only one NOC will become the DODAG root.  Other NOCs will have to

send traffic through the DODAG (tree) rooted in the primary NOC."

A figure would help. I remember all the discussions we had about setting the prf bits in remote NOCs





-           "RPPL."

Typo





-           "Administrative Preference ([RFC6552], 3.2.6  "

The section is correct but that is RFC 6550.





-           "This is a standard issue

with tunneling, not specific to running the ACP across it."

Do you really mean Standard or would Classical work better?





-           "Even though loopback interfaces where originally d"

Typo Where -> were







-         Section 3, 4, 9 and 10 may move to Annex (by moving the section after the </references> tag) since they are not normative and do not contribute to the understanding of the protocol. This way there should not be a need to indicate normative in other sections.



-         Well Noted that Section 14 Will be removed/.





Sorry for being interrupted here,



Pascal

v2.23.0 | Report a Bug | By Email