[Int-dir] Re: Intdir early review of draft-ietf-idr-sdwan-edge-discovery-17

Susan Hares <shares@ndzh.com> Fri, 03 January 2025 00:57 UTC

Return-Path: <shares@ndzh.com>
X-Original-To: int-dir@ietfa.amsl.com
Delivered-To: int-dir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22327C16940D; Thu, 2 Jan 2025 16:57:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0v8mcu5cWMCd; Thu, 2 Jan 2025 16:57:02 -0800 (PST)
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2094.outbound.protection.outlook.com [40.107.243.94]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA7F3C1654F2; Thu, 2 Jan 2025 16:57:01 -0800 (PST)
ARC-Seal: i=3; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=wKtIWYf9PtgnSLduZjKS6394PqY8OAgphG2BCwpN+1gchG9QWZ1CBALnOGUJEeKB2RS3InL2aP2XAh3TA6G22Ft5XdewCsc+MppDFhAWrRGsR0gHbz09Wk2IjJ05cMu32jhT8UdOBn+QMW+mF+xHiSk9CGv2g7jjy1C0pTamAUYlvYRxLb2qOLn//+jimv2GErJ/4nm6ulmTos8tWpq9ckBQyGLpGpGIEXedsUhwIPjN4u2vmOcWmwmWqZTA22O/G5VD4Z99Os3DH+F4MYnus1uyikbiUe0+oXP6XwJyXJAK+gajCNJUj2JWH9X3GPkkTumKaGf2ZMBT2CbiH9pQ3A==
ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MRLZ3xQ7ARwQPVzXuorZGfrWb486Gauncc4HREMtlCc=; b=kVbaqZHMtXvutiB9sqAsAAVs26UC5Lh+eXNPKaEgyVa5iS/NlAWbWc+FXV0dwhwwsP0ILJ28Jtjm/qUUfQRpyiaay36Bwb9BwlIAsAYE6guE4zClW9sq6B97WTDiM12+XKC+lC5wsbnd8ltNpnDrME7gU0BN/IBl4i10IUTSG0CIiOKK8mVlg8UfTyEezS7+T1Wdb3MGT3M6zPuRkHmH0s00BALNz99yL7F3QruajWPkYHamr6UMEa2CrhBmAqFo3YW11Vw30rTuqVTbJTan40Dje3fq5Fha7cezS+TCgUf5cXyq280n4qYZlZ2LLmLklHPMiK+dS5cdYmlfUlUDcA==
ARC-Authentication-Results: i=3; mx.microsoft.com 1; spf=pass (sender ip is 104.47.66.47) smtp.rcpttodomain=aft.network smtp.mailfrom=ndzh.com; dmarc=bestguesspass action=none header.from=ndzh.com; dkim=none (message not signed); arc=pass (0 oda=0 ltdi=0 93)
Received: from BN9PR03CA0335.namprd03.prod.outlook.com (2603:10b6:408:f6::10) by MW5PR08MB8359.namprd08.prod.outlook.com (2603:10b6:303:1c7::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.11; Fri, 3 Jan 2025 00:56:54 +0000
Received: from MN1PEPF0000ECD9.namprd02.prod.outlook.com (2603:10b6:408:f6:cafe::7c) by BN9PR03CA0335.outlook.office365.com (2603:10b6:408:f6::10) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8314.12 via Frontend Transport; Fri, 3 Jan 2025 00:56:53 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 104.47.66.47) smtp.mailfrom=ndzh.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=ndzh.com;
Received-SPF: Pass (protection.outlook.com: domain of ndzh.com designates 104.47.66.47 as permitted sender) receiver=protection.outlook.com; client-ip=104.47.66.47; helo=NAM12-MW2-obe.outbound.protection.outlook.com; pr=C
Received: from obx-outbound.inkyphishfence.com (35.166.188.152) by MN1PEPF0000ECD9.mail.protection.outlook.com (10.167.242.138) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8314.11 via Frontend Transport; Fri, 3 Jan 2025 00:56:52 +0000
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=inkyphishfence.com; s=arc-20181011; t=1735865811; h=mime-version : message-id : date : subject : to : from; bh=MRLZ3xQ7ARwQPVzXuorZGfrWb486Gauncc4HREMtlCc=; b=ws130YbH++XzcVHTKG0ntIiq+Iu0FI3XApu/vrYHTPA5IY+2bKHj3flocUNgHRAUm7TaS t48h4IbWw/rRpJ4CefUvhRvqSHkQxrcxczLy1VdbUkORfoKlqI405DDgWu7NDPCYcB7+4xl lP97cgq0GUX5lL/vTOj4LeQUveIKEvE=
ARC-Authentication-Results: i=2; obx-inbound.inkyphishfence.com; spf=pass smtp.mailfrom=ndzh.com; dmarc=pass header.from=ndzh.com; dkim=pass header.d=ndzh.com; arc=pass
ARC-Seal: i=2; cv=pass; a=rsa-sha256; d=inkyphishfence.com; s=arc-20181011; t=1735865811; b=h3XK+G5cNRi1RxGOb6CGoOc4HWrpilGLG+eV8Dn9HPhZKMfl9Y89bIwGXq3gvjMJWbMox d4usJKTihYHyxYQIBY+j6gi0guAc1PHB51OPyohp9b+j+ZNfTgRgHxLBkGzQOxfuv9ZbhcH pZwGXZTwSep5IL7YJoCxZUcObg6kbls=
Authentication-Results-Original: obx-inbound.inkyphishfence.com; spf=pass smtp.mailfrom=ndzh.com; dmarc=pass header.from=ndzh.com; dkim=pass header.d=ndzh.com; arc=pass
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12lp2047.outbound.protection.outlook.com [104.47.66.47]) by obx-inbound.inkyphishfence.com (Postfix) with ESMTPS id 3A423C9F2B; Fri, 3 Jan 2025 00:56:51 +0000 (UTC)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ppph26h4iAvBGvpfjFJF5spX0Z/7bqQmBiCot6A7EYn/IrwQZjtt3NfxRBM6k8gQZdjf4cY52OI3FLwKhzabTwi0fgyBt50o2rtJfvlTfmplfLtGAZTFKGKEAZumVKmda9gbcYNfHmY3zhB84dKJsxyicWyoymH0u4VIoH0f7NDTNtO5Eo+qrbagVZlDXlkFeND528oO1fcxXS6cYvtjQN2xcTA6dzSNesNtXsofpQbIkGN8PlWPcj3N2NxsZ8mM27gWZwMhC3qjuOJlfzs/RljYTYfl2KxcqhC8lV7uORhLftYFipsNE0olfuQJ3ihaCvRuNw5KWJUQD8AWk3/dBQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9SZbP5ZNhydWOxSSJUAr6XWVcp27Qgo2/06D+lUYk8c=; b=oUVgas+mS0V88+VCi5vQpi3QQFyejU/VltxcsnOjNqW3KKe9TyCpeLp5ajydQo9HZ0zm1tKqjRUdu6/qizYoom6L3zzdHQgpKQeTnyAw4KupojhyhT+Pcv0jgrRhH2KJy/T5ySufjkfxyDto6dhOoD00a74LJAEVUlRfQgkqnZ7vegqH8e5UgziRTDsNa8T4vvvYQNyh++AzkCmnTs3dF/NqodNY37MuBm9b73O6gU08DokRyjAEYfcnmAqf6COxPU+Vqb1WpQGAlN8AmcjDRD3PGHPvlqc+fZLjWYu1FcnXl6fXn/QaqG3EuEq18rZIamv0ys6KaNmhSNp2ZVz6PQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ndzh.com; dmarc=pass action=none header.from=ndzh.com; dkim=pass header.d=ndzh.com; arc=none
Received: from CO1PR08MB6611.namprd08.prod.outlook.com (2603:10b6:303:98::12) by DS7PR08MB10580.namprd08.prod.outlook.com (2603:10b6:8:251::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.13; Fri, 3 Jan 2025 00:56:43 +0000
Received: from CO1PR08MB6611.namprd08.prod.outlook.com ([fe80::7744:8abd:9769:c2bf]) by CO1PR08MB6611.namprd08.prod.outlook.com ([fe80::7744:8abd:9769:c2bf%7]) with mapi id 15.20.8314.013; Fri, 3 Jan 2025 00:56:43 +0000
From: Susan Hares <shares@ndzh.com>
To: Antoine FRESSANCOURT <antoine.fressancourt=40huawei.com@dmarc.ietf.org>, Antoine Fressancourt <antoine@aft.network>, "int-dir@ietf.org" <int-dir@ietf.org>
Thread-Topic: Intdir early review of draft-ietf-idr-sdwan-edge-discovery-17
Thread-Index: AQHbKrQkaJ7NEvvLt0mbj6ny48K+zrK5Rf0AgAclkYCARBFvcA==
Date: Fri, 03 Jan 2025 00:56:43 +0000
Message-ID: <CO1PR08MB6611203528378729D788CE97B3152@CO1PR08MB6611.namprd08.prod.outlook.com>
References: <173028310233.76447.9399728875049130196@dt-datatracker-84cf84bdcc-xfz57> <CO1PR08MB661184A5784530FF969330DAB3252@CO1PR08MB6611.namprd08.prod.outlook.com> <6dc163bd21a2454191144bc4733f97fd@huawei.com>
In-Reply-To: <6dc163bd21a2454191144bc4733f97fd@huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ndzh.com;
x-ms-traffictypediagnostic: CO1PR08MB6611:EE_|DS7PR08MB10580:EE_|MN1PEPF0000ECD9:EE_|MW5PR08MB8359:EE_
X-MS-Office365-Filtering-Correlation-Id: 3d0ab6a6-a55c-4fc0-4f9e-08dd2b91834e
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;ARA:13230040|10070799003|1800799024|376014|366016|8096899003|38070700018;
X-Microsoft-Antispam-Message-Info-Original: WNMuzOj/9rPH9aeVbz+BgpbIE70A9iAWSAKgpQ2z8mT7MqdkY7hk2yTQ7wtJ3LKcMxOuPNqdLtr4fMRepKJY/2PKo+kuHhbYPh9E4T3EhqUGtg/vYcMISlXcWmbcwjgKWWng9KfYl2A8/OD5wn5APS+18i4mVsQdxyQSuGRbsc6hNP/vHyKla0UVUervsiVl5uTtbVHimHa7HgkfFm2E7ponvBkXt/yMDWU500p9fSNLJejYDlg7bZfYoNSxwrP2Yt3UH9Wsvkr1VQjb54hYgeH3wZrH4m3XWdUHPF1m2kVxMAWk7ropGP79UugSdR1kGsqdWeI/M9pjU2ueTbuTTgXCm/vorgZFOTgOkk8gEfI310ULqLexS2p10G7mYlJYVDKqie/C1EbSj+NFquPceeBueq2UQ3O3lU9orikmWX/KPfeBP13YFX1MdCRC6zj0FKmPcBepAJ9ueMulRxr/QLLhOYwoEATvA6758IcFfR52aMHAg3z75LMzJFaH4erpC0ChYYinFNsIKQjnnnVmzBwCKU4grQVJ5FbAn8S1cHmkBWRqeyIrhDsG+5mgVZLyTKEZigW2hGPqwNzyTkL8vPeTInE4AbOyv0aVr+AaVAhjYEPBVTOj1ouu0FS3fN/UN19+y/S3/2NFW2/EVtm+Te6HA4TrxSM2oSbAC6t++87qd2N1TqaQQL+RhOs9KzM9+2CO9AWvVXP446puwhVHwMDHzla93MFf6BQzhFdnFBuYKUEowmeXtgDNOJ4ocb8QyaxCRpEs5zt52GqDlafVgUoE8PctxO1g/df1QdqaAhQ7oE66pngC14Op//zc2BHhf3/bfiGyjmC0YlrFtlAgZE4Jnzp7ZyXiLdPR+4J5BOwi1fZ8s2mDkbqWeQjC3hiy+kB1GSq8WjWD/k9RhmCKtj3pS1Kcl1KDi0Tja1q+nXwQxPc67uhsa9oDG+c6wDYgBterrEsd6z1MGJdVJOm/b5N8nzN+zxZUW+5icWoUZAYui0WuMiNYzH6cOmWpvvek+GXAF7hSm3JiAGRb5Phv+oYQjkWT4dCfJKWqEcnnbRuO8sXs5OqYqdThnplIQzx+A8RfNQ6B4V1BjmX7nXyvOub75uyaIL6WMwegKJYZ97rKHJUGtA5/6p+utufhwk038u74wEHh+FjLLFMnOTQmVlEjbFgJ6oSNGE0X5Ii66dKkfBw+9lVuelqqePDCCpAOG0lnCstN5w3FlR/sFb9g/6Ef637Pd+bos2d5km1WqgK9AzdU9rFlvKYwaVjmYfsRlccSB03DlPLQWT2V1fORdVfzgbei08fUtlP2d8ZD/RQOVMcvA4CQTkZu+SlU3Na6vwoF+nflKaucuPwhHKZjb/0/7ke7giYQVCPuX5RR/F5K/7G1b82YnVj4MSk9+h7nTXFQlhRZ2EUmznJ7cqP6iiSWAuM3xn14RBQfui6Kf+85v7GCfojNrLx/rKHgQNyx
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO1PR08MB6611.namprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(10070799003)(1800799024)(376014)(366016)(8096899003)(38070700018);DIR:OUT;SFP:1102;
Content-Type: multipart/alternative; boundary="_000_CO1PR08MB6611203528378729D788CE97B3152CO1PR08MB6611namp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR08MB10580
X-Inky-Outbound-Processed: True
X-EOPAttributedMessage: 0
X-MS-Exchange-SkipListedInternetSender: ip=[104.47.66.47];domain=NAM12-MW2-obe.outbound.protection.outlook.com
X-MS-Exchange-ExternalOriginalInternetSender: ip=[104.47.66.47];domain=NAM12-MW2-obe.outbound.protection.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersStripped: MN1PEPF0000ECD9.namprd02.prod.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 1b00e607-c4b7-42a9-0ef4-08dd2b917d8e
X-IPW-GroupMember: False
X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|14060799003|36860700013|156008|82310400026|35042699022|8096899003;
X-Microsoft-Antispam-Message-Info: GmJFS8HTLGofA8gN4RkOQfXYnv/ZM0nUflURQ6xbbhtEsX1qjrK1y+XHV94x+D455DaelyS8tJqUZhq1iv0xJvxl01m1qUtUh1t7zbVm1zVwBE7xI4VvZTriuBfuhUxBicQGKDXfOTxGspaD9jFcJYPxOwql0Pr3m04d1HY6Fa8DF9cQcmH15Zv9wHsizmXDx4Sjt5acpBGO+dPYbyoUDpsWVrpvTvcFw+BmbdOp349e7gEa8YduFT0enBtd54IY1tJ+KsdrGrZLJNysxDxCvNK3UWhMxm/Ov7P3uS7vW2aTVJB2eZqBws/WJ4f4Hjr8tLW9whSEwzStKK3Ok8ApeKzK0UnH42DnZax7nx3yEo/JJ8IN65xIOvInwjELQuJwaPh0U6BGo5/wGiYGUnG5IdVBSV4zky+vZIQbq3dBMyvUk5jNVg81C7Ja46aLzLRWKzmF46ufDfo5p3A6KkRCiVE8z2aq4vop5pv/9Ic7ZWOk2TNeI4BKGX9IE9F/yC2EKMPOvgr1KX8PFgJ6U0JlH+S0pq7U9PMIbttZRP8KyteDa6NxC5o8UeAZIcG4YogW2BQFTggu7a518t+YboNDmDB6jRh2Dlx7Xydew/VrRg0ejvFY2tfkY/oRSxcwxJxC+rjM61rNvNczpFAJzmtVbfDBXXddZcefoZ2uCYPmL1YQCY/3oT6LdbhKXgA/NsPhdLt047zksN3D3JDmr7uFX+VULGW1mUvc7R9iAGgObqRaemwFZmXXGt2fVEZ5NqtvjkWA3Ra9ZuIUTPa5VKje705DroiQ3amS2aI//1VkYro=
X-Forefront-Antispam-Report: CIP:35.166.188.152;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:NAM12-MW2-obe.outbound.protection.outlook.com;PTR:mail-mw2nam12lp2047.outbound.protection.outlook.com;CAT:NONE;SFS:(13230040)(376014)(1800799024)(14060799003)(36860700013)(156008)(82310400026)(35042699022)(8096899003);DIR:OUT;SFP:1102;
X-OriginatorOrg: ndzh.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Jan 2025 00:56:52.7647 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 3d0ab6a6-a55c-4fc0-4f9e-08dd2b91834e
X-MS-Exchange-CrossTenant-Id: d6c573f1-34ce-4e5a-8411-94cc752db3e5
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d6c573f1-34ce-4e5a-8411-94cc752db3e5;Ip=[35.166.188.152];Helo=[obx-outbound.inkyphishfence.com]
X-MS-Exchange-CrossTenant-AuthSource: MN1PEPF0000ECD9.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW5PR08MB8359
Message-ID-Hash: P7Y3QNGBU5NCNBECHV5FWMFDWKLIVD4F
X-Message-ID-Hash: P7Y3QNGBU5NCNBECHV5FWMFDWKLIVD4F
X-MailFrom: shares@ndzh.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-int-dir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-idr-sdwan-edge-discovery.all@ietf.org" <draft-ietf-idr-sdwan-edge-discovery.all@ietf.org>, "idr@ietf.org" <idr@ietf.org>, John Scudder <jgs@juniper.net>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Int-dir] Re: Intdir early review of draft-ietf-idr-sdwan-edge-discovery-17
List-Id: "This list is for discussion between the members of the Internet Area directorate." <int-dir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-dir/lqcHOYxT2zPqcDSv5OcgHNdPYeY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-dir>
List-Help: <mailto:int-dir-request@ietf.org?subject=help>
List-Owner: <mailto:int-dir-owner@ietf.org>
List-Post: <mailto:int-dir@ietf.org>
List-Subscribe: <mailto:int-dir-join@ietf.org>
List-Unsubscribe: <mailto:int-dir-leave@ietf.org>

Antoine:

I want to thank you again for your detailed review.  It helped me decide to rewrite the document instead of limping along with the fractured text.

You should find -19 at:
https://datatracker.ietf.org/doc/draft-ietf-idr-sdwan-edge-discovery/

Some clean-up issues for the RTG-DIR require -20, so I'd like your feedback on the rewrite.    Your DISCUSS level issues and Technical questions are listed below.  See [Sue-3] for answers.

I plan to add the following if you approved:

  1.  definition of authorized BGP peers in section 1.3  (see DISCUSS-2)
  2.  Some comment that underscores that this implementation is only for walled gardens (see DISCUSS-5)


I also tried to edit the NITs, but I missed the following NITS.  These will be addressed in -20.

  1.  Encaps-EC - should be Encap-EC
  2.  * In page 14, section 5.4, "the" is missing in "An SD-WAN VPN ID is same as a client VPN...". - missed
  3.  * In page 14, section 6, a verb is missing in "The hybrid SD-WAN underlay tunnel UPDATE is to advertise the detailed..." - missed
  4.  3rd paragraph in section 11 (Security Considerations) - noted as your page 34, section 11


I've released a -19 with the rewrite, but there are open issues:


  1.  RTG-DIR open issues - that need feedback from implementers.



Section 3.2.2 - There are open issues regarding the interaction between BGP Update Next Hop, Tunnel Encapsulation Egress Endpoint, and the SD-WAN-Node ID.

Due to IDR's rule about implementations, I need to check with the implementers to see what checks are implemented.  At a high level, the BGP Peer originating should be the BGP Update Next Hop for the Update message and the SD-WAN-Node ID.   The Tunnel Egress must be loosely associated with the Port-Local-ID.


Section 3.2 or 3.2.3 - I need to indicate what optional BGP attributes can be associated with the SD-WAN Underly NLRI.


  1.  SEC-DIR - I need to add 2 new abbreviations (IPsec SA and SA) plus a pointer in the Security considerations.
  2.  OPS-DIR  - No additional fixes.
Sue

From: Antoine FRESSANCOURT <antoine.fressancourt=40huawei.com@dmarc.ietf.org>
Sent: Wednesday, November 20, 2024 10:26 AM
To: Susan Hares <shares@ndzh.com>; Antoine Fressancourt <antoine@aft.network>; int-dir@ietf.org
Cc: draft-ietf-idr-sdwan-edge-discovery.all@ietf.org; idr@ietf.org; John Scudder <jgs@juniper.net>
Subject: RE: Intdir early review of draft-ietf-idr-sdwan-edge-discovery-17

Hello, Thanks for your answers to the comments I made in the review of the document. I will answer some requests for clarification and discuss some of your answers inline with the text of your previou
External (antoine.fressancourt=40huawei.com@dmarc.ietf.org<mailto:antoine.fressancourt=40huawei.com@dmarc.ietf.org>)
  Report This Email<https://protection.inkyphishfence.com/report?id=bmV0b3JnMTA1ODY5MTIvc2hhcmVzQG5kemguY29tLzJjZmMxY2UzYWMzNTllMTY0M2NhNmE5MTVmYzMyMjEyLzE3MzIxMTYzNjAuNzc0ODk3Ng==#key=89c6e5ccb71689322eae2a3c356f1e3f>  FAQ<https://www.godaddy.com/help/report-email-with-advanced-email-security-40813>  GoDaddy Advanced Email Security, Powered by INKY<https://www.inky.com/protection-by-inky>


Hello,



Thanks for your answers to the comments I made in the review of the document.



I will answer some requests for clarification and discuss some of your answers inline with the text of your previous message. My comments and answers are prefixed with [AFT]. I stripped some text that was not necessary to understand the discussion from this answer.



Best regards,

--

Antoine



[....]





[Discuss-1]

* In section 3.3.1, two types of encoding for the Client Route UPDATE messages are given, "Barebones" and Tunnel Encaps Attribute, while they are described only in section 5.



[Sue:]  RFC9012 defines two forms of a Tunnel Encapsulation attribute:

1: An Extended Community with just the Tunnel ID defined in RFC9012 as "Barebones",

2: a Tunnel Encapsulation Attribute.

So, are you asking for these definitions to be reiterated in the definitions?



[AFT]

In the text, I think that the one paragraph description that basically states what you write in your answer should be placed before the first use or presentation of BGP messages using either encoding. A more detailed description can be avoided with a reference to RFC 9012, but for the sake of clarity, I think positioning this simplified definition before section 3.3.1 is better.



[Sue-3]: I have placed additional text on page 17 (pdf) in the section 3.1 in the heading "Encoding:".  Is this enough?



[Discuss-2]

* In section 3.4, the behavior of the RR mentions authorized BGP peers, but the document does not give an idea about where and how those authorized BGP peers are set.



[Sue:]  Most BGP drafts concerning RR authorized peers assume local configuration specifies  1.  peer address, and b) some secure link.  Are you asking that "authorized BGP peers" be defined prior to the use of the term in section 3.4.



[AFT]

Providing the explanation you give as an answer to this point in the text would make the text clearer in my view. Besides, if this behavior is clearly explained in another document, I think it would be interesting to point to this document as an informative reference.



[Sue-3]:  Section 1.0 has been rewritten to reestablish the link from draft-ietf-idr-sdwan-edge-discovery-19 to draft-ietf-bess-sdwan-usage.

Section 2.2 has been rewritten to provide the high-level logical example of the mechanisms. Within section 2.2, section 2.2.3 paragraph 2 indicates that existing BGP Update mechanism control how RRs distribute routes.  Section 2.2.4, provides a logical example where we state "RR Policy".  Section 2.6 applies this to SD-WAN segmentation.  These descriptions come before the mechanisms in section 3.   Should I add the term "authorized BGP peers" in the definitions.  What do you think?



[Discuss-3]

 * In section 4.2, the text mentions that the RR speaks to the BGP clients over

IPSec while section 3.4 mentions a secure transport session (e.g. TLS)



Sue: BGP works over Transport layer.  Contrary to the actual specification many implementations use TLS or TCP over IP-SEC  or other means of securing the text.  Would adding this level of detail to section 3.4 resolve this "DISCUSS" level issue?

 Or are you looking for something else?



[AFT]

My remark stems from an inconsistency between the text in sections 3.4 and 4.2. For the sake of clarifying, I think that you should clearly state the assumptions you are making about the security and integrity of the channel you are using to convey the BGP messages, and point to the documents describing the secure transport mechanisms you would use.



[Sue-3:] Section 1.0, paragraph 2 states the assumption of a secure connection between RR and each BGP Peer supporting SD-WAN.  This paragraph states the establishment of the secure channel is outside the scope of the document.   Section 2-4 have been rewritten into a single section (section 2) and references to MEF[70.1], MEF[70.2], and draft-ietf-bess-sdwan-usage-25.  In section 2, Figures 2 and 3 reiterate that the BGP connections to the RR are over secure links or secure transports.   In the new section 2, sections 2.2.3 and 2.6 try to resolve the RR secure transport.



----



[Discuss-4]

* In section 8, the text refers to the IPSec-SA-ID, and assumes it has been set but very little details are given in the document as to how this ID is set, negotiated or provisioned in the IPSec SA endpoints. References are made to other RFCs, but the text would benefit from a description of the mechanism the authors are considering using.



[Sue-2]   First of all, BGP is not setting up the IPsec tunnel.  It is only passing parameters so the tunnel can be set-up.   Second, if it is helpful to provide a description of the mechanism, it can be added.  However, it seems you have something in mind.  Would you mind providing 4 bullet points on what you'd like added.



[AFT]

The only thing I have in mind is the objective to make the document's text clear enough to allow implementers to develop interoperable implementations



[Sue-3]: All section relating to IPsec SA SubTLVs  have been reformatted with a new format that I am proposing (as IDR co-chair) for all BGP Tunnel-encapsulation Attributes.  We have two interoperable implementations of this technology since IDR requires 2 implementations.   We have also discussed a third company switching to this format from their proprietary form.



[Discuss -5]

* In section 11, the text describes "walled garden SD-WAN deployments" but does not state the differences with a more open SD-WAN deployment.

[Sue-3]: There is no plan for "more open" SD-WAN deployments of Secure SD-WAN L3VPN and Secure SD-WAN Links.

The Secure EVPN document  (draft-ietf-bess-secure-evpn-02) discusses this point, but it is not directly linked with SD-WAN.



[Discuss-6]

In general, the document tends to give the detail of the formatting used in the messages and TLVs before describing the protocol mechanism using those

messages. The general understanding of the protocol's mechanism would be improved if this were done the other way round.

[Sue-3]:  RTG-DIR wanted: general description  of protocol mechanisms (section 2), detail of formatting (section 3.1 - 3.3) and details on protocol mechanisms (section 3.4-3.6).  This rewrite follows that document.  Please let me know if this resolves your discuss-6.



[Technical question-1]

* In section 6.1 about the SD-WAN NLRI, it is mentioned that "Route type outside of 1 are out of scope for this document": Are other route types used in

private or experimental deployments? What is the justification for using 2 bytes to carry a route type that is associated a single value in the document's context?



[Sue-3] Let give you a bit more of the background on why we are allowing a different route type.  First let me start with links to existing WG work:

  *   draft-ietf-rtgwg-multisegment-sdwan-01 specifies a changes to the GENEVE header for SDWAN multiple segments.
  *   EVPN uses the Tunnel Encapsulation Attribute (TEA) in BGP to pass the Geneve header information (draft-ietf-bess-evpn-geneve-08).
  *   The EVPN usage of TEA is not fully specified (P.S. I am the IDR co-chair that reviews all TEA drafts).
  *   The Geneve is one encapsulation that might be used within the SD-WAN hybrid tunnel as it bundles tunnel.
  *   It is unclear if the Route-1 format would handle the EVPN with Geneve case.
  *   The work is on-going in IDR, BESS and RTGWG.



[Technical questions 2 (bundled) ]:

* In section 7 about the Extended port attribute TLV, 1 byte is dedicated to both the NAT type and the Encap type to encode 7 and 2 possibilities while the transport network ID and the Routing Domain ID need to be globally unique, which requires space: wouldn't it be possible to reallocate some space from the 2 first fields to give more space to the two later fields?



* In the same section, is it always necessary to carry the Public IP and Public port fields? Can a flag be used to signal the presence of those two fields if necessary?



* In section 7.1.1, in the design of the Underlay Network Transport subsubTLV, why are the connection and port type described rather than their underlying

properties (bandwidth, cost, latency, jitter, packet loss...)? Describing the underlay link's characteristics in a more abstract way could help the TLV be

more generic.



[Sue-3]: One my co-authors reached out to the implementers with your comments.  The implementers agreed they could be more efficient, but the code is deployed.  The implementers may propose new TLV that is more efficient.  However, the current code is deployed.



[IDR chair hat on]: Due to IDR's requirement for implementation and fielding, we do allow for revision and deprecation of the TLVs.

[IDR chair hat off];



* In section 8.5 about the simplified IPSec SA sub-TLV, is it necessary to allocate a full byte to both the Transform and the IPSec mode fields?



[Sue-3]: One my co-authors reached out to the implementers with your comments.  Again, the TLV could be more efficient, but it is deployed.



[Should]

The following are other issues I found with this document that SHOULD be

corrected before publication:



[Should-1]

It is to be noted that Figure 1 extensively uses public IP(v4) addresses.

Proper private addresses should be used for the addresses in the SD-WAN realm,

while public underlay addresses should be clearly marked as example addresses

not to be reused in public deployments



[sue-3]: Section 2 and figure 1 has been rewritten to use logical addresses.



[NIT-comments]

"[MP_REACH_NLRI] - has been removed.

[MEF-70.1] and [MEF70.2] have been added.



NIT Comments related to section 3 and 4 - have bene rewritten.



* In page 6, section 3.3.1, is "[Encap-EC]" a reference to a document, or a

specific section to a document?