[IPsec] IP-TFS YANG and MIB Updated
Tero Kivinen <kivinen@iki.fi> Fri, 12 November 2021 19:21 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DBC23A0B55 for <ipsec@ietfa.amsl.com>; Fri, 12 Nov 2021 11:21:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iki.fi
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lZsN6GexEloy for <ipsec@ietfa.amsl.com>; Fri, 12 Nov 2021 11:21:09 -0800 (PST)
Received: from lahtoruutu.iki.fi (lahtoruutu.iki.fi [IPv6:2a0b:5c81:1c1::37]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9A6E3A10EE for <ipsec@ietf.org>; Fri, 12 Nov 2021 11:21:08 -0800 (PST)
Received: from fireball.acr.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: kivinen@iki.fi) by lahtoruutu.iki.fi (Postfix) with ESMTPSA id 6FE7B1B0024B; Fri, 12 Nov 2021 21:21:02 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1636744862; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=q/SajiQojUYAnkRQQuxQjnX2JpQAPhn1ENOT2QQJmxI=; b=ESBaVUFk1sjL3WvgBLfpRSfRTvTzgXqjkf4G+77KzFnT3NIDfizxd9Di8cGNbfrQQm7TbM QR+0kJjmru+SmVqUge/DdeGvyf6YusvrvNL8H5BjqGCIfZxujxIYC3PN8zaezcMwmmcCCt rK1RbdyOi9fNo1safiX6lGRNxyalGOh0X6OJxE7ItDsAsi2LmXQjKKiz9jL3JrB9F7AVqq LztXcCQttQAWoY5gPoQRrV4zbKWUYI1mSmovAgPrC6pLDThKx1ICR22EUAH1KR13G3UUJ7 ho08jkwPsYVpqvdeV0uuKwkXJp+qjZ7CfbEIMd7NkkI5qmqKZZfi/6GErsPO4Q==
Received: by fireball.acr.fi (Postfix, from userid 15204) id 0B50925C12CF; Fri, 12 Nov 2021 21:21:02 +0200 (EET)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <24974.48797.989744.890700@fireball.acr.fi>
Date: Fri, 12 Nov 2021 21:21:01 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: Don Fedyk <dfedyk@labn.net>
Cc: "ipsec@ietf.org" <ipsec@ietf.org>
In-Reply-To: <MN2PR14MB4030C4563988AFEBDBD60C3DBB959@MN2PR14MB4030.namprd14.prod.outlook.com>
References: <MN2PR14MB4030C4563988AFEBDBD60C3DBB959@MN2PR14MB4030.namprd14.prod.outlook.com>
X-Mailer: VM 8.2.0b under 26.3 (x86_64--netbsd)
X-Edit-Time: 27 min
X-Total-Time: 23 min
ARC-Seal: i=1; s=lahtoruutu; d=iki.fi; t=1636744862; a=rsa-sha256; cv=none; b=OivBEDu7cV9aHtYpd6+06ZSBsCuElZOSMBkBPVNfWN0WG5jVDeakeF3bxG3ozPFBp98UiL HzCXyy/cT2ZcrQU7QCZvqeuGy/DSXuALDAYV826ofFd0/9Ie604Eybdap2ljDW+v6U3b+G wEBtBsMWz81aPwSp/IfTsxXJq3jvPZVdt67y56GRvj0QXpcfOnna8GZos2/3OZEf29jRUk 40ZFxs2j1nnNQD5f5DZfgJoCoxK06f5mTgdPysPXXuD8otW/gu8zCoRYJC4B5JZjDntb5P /Kih/mc6ZY5lKLBr+BM9gdF4Kf8i07AuBqK0yixJX252rUlevCoXBdA0lzNJiw==
ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=kivinen@iki.fi smtp.mailfrom=kivinen@iki.fi
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1636744862; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=q/SajiQojUYAnkRQQuxQjnX2JpQAPhn1ENOT2QQJmxI=; b=VG4YROLYKsV8hOMvnxIN2AXcEauT6QPRqyMQuWReUel2MP3sUY9d8ws8tiEwnhqfWST0Mq gTt/JR6WA2358IVcBdVLn6dVj7TXRiyTBwDr6QYlBjY00YN5GIWAfcIquuvlOsahC/ZwLL NMLg8THUVuViE7rmkffm5tX2wPpiT+GTPavOx+yKHy8mVmczyDiuSzuq7REJwTJ+U6CLJV G2CIfggRamCruwAGyO3Uc10TqDcL2TkjbccON22cAtBd+f7/QkHNythf6OY9Qx8nw5q4rz OKS17o6iVJmk/S4mlqZydjsAXhmfO92i5XR2Qgg2PmyZbBSiuOrxeli3MjHoCg==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/PREQ6nW9yMrQkiz8FCIVvj0d--U>
Subject: [IPsec] IP-TFS YANG and MIB Updated
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Nov 2021 19:21:14 -0000
Don Fedyk writes: > https://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-yang-iptfs-03.txt While answering the shepherd writeup question "Briefly describe the review of this document that was perfmed by the Document Shepherd", I had to read this document too, so here are some of my comments to this document: ---------------------------------------------------------------------- leaf dont-fragment { type boolean; default "false"; description "Disable packet fragmentation across consecutive iptfs tunnel packets"; My understanding this only disables small packet fragmentation between two outer fragments, i.e., does not disable it when the inner packet is so big it does not fit on the outer packet? If so adding text "Inner packets that does not fit to outer packets will always be fragmented regardless of this setting, but if dont-fragment is true those fragments do not include any other inner packets". Or if it is other way then add text saying "If this is true then inner packets that are larger than what can be tranmitted in outer packets will be dropped.". ---------------------------------------------------------------------- I would suggest adding text to some settings telling whether they affect transmission or receive. My understanding is that outer-packet-size, tunnel-rate, dont-fragment, and max-aggregation-time are for transmission end. window-size, send-immediately and lost-packet-timer-interval are for the receiver end. Some of those do have the text that explains this clearly, but some of them do not. And then there are settings which affect both, i.e., I think congestion-control is such. Having clear text whether it affects transmission, reception or both in description would make things easier to understand. ---------------------------------------------------------------------- Add comment to the lost-packet-timer-interval to say that "If not using send-immediately then each lost packet will be delayed until this expires", or something like that. It is important that adminstrators understand that this will affect delay visibile through the system. ---------------------------------------------------------------------- Add text to the security considerations section that as IPTFS tries to hide the traffic flows through the network, then of course to be able to read yang/mib statistics of the traffic flows is bad idea... I.e., even read only access to the IPTFS statistics can be used to find out traffic patterns. > https://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-mib-iptfs-01.txt Same changes than in Yang document is needed here too. Also remove the last sentence of the abstract, i.e. I do not think there is no need to say "This is an unpublished work in progress.", in internet drafts, as they are working documents anyways... -- kivinen@iki.fi
- [IPsec] IP-TFS YANG and MIB Updated Don Fedyk
- [IPsec] IP-TFS YANG and MIB Updated Tero Kivinen
- Re: [IPsec] IP-TFS YANG and MIB Updated Christian Hopps
- Re: [IPsec] IP-TFS YANG and MIB Updated Tero Kivinen
- Re: [IPsec] IP-TFS YANG and MIB Updated Don Fedyk