IETF Logo Mail Archive

Re: [Isis-wg] I-D Action: draft-ietf-isis-l2bundles-06.txt

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Thu, 25 May 2017 02:35 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: isis-wg@ietfa.amsl.com
Delivered-To: isis-wg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5EF012948E for <isis-wg@ietfa.amsl.com>; Wed, 24 May 2017 19:35:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KQdjIYqVP5pd for <isis-wg@ietfa.amsl.com>; Wed, 24 May 2017 19:35:55 -0700 (PDT)
Received: from mail-pf0-x236.google.com (mail-pf0-x236.google.com [IPv6:2607:f8b0:400e:c00::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FA9812947D for <isis-wg@ietf.org>; Wed, 24 May 2017 19:35:55 -0700 (PDT)
Received: by mail-pf0-x236.google.com with SMTP id n23so152951709pfb.2 for <isis-wg@ietf.org>; Wed, 24 May 2017 19:35:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=wgYhIKJUfDIumhKPg794mFcJ7BBx7q6KbM5kQd11CIE=; b=Ca8Cu7S2+0PsU9uUyK1m6HhssWkz4jJykweVSSH/hM801emOycy/YLBSgWysfgLpi5 qNGLGAga/3CrH31RvmaxYxiYekx8WVxRp55x2917Ykuh346A3Z8H7xQ+Vwzpa7mLh2Np Qfqjjjm4spaiEPhmHxL3Kbq3KAwiAc+OSt6hPUtDWc5fXv5Ajl5ctsSxwGahQ/w0IGg1 xuJPg56e+DGLi7iT7+vb++rCj8eOx8EVnV5Y+ISPW2kRBBfC3pWLqLA4WB2BV08Bo82O L+/0Hawi9ndVqFs5+H1TMTlvD7esQg+CEdx23T4kiw+KcZo95uFbMpc9UL3xLl7bKzqm vmIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=wgYhIKJUfDIumhKPg794mFcJ7BBx7q6KbM5kQd11CIE=; b=ENjyFDmKfLv8ZPES5WVq6LzxTfV+Dr+5Mq4BtHRz5vJfD52k/lQyYdtO5euhB2SkMt N5GWkqWJybO5vqICx4HPKpkNAPfdUqffgZMCrog03yq6QSV00FNYsLXioHYAJnLX3mUP NDAT2jJmzosMVuGYh3BuWQhpV+3Ggtz1zlQ203B4sFEz3nd9yVNZZYzmkclZFhs5rRrx 02aOIBw5siLsEmRvmYmCuBP5cdwX3tGbyvs/nTZlSRpQ4N3UU4OTDAE/zm+UV5I4zRWo D+B9BA0X0W9v51+BPisoIKfH8P8yWmT3bxONx5JqQfXIX+A2I03MVpJELqz/CqRNUG3B AYmw==
X-Gm-Message-State: AODbwcA2xAlEUvjfWwEl2QY+i1rwzO9lHo9p8ueUVsGXQMCrMNFqrvVE n0v5c3JMsm6NfjLpqxRjNngFbqv/6A==
X-Received: by 10.98.62.86 with SMTP id l83mr42313214pfa.114.1495679754683; Wed, 24 May 2017 19:35:54 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.186.135 with HTTP; Wed, 24 May 2017 19:35:14 -0700 (PDT)
In-Reply-To: <f0893e23975b44228803df5510ad6198@XCH-ALN-001.cisco.com>
References: <149567309799.8624.16080269380002810311@ietfa.amsl.com> <9b951044ae6b4bc69012fffe393ceefc@XCH-ALN-001.cisco.com> <CAHbuEH6fNcTEvt6m5UOk+Qj_+HuzG_HfUpfD=A7zk75xoomtVg@mail.gmail.com> <f0893e23975b44228803df5510ad6198@XCH-ALN-001.cisco.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Wed, 24 May 2017 22:35:14 -0400
Message-ID: <CAHbuEH6yR3zL6WoXUwZ=PyLe5=0TR6wpjyt2Nk4-YArWjsDajA@mail.gmail.com>
To: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>
Cc: "isis-wg@ietf.org" <isis-wg@ietf.org>, Mirja Kühlewind <ietf@kuehlewind.net>, Adam Roach <adam@nostrum.com>, Eric Rescorla <ekr@rtfm.com>, Suresh Krishnan <suresh.krishnan@gmail.com>, "Benoit Claise (bclaise)" <bclaise@cisco.com>, "mjethanandani@gmail.com" <mjethanandani@gmail.com>, Alissa Cooper <alissa@cooperw.in>, "Alvaro Retana (aretana)" <aretana@cisco.com>, Ben Campbell <ben@nostrum.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/isis-wg/7cs6IVErQA_7yI-NXD-K4YU80Lc>
Subject: Re: [Isis-wg] I-D Action: draft-ietf-isis-l2bundles-06.txt
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/isis-wg/>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 May 2017 02:35:58 -0000

Hi Les,

On Wed, May 24, 2017 at 9:39 PM, Les Ginsberg (ginsberg)
<ginsberg@cisco.com> wrote:
> Kathleen -
>
>> -----Original Message-----
>> From: Kathleen Moriarty [mailto:kathleen.moriarty.ietf@gmail.com]
>> Sent: Wednesday, May 24, 2017 6:29 PM
>> To: Les Ginsberg (ginsberg)
>> Cc: isis-wg@ietf.org; Mirja Kühlewind; Adam Roach; Eric Rescorla; Suresh
>> Krishnan; Benoit Claise (bclaise); mjethanandani@gmail.com; Alissa Cooper;
>> Alvaro Retana (aretana); Ben Campbell
>> Subject: Re: [Isis-wg] I-D Action: draft-ietf-isis-l2bundles-06.txt
>>
>> Hi Les,
>>
>> On Wed, May 24, 2017 at 9:16 PM, Les Ginsberg (ginsberg)
>> <ginsberg@cisco.com> wrote:
>> > Folks -
>> >
>> > This revision addresses a number of review comments received during
>> IESG review.
>> >
>> > Here are some responses to some of the points raised by reviewers (all
>> reviewers have been copied on this email I hope).
>> >
>> > 1)Security section has been revised.
>> >
>> > 2)* Appendix A: The length value for "L2 Bundle Attribute Descriptors"
>> > under "TLV for Adjacency #2" is wrong. It says 29 but it needs to be
>> > 32
>> >
>> > This has been corrected - thank you Suresh.
>> > I also changed to using RFC5737 approved addresses in the examples.
>> >
>> > 3)Comments provided by Mahesh in his OPS DIR review and cited by
>> > Benoit have been addressed
>> >
>> > 4)Alvaro commented:
>> >
>> >     " I would like to see some discussion related to the "interface" with these
>> external entities."
>> >
>> > I have added explicit text indicating this is out of scope. To defend this here
>> are several examples:
>> >
>> >    RFC 5305 does not discuss how link attribute information is passed to TE
>> applications
>> >    Protocol documents do not define how information is passed to PCE - we
>> have PCE WG documents for that
>> >    Protocol documents do not define how link state info is passed to
>> > BGP-LS - we write separate BGP-LS drafts for that
>> >
>> > I hope my response suffices.
>> >
>> > 5)Kathleen Moriarty argued that advertisement of
>> >    o  IPv4 Interface Address (sub-TLV 6 defined in [RFC5305])
>> >    o  IPv6 Interface Address (sub-TLV 12 defined in [RFC6119])
>> >    o  Link Local/Remote Identifiers (sub-TLV 4 defined in [RFC5307])
>> >
>> > exposes new security issues.
>>
>> This was a question as opposed to an argument as I was trying to find all
>> possible security issues to assist with adding a security considerations
>> section.  I do see that path exposure is covered by the security
>> considerations in other is-is documents.
>>
>> >
>> > I disagree.
>> >
>> > Interface addresses are associated with the parent L3 link and are already
>> being advertised by IS-IS via existing TE extensions (e.g. RFC 5305, RFC 4205).
>> > Link IDs for the L2 Links which are advertised are readily available today via
>> network management tools.
>>
>> Will these be referenced then in the security consideration section for
>> completeness as it is still an issue?
>>
> [Les:] I did not do this. It is a difficult model to follow when writing a document if one is required to explain everything that is NOT an issue.

Let's try to work through this as it should be easy to resolve.
Walking through the possibilities should help with EKR's discuss too.

This draft does add these sub-TLVs, so I would think some text would
be appropriate, even to say this is already an issue (path and other
information is already exposed since confidentiality is not provided).
The draft adds the lag member identity and disaggregated info, is
there anything that needs to be said about them?  We typically include
text in drafts about security considerations specific to a draft or
include a reference that explains existing known security
considerations with a reference and I see you are the author on
several from is-is that were nicely written (thanks for that).

> The new statement in the draft says:
>
> "No new security issues are introduced by the protocol extensions
>    defined inn this document.  Security concerns for IS-IS are addressed
>    in [RFC5304] and [RFC5310]."

These 2 references are about authentication and the text in prior
drafts that use these references provide an explanation as to why they
are included as references.

RFC7810 and RFC 7891 do include some helpful explanations for the
security consideration section that might serve as good examples to
follow.    I had included the following in my discuss as I thought the
text in this RFC was helpful:

   Security concerns for IS-IS are already addressed in [ISO10589],
   [RFC5304], and [RFC5310] and are applicable to the mechanisms
   described in this document.  Extended authentication mechanisms
   described in [RFC5304] or [RFC5310] SHOULD be used in deployments
   where attackers have access to the physical networks, because nodes
   included in the IS-IS domain are vulnerable.

Thank you,
Kathleen

>
> I believe this is both accurate and complete - and my comments above explain why.
>
>    Les
>
>> Thank you,
>> Kathleen
>>
>> >
>> > 6)The shepherd's report and some reviewers have mentioned that there
>> currently is no OSPF equivalent document.
>> >
>> > This statement is true, but I fail to see how this is relevant to the progress
>> of this IS-IS draft.
>> > It is often the case that equivalent drafts are written for OSPF and IS-IS
>> because the same functionality may be required in deployments using either
>> protocol. However we have never linked the progress of the two documents
>> together - it is often the case that one document is written and proceeds
>> before the other.
>> >
>> > I think it would be quite reasonable for OSPF to support equivalent
>> functionality and it may be that someone - based on real deployment
>> requirements (which is what has driven the writing of the IS-IS draft) - will
>> write such a draft soon. But why this is deemed an issue for the progression
>> of the IS-IS draft is a mystery to me.
>> >
>> > I do want to thank all the reviewers for their time and their diligence. I think
>> the document is significantly improved based on your comments.
>> >
>> >    Les
>> >
>> >> -----Original Message-----
>> >> From: Isis-wg [mailto:isis-wg-bounces@ietf.org] On Behalf Of
>> >> internet- drafts@ietf.org
>> >> Sent: Wednesday, May 24, 2017 5:45 PM
>> >> To: i-d-announce@ietf.org
>> >> Cc: isis-wg@ietf.org
>> >> Subject: [Isis-wg] I-D Action: draft-ietf-isis-l2bundles-06.txt
>> >>
>> >>
>> >> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories.
>> >> This draft is a work item of the IS-IS for IP Internets of the IETF.
>> >>
>> >>         Title           : Advertising L2 Bundle Member Link Attributes in IS-IS
>> >>         Authors         : Les Ginsberg
>> >>                           Ahmed Bashandy
>> >>                           Clarence Filsfils
>> >>                           Mohan Nanduri
>> >>                           Ebben Aries
>> >>       Filename        : draft-ietf-isis-l2bundles-06.txt
>> >>       Pages           : 17
>> >>       Date            : 2017-05-24
>> >>
>> >> Abstract:
>> >>    There are deployments where the Layer 3 interface on which IS-IS
>> >>    operates is a Layer 2 interface bundle.  Existing IS-IS
>> >>    advertisements only support advertising link attributes of the Layer
>> >>    3 interface.  If entities external to IS-IS wish to control traffic
>> >>    flows on the individual physical links which comprise the Layer 2
>> >>    interface bundle link attribute information about the bundle members
>> >>    is required.
>> >>
>> >>    This document introduces the ability for IS-IS to advertise the link
>> >>    attributes of layer 2 (L2) bundle members.
>> >>
>> >>
>> >>
>> >> The IETF datatracker status page for this draft is:
>> >> https://datatracker.ietf.org/doc/draft-ietf-isis-l2bundles/
>> >>
>> >> There are also htmlized versions available at:
>> >> https://tools.ietf.org/html/draft-ietf-isis-l2bundles-06
>> >> https://datatracker.ietf.org/doc/html/draft-ietf-isis-l2bundles-06
>> >>
>> >> A diff from the previous version is available at:
>> >> https://www.ietf.org/rfcdiff?url2=draft-ietf-isis-l2bundles-06
>> >>
>> >>
>> >> Please note that it may take a couple of minutes from the time of
>> >> submission until the htmlized version and diff are available at
>> tools.ietf.org.
>> >>
>> >> Internet-Drafts are also available by anonymous FTP at:
>> >> ftp://ftp.ietf.org/internet-drafts/
>> >>
>> >> _______________________________________________
>> >> Isis-wg mailing list
>> >> Isis-wg@ietf.org
>> >> https://www.ietf.org/mailman/listinfo/isis-wg
>>
>>
>>
>> --
>>
>> Best regards,
>> Kathleen



-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email