Re: [Isis-wg] AD review of draft-ietf-isis-mi-bis-01

"Les Ginsberg (ginsberg)" <ginsberg@cisco.com> Fri, 17 March 2017 19:55 UTC

Return-Path: <ginsberg@cisco.com>
X-Original-To: isis-wg@ietfa.amsl.com
Delivered-To: isis-wg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC89712947E; Fri, 17 Mar 2017 12:55:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.521
X-Spam-Level:
X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tq0lpCwUS6AO; Fri, 17 Mar 2017 12:55:34 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40D7612940A; Fri, 17 Mar 2017 12:55:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=62904; q=dns/txt; s=iport; t=1489780534; x=1490990134; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=gP+XvBe/RRP0wwAFpdgnjhELkG6BcqaUClMura+56zA=; b=CQMKSMiLtkJDGd1frH5xAhQNTDvhfpX0TCoQpKpkT291DluCwQzHkD2W IPgzrdc6hZJXvbC7Uy9q5nIkRFtsWiPOKz2baJvqJfY2nAL5Sh8vTerX7 u5hqlxYtPvsPbKfeY6shi9dsWGj9EkngSEwc1r1LjewnsIz+1H7ZBr6ex E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CzAQCyPsxY/4ENJK1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgm45KmGBCgeDW4oPkVuIEo0wggsDHwEKhXgCGoJnPxgBAgEBAQE?= =?us-ascii?q?BAQFrKIUVAQEBAQMBARsGCkELEAIBBgIRBAEBIQEGAwICAh8GCxQJCAIEAQ0FC?= =?us-ascii?q?BOJTQMVDpR2nVuCJoczDYMJAQEBAQEBAQEBAQEBAQEBAQEBAQEBGAWGToRvglG?= =?us-ascii?q?CGh+CUIJfBY9bhiaGDjoBiiCDcIQoggSNboFCiE6CEohyAR84gQRYFUGEVx2BY?= =?us-ascii?q?3WISoENAQEB?=
X-IronPort-AV: E=Sophos;i="5.36,178,1486425600"; d="scan'208,217";a="221744098"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 17 Mar 2017 19:55:33 +0000
Received: from XCH-ALN-003.cisco.com (xch-aln-003.cisco.com [173.36.7.13]) by alln-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id v2HJtWHj009591 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 17 Mar 2017 19:55:32 GMT
Received: from xch-aln-001.cisco.com (173.36.7.11) by XCH-ALN-003.cisco.com (173.36.7.13) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Fri, 17 Mar 2017 14:55:32 -0500
Received: from xch-aln-001.cisco.com ([173.36.7.11]) by XCH-ALN-001.cisco.com ([173.36.7.11]) with mapi id 15.00.1210.000; Fri, 17 Mar 2017 14:55:32 -0500
From: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>
To: Alexander Okonnikov <alexander.okonnikov@gmail.com>, Alia Atlas <akatlas@gmail.com>
CC: "draft-ietf-isis-mi-bis@ietf.org" <draft-ietf-isis-mi-bis@ietf.org>, "isis-wg@ietf.org" <isis-wg@ietf.org>
Thread-Topic: [Isis-wg] AD review of draft-ietf-isis-mi-bis-01
Thread-Index: AQHSnzW2SbE6C4ZbzUa6gBdVacKo6KGZTDKwgABdg4D//7GnsIAAVeyA//+7ZKA=
Date: Fri, 17 Mar 2017 19:55:31 +0000
Message-ID: <39fe94a7f181470c8a425d665f34da95@XCH-ALN-001.cisco.com>
References: <CAG4d1reSNUyDZwUN1tB4zJAJcfs40618_x5DpFofr99cQc3B0g@mail.gmail.com> <43be9b6ac3fa41708303a2a352360ab4@XCH-ALN-001.cisco.com> <CAG4d1reoNrr3hz7cw3CiXy2x9-mzERKxQ0rAXeqmQpgmQDMZ2w@mail.gmail.com> <ab82a1390bb84212a2c0ba7a6488b8ce@XCH-ALN-001.cisco.com> <36d3cf47-1d22-4118-96fd-e5e141f73e3f@Spark>
In-Reply-To: <36d3cf47-1d22-4118-96fd-e5e141f73e3f@Spark>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.24.83.223]
Content-Type: multipart/alternative; boundary="_000_39fe94a7f181470c8a425d665f34da95XCHALN001ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/isis-wg/FpLkGnhfTM2Y3uiklQrBQYEttOI>
Subject: Re: [Isis-wg] AD review of draft-ietf-isis-mi-bis-01
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/isis-wg/>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Mar 2017 19:55:38 -0000

Alexander –


From: Alexander Okonnikov [mailto:alexander.okonnikov@gmail.com]
Sent: Friday, March 17, 2017 11:40 AM
To: Alia Atlas; Les Ginsberg (ginsberg)
Cc: draft-ietf-isis-mi-bis@ietf.org; isis-wg@ietf.org
Subject: Re: [Isis-wg] AD review of draft-ietf-isis-mi-bis-01

Hi Alia and authors,

Regarding point 2): This was root of my confusion and reason for submitting Errata ID #4521. Per my understanding a IS-IS circuit is a representaion of layer 2 link for IS-IS, and not a physical circuit itself. For mentioning type of physical media ISO 10589:2002 has another term subnetwork. Early versions of draft-ietf-isis-mi used term "network" (up to -04), which was replaced by "circuit" later. In my mind, term "circuit" creates ambiguity. From IS-IS point of view regular P2P circuit and P2PoverLAN circuit are both P2P circuits. May be it is better to create dedicated section for P2PoverLAN "circuits" to avoid confusion.

[Les:] The word “circuit” was chosen precisely because it is the term used in ISO 10589. You could start with ISO 10589 Section 3.6.3 – and then examine the hundreds of other uses of the term in the document.

Errata ID #4520 was not incorporated fully. Info regarding AllIS MAC was added, but -bis still clarifies usage of standard MACs (for standard instance) and new ones (for non-zero instances) only for IIHs in P2PoverLAN mode. I.e. the draft doesn't specify which MACs should be used for SNPs and LSPs in that mode. From current text we can conclude that for standard instance addresses AllL1IS and AllL2IS could be used on P2PoverLAN. But AllIS could be used as well, and not only for IIH. That is why the errata mentions "PDU", rather than "IIH".

[Les:] RFC 5309 is relaxed in its language on this point. It says (Section 4.1):

“The Multi-destination address including AllISs, AllL1ISs, and
   AllL2ISs, defined in [ISO10589], can be used for link-layer
   encapsulation; the use of AllISs is recommended.”

I have always interpreted this to mean use AllIS for hellos – because Pt2Pt IIHs are not level specific – but use the L1/L2 addresses for SNPs/LSPs which are level specific.
However, a strict interpretation of RFC 5309 allows that AllISs could be used for SNPs/LSPs. I will correct that omission.

However, we did add text specifying the PDU types explicitly, so I believe any confusion on that point has been addressed.

   Les

Thank you.

Alexander

On 17 марта 2017 г., 21:39 +0300, Les Ginsberg (ginsberg) <ginsberg@cisco.com<mailto:ginsberg@cisco.com>>, wrote:

Alia  -

From: Alia Atlas [mailto:akatlas@gmail.com]
Sent: Friday, March 17, 2017 11:13 AM
To: Les Ginsberg (ginsberg)
Cc: isis-wg@ietf.org<mailto:isis-wg@ietf.org>; draft-ietf-isis-mi-bis@ietf.org<mailto:draft-ietf-isis-mi-bis@ietf.org>
Subject: Re: AD review of draft-ietf-isis-mi-bis-01

Hi Les,

On Fri, Mar 17, 2017 at 1:57 PM, Les Ginsberg (ginsberg) <ginsberg@cisco.com<mailto:ginsberg@cisco.com>> wrote:
Alia –

Thanx for meticulous review.
Inline.

From: Alia Atlas [mailto:akatlas@gmail.com<mailto:akatlas@gmail.com>]
Sent: Friday, March 17, 2017 8:47 AM
To: isis-wg@ietf.org<mailto:isis-wg@ietf.org>; draft-ietf-isis-mi-bis@ietf.org<mailto:draft-ietf-isis-mi-bis@ietf.org>
Subject: AD review of draft-ietf-isis-mi-bis-01

As is customary, I have done my AD review of draft-ietf-isis-mi-bis-01.  First, I would like to thank the authors - Les, Stefano, and Wim - for their work on this document.

I do have a few minor issues that need to be fixed ASAP.   I will, however, go ahead and issue a 3 week IETF Last Call for it so that, if the authors act promptly, it can be on the April 13 telechat.


1) This draft pretty clearly should obsolete RFC 6822, but the header claims to merely
update it.

[Les:] OK

 2) Sec 2.6.2: " Point-to-point adjacency setup MUST be done through the use of the
         three-way handshaking procedure as defined in [RFC5303] in order to
         prevent a non-MI capable neighbor from bringing up an adjacency
         prematurely based on reception of an IIH with an IID-TLV for a non-
         zero instance."
     While obviously the 3-way handshake in RFC5303 is fine, given that different MAC addresses are used, I don't see how a non-MI capable neighbor would receive and process an IIH with an IID-TLV where IID != 0.

[Les:] Section 2.6.2 is only talking about true pt-pt media – hence MAC multicast addresses are not relevant. In Section 2.6.1 we discuss the case of operating in Pt-Pt mode on a broadcast circuit:

“When operating in point-to-point mode on a broadcast circuit
   [RFC5309]…”

Thanks - you are completely correct.


 3) In Appendix A:" Clarification that the IID-TLV is only included in Pt-Pt IIHs
   associated with non-zero instances has been added.  This addresses
   Errata ID #4519."
   In Sec 2.6.2, it says "The presence or absence of the IID-TLV in an IIH indicates that the
   neighbor does or does not support this extension, respectively.
   Therefore, all IIHs sent on a point-to-point circuit by an MI-RTR
   MUST include an IID-TLV.  This includes IIHs associated with IID #0." which is a direct
   contradiction and needed since the IID-TLV is used as a capability indication.  The
   simplest solution is to remove the claim from the Appendix.
[Les:] Again, you are confusing Pt-Pt media with Pt-Pt operation on a Broadcast media. Errata 4519 is concerned with Pt-Pt operation on a LAN – and some modest clarifications in Section 2.6.1 were made to more completely cover the latter case.
In the Pt-Pt operation on a LAN case it IS illegal to send IID-TLV in hellos for the zero instance – which Section 2.6.1 explicitly states.

Perhaps the Appendix should say:

“Clarification that when operating in point-to-point mode on a broadcast circuit the IID-TLV is only included in Pt-Pt IIHs
   associated with non-zero instances has been added. ..”

Will this address your concern?

Yes, I didn't go and look up Errata ID #4519 to catch the context of pt-to-pt on broadcast only.   That would make it more of a nit than a minor issue, of course.

This all does imply that:
   a) IIH with IID=0 is a capability advertisement for pt-to-pt links but not pt-to-pt on broadcast.
   b) It is never ok (discarded by receiver) to send an IIH with IID=0 on a pt-to-pt on broadcast.
   c) The capability indicator for being an MI-RTR on a pt-to-pt on broadcast link is whether or not the ALLL1MI-IS or ALLL2MI-IS is listened to or sent on.

I know there is real code and deployments behind this - but that's a bit confusing for trouble-shooting & it would be nice to have it more clearly articulated.
[Les:] From Section 2.6.1:

  MI-RTRs MUST discard IS-IS PDUs received if either of the following
   is true:

   o  The destination multicast address is AllL1IS, AllL2IS, or AllIS
      and the PDU contains an IID-TLV

   o  The destination multicast address is one of the two new addresses
      and the PDU contains an IID-TLV with a zero value for the IID or
      has no IID-TLV.

From Section 2.6.2:

   The presence or absence of the IID-TLV in an IIH indicates that the
   neighbor does or does not support this extension, respectively.
   Therefore, all IIHs sent on a point-to-point circuit by an MI-RTR
     MUST include an IID-TLV.  This includes IIHs associated with IID #0.

[Les:] I think this language is very precise.
It is true that operation in Point-to-point mode on a broadcast media is subtly different than operation on true P2P media – which is why we discuss the two in different sections.
??

4) In the IANA considerations, the references should be updated to point to this document, and most particularly if it obsoletes RFC 6822.

[Les:] Agreed. I did not think I had to state that – I assumed IANA would just do that – but I am happy to add a line in IANA section stating that all references to RFC 6822 should be updated to point to this document.

Yes - we need to do that.


Incidentally, on another reread (checking the above issues) is there a reason that
"The destination multicast address is one of the two new addresses
 and the PDU contains an IID-TLV with a zero value for the IID or
 has no IID-TLV."

doesn't simply name the addresses (ALLL1MI-IS or ALLL2MI-IS)?  I think that'd be clearer - but this is definitely nit.


[Les:] Happy to explicitly call out the specific addresses in the second bullet.

   Les

Let me know if the above changes will suffice and I will spin a new version.

Sounds good.

Thanks,
Alia


   Les

Regards,
Alia

_______________________________________________
Isis-wg mailing list
Isis-wg@ietf.org<mailto:Isis-wg@ietf.org>
https://www.ietf.org/mailman/listinfo/isis-wg