IETF Logo Mail Archive

Re: [Isis-wg] ISIS-autoconf-04 submitted //FW: New Version Notification for draft-liu-isis-auto-conf-04.txt

"Les Ginsberg (ginsberg)" <ginsberg@cisco.com> Sun, 19 July 2015 20:19 UTC

Return-Path: <ginsberg@cisco.com>
X-Original-To: isis-wg@ietfa.amsl.com
Delivered-To: isis-wg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93D1F1B2BFE for <isis-wg@ietfa.amsl.com>; Sun, 19 Jul 2015 13:19:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mbtiGcoh2Cmz for <isis-wg@ietfa.amsl.com>; Sun, 19 Jul 2015 13:19:11 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECEC81B2BF7 for <isis-wg@ietf.org>; Sun, 19 Jul 2015 13:19:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11099; q=dns/txt; s=iport; t=1437337150; x=1438546750; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=U8pL8gmhvYZx4jP/vD+ZmXsMqvCs4VBVqV7rNfJC8DU=; b=cIP+6syb1ZHtWScgBjlO31b4t87TtIPswn2aFS0JOQOHo9105aIfadC0 1S3FSz6H03JGVlDkEqAagBKMzs3vE5IAbGXk7sEwJ75fcuqLIjyq1/N0C jGjUM+8Oa/bruyTqD5Dj+/NsBF7pHKMz8DSPanu2OcBZ1mPe9MFSz7J9K 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BIBQAjBaxV/5BdJa1TBgODE4E9Brtoh2wCgRs5EwEBAQEBAQGBCoQjAQEBBDo6Aw4EAgEIEQQBAQsOBgkHMhQIAQgCBAESCIgmxGEBAQEBAQEBAQEBAQEBAQEBAQEBAQEXikqBAoQqKzgGBgUHgn+BFAEEjDiEf4MbAY1jhBqPSYNhJmOBKgEbFYE+b4EEJB+BBAEBAQ
X-IronPort-AV: E=Sophos;i="5.15,504,1432598400"; d="scan'208";a="170105792"
Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by alln-iport-7.cisco.com with ESMTP; 19 Jul 2015 20:19:09 +0000
Received: from xhc-rcd-x06.cisco.com (xhc-rcd-x06.cisco.com [173.37.183.80]) by rcdn-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id t6JKJ9qd003749 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sun, 19 Jul 2015 20:19:09 GMT
Received: from xmb-aln-x02.cisco.com ([169.254.5.220]) by xhc-rcd-x06.cisco.com ([173.37.183.80]) with mapi id 14.03.0195.001; Sun, 19 Jul 2015 15:19:09 -0500
From: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>
To: "Liubing (Leo)" <leo.liubing@huawei.com>, "isis-wg@ietf.org list" <isis-wg@ietf.org>
Thread-Topic: ISIS-autoconf-04 submitted //FW: New Version Notification for draft-liu-isis-auto-conf-04.txt
Thread-Index: AQHQmsUvhOb/9lHMUk2S32rA0gaCAZ2+NYzwgBSD/NCACOMe8IACA39ggAXnN1A=
Date: Sun, 19 Jul 2015 20:19:08 +0000
Message-ID: <F3ADE4747C9E124B89F0ED2180CC814F5949AD72@xmb-aln-x02.cisco.com>
References: <8AE0F17B87264D4CAC7DE0AA6C406F45A678E17E@nkgeml506-mbx.china.huawei.com> <F3ADE4747C9E124B89F0ED2180CC814F5947F857@xmb-aln-x02.cisco.com> <8AE0F17B87264D4CAC7DE0AA6C406F45C220267E@nkgeml506-mbx.china.huawei.com> <F3ADE4747C9E124B89F0ED2180CC814F5949536D@xmb-aln-x02.cisco.com> <8AE0F17B87264D4CAC7DE0AA6C406F45C2212AA1@nkgeml506-mbx.china.huawei.com>
In-Reply-To: <8AE0F17B87264D4CAC7DE0AA6C406F45C2212AA1@nkgeml506-mbx.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.24.113.148]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/isis-wg/StudTno6peMSGRzOq-Uwzd7GTLI>
Subject: Re: [Isis-wg] ISIS-autoconf-04 submitted //FW: New Version Notification for draft-liu-isis-auto-conf-04.txt
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/isis-wg/>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Jul 2015 20:19:13 -0000

Bing -

> -----Original Message-----
> From: Liubing (Leo) [mailto:leo.liubing@huawei.com]
> Sent: Thursday, July 16, 2015 11:41 PM
> To: Les Ginsberg (ginsberg); isis-wg@ietf.org list
> Subject: RE: ISIS-autoconf-04 submitted //FW: New Version Notification for
> draft-liu-isis-auto-conf-04.txt
> 
> Hi Les,
> 
> Thanks for your quick response! Please see inline.
> 
> > > > 2)What you have written in the draft defines a way to make
> > > > conflicts low probability and defines a means of resolving
> > > > conflicts when they occur - but it does not attempt to minimize
> > > > the occurrence of system-id changes for a router once it has become
> fully operational.
> > > > This should also be a goal. To make this a reality I propose some
> > additions:
> > > >
> > > > Define a "startup mode" wherein a router does not start
> > > > advertising neighbors/reachability and/or sets the OL bit until
> > > > after an initial delay has expired. During this time it acquires
> > > > the LSPDB and verifies that duplicate system-id is not detected.
> > > > If duplicate system-id is detected we make the starting node the
> > > > one which changes its system-id regardless of fingerprint content.
> > > > This has minimal impact on a running network because the startup
> > > > node is not yet being used for forwarding traffic. Once duplicate
> > > > system-id has been resolved (if
> > > necessary) the router begins normal operation.
> > > >
> > > > If two routers are both in startup mode (or both NOT in startup
> > > > mode) and duplicate system-id is detected then we use the rules
> > > > set forth in the draft to determine which one changes its
> > > > system-id based on
> > > fingerprint.
> > > >
> > > > Indication of being in startup mode can easily be included in the
> > > > fingerprint TLV with a flag.
> > >
> > > [Bing] I thinks it is a thoughtful complementary. Very good idea.
> > > But I have a concern: anyway the duplication is a corner case, the
> > > initial delay might slow down the overall speed of auto-configuring
> > > the network? Is it worth to have the cost to fulfill the corner case?
> > >
> > [Les:] I don't believe there is a speed requirement as regards
> > bringing up a new node. The network has been running fine w/o the new
> > node - if after the new node comes up we delay using it  for
> > forwarding for a period long enough to ensure that LSPDB sync has been
> > achieved and possible disruption to forwarding caused by duplicate
> > system-ids is guaranteed to be avoided this seems to me be a positive
> without any negatives.
> >
> > Using such delays on startup is a well-established practice - see RFC
> > 3277. In the case of auto-configured networks we are less concerned
> > about BGP convergence and more concerned w avoiding unnecessary IGP
> > disruption caused by duplicate system-id.
> 
> [Bing] For a new node that joining an existing autoconf network, I also agree
> the delay should be a positive without negatives.
> But my concern was mostly for the scenario that several (or even more)
> routers initiate at the same timeslot, which means they will all delay, then
> the LSPDB won't be built for a while, then they can't do the duplicate
> detecting according to LSPDB... it seems a temporary break there and I'm a
> bit confused how long should they waiting for to stop the break?
> 
[Les:] New/restarting nodes still generate and flood LSP #0 as a minimum - which will have the fingerprint TLV - so duplicate system-id detection can still be done - which of course is essential. The delay proposal does not compromise duplicate detection in any way. What it does do is minimize disruption caused by a node assuming an identity before it has been able to perform duplicate detection - and it also prevents a node being used for forwarding before that node has had time to acquire the full LSPDB.

> 
> > > >   3.  NET duplication detection and resolution
> > > >
> > > > LES: More correctly "NET" should be replaced by "system-id".
> > > [Bing] It is indeed essentially the sys-id duplication problem. My
> > > previous concern is that NET is a complete entity and sys-id is only
> > > a key
> > part of it.
> > > But considering your comments regarding to Section 3.3 below, I
> > > think it's right to revise it as sys-id. Thanks.
> >
> > [Les:] This (mis)perception comes from the unfortunate (but
> > widespread) practice of using a single configuration command "net" .
> > Functionally what is required is:
> >
> > 1)Configure one or more area addresses 2)Configure a system-id
> > 3)n-selector does not need to be configured since it MUST be "00"
> >
> > Using a single "net" command introduces confusion and leads to silly
> > requirements like "when multiple nets are configured the system-id
> > MUST be the same in all of them".
> > I don't expect configuration commands to be changed, but we do need to
> > understand what the actual protocol requirements are.
> 
> [Bing] Thanks for your elaborate explanation. It's much clearer for me now.
> 
> > > [Bing] The logic is this:
> > > 1. At the initial stage, there is not much entropy for generating a
> > > high quality Fingerprint. (This is the feedback from the
> > > implementation team.) 2. Then, very unfortunately, the sys-id and
> > Fingerprint both duplicated.
> > > 3. At the time the Double-Duplication is detected, there should be
> > > enough entropy (e.g. lots of random packets, LSP num etc.) to make
> > > tiebreaker of the duplication.
> > > Does this sound reasonable for you?
> >
> > [Les:] I would prefer that we define a robust fingerprint. This is not
> > that difficult.  If there are concerns about the difficulties please
> > make them public.
> 
> [Bing] It's not difficult to "define" one, but for small devices, there is some
> practical difficulties.
> I'll initiate another thread to discuss this issue.
> 
> > > > Section 3.4.1.  Authentication TLV
> > > >
> > > > LES: If security is a real concern I think cleartext password has
> > > > been proven to be of not much value. I would suggest that you
> > > > provide the ability to specify a password which would be used in
> > > > MD5 authentication (RFC 5304) or perhaps Generic Crypto (RFC
> > > > 5310). If security is not a concern, then no password/authentication is
> fine.
> > > > If you choose a unique area address then it is unlikely that a
> > > > non-autoconf router would be configured w the same area address so
> > > > you
> > > would never form an adjacency with it.
> > > [Bing] The Auth TLV is not for security, but just for preventing
> > > non-autoconf routers joint in the autoconf area.
> > > A unique area address is also an alternative, let us discuss it when
> > > do the next version. Thanks for your suggestion.
> >
> > [Les:] You already have chosen a unique area address. (If someone
> > thinks "00.0000.0000.0000" is in use in networks today it would be
> > good to know
> > that.) To me the point of adding authentication is either because we
> > don't think unique area address is sufficient for a given deployment
> > and/or we are worried about attackers. Supporting cryptographic
> > authentication allows us to address both issues - plaintext password does
> not.
> 
> [Bing] I'll consider to use cryptographic authentication carefully when do the
> next version.

[Les:] As discussed on a side thread, the problem w the current content is that you make cleartext password a MUST. Since the protocol does not support multiple authentication TLVs in a PDU this makes the use of cryptographic authentication not possible. I think you need to allow choices here:

  o Run w/o authentication
  o Run w authentication - the type and key subject to provisioning

> 
> > > > Also, there is more to wide metrics than 1 TLV. For completeness
> > > > you should specify the list of TLVs which can/cannot be used (TLV
> > > > 22, 135, etc.). Also, are you forbidding the use of MT (e.g. TLV
> > > > 222, 235, etc.)?
> > > [Bing] Well, my thought was that except for the explicitly mentioned
> > > TLVs, the others are all NOT supposed to use.
> >
> > [Les:] Not sure what you mean here. But I think the draft should be
> > clear on what TLVs are allowed and which are not. The text as written
> > suggests (I am sure unintentionally) that you are only talking about TLV 22.
> 
> [Bing] Ok, explicitly listing the supported/unsupported TLVs should be good.
> 
> > > > Section 3.4.3.  Dynamic Host Name TLV
> > > >
> > > > LES: "vendor" or "device type" won't provide uniqueness - not very
> > > > helpful to have a bunch of devices all named "vendor-a". Serial #s
> > > > - while likely unique - might be reasonable - assuming they are
> > > > less cryptic than the chosen system-id - which is debatable.
> > > > Unless there is a convenient way to get a name that the user can
> > > > easily recognize I don't
> > > see much value here.
> > > [Bing] My thought on this TLV is "Better Than Nothing". At least it
> > > is not harmful. Does this make sense for you?
> >
> > [Les:]  Having multiple ISs advertising the same hostname (which is
> > likely what would happen if you used manufacturer name) is decidedly
> > "worse than nothing".
> 
> [Bing] I agree that in theory the manufacturer name uniqueness are not
> guaranteed. But I believe most of the time the uniqueness should be
> sufficient in practice. Even if the uniqueness is broken, I also can't really see
> essential harm. Would you elaborating a bit more about what the worse
> thing you referred to?
> 
[Les:] It is quite likely that multiple devices from the same manufacturer will be in a network. This then leads to multiple devices with the same hostname but different system-ids. I think this is confusing - not clarifying.

   Les

> > > > Section 3.5.2.  Co-existing with Other IGP Auto-configuration
> > > >
> > > > LES: So what you stated in Section 2 about "Interworking with
> > > > other routing protocols" being out of scope apparently isn't true??
> > > > Otherwise why did you write this section?
> > > [Bing] This is some complementary explanation of the Section 2
> > > relevant item. Although it is out of scope, it is a reasonable
> > > practical issue, and there had been some people raised this problem,
> > > so we thought it might be worth to specifically explain this.
> > >
> > [Les:] Problem is I cannot tell if you are saying:
> >
> > 1)This is unsupported
> > 2)This is forbidden
> > 3)This is allowed but not recommended
> >
> > ???
> >
> > Note that you say (emphasis added):
> >
> >  " decide  which IGP to be used, or EVEN BOTH."
> [Bing] For this document, it is clearly 1) This is unsupported. I'll make it more
> explicit.
> 
> 
> Best regards,
> Bing
> 
> >    Les
> >
> > > Best regards,
> > > Bing
> > >
> > > >    Les
> > > >

v2.30.2 | Report a Bug | By Email | System Status