Re: [Isis-wg] WG Last Call for for draft-ietf-isis-pcr
János Farkas <janos.farkas@ericsson.com> Fri, 04 September 2015 15:23 UTC
Return-Path: <Janos.Farkas@ericsson.com>
X-Original-To: isis-wg@ietfa.amsl.com
Delivered-To: isis-wg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B6791ACD0F for <isis-wg@ietfa.amsl.com>; Fri, 4 Sep 2015 08:23:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.9
X-Spam-Level:
X-Spam-Status: No, score=-3.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GJhuJS2MSNMo for <isis-wg@ietfa.amsl.com>; Fri, 4 Sep 2015 08:23:00 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9B151B3094 for <isis-wg@ietf.org>; Fri, 4 Sep 2015 08:22:57 -0700 (PDT)
X-AuditID: c1b4fb2d-f79626d000004282-e6-55e9b74fe133
Received: from ESESSHC001.ericsson.se (Unknown_Domain [153.88.253.124]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id F1.A0.17026.F47B9E55; Fri, 4 Sep 2015 17:22:55 +0200 (CEST)
Received: from [159.107.143.212] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.23) with Microsoft SMTP Server id 14.3.248.2; Fri, 4 Sep 2015 17:22:54 +0200
Message-ID: <55E9B74E.3060407@ericsson.com>
Date: Fri, 04 Sep 2015 17:22:54 +0200
From: János Farkas <janos.farkas@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: Eric Gray <eric.gray@ericsson.com>
References: <48E1A67CB9CA044EADFEAB87D814BFF6448CB62C@eusaamb107.ericsson.se>
In-Reply-To: <48E1A67CB9CA044EADFEAB87D814BFF6448CB62C@eusaamb107.ericsson.se>
Content-Type: multipart/alternative; boundary="------------000604090100040004080905"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrCLMWRmVeSWpSXmKPExsUyM+Jvja7/9pehBhNmWlscPfSe1YHRY8mS n0wBjFFcNimpOZllqUX6dglcGYd6O1kL3v5hrNjwp4exgbHxFGMXIyeHhICJRNO+acwQtpjE hXvr2boYuTiEBI4ySjztncEE4axhlHjXe5INpIpXQFvi8v2fYN0sAioSew7+YgGx2QScJPoX nAazRQWiJI4uucoOUS8ocXLmE7C4iICaxL1FjawgNjPQtq7Vl4EWcHAIC9hL/J/MBxIWEvCV 2LpwDzNImFPAT+L3gWKI6jCJee17mSFK1CQ+vX3IPoFRYBaSBbOQlEHYFhIz559nhLDlJZq3 zoaKa0i0zpnLjiy+gJFtFaNocWpxcW66kbFealFmcnFxfp5eXmrJJkZgMB/c8lt3B+Pq146H GAU4GJV4eBV+vwgVYk0sK67MPcQozcGiJM7bwvQgVEggPbEkNTs1tSC1KL6oNCe1+BAjEwen VAMjg439/nOLcx3Spqw/q5muIDhVQPe+SO434f//bpZvkHz+efKkyo/CXFzXa7JfVuT3uTq0 swV3tNV3dsXIajxY/+rQ9+IVE28ouatmT75rz6m8XXOdW+pFb40HEsZX9t2pFmCNO/7m4ZUb WTOubd++TCTo4Nkm6wtlBYUr9673v377uEXxj1mNSizFGYmGWsxFxYkA5gE/WkcCAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/isis-wg/TbELhA72FaBfUKti_pAQjl235ZE>
Cc: isis-wg@ietf.org
Subject: Re: [Isis-wg] WG Last Call for for draft-ietf-isis-pcr
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/isis-wg/>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Sep 2015 15:23:03 -0000
Hi Eric, Thank you very much for your review and comments! On 9/2/2015 9:39 PM, Eric Gray wrote: > > Authors, > > I have the following comments on the draft… > > We start section 4 with the statement: “An explicit tree is determined > by a Path Computation > > Element (PCE) …” > > I believe that explicit trees may be determined without using a PCE, > even if we might prefer > > to use a PCE. One could, for example, construct one on paper. > I agree. > > I suspect we could say: > > -“Explicit trees may be determined in some fashion. For example, an > explicit tree may be > > determined by a Path Computation Element (PCE) [_RFC4655_]. A PCE is > an entity that is > > capable of computing a topology for forwarding based on a network > topology, its > > corresponding attributes, and potential constraints. If a PCE is > used, it MUST explicitly > > describe a forwarding tree as described in _Section 6.1_. Either a > single PCE or multiple > > PCEs determine explicit trees for a domain. Even if there are > multiple PCEs in a domain, > > each explicit tree MUST be determined only by one PCE, which is > referred to as the owner > > PCE of that tree. PCEs and IS-IS PCR can be used in combination with > IS-IS shortest path > > bridging. > > “The remainder of this section, and subsequent sections, are written > assuming PCE use.” > > A few minor points (reflected in the above re-wording): > > -“MUST be only determined by one PCE” is awkward (implies everything > else has to be done by > > another PCE). > > -“SPB shortest path routing” is either redundant or incorrect. > > -It would be very difficult to re-write the section to avoid > dependence on PCE, but I suspect a > > statement to the effect that PCE is assumed will allow it to be read > without loss of generality. > > -I left out the bit about not being required to follow shortest path > as this seems obvious. > I agree with the wording you propose. I will update the text according to your proposal if there are no further comments on it. > I am not sure how the second paragraph in the security considerations > section is related to security, as > > it is currently worded. > > As I understand it, the issue that the paragraph aims to address has > to do with a vulnerability that may > > exist when multiple PCEs are used and may be independently managed. > In particular, the */importance/* > > parameter could be used maliciously by one PCE to ensure that it gets > reservations. > > This is simply one variation of a general PCE issue; an independently > managed, non-cooperating PCE is > > indistinguishable from a */PCE impersonation/* (in the sense used in > the Security Considerations section of > > RFC 4655). > I agree with your points. I agree that referring to PCE security considerations of RFC 4655 is missing; and adding it makes the security considerations more generic and thus covering the particular case pointed on in the current version. > We may want to consider replacing the current second paragraph with > the following two paragraphs. > > Any mechanism that chooses forwarding paths, and allocates resources > to those paths, is potentially > > vulnerable to attack. The security considerations section of RFC 4655 > describes the risks associated > > with the use of PCE for this purpose and should be referred to. Use of > any other means to determine > > paths should only be used after considering similar concerns. > > Because the mechanism assumed for distributing tree information relies > on IS-IS routing, IS-IS routing > > security considerations (Section 6, RFC 1195) and mechanisms (e.g. – > RFC 5310) used to authenticate > > peer advertisements apply. > I will replace the second paragraph with these ones you suggested if there are no further comments. Thank you and regards, Janos > -- > > Eric > > *Subject: * > > > > [Isis-wg] WG Last Call for for draft-ietf-isis-pcr > > *Date: * > > > > Mon, 24 Aug 2015 09:54:27 -0400 > > *From: * > > > > Christian Hopps <chopps@chopps.org> <mailto:chopps@chopps.org> > > *To: * > > > > ISIS-WG <isis-wg@ietf.org> <mailto:isis-wg@ietf.org> > > *CC: * > > > > Hannes Gredler <hannes@gredler.at> <mailto:hannes@gredler.at> > > Hi Folks, > > We are starting a WG Last Call on the following draft. > > “IS-IS Path Computation and Reservation” > https://datatracker.ietf.org/doc/draft-ietf-isis-pcr/ > > The LC is set to expire 3 weeks from now (allowing for common vacation > time) on Monday, September 14, 2015. > > Thanks, > Chris & Hannes. > > _______________________________________________ > Isis-wg mailing list > Isis-wg@ietf.org <mailto:Isis-wg@ietf.org> > https://www.ietf.org/mailman/listinfo/isis-wg >
- [Isis-wg] WG Last Call for for draft-ietf-isis-pcr Christian Hopps
- Re: [Isis-wg] WG Last Call for for draft-ietf-isi… Jeff Tantsura
- Re: [Isis-wg] WG Last Call for for draft-ietf-isi… János Farkas
- Re: [Isis-wg] WG Last Call for for draft-ietf-isi… Chris Bowers
- Re: [Isis-wg] WG Last Call for for draft-ietf-isi… AshwoodsmithPeter
- Re: [Isis-wg] WG Last Call for for draft-ietf-isi… Paul Unbehagen
- Re: [Isis-wg] WG Last Call for for draft-ietf-isi… Bragg, Nigel
- Re: [Isis-wg] WG Last Call for for draft-ietf-isi… Glenn Parsons
- Re: [Isis-wg] WG Last Call for for draft-ietf-isi… Eric Gray
- Re: [Isis-wg] WG Last Call for for draft-ietf-isi… Fedyk, Don
- Re: [Isis-wg] WG Last Call for for draft-ietf-isi… János Farkas
- Re: [Isis-wg] WG Last Call for for draft-ietf-isi… TOUVE, Jeremy (Jeremy)** CTR **
- [Isis-wg] new revision of draft-ietf-isis-pcr János Farkas