RE: AD review of draft-ietf-l2vpn-vpls-inter-domain-redundancy
"Adrian Farrel" <adrian@olddog.co.uk> Tue, 25 March 2014 21:35 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: l2vpn@ietfa.amsl.com
Delivered-To: l2vpn@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com
(Postfix) with ESMTP id D88571A020A for <l2vpn@ietfa.amsl.com>;
Tue, 25 Mar 2014 14:35:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.553
X-Spam-Level:
X-Spam-Status: No, score=-100.553 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_DNSWL_NONE=-0.0001,
USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xQb6Tp2HWZiy for
<l2vpn@ietfa.amsl.com>; Tue, 25 Mar 2014 14:35:51 -0700 (PDT)
Received: from asmtp3.iomartmail.com (asmtp3.iomartmail.com [62.128.201.159])
by ietfa.amsl.com (Postfix) with ESMTP id 7CFE91A0239 for <l2vpn@ietf.org>;
Tue, 25 Mar 2014 14:35:51 -0700 (PDT)
Received: from asmtp3.iomartmail.com (localhost.localdomain [127.0.0.1]) by
asmtp3.iomartmail.com (8.13.8/8.13.8) with ESMTP id s2PLZlKf032751;
Tue, 25 Mar 2014 21:35:47 GMT
Received: from 950129200 (110.26.90.92.rev.sfr.net [92.90.26.110])
(authenticated bits=0) by asmtp3.iomartmail.com (8.13.8/8.13.8) with ESMTP id
s2PLZhFn032724 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO);
Tue, 25 Mar 2014 21:35:44 GMT
From: "Adrian Farrel" <adrian@olddog.co.uk>
To: <draft-ietf-l2vpn-vpls-inter-domain-redundancy.all@tools.ietf.org>
References: <0aaa01cf45f0$7d04ae00$770e0a00$@olddog.co.uk>
In-Reply-To: <0aaa01cf45f0$7d04ae00$770e0a00$@olddog.co.uk>
Subject: RE: AD review of draft-ietf-l2vpn-vpls-inter-domain-redundancy
Date: Tue, 25 Mar 2014 21:35:44 -0000
Message-ID: <058701cf4872$2fba16b0$8f2e4410$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQKieMH6bvwQq0oDr/K5WljRkwwysplL8ZDA
Content-Language: en-gb
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-7.1.0.1576-7.5.0.1017-20590.002
X-TM-AS-Result: No--21.308-10.0-31-10
X-imss-scan-details: No--21.308-10.0-31-10
X-TMASE-MatchedRID: 0lhM5bBmjEPDBNgbKIiiTNcjCbPZgQnFVBDQSDMig9GqvcIF1TcLYJeH
ngu3cs4aGMrKFHETdu+D7UvrJ8XOlf4GKSgC8lFBuZH4LSX2+NXSde/CNbaZJT3BZApXJkDbU3j
5b+ANUdaavUm6HGB5QsEHPFrTYF+Javi5Lq9+Ha2ZroPNdqiG8xkqnRJng/51jm39dGqS3Emnu5
5oSQOpM0EWhPXjHKBJXzx2gLhaxlpdpLkh5p97g691/YHX0i1lFJFr2qlKix+TMTaQzhvoetEQL
JPlYQqEnk1jFb+oKs1KXJ8NJvKIE4YVwcymvpbawCZxkTHxccnyVbjbSjLWDFpbYq2f4jz+0SJA
i0ZG7erHsoX+/PyGQxiQhZYtD6u56/+PexXxb2aNZ7kc4Uq+47qGBW9J0YqjtFYPjJ0hNhg88Ss
oFhya/1cFRoO05Tn4nQ3vRvq5Kl8rOJFe5eLTz1VN8laWo90MlnrMq7Sriu0sugxReYWqZiksjJ
eAae2uLjPf4dSfTta8i/LKnbDb5vPkRsdO/vI/ZlRzaO1xpJ1x9T7TIgq5hbStxTlX+hJ7tNMq9
uo9SGQQGig3eNboCwlrdcpmT9Q99CS+xcdz/hZsG7r4Qh7N3FaOJcCxVHYrpcn28zKwP8IHam+X
wtBHJd+mUZy4LP52MFGjWhwUm9sX8+K+77XxXU3dRRsh/h6yKVrLOZD1BXSrzPs85fwUk2n+Zkl
yqxAE0nDC+xZj79Bw21dWyFoYdk1+zyfzlN7y/sToY2qzpx6x5amWK2anSPoLR4+zsDTtAqYBE3
k9Mpw=
Archived-At: http://mailarchive.ietf.org/arch/msg/l2vpn/Gs22hRAod5uM5OCgBAa5j2ER_7U
Cc: l2vpn@ietf.org
X-BeenThere: l2vpn@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: adrian@olddog.co.uk
List-Id: Layer 2 Virtual Private Networks <l2vpn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l2vpn>,
<mailto:l2vpn-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/l2vpn/>
List-Post: <mailto:l2vpn@ietf.org>
List-Help: <mailto:l2vpn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l2vpn>,
<mailto:l2vpn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Mar 2014 21:35:54 -0000
Hi, I just want to add to these comments that the Security AD's review of draft-ietf-pwe3-iccp reads... > The > security model relies upon physical security with some (not great) > provisions for authentication and access controls (address filtering, > anti-spoofing, MD5 authentication). Monitoring provides the ability to > catch a problem if a security breach arises s was described in the > response to the SecDir review. Our threat models and understanding of > them continues to evolve with service providers being a major target, as > well as administrators. Stronger authentication options and session > encryption should be considered if a redesign as suggested in other IESG > reviews is done. This suggests that your work should not simply lean on the security considerations of draft-ietf-pwe3-iccp because they will not be considered to be sufficient for wider deployment in the Internet. Thanks, Adrian > -----Original Message----- > From: L2vpn [mailto:l2vpn-bounces@ietf.org] On Behalf Of Adrian Farrel > Sent: 22 March 2014 17:02 > To: draft-ietf-l2vpn-vpls-inter-domain-redundancy.all@tools.ietf.org > Cc: l2vpn@ietf.org > Subject: AD review of draft-ietf-l2vpn-vpls-inter-domain-redundancy > > As is my usual practice, I am doing a review of your document as AD to > support the publication request from the WG chairs. Thanks to Lizhong > for answering my early questions. I understand the intention of the > document and have a number of updates that I think you need to make to > improve the quality and direction of the work. > > FWIW I disagree with Lizhong that this is not a protocol specification. > This document specifically gives instructions of process that an > implementation has to follow (look at Section 5.3) and those procedures > will change what messages the implementation sends. That means that the > text changes what happens on the wire. So, although there are no bits > and bytes changes, this is a protocol specification. > > I have put the document into "Revised I-D Needed" state. When I see a > new revision, I'll move it forward. In the meantime, you should feel > free to debate any of these points with me if you disagree. > > Thanks for the work, > Adrian > > ========== > > It would be really nice to fix idnits > > --- > > Please check the text for acronyms that have not been expanded. > > --- > > Several places in the text (but not the boilerplate) please > s/draft/document/ > > --- > > I can't see how this is a BCP. I realise that RFC 2026 section 5 is not > really clearly written, but this is a technical spec that describes how > to build a particular function in the network. Standards Track would be > just fine (even though there are no bits and bytes defined) because you > are defining procedures (using 2119 language) that an implementation has > to perform to make this function work (i.e., interoperate). > > --- > > Section 1 > > Please give a little more information about what the "solution" is. You > don't need to go into full detail, but you do need to give some > overview. Things I'd like to see covered... > - motivation is to provide service protection mechanisms in the event of > edge node failure > - basic mechanism is to provide edge node redundancy > - solution is dependent on the use of ICCP (with reference) to > coordinate between redundant edge nodes > - no changes to any protocol message formats are needed for this > solution and no new protocol options are defined > - this solution is a description of how existing protocol building > blocks may be deployed to achieve the desired function, but also > defines implementation behavior necessary for the function to work. > > --- > > Section 4 > > 3/PE4/PE5/PE6 should read PE3/PE4/PE5/PE6 > > --- > > The figures in Section 4 use "RG" but this term is not introduced until > Section 5. > > --- > > Figure 2 might usefully be redrawn to show how PW3 and PW4 attach to the > PEs. > > --- > > Section 5 says > > For the inter-domain four-PW scenario, > it is required for PEs to ensure that the same mode is supported on > the two ICCP peers in the same redundancy group (RG). > > But you don't say how this is achieved. > > --- > > Section 5.2 > > Before > deploying this inter-domain VPLS, the operators MUST negotiate to > configure same PW high/low priority at two PW end-points. > > How do they do this? > > --- > > Section 5.3 > > In this use case, there are generally three options > > So, sometimes two options and sometimes four options? :-) > Delete "generally", but also make clear what the three options are. > > --- > > Section 5.3 > > support of 'request switchover' bit is required > > It would have helped me if this had used the same name as in RFC 6870 > (Request Switchover status bit) and had included a reference to RFC > 6870. > > --- > > Section 6 > > There seem to be some independent actions needed (operator negotiation, > setting of mode). Are these security vulnerabilities? > > ICCP is being run on the Internet and not in a chassis. Does that make a > difference to the security model?
- AD review of draft-ietf-l2vpn-vpls-inter-domain-r… Adrian Farrel
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Adrian Farrel
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Lizhong Jin
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Lizhong Jin
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Adrian Farrel
- Re: AD review of draft-ietf-l2vpn-vpls-inter-doma… Loa Andersson
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Adrian Farrel
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Lizhong Jin
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Lizhong Jin
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Adrian Farrel