IETF Logo Mail Archive

RE: AD review of draft-ietf-l2vpn-vpls-inter-domain-redundancy

"Lizhong Jin" <lizho.jin@gmail.com> Thu, 27 March 2014 17:01 UTC

Return-Path: <lizho.jin@gmail.com>
X-Original-To: l2vpn@ietfa.amsl.com
Delivered-To: l2vpn@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBA591A069E for <l2vpn@ietfa.amsl.com>; Thu, 27 Mar 2014 10:01:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DrJzCSX077nD for <l2vpn@ietfa.amsl.com>; Thu, 27 Mar 2014 10:01:09 -0700 (PDT)
Received: from mail-pd0-x22f.google.com (mail-pd0-x22f.google.com [IPv6:2607:f8b0:400e:c02::22f]) by ietfa.amsl.com (Postfix) with ESMTP id B0DF81A0349 for <l2vpn@ietf.org>; Thu, 27 Mar 2014 10:01:09 -0700 (PDT)
Received: by mail-pd0-f175.google.com with SMTP id x10so3593517pdj.6 for <l2vpn@ietf.org>; Thu, 27 Mar 2014 10:01:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-type:content-transfer-encoding:thread-index :content-language; bh=ReweCVxb4xoAGAlXG7fWHXW520c5t5VSZ7O4MCDZhSk=; b=AkiymdvVSf4nKPGkt8hLAYzFYgqQ8tWf++qdzdduiV2OB3ekwyBt4FejWdpqqWQwqU PX0oUzIT/SoxPFv+KoKiHFjje9RC7dlyG5XoXnoUiGB0cBZAV4WnNC1J34G+clGRazzy LApS9OlDeiG4ALXlUvxgZ5hu8ix+ol0sAmkXrZHsFr6d1lClb2rEhCkqbSVVjxscdoaU tfpueTuVf5n9s/fYmjgavG0DHGpoc4KjMrvEYct3DDb1hX278S0g3mIl92jmxY8IHVWF VcucqXiWSJCKQfdAUAEf9saeyvIAegUOcM8wGgTo7u0QvwHEGjE6VWz6mWTYnXlUIzUL WzeQ==
X-Received: by 10.66.163.2 with SMTP id ye2mr3056163pab.110.1395939668008; Thu, 27 Mar 2014 10:01:08 -0700 (PDT)
Received: from LizhongPC ([114.62.242.224]) by mx.google.com with ESMTPSA id q7sm11316091pbc.20.2014.03.27.10.01.02 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 27 Mar 2014 10:01:06 -0700 (PDT)
From: "Lizhong Jin" <lizho.jin@gmail.com>
To: <adrian@olddog.co.uk>, <draft-ietf-l2vpn-vpls-inter-domain-redundancy.all@tools.ietf.org>
References: <0aaa01cf45f0$7d04ae00$770e0a00$@olddog.co.uk>
In-Reply-To: <0aaa01cf45f0$7d04ae00$770e0a00$@olddog.co.uk>
Subject: RE: AD review of draft-ietf-l2vpn-vpls-inter-domain-redundancy
Date: Fri, 28 Mar 2014 00:59:51 +0800
Message-ID: <53345952.a70e440a.2a29.4f84@mx.google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Ac9F8Hhs0B3eBc77Qze8MzWdKc/7agD4oZEQ
Content-Language: zh-cn
Archived-At: http://mailarchive.ietf.org/arch/msg/l2vpn/rFm1bI5LTFq-UYA1VqntjmwnloM
Cc: l2vpn@ietf.org
X-BeenThere: l2vpn@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Layer 2 Virtual Private Networks <l2vpn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l2vpn>, <mailto:l2vpn-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/l2vpn/>
List-Post: <mailto:l2vpn@ietf.org>
List-Help: <mailto:l2vpn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l2vpn>, <mailto:l2vpn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Mar 2014 17:01:13 -0000

Hi Adrian,
Sorry for the late reply. Please see my reply inline below.
Please co-authors help to correct if I am wrong.

Regards
Lizhong


> -----Original Message-----
> From: Adrian Farrel [mailto:adrian@olddog.co.uk]
> Sent: Sunday, March 23, 2014 1:02 AM
> To: draft-ietf-l2vpn-vpls-inter-domain-redundancy.all@tools.ietf.org
> Cc: l2vpn@ietf.org
> Subject: AD review of draft-ietf-l2vpn-vpls-inter-domain-redundancy
> 
> As is my usual practice, I am doing a review of your document as AD to
> support the publication request from the WG chairs.  Thanks to Lizhong
> for answering my early questions. I understand the intention of the
> document and have a number of updates that I think you need to make to
> improve the quality and direction of the work.
> 
> FWIW I disagree with Lizhong that this is not a protocol specification.
> This document specifically gives instructions of process that an
> implementation has to follow (look at Section 5.3) and those procedures
> will change what messages the implementation sends. That means that the
> text changes what happens on the wire. So, although there are no bits
> and bytes changes, this is a protocol specification.
> 
> I have put the document into "Revised I-D Needed" state. When I see a
> new revision, I'll move it forward. In the meantime, you should feel
> free to debate any of these points with me if you disagree.
> 
> Thanks for the work,
> Adrian
> 
> ==========
> 
> It would be really nice to fix idnits
[Lizhong] accepted

> 
> ---
> 
> Please check the text for acronyms that have not been expanded.
[Lizhong] accepted

> 
> ---
> 
> Several places in the text (but not the boilerplate) please
> s/draft/document/
[Lizhong] accepted

> 
> ---
> 
> I can't see how this is a BCP. I realise that RFC 2026 section 5 is not
> really clearly written, but this is a technical spec that describes how
> to build a particular function in the network. Standards Track would be
> just fine (even though there are no bits and bytes defined) because you
> are defining procedures (using 2119 language) that an implementation
> has
> to perform to make this function work (i.e., interoperate).
[Lizhong] thank you for pointing out this. We will change to Standards Track.

> 
> ---
> 
> Section 1
> 
> Please give a little more information about what the "solution" is. You
> don't need to go into full detail, but you do need to give some
> overview. Things I'd like to see covered...
> - motivation is to provide service protection mechanisms in the event
> of
>   edge node failure
> - basic mechanism is to provide edge node redundancy
> - solution is dependent on the use of ICCP (with reference) to
>   coordinate between redundant edge nodes
> - no changes to any protocol message formats are needed for this
>   solution and no new protocol options are defined
> - this solution is a description of how existing protocol building
>   blocks may be deployed to achieve the desired function, but also
>   defines implementation behavior necessary for the function to work.
[Lizhong] accepted, and I try to rephrase as below:
In many existing Virtual Private LAN Service (VPLS) deployments based on [RFC4762], inter-domain connectivity has been deployed without node redundancy, or with node redundancy in a single domain.  This document is to provide a service protection mechanism for inter-domain VPLS based on [RFC4762]. The protection mechanism will provide edge node redundancy and link redundancy in both domains.  The domain in this document refers to autonomous system (AS), or other administrative domains.
The solution relies on the use of ICCP [ietf-pwe3-iccp] to coordinate between redundant edge nodes, and use of Pseudowire (PW) Preferential Forwarding Status Bit [RFC 6870] to negotiate the PW status. There is no change to any protocol message formats and no new protocol options introduced. This solution is a description of reusing existing protocol building blocks to achieve the desired function, but also defines implementation behavior necessary for the function to work.

> 
> ---
> 
> Section 4
> 
> 3/PE4/PE5/PE6 should read PE3/PE4/PE5/PE6
[Lizhong] accepted
> 
> ---
> 
> The figures in Section 4 use "RG" but this term is not introduced until
> Section 5.
[Lizhong] accepted
> 
> ---
> 
> Figure 2 might usefully be redrawn to show how PW3 and PW4 attach to
> the
> PEs.
[Lizhong] do you mean the PW is broken to the PE in the figure? Will fix that. Thanks.
> 
> ---
> 
> Section 5 says
> 
>    For the inter-domain four-PW scenario,
>    it is required for PEs to ensure that the same mode is supported on
>    the two ICCP peers in the same redundancy group (RG).
> 
> But you don't say how this is achieved.
[Lizhong] will add: One method to ensure mode consistency is by manual operation. Other methods are also possible and is out of the scope of this document.

> 
> ---
> 
> Section 5.2
> 
>    Before
>    deploying this inter-domain VPLS, the operators MUST negotiate to
>    configure same PW high/low priority at two PW end-points.
> 
> How do they do this?
[Lizhong] we check this with the operator. When they do inter-AS connection, there will be some kind of contract to ensure the interconnection. The PW priority could be one part of the contract/negotiation. This is more of the operation method. Now I think we should not use RFC2119 word "MUST" here. "should" would be a better word here.

> 
> ---
> 
> Section 5.3
> 
>    In this use case, there are generally three options
> 
> So, sometimes two options and sometimes four options? :-)
> Delete "generally", but also make clear what the three options are.
[Lizhong] it would be clear to say: In this use case, there are two options to provide protection: 1:1 and 3:1 protection.

> 
> ---
> 
> Section 5.3
> 
>    support of 'request switchover' bit is required
> 
> It would have helped me if this had used the same name as in RFC 6870
> (Request Switchover status bit) and had included a reference to RFC
> 6870.
[Lizhong] Accepted. Thanks.

> 
> ---
> 
> Section 6
> 
> There seem to be some independent actions needed (operator negotiation,
> setting of mode). Are these security vulnerabilities?
> 
> ICCP is being run on the Internet and not in a chassis. Does that make
> a
> difference to the security model?
[Lizhong] yes, more consideration is required. I try to change:
Besides of the security properties of [I-D.ietf-pwe3-iccp] and [RFC4762], this draft will have additional security consideration. 
When deploying the inter-domain redundancy mechanism described in this document, some manual operation/negotiation is required to be done correctly and securely. E.g., each node within one RG should be configured with same redundancy mode; the two operators should negotiate to configure same PW priority at two nodes. If the configuration consistency is broken, the inter-domain redundancy mechanism may not work properly.
Since ICCP is now deployed between two PEs or ASBRs, the LDP session could be secured with TCP Authentication Option [RFC5925]. This provides integrity and authentication for the ICCP messages. The LDP MD5 authentication key option, as described in section 2.9 of [RFC5036] MAY also be used.

v2.8.7 | Report a Bug | By Email