RE: AD review of draft-ietf-l2vpn-vpls-inter-domain-redundancy
"Lizhong Jin" <lizho.jin@gmail.com> Wed, 26 March 2014 01:18 UTC
Return-Path: <lizho.jin@gmail.com>
X-Original-To: l2vpn@ietfa.amsl.com
Delivered-To: l2vpn@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com
(Postfix) with ESMTP id 03F2C1A0012 for <l2vpn@ietfa.amsl.com>;
Tue, 25 Mar 2014 18:18:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.45
X-Spam-Level:
X-Spam-Status: No, score=0.45 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,
DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001,
MIME_CHARSET_FARAWAY=2.45, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OLFMl8OVqNNT for
<l2vpn@ietfa.amsl.com>; Tue, 25 Mar 2014 18:18:08 -0700 (PDT)
Received: from mail-pd0-x229.google.com (mail-pd0-x229.google.com
[IPv6:2607:f8b0:400e:c02::229]) by ietfa.amsl.com (Postfix) with ESMTP id
C56261A0027 for <l2vpn@ietf.org>; Tue, 25 Mar 2014 18:18:08 -0700 (PDT)
Received: by mail-pd0-f169.google.com with SMTP id fp1so1190632pdb.0 for
<l2vpn@ietf.org>; Tue, 25 Mar 2014 18:18:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=from:to:cc:references:in-reply-to:subject:date:message-id
:mime-version:content-type:content-transfer-encoding:thread-index
:content-language; bh=rlnxUj2vt0VudzUijBvoZ3dTjJid2UXQL+MO+ZLyqrY=;
b=dFv+tQMxhiGljUXlje9xadIjem3TRdPdaX/zvuUBf8bri02oCwaEERynXGCrm6QM1l
wonsM3YUgoBqVIAd7jt0Yd6avUlOzZ4hxL+jIzy908jma/a3c3oMvXgbOAqNg6jCh2Yg
4OsxW8Qojqdw6t3jID6TRGPanHg47Xxr/ibxaCD/2Go56KR0Q5WptXA13+6DIBLJhV38
XuZVYl+CZRFI1v9lbLMIscLSMepLb05IAtkgvzaXyRqOF2xv3yYj9acf6Ivi1dJ5mqfn
O01sRSn7w7Xd62sPXnLkYkAOzd38UCBfAUMIMpDepQK6O0mLCITDfCxcONjWkat5yNMn D7tA==
X-Received: by 10.68.170.36 with SMTP id aj4mr84199177pbc.54.1395796687540;
Tue, 25 Mar 2014 18:18:07 -0700 (PDT)
Received: from LIZHONGJ ([180.166.53.21]) by mx.google.com with ESMTPSA id
gu11sm50651025pbd.74.2014.03.25.18.17.15 for <multiple recipients>
(version=TLSv1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Tue, 25 Mar 2014 18:18:06 -0700 (PDT)
From: "Lizhong Jin" <lizho.jin@gmail.com>
To: <adrian@olddog.co.uk>,
<draft-ietf-l2vpn-vpls-inter-domain-redundancy.all@tools.ietf.org>
References: <0aaa01cf45f0$7d04ae00$770e0a00$@olddog.co.uk>
<058701cf4872$2fba16b0$8f2e4410$@olddog.co.uk>
In-Reply-To: <058701cf4872$2fba16b0$8f2e4410$@olddog.co.uk>
Subject: RE: AD review of draft-ietf-l2vpn-vpls-inter-domain-redundancy
Date: Wed, 26 Mar 2014 09:17:11 +0800
Message-ID: <025f01cf4891$3d9b9d20$b8d2d760$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQKieMH6bvwQq0oDr/K5WljRkwwysgKbcvOcmTdUhoA=
Content-Language: zh-cn
Archived-At: http://mailarchive.ietf.org/arch/msg/l2vpn/uSkp2QXbZi91hcAAZRFFft8rgpA
Cc: l2vpn@ietf.org
X-BeenThere: l2vpn@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Layer 2 Virtual Private Networks <l2vpn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l2vpn>,
<mailto:l2vpn-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/l2vpn/>
List-Post: <mailto:l2vpn@ietf.org>
List-Help: <mailto:l2vpn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l2vpn>,
<mailto:l2vpn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Mar 2014 01:18:11 -0000
Hi Adrian, Thank you for the review. We will reply the comments soon. Regards Lizhong > -----Original Message----- > From: Adrian Farrel [mailto:adrian@olddog.co.uk] > Sent: 2014年3月26日 5:36 > To: draft-ietf-l2vpn-vpls-inter-domain-redundancy.all@tools.ietf.org > Cc: l2vpn@ietf.org > Subject: RE: AD review of draft-ietf-l2vpn-vpls-inter-domain-redundancy > > Hi, > > I just want to add to these comments that the Security AD's review of draft- > ietf-pwe3-iccp reads... > > > The > > security model relies upon physical security with some (not great) > > provisions for authentication and access controls (address filtering, > > anti-spoofing, MD5 authentication). Monitoring provides the ability > > to catch a problem if a security breach arises s was described in the > > response to the SecDir review. Our threat models and understanding of > > them continues to evolve with service providers being a major target, > > as well as administrators. Stronger authentication options and > > session encryption should be considered if a redesign as suggested in > > other IESG reviews is done. > > This suggests that your work should not simply lean on the security > considerations of draft-ietf-pwe3-iccp because they will not be considered to > be sufficient for wider deployment in the Internet. > > Thanks, > Adrian > > > -----Original Message----- > > From: L2vpn [mailto:l2vpn-bounces@ietf.org] On Behalf Of Adrian Farrel > > Sent: 22 March 2014 17:02 > > To: draft-ietf-l2vpn-vpls-inter-domain-redundancy.all@tools.ietf.org > > Cc: l2vpn@ietf.org > > Subject: AD review of draft-ietf-l2vpn-vpls-inter-domain-redundancy > > > > As is my usual practice, I am doing a review of your document as AD to > > support the publication request from the WG chairs. Thanks to Lizhong > > for answering my early questions. I understand the intention of the > > document and have a number of updates that I think you need to make to > > improve the quality and direction of the work. > > > > FWIW I disagree with Lizhong that this is not a protocol specification. > > This document specifically gives instructions of process that an > > implementation has to follow (look at Section 5.3) and those > > procedures will change what messages the implementation sends. That > > means that the text changes what happens on the wire. So, although > > there are no bits and bytes changes, this is a protocol specification. > > > > I have put the document into "Revised I-D Needed" state. When I see a > > new revision, I'll move it forward. In the meantime, you should feel > > free to debate any of these points with me if you disagree. > > > > Thanks for the work, > > Adrian > > > > ========== > > > > It would be really nice to fix idnits > > > > --- > > > > Please check the text for acronyms that have not been expanded. > > > > --- > > > > Several places in the text (but not the boilerplate) please > > s/draft/document/ > > > > --- > > > > I can't see how this is a BCP. I realise that RFC 2026 section 5 is > > not really clearly written, but this is a technical spec that > > describes how to build a particular function in the network. Standards > > Track would be just fine (even though there are no bits and bytes > > defined) because you are defining procedures (using 2119 language) > > that an implementation has to perform to make this function work (i.e., > interoperate). > > > > --- > > > > Section 1 > > > > Please give a little more information about what the "solution" is. > > You don't need to go into full detail, but you do need to give some > > overview. Things I'd like to see covered... > > - motivation is to provide service protection mechanisms in the event of > > edge node failure > > - basic mechanism is to provide edge node redundancy > > - solution is dependent on the use of ICCP (with reference) to > > coordinate between redundant edge nodes > > - no changes to any protocol message formats are needed for this > > solution and no new protocol options are defined > > - this solution is a description of how existing protocol building > > blocks may be deployed to achieve the desired function, but also > > defines implementation behavior necessary for the function to work. > > > > --- > > > > Section 4 > > > > 3/PE4/PE5/PE6 should read PE3/PE4/PE5/PE6 > > > > --- > > > > The figures in Section 4 use "RG" but this term is not introduced > > until Section 5. > > > > --- > > > > Figure 2 might usefully be redrawn to show how PW3 and PW4 attach to > > the PEs. > > > > --- > > > > Section 5 says > > > > For the inter-domain four-PW scenario, > > it is required for PEs to ensure that the same mode is supported on > > the two ICCP peers in the same redundancy group (RG). > > > > But you don't say how this is achieved. > > > > --- > > > > Section 5.2 > > > > Before > > deploying this inter-domain VPLS, the operators MUST negotiate to > > configure same PW high/low priority at two PW end-points. > > > > How do they do this? > > > > --- > > > > Section 5.3 > > > > In this use case, there are generally three options > > > > So, sometimes two options and sometimes four options? :-) Delete > > "generally", but also make clear what the three options are. > > > > --- > > > > Section 5.3 > > > > support of 'request switchover' bit is required > > > > It would have helped me if this had used the same name as in RFC 6870 > > (Request Switchover status bit) and had included a reference to RFC > > 6870. > > > > --- > > > > Section 6 > > > > There seem to be some independent actions needed (operator > > negotiation, setting of mode). Are these security vulnerabilities? > > > > ICCP is being run on the Internet and not in a chassis. Does that make > > a difference to the security model?
- AD review of draft-ietf-l2vpn-vpls-inter-domain-r… Adrian Farrel
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Adrian Farrel
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Lizhong Jin
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Lizhong Jin
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Adrian Farrel
- Re: AD review of draft-ietf-l2vpn-vpls-inter-doma… Loa Andersson
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Adrian Farrel
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Lizhong Jin
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Lizhong Jin
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Adrian Farrel