IETF Logo Mail Archive

Re: [Last-Call] Tsvart last call review of draft-ietf-sfc-nsh-integrity-06

tirumal reddy <kondtir@gmail.com> Wed, 28 July 2021 14:08 UTC

Return-Path: <kondtir@gmail.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 198D93A11E5; Wed, 28 Jul 2021 07:08:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bSWG19UYTt4C; Wed, 28 Jul 2021 07:08:39 -0700 (PDT)
Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAE7A3A11E4; Wed, 28 Jul 2021 07:08:38 -0700 (PDT)
Received: by mail-lj1-x230.google.com with SMTP id l17so3273913ljn.2; Wed, 28 Jul 2021 07:08:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=scPFQRZVfSXMxCzFqYdzFgfP/s/bNOXjs1Mf+8hqrYY=; b=PRKX631JrMS9bO39JNfh7WMJTUV+HpcgM2gW2Cvko1Q5NyO7FaaPFRPHvkRR8apP+b i5U44dWQ4kYxjETAxuAOI0XC623WozLCLtygzJlxRg1cK0c4RmcL4KjHERHERO39OrG4 QXIHb5A5cJP4IPcEsXKbI1qkn3S5Kljl69Irp91qPfkCIe1/X3b36WmdLPuXDLK+mIyh ZAxPlMYqCRz/vNw1l1ze+diMmbsjQPTvSQnk3aijelVc55VXaNqXx0r1X0eOAGceL0C0 3EWIJP0PJIU/qWNYAapSLIs5YpzbhV5hnrFm7HeJcgsVAxXSXggXmeAalbGd+nmArtVe yK8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=scPFQRZVfSXMxCzFqYdzFgfP/s/bNOXjs1Mf+8hqrYY=; b=lH1DY3jMaPDWexklMg4wvWi7QkP6Pzs7eixoPTquxwGml9TK8gZGHjlJz78qX4hYkY Xla/OnSrL0R/onCk+ICUf5oNHT0Zh60QLWE8J9SaVYZFXyEKObthneVoUOhF4w4Qrj+K KaXv66MR+gBmzYaPDGQSyunxal4IV+Nb8PTJNKBwFTxn0KAKI/pBZyfDzx+l3Q6MTzf6 RL5Jp6Nt/tawu7oxrEQFI6mHgqQB6QoyJ2oZVDXE4RtUbRYR+UI1dcwttPRxU12GMavM THp8z5SuttqpZr77ATzFRiS0/dwTDGZFEQbv/pJjNNi1NEyViC9c8+6kQtfKyVRg3o4C XOEg==
X-Gm-Message-State: AOAM531M/cd8FUvRzhIGjKa+9zn5X7ewq0ZqJAaxcVJ3MKqQYawvmI2F rmnmZrdvUbStbnmVUpPE/xVJmqkHs6EJLwJJ7XXEaPfcoLjJFw==
X-Google-Smtp-Source: ABdhPJyV3qFEjw4MYGJgSzGBYREi3QH0c093MsPm40Lpo0dwYqA37vBVsP2pps5Bnb8kdT5hmNZPS14f8jiY4WEztGk=
X-Received: by 2002:a2e:9ec1:: with SMTP id h1mr57181ljk.0.1627481316217; Wed, 28 Jul 2021 07:08:36 -0700 (PDT)
MIME-Version: 1.0
References: <162727588884.5692.17674077604548999432@ietfa.amsl.com>
In-Reply-To: <162727588884.5692.17674077604548999432@ietfa.amsl.com>
From: tirumal reddy <kondtir@gmail.com>
Date: Wed, 28 Jul 2021 19:38:24 +0530
Message-ID: <CAFpG3gdRLTQvuoaEeRAhDUAqD3yBQ0jdBpZJzSvrJVPN-bMKTg@mail.gmail.com>
To: Joseph Touch <touch@strayalpha.com>
Cc: tsv-art@ietf.org, draft-ietf-sfc-nsh-integrity.all@ietf.org, last-call@ietf.org, sfc@ietf.org
Content-Type: multipart/alternative; boundary="000000000000bb582605c82f85e4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/8xN5weCpV63EQOhnCvEXXVpwsaI>
Subject: Re: [Last-Call] Tsvart last call review of draft-ietf-sfc-nsh-integrity-06
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jul 2021 14:08:44 -0000

Thanks Joseph for the detailed comment and explanation. We plan to add the
following text to address the issue:

Note that the term “transport encapsulation” used in this document is
equivalent to the term “tunnel encapsulation” used In [ietf-intarea-tunnel].



Cheers,

-Tiru

On Mon, 26 Jul 2021 at 10:34, Joseph Touch via Datatracker <noreply@ietf.org>
wrote:

> Reviewer: Joseph Touch
> Review result: Not Ready
>
> This document has been reviewed as part of the transport area review team's
> ongoing effort to review key IETF documents. These comments were written
> primarily for the transport area directors, but are copied to the
> document's
> authors and WG to allow them to address any issues raised and also to the
> IETF
> discussion list for information.
>
> When done at the time of IETF Last Call, the authors should consider this
> review as part of the last-call comments they receive. Please always CC
> tsv-art@ietf.org if you reply to or forward this review.
>
> It was very difficult to review this document for IETF transport protocol
> considerations.
>
> Although "transport encapsulation" is indicated repeatedly, it is never
> referred to directly or described either in this document or its
> citations. It
> appears to be using this term in the sense of RFC8300, which too never
> defines
> it, but uses examples that are more accurately referred to in the IETF as
> link
> layer protocols or either network or link tunnel protocols (IP in IP, GRE,
> VXLAN, Ethernet).
>
> Regardless of the fact that this confusion originates in RFC8300, it needs
> to
> be addressed here and corrected before this document can be reviewed to
> determine if there are any IETF transport area issues.
>
> The remainder of these notes provide detail of this issue.
>
> -----
>
> The document refers back to RFC8300 to define the NSH itself; that document
> discusses transport issues just as vaguely (never mentioning a particular
> transport protocol), and when it discusses fragmentation, it refers to
> section
> 9 of a document (draft-ietf-rtgwg-dt-encap-02 from 2017) that had expired
> prior
> to the publication of RFC8300.  Because transport fragmentation is, IMO, a
> normative issue, this should not have been permitted.
>
> Further, Section 9 of that draft incorrectly recommends reliance on ICMP
> feedback to address MTU failures when not under a single operator’s
> management.
> That was widely known even then to be insufficient due to blackholing;
> this had
> motivated PLPMTUD in RFC4821 a full decade earlier. RFC8300 compounds this
> error by simply asserting that the operator should ensure that ICMPs are
> not
> blocked, overlooking the need to address when this is not the case.
>
> This document cannot ignore that issue and simply refer to RFC8300 on this
> issue.
>
> Note that one of the only places an actual encapsulation protocol is
> mentioned
> is RFC8300, in which Section 5 mentions IP and  Section 6.1 Table 1
> describes
> VXLAN-GPE, GRE, and Ethernet – all of which are described as “transport
> encapsulation”.
>
> If, in fact, IETF transport protocols are being used, at some point the
> use of
> an actual IETF transport protocol should be described (e.g., TCP, UDP,
> SCTP,
> DCCP). At that point, the transport issues would be reviewable. As the
> document
> currently stands, it completely ignores such transport issues and should
> not
> proceed until this is addressed and re-reviewed.
>
> If instead, as I suspect, the term “transport encapsulation” actually
> refers to
> “network layer encapsulation” or “link layer encapsulation” and really
> implies
> some sort of tunnel, there would be no transport area issues to review
> unless
> that tunnel were to include a transport protocol as part of the layers of
> encapsulation. If that is the case, the document should be revised to
> replace
> the term “transport” with something that more accurately describes
> VXLAN-GPE,
> GRE, Ethernet, and IP encapsulation using IETF terminology. Note that
> draft-ietf-intarea-tunnels never uses the term “transport” except when
> referring to the use of IETF transport protocols as a tunnel layer, e.g.
> (i.e.,
> the last sentence of Sec 8 of this doc is incorrect in implying otherwise).
>
> (I would also note that neither this doc nor RFC8300 define “transport
> encapsulation” in their terminology; even if they would, they should not
> attempt to define it in a way inconsistent with widespread use in the
> IETF).
>
>
>
>

v2.23.0 | Report a Bug | By Email