Re: [Lsr] Fwd: New Version Notification for draft-ietf-ospf-ospfv2-hbit-09.txt
Padma Pillay-Esnault <padma.ietf@gmail.com> Mon, 23 September 2019 19:29 UTC
Return-Path: <padma.ietf@gmail.com>
X-Original-To: lsr@ietfa.amsl.com
Delivered-To: lsr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7E171201C6 for <lsr@ietfa.amsl.com>; Mon, 23 Sep 2019 12:29:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ykoqv3XCp6ns for <lsr@ietfa.amsl.com>; Mon, 23 Sep 2019 12:29:56 -0700 (PDT)
Received: from mail-ua1-x92a.google.com (mail-ua1-x92a.google.com [IPv6:2607:f8b0:4864:20::92a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBB0C120020 for <lsr@ietf.org>; Mon, 23 Sep 2019 12:29:55 -0700 (PDT)
Received: by mail-ua1-x92a.google.com with SMTP id b14so4737496uap.6 for <lsr@ietf.org>; Mon, 23 Sep 2019 12:29:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Xtc04jJCQ3c96JnNGv/YEC9cI3rzSVmc+rD5w3M8X70=; b=CVik8tGzSRlwJ6fFhM9w+DMnFw+FILJr21xkwCyCjm7Kn+OObuOH3UdVnWYlhtslw0 ruy2GaI9ToBuqwRCpDnVMueZbqICMsHbEDIhSchgscx4WmDCfPIF01ekjYS31GhSEFux isYbRVXSpj3zgMclRMmg6Si1JHoAZAKx00P9wp7wZgYVmouvwkbgDTXmhwVBdyXUu8qH BhvVNmDOZYQ/tFWPLnKJLYDWRyhEcBV6iQK4KUrNAkEsPJA7/6eUz0vL8IhK/QquFgTJ CZGyiWFWfDrXHcHH3zoBnSfp7N40K6SlkS1JUbCQXvWFWXQf1Hm7qdpBKH+56lK23paa 7uqw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Xtc04jJCQ3c96JnNGv/YEC9cI3rzSVmc+rD5w3M8X70=; b=UfT/wHtJ4J/jOeNnHOf1GztbbUL8SPXYTLPADrHPbPW3A93fAZ7b6zXJxsdUhdRyRq fhF0isHcEJ39nFhnekOGSOR6WoNddRVsQKNBeSE9HschEpU8TG33wJ8AyudB6CGOSIs7 DRGHpllXFXw+EDzbn10qfcXwys0as+xo/H86BtEz/WBN1BVgr51v69PnO86T9W1Mkbwm XkEOPJcwl2gCqBYGntnX3ZqyofPcyZSxgypOhjpJFug01wNrmN5E9rwX61NKw7GFu/Bh nVKlkUjTIJG1+Zg0WGLGbHUcuFpvjOoXLY0pUO+/UdPW2nz3WMu/JvFZLMBnDQuh8PAi r/vw==
X-Gm-Message-State: APjAAAXgwPw4zst+oZy4zFV38IRt3uLx0WdVACn4RhtOoVvg73Hv1jfI 2RmV0Ncy+Md6vhRsjW7Nk4XWyyV4mpaC3Dhrxxc=
X-Google-Smtp-Source: APXvYqz1UpFi05UyG2sxRasiDajvOeQ2Mm5lsYVyKeHorGGNkR1ml53ZS8jFrrUkiBXgZaT9hEj0rjRsxLAcIrP0cus=
X-Received: by 2002:ab0:30ca:: with SMTP id c10mr520283uam.139.1569266994731; Mon, 23 Sep 2019 12:29:54 -0700 (PDT)
MIME-Version: 1.0
References: <156843700176.32063.1393096099535829916.idtracker@ietfa.amsl.com> <CAG-CQxo9kMWMXxiDDa4ZSm7ADVS+aPLzRuehDBf1W4jYjGxx2w@mail.gmail.com> <CAMMESsyqP4w3m6E_CFXfRvAO99ihXJuEzTL+3b3fT=s051LqAw@mail.gmail.com>
In-Reply-To: <CAMMESsyqP4w3m6E_CFXfRvAO99ihXJuEzTL+3b3fT=s051LqAw@mail.gmail.com>
From: Padma Pillay-Esnault <padma.ietf@gmail.com>
Date: Mon, 23 Sep 2019 12:29:43 -0700
Message-ID: <CAG-CQxoFpe2px8t02P=x+RiKx3Rnmuan_hqRucertpzivcO0PA@mail.gmail.com>
To: Alvaro Retana <aretana.ietf@gmail.com>
Cc: Yingzhen Qu <yingzhen.ietf@gmail.com>, "Manish Bhardwaj (manbhard)" <manbhard@cisco.com>, "Acee Lindem (acee)" <acee@cisco.com>, Keyur Patel <keyur@arrcus.com>, "Serpil Bayraktar (serpil)" <serpil@cisco.com>, "lsr@ietf.org" <lsr@ietf.org>, Padma Pillay-Esnault <padma.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000c7638f05933d710a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/Cm-NbjKnF3d_O0aAxRQMfnhkti0>
Subject: Re: [Lsr] Fwd: New Version Notification for draft-ietf-ospf-ospfv2-hbit-09.txt
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Sep 2019 19:30:00 -0000
Hi Alvaro Thanks for the thorough review. I went through all the minor and nits and agree and will make the changes. Therefore I will only discuss here the 2 major comments to be addressed. Please see below PPE On Fri, Sep 20, 2019 at 1:11 PM Alvaro Retana <aretana.ietf@gmail.com> wrote: > On September 14, 2019 at 1:12:51 AM, Padma Pillay-Esnault ( > padma.ietf@gmail.com) wrote: > > FYI the draft is posted. > > > Padma: > > Hi! > > Thanks for the revision! > > I went through the changes and have some mostly-editorial nits/minor > comments (see below, based on -09). There are a couple of major items, > introduced by the new text, that should be addressed before moving on: > > (1) §3 (last paragraph) introduces different behavior for permanently vs > temporarily acting as a host. From the point of view of the H-bit, what is > the difference? It seems to me that in both cases the H-bit would be set: > the router would be acting as a host NOW. How long it keeps the H-bit set > seems to be the distinction between permanent and temporary...but the > behavior should not change because of that. IOW, the specification of what > happens when the H-bit is set should be singular -- you may be able to > soften some of the MUSTs (to SHOULD) if the exceptions are justified other > than using time. > > PPE > I agree that the the specification should be singular. I propose this change OLD: Therefore, non-local IPv4 prefixes, e.g., those exported from other routing protocols, MUST NOT be advertised in AS- external-LSAs for routers acting permanently as a host. NEW: Therefore, non-local IPv4 prefixes, e.g., those exported from other routing protocols, SHOULD NOT be advertised in AS- external-LSAs for routers acting permanently as a host. The last sentence below the MUST is correct to correctly repel. Current : In addition to the procedure described above, temporary host routers advertising type 2-metric External LSAs MUST set the metrics to LSInfinity to repel traffic.(see Section 6 of this document). (2) The last bullet in §5...adds the fact that support for the H-bit can be > verified from the RI LSA *or* the router-LSA itself. That fact is not > considered before: if the RI LSA hasn't been received (or doesn't include > the new capability), but the router-LSA does have the H-bit set, should it > be assumed that the router supports the capability? Because this option > hasn't been mentioned before (requiring the capability to be advertised), I > think we should simply eliminate that last bullet. > > PPE > OK. I am fine with this proposed change and I will remove the last bullet. Thanks Padma Thanks! > > Alvaro. > > [Line numbers from idnits.] > > ... > 14 Abstract > > 16 The Open Shortest Path First Version 2 (OSPFv2) does not have a > 17 mechanism for a node to repel transit traffic if it is on the > 18 shortest path. This document assigns a new bit (Host-bit) in the > 19 OSPF Router-LSA bit registry and in the OSPF Router Informational > 20 Capability Bits Registry that enables a host router to advertise that > 21 it is a non-transit router. It also describes the changes needed to > 22 support the Host-bit in the domain. In addition, this document > 23 updates OSPF Stub Router Advertisement (RFC6987) to advertise for > 24 type-2 External and NSSA LSAs with a high cost in order to repel > 25 traffic effectively. > > [minor] s/This document assigns a new bit (Host-bit) in the OSPF > Router-LSA bit registry and in the OSPF Router Informational Capability > Bits Registry that enables a host router to advertise that it is a > non-transit router./This document defines a new bit (Host-bit) that enables > a router to advertise that it is a non-transit router." > > [nit] s/to advertise for type-2/to advertise type-2 > > [minor] s/OSPF Stub Router Advertisement (RFC6987)/RFC 6987 > > > ... > 75 1. Introduction > ... > 105 This document describes the Host-bit (H-Bit)functionality that > 106 prevents other OSPFv2 routers from using the router for transit > 107 traffic in OSPFv2 routing domains. This document defines the Host- > 108 bit in the OSPFv2 Router Properties Registry and if the host-bit is > 109 set then the calculation of the shortest-path tree for an area, as > 110 described in section 16.1 of [RFC2328], is modified by including a > 111 new check to verify that transit vertices DO NOT have the host-bit > 112 set. > > [nit] s/(H-Bit)functionality/(H-Bit) functionality > > [minor] s/This document defines the Host-bit in the OSPFv2 Router > Properties Registry and if the host-bit is set then the calculation of the > shortest-path tree...transit vertices DO NOT have the host-bit set./If the > host-bit is set then the calculation of the shortest-path tree...transit > vertices DO NOT have the host-bit set (see Section 4). > > [nit] Please be consistent: Host-bit, host-bit, H-bit... > > [minor] Add some text here (with a forward reference to Section 6) about > the Update to rfc6987. > > ... > 122 3. Host-bit Support > > 124 This document defines a new router-LSA bit known as the Host Bit or > 125 the H-bit. An OSPFv2 router advertising a router-LSA with the H-bit > 126 set indicates that it MUST NOT be used as a transit router (see > 127 section 4) by other OSPFv2 routers in the area supporting the > 128 functionality. > > [nit] s/section 4/Section 4 > > 130 If the host-bit is NOT set routers MUST act transit routers as > 131 described in [RFC2328] ensuring backward compatibility. > > [minor] I don't think there's really Normative value in using MUST to say: > "behave as always". I would even go as far as removing the sentence...but > if you want to keep it, here's a suggestion... > > NEW (suggestion)> > If the H-bit is not set then backwards compatibility is achieved as the > behavior will be the same as in [RFC2328]. > > > ... > 166 Host Bit in Router-LSA > > 168 0 1 2 3 4 5 6 7 > 169 +-+-+-+-+-+-+-+-+ > 170 |H|0|0|N|W|V|E|B| > 171 +-+-+-+-+-+-+-+-+ > > 173 Host Bit > > [minor] Label this figure too. > > 175 Bit H is the high-order bit of the OSPF as shown above. When set, > an > 176 OSPFv2 router is a Host (non-transit) router and is incapable of > 177 forwarding transit traffic. In this mode, the other OSPFv2 routers > 178 in the area MUST NOT use the host router for transit traffic, but > use > 179 the host router only for its local destinations. > > [minor] "Bit H is the high-order bit of the OSPF as shown above." Of the > OSPF what?? > > [minor] s/but use the host router only for its local destinations./but may > send traffic to its local destinations. > > 181 An OSPFv2 router originating a router-LSA with the H-bit set MUST > 182 advertise all its router links with a link cost of MaxLinkMetric > 183 [RFC6987]. This is to increase the applicability of the H-bit to > 184 partial deployments where it is the responsibility of the operator > to > 185 ensure that OSPFv2 routers not supporting the H-bit do not install > 186 routes causing routing loops. > > [minor] s/advertise all its router links/advertise all its non-stub links > > [minor] I see that §5 has the same text, and it is explicitly talking > about partial deployments. Let's take the second sentence out (the > explanation will come later). > > [nit] s/routing loop/forwarding loop/g > > > 188 When the H-bit is set, an Area Border Router (ABR) MUST advertise > the > 189 same H-bit setting in its self-originated router-LSAs for all > 190 attached areas. The consistency of the setting will prevent inter- > 191 area traffic transiting through the router by suppressing > 192 advertisement of prefixes from other routers in the area in its > 193 summary LSAs. Only IPv4 prefixes associated with its local > 194 interfaces MUST be advertised in summary LSAs to provide > reachability > 195 to end hosts attached behind a router with the H-bit set. > > [nit] s/summary LSAs/summary-LSAs > > [nit] s/attached behind a router/attached to a router > > 197 When the H-bit is set the host router cannot act as an AS Boundary > 198 Router (ASBR). Indeed, ASBR are transit routers to prefixes that > are > 199 typically imported through redistribution of prefixes of other > 200 routing protocols. Therefore, non-local IPv4 prefixes, e.g., those > 201 exported from other routing protocols, MUST NOT be advertised in AS- > 202 external-LSAs for routers acting permanently as a host. However, in > 203 use cases such as an overloaded router or a router being gracefully > 204 isolated, these routers are only temporarily acting as host routers > 205 and therefore SHOULD continue to advertise their External LSAs but > 206 ensure that they do not attract traffic. In addition to the > 207 procedure described above, temporary host routers advertising type > 208 2-metric External LSAs MUST set the metrics to LSInfinity to repel > 209 traffic.(see Section 6 of this document). > > [minor] s/exported/imported > > [minor] s/MUST NOT be advertised in AS-external-LSAs for routers acting > permanently as a host./MUST NOT be advertised in AS-external-LSAs if the > H-bit is set. > > [major] The new text introduces different behavior for permanently vs > temporarily acting as a host. From the point of view of the H-bit, what is > the difference? It seems to me that in both cases the H-bit would be set: > the router would be acting as a host NOW. How long it keeps the H-bit set > seems to be the distinction between permanent and temporary...but the > behavior should not change because of that. IOW, the specification of what > happens when the H-bit is set should be singular -- you may be able to > soften some of the MUSTs (to SHOULD) if the exceptions are justified other > than using time. > > > ... > 237 5. Auto Discovery and Backward Compatibility > > 239 To avoid the possibility of any routing loops due to partial > 240 deployment, this document defines a OSPF Router Information (RI) LSA > 241 [RFC7770] with and an area flooding scope and a new bit assigned in > 242 the OSPF Router Informational Capability Bits Registry. Bit: > > [nit] s/avoid/reduce > > [minor] s/defines a OSPF Router Information (RI) LSA [RFC7770] with and an > area flooding scope and a new bit assigned in the OSPF Router Informational > Capability Bits Registry. Bit:/defines an OSPF Router Information (RI) LSA > [RFC7770] capability. The RI LSA MUST be area-scoped. > > 244 Bit Capabilities > > 246 7 Host Router Support capability > > [nit] Name this table. > > ... > 253 In normal operations, there is no guarantee that the RI LSA will > 254 reach all routers in an area in a timely manner that may result in > 255 rooting loops in partial deployments. For example, in a new router > 256 joins an area which previous had only H-bit capable routers with > 257 H-bit set then it may take some time for the RI to propagate to all > 258 routers. > > [nit] s/operations,/operation > > [nit] s/manner that may result in rooting loops/manner, which may result > in forwarding loops > > [nit] s/in a new router/if a new router > > [nit] s/which previous had only H-bit capable routers with H-bit/which > previously had only H-bit capable routers with the H-bit > > > ... > 268 o All routers, with the H-bit set, MUST advertise all of the > 269 router's non-local links with a metric equal to MaxLinkMetric in > 270 its LSAs in order to avoid OSPFv2 (unless last resort) routers > not > 271 supporting the H-bit from attempting to use it for transit > 272 traffic. > > [minor] s/router's non-local links/router's non-stub links > > [minor] s/MaxLinkMetric/MaxLinkMetric [RFC6987] > > 274 o All routers supporting H-Bit MUST check all the RI LSAs of nodes > 275 in the area before actively running the modified SPF to account > 276 for the H-bit in order to verify that all routers are in routing > 277 capability. If any router does not have the H-Bit support then > 278 all routers in the areas MUST run the normal SPF. > > [minor] s/If any router does not have the H-Bit support then all routers > in the areas MUST run the normal SPF./If any router does not advertise the > Host Router Support capability then the SPF Modifications (Section 4) MUST > NOT be used in the area. > > 280 o Any router not supporting the H-bit capability is detected (by > 281 examination of RI- LSA or RTR LSA in the area database) then all > 282 routers in the area MUST revert back to normal operations. > > [major] This last paragraph is a repetition of the one before it. But it > adds the fact that support can be verified from the RI LSA *or* the > router-LSA itself. That fact is not considered before: if the RI LSA > hasn't been received (or doesn't include the new capability), but the > router-LSA does have the H-bit set... > > 284 6. OSPF AS-External-LSAs/NSSA LSAs with Type 2 Metrics > > 286 When calculating the path to an OSPF AS-External-LSA or NSSA-LSA > with > 287 a Type-2 metric, the advertised Type-2 metric is taken as more > 288 significant than the OSPF intra-area or inter-area path. Hence, > 289 advertising the links with MaxLinkMetric as specified in [RFC6987] > 290 does not discourage transit traffic when calculating AS external or > 291 NSSA routes with Type-2 metrics. > > [minor] s/NSSA-LSA/NSSA-LSA [RFC3101] Also, please add an Informative > reference. > > 293 Consequently, OSPF routers implementing [RFC6987] and required to be > 294 the last resort transit then they MUST advertise a Type-2 metric of > 295 LSInfinity-1 for any self-originated type 2 AS-External-LSAs or > NSSA- > 296 LSAs. However, in situations, the router needs to repel traffic and > 297 acts as a host router then, in addition of the host bit procedure > 298 described in this document they MUST advertise a Type-2 metric of > 299 LSInfinity for any self-originated type 2 AS-External-LSAs or NSSA- > 300 LSAs. > > [major] I think the text above is confusing because of the parts about > "required to be the last resort transit" or "needs to repel traffic", which > are not easily verified and normatively hard to enforce. Also, rfc6987 > doesn't use rfc2119 keywords... > > NEW> > Consequently, [RFC6987] is updated so that the Type-2 metric in any > self-originated AS-External-LSAs or NSSA-LSAs is advertised as LSInfinity-1 > [RFC2328]. If the H-bit is set, then the Type-2 metric MUST be set to > LSInfinity. > > > 302 7. IANA Considerations > ... > 311 This document requests the IANA to assign the Bit Number value of 7 > 312 to the Host Router Support Capability in the OSPF Router > 313 Informational Capability Bits Registry. [RFC7770] > > [nit] That reference is not needed. > > > ... > 319 8. Security Considerations > > 321 This document introduces the H-bit which is a capability that > 322 restricts the use of a router for transit except for its local > 323 destinations. This is a subset of the operations of a normal router > 324 and therefore should not introduce new security considerations > beyond > 325 those already known in OSPF. The feature, however does introduce > the > 326 flooding of a capability information that allows discovery and > 327 verification that all routers in an area are capable before turning > 328 on the feature. In the event that a rogue or buggy router > advertises > 329 incorrectly its capability there are two possible cases: > > [minor] s/transit except for its local destinations./transit, while only > its local destinations are reachable. > > [nit] s/known in OSPF/known in OSPF [RFC2328] > > 331 o The router does not have the capability but sends H-Bit set in > its > 332 LSAs: In this case, there is a possibility of a routing loop. > 333 However this is mitigated by the fact that this router should be > 334 avoided anyway. Moreover, the link metrics cost (MaxLinkMetric) > 335 of this router will mitigate this situation. In any case, a > 336 router advertising the H-bit capability without its links cost > 337 equal to MaxLinkMetric may be an indicator that this is a rogue > 338 router and to be avoided. > > [nit] s/sends H-Bit/sends the H-Bit > > [minor] s/and to be avoided/and should be avoided > > 340 o The router has the capability but sends the H-Bit clear in its > 341 LSAs: In this case, the router merely prevents support of other > 342 H-bit routers in the area and all the routers to run the modified > 343 SPF. The impact is also mitigated as other H-Bit routers in the > 344 area also advertise MaxLinkMetric cost so they will still be > 345 avoided unless they are the last resort path. > >
- Re: [Lsr] Fwd: New Version Notification for draft… Alvaro Retana
- Re: [Lsr] Fwd: New Version Notification for draft… Alvaro Retana
- Re: [Lsr] Fwd: New Version Notification for draft… Padma Pillay-Esnault
- Re: [Lsr] Fwd: New Version Notification for draft… Alvaro Retana
- Re: [Lsr] Fwd: New Version Notification for draft… Padma Pillay-Esnault