Re: [Lsr] AD Review of draft-ietf-isis-segment-routing-extensions-22
Alvaro Retana <aretana.ietf@gmail.com> Wed, 03 April 2019 21:21 UTC
Return-Path: <aretana.ietf@gmail.com>
X-Original-To: lsr@ietfa.amsl.com
Delivered-To: lsr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE47612004C; Wed, 3 Apr 2019 14:21:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hhtSuFOS0gsE; Wed, 3 Apr 2019 14:21:56 -0700 (PDT)
Received: from mail-ot1-x329.google.com (mail-ot1-x329.google.com [IPv6:2607:f8b0:4864:20::329]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EADD012018E; Wed, 3 Apr 2019 14:21:55 -0700 (PDT)
Received: by mail-ot1-x329.google.com with SMTP id t8so355045otp.7; Wed, 03 Apr 2019 14:21:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=ILh74pNdVP3VGoO6/uxjho2h8m9c+4FBOhNEVHtbYOo=; b=lwZ24d/cM4MsWpnHsAHLglU7gr1z10/qfNYYUa5ALfH6AFCdFby5f1TPkugmKv0D1v D/iubelVIHSIZKPjc/ygKg80vULdVkCbbQX/mXpQXCR+nujsxe8diClOlQ3F8E3J3vzW 1mdGbXmecrLaj5uQKclmAUDQE1vjFWtRoh5WVJnb1XynzFgFkeus5KyPc0GN7iic8XSq JLUZTtHW89GwT2KSA1AGX6gmqbrOfP4o5ultiHqntifLtw8jgBBlDj10Hmc/F3pP2nIv u+PziFHoD0bUehL4UuA/csFvcJEWC/Sjnw0eJVOJMjaD8U0d3pFmDswV89al1+l2Zn/c w7Fw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=ILh74pNdVP3VGoO6/uxjho2h8m9c+4FBOhNEVHtbYOo=; b=hEQmiOBhTPWZFstj0YTiRiYQGTdsql9bg6yXQVhbc2RtFAZrcgsV5dFvBH20v86GfF aphUWBr+/rH4jK1bPJqNICNeBJOuiOnkS3zcdxuFcL10ZRVUPIcpHGxaLv0V6JBvwTpi gibs9BCilUCT/sQIM8juBRotl5iCEKGIOtHck6nC19o3BkfbZiOhBLZfrdPO7r+wKUNo cxhnFMkmuOA8ySh/4G9x/Cm/7lgT2SSgeXX8ecrhTv28QbTnK+DXG0GFtyxQn3he+iXe uYhGJksuECflFPGVV70z2P1KvQp3WsQKenfAY+G9FUWjW+sRWJafQ20Kl09VLMJcpnhg 8Ylg==
X-Gm-Message-State: APjAAAVtYNxpR0kroCjV8VuHOCy3uqtO4foxBOJLKzkqUWX345ruoFA4 eYztYfgRymQYkro4Q/IKodNIZB7kR26HoVPkryc=
X-Google-Smtp-Source: APXvYqxi2zHoDdRcdEoHQdfg59TNzKECUqs1dmgVoIJXcRGH4r5IkW24XioLUeI1Lnj6FbUF/kPNju7iu10gZAkv0oA=
X-Received: by 2002:a05:6830:1103:: with SMTP id w3mr1561426otq.28.1554326515176; Wed, 03 Apr 2019 14:21:55 -0700 (PDT)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Wed, 3 Apr 2019 14:21:54 -0700
From: Alvaro Retana <aretana.ietf@gmail.com>
In-Reply-To: <MN2PR11MB36475B77F634FCD144F24BAEC15A0@MN2PR11MB3647.namprd11.prod.outlook.com>
References: <CAMMESsz7nvqpSHY78j_3Gkksbf=SiyMfv8pV83iRN9GUfJJ_YA@mail.gmail.com> <MN2PR11MB36475B77F634FCD144F24BAEC15A0@MN2PR11MB3647.namprd11.prod.outlook.com>
MIME-Version: 1.0
Date: Wed, 03 Apr 2019 14:21:54 -0700
Message-ID: <CAMMESsy2AEbZt_Zim8SZuw4cDwL1BZXmsqsUQiHtnT+2Zpwjmw@mail.gmail.com>
To: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>, "draft-ietf-isis-segment-routing-extensions@ietf.org" <draft-ietf-isis-segment-routing-extensions@ietf.org>
Cc: "lsr-chairs@ietf.org" <lsr-chairs@ietf.org>, "lsr@ietf.org" <lsr@ietf.org>, Uma Chunduri <uma.chunduri@huawei.com>
Content-Type: multipart/alternative; boundary="000000000000cd593e0585a6d779"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/J7LilR8qmqL4nHWGy5Ti_SfijYM>
Subject: Re: [Lsr] AD Review of draft-ietf-isis-segment-routing-extensions-22
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2019 21:21:59 -0000
On March 29, 2019 at 1:55:17 AM, Les Ginsberg (ginsberg) (ginsberg@cisco.com) wrote: Les: Hi! Thanks for the update. I have a couple of comments on your replies — no showstoppers. However, it looks like my original comments were truncated; I added the remaining comments at the end. I am starting the IETF LC. The remaining comments can be addressed with any other comments that are received during LC. Thanks!! Alvaro. ... > 445 V-Flag: Value flag. If set, then the Adj-SID carries a value. > 446 By default the flag is SET. > > [minor] Is the description the same at the V-Flag in §2.1? If so, then > indicating that, or at least also pointing out here that the value is > carried instead of an index would be helpful. > [Les:] Done. I think you missed this one. ... > 544 System-ID: 6 octets of IS-IS System-ID of length "ID Length" as > 545 defined in [ISO10589]. > > [major] Which System-ID? > [Les:] Text has been altered to indicate it is the system-id of the neighbor. > [major] "6 octets of...length "ID Length"" ?? > [Les:] Done. I was trying to point out that the text is confusing where it says that the System-ID, which is (from the figure) a 6-octet field, is represented by "6 octets…of length "ID Length”. Is the length 6 octets or “ID Length”? ISO10589 says: "System identifier — a variable length field from 1 to 8 octets”…RFC1195 suggests this: "N is a system identifier. In the level 1 algorithm, N is a 6 octet ID for OSI end systems, a 7 octet ID for routers, or an 8 octet IP Internal Reachability Information entry.” For both cases, it the length of the System ID is > 6 octets, which bits are expected to be in the sub-TLV? If the system ID is < 6 octets (which I doubt, but just to cover ISO10589), what next? Maybe I’m just confused... Do you want to specify any check to make sure that the System ID in fact corresponds to a valid neighbor? ... > 812 The other flags defined in Section 2.1 are not used by the Mapping > 813 Server and MUST be ignored at reception. > > [major] How does the receiver know that the sub-TLV was originated by a > Mapping Server? Is it the case that it would originate a Binding TLV? > IOW, would the other flags always be ignored when the sub-TLV is included > in the Binding TLV (but not other TLVs)? Does this apply also to the > Multi-Topology SID/Label Binding TLV (§2.5)? > [Les:] "Yes" to all of your questions. Please add some text to clarify. ... > 1075 3.3. SR Local Block Sub-TLV > > 1077 The SR Local Block (SRLB) Sub-TLV contains the range of labels the > 1078 node has reserved for local SIDs. Local SIDs are used, e.g., for > 1079 Adjacency-SIDs, and may also be allocated by other components than > 1080 IS-IS protocol. As an example, an application or a controller may > 1081 instruct the router to allocate a specific local SID. Therefore, in > 1082 order for such applications or controllers to know what are the local > 1083 SIDs available in the router, it is required that the router > 1084 advertises its SRLB. > > [nit] s/than IS-IS protocol/than the IS-IS protocol [Les:] Done. > > > ... > 1122 The originating router MUST NOT advertise overlapping ranges. > > [major] What should the receiver do if the ranges overlap? I'm assuming > the same thing as what was specified before...please be specific. > [Les:] Similar question is relevant to SRGB and the behavior has been specified in https://tools.ietf.org/html/draft-ietf-spring-segment-routing-mpls-18#section-2.3 and this draft references it. I would do the same here, but the SR MPLS draft does not specify behavior for SRLB - even though the referenced section is entitled "Segment Routing Global Block and Local Block". Best solution I would think is to update SR MPKS draft so that a reference to it could be added here. Please go ahead and add the reference. I’ll make sure to address the issues when that document comes to the IESG (should be soon as it already finished IETF LC). ... > 1190 5. IANA Considerations > > 1192 This documents request allocation for the following TLVs and subTLVs Hmmm…. It looks like my comments were truncated (I’ve seen this happen a couple of times). :-( Here’s the rest: 1190 5. IANA Considerations 1192 This documents request allocation for the following TLVs and subTLVs. [minor] IANA may be ok, but I find the formatting below a little confusing. A table may be a better option. ... 1313 This document creates the following sub-TLV Registry: ... [major] Please indicate what the range is. … 1317 Registration Procedure: Expert review [] We’re going to need Designated Experts. Volunteers? [major] Are there specific instructions/considerations that the DEs should be aware of when assigning from this new registry? If so, please add some text. ... 1333 6. Security Considerations 1335 With the use of the extensions defined in this document, IS-IS 1336 carries information which will be used to program the MPLS data plane 1337 [RFC3031]. In general, the same types of attacks that can be carried 1338 out on the IP/IPv6 control plane can be carried out on the MPLS 1339 control plane resulting in traffic being misrouted in the respective 1340 data planes. However, the latter may be more difficult to detect and 1341 isolate. Existing security extensions as described in [RFC5304] and 1342 [RFC5310] apply to these segment routing extensions. [nit] Maybe break up the paragraph into multiple ones with independent points. [major] With the last sentence, are you implying that authentication is required when IS-IS is carrying SR extensions? If so, please be explicit. Why would these extensions be different than any other extension? [minor] The companion OSPF documents added the following paragraph to the Security Considerations as a result of one of the reviews...perhaps consider including something similar: Implementations MUST assure that malformed TLV and Sub-TLV defined in this document are detected and do not provide a vulnerability for attackers to crash the OSPFv2 router or routing process. Reception of malformed TLV or Sub-TLV SHOULD be counted and/or logged for further analysis. Logging of malformed TLVs and Sub-TLVs SHOULD be rate-limited to prevent a Denial of Service (DoS) attack (distributed or otherwise) from overloading the OSPF control plane. ... 1415 9.1. Normative References ... [minor] I think that these references can be Informative: 1463 [RFC5305] Li, T. and H. Smit, "IS-IS Extensions for Traffic 1464 Engineering", RFC 5305, DOI 10.17487/RFC5305, October 1465 2008, <https://www.rfc-editor.org/info/rfc5305>. 1467 [RFC5308] Hopps, C., "Routing IPv6 with IS-IS", RFC 5308, 1468 DOI 10.17487/RFC5308, October 2008, 1469 <https://www.rfc-editor.org/info/rfc5308>. ... 1527 Les Ginsberg (editor) 1528 Cisco Systems, Inc. 1529 IT [nit] I didn't know you had moved. ;-)
- [Lsr] AD Review of draft-ietf-isis-segment-routin… Alvaro Retana
- Re: [Lsr] AD Review of draft-ietf-isis-segment-ro… Acee Lindem (acee)
- Re: [Lsr] AD Review of draft-ietf-isis-segment-ro… Les Ginsberg (ginsberg)
- Re: [Lsr] AD Review of draft-ietf-isis-segment-ro… Alvaro Retana
- Re: [Lsr] AD Review of draft-ietf-isis-segment-ro… Les Ginsberg (ginsberg)
- Re: [Lsr] AD Review of draft-ietf-isis-segment-ro… Les Ginsberg (ginsberg)
- Re: [Lsr] AD Review of draft-ietf-isis-segment-ro… Alvaro Retana
- Re: [Lsr] AD Review of draft-ietf-isis-segment-ro… Les Ginsberg (ginsberg)