IETF Logo Mail Archive

Re: [Lsr] AD Review of draft-ietf-lsr-ospf-prefix-originator-07

"Ketan Talaulikar (ketant)" <ketant@cisco.com> Tue, 09 March 2021 17:42 UTC

Return-Path: <ketant@cisco.com>
X-Original-To: lsr@ietfa.amsl.com
Delivered-To: lsr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F31D3A10DA; Tue, 9 Mar 2021 09:42:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.601
X-Spam-Level:
X-Spam-Status: No, score=-9.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=JmZbsSbM; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=JwXeSvAo
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bpyaxcwMsBMA; Tue, 9 Mar 2021 09:42:22 -0800 (PST)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D59E53A10C1; Tue, 9 Mar 2021 09:42:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=12378; q=dns/txt; s=iport; t=1615311741; x=1616521341; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=dC9bmru66tnAX/kPHwjK5kAzzjLOzqiO+6VdM6j+xMw=; b=JmZbsSbMqe1PG31t1phiOko7Nnmpiay05KMVdah5Uym9eOJ14DbDJFqx CqYv3IEgsNUumcnUth7prkQ8oDrQF8haeJh/k99ffGvM7hG2zB5EA1gEg 32Xt0G1aSXNOjtyR1R04xCAnsaaFmXXZlNRTOUNIFeJ8Wb85lquVE10B0 M=;
X-IPAS-Result: A0CqAABuskdgmIMNJK1aHQEBAQEJARIBBQUBQIE+BQELAYFSUYFXNjEKhDeDSAOFOYhWA4odhHeKB4JTA1QLAQEBDQEBMgIEAQGETQIXgWcCJTcGDgIDAQEBAwIDAQEBAQUBAQECAQYEFAEBAQEBAQEBhjYNhkQBAQEBAgEjEQwBATAHAQQHBAIBCA4DBAEBAwIUEgICAh8RFQgIAgQBDQUIgmiCVgMOIQGiIQKKHnaBMoMEAQEGhQsNC4ITCYEPKoJ2hAmGRCYcgUlCgRFDglg+ghqCJQUxAhWCRzSCK4FPCmsGAQFiBEsfCXgsFQQBJQ81FAoPkDCDMpQpj0WBL1sKgn+WfIVPgzqKU5MXgk6TcHWCDYxBjmwsgWGCcwIEAgQFAg4BAQaBaiKBWXAVgyRQFwINjh8Zg1aKWXM4AgYBCQEBAwl8iiokCYEGAYEOAQE
IronPort-PHdr: 9a23:dRyKNh3MLYetJLAUsmDT+zVfbzU7u7jyIg8e44YmjLQLaKm44pD+JxWGuadiiVbIWcPQ7PcXw+bVsqW1X2sG7N7BtX0Za5VDWlcDjtlehA0vBsOJSCiZZP7nZiA3BoJOAVli+XzoPk1cGcK4bFrX8TW+6DcIEUD5Mgx4bu3+Bo/ViZGx0Oa/s53eaglFnnyze7R3eR63tg7W8MIRhNhv
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.81,236,1610409600"; d="scan'208";a="673932581"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 09 Mar 2021 17:42:20 +0000
Received: from mail.cisco.com (xbe-aln-001.cisco.com [173.36.7.16]) by alln-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 129HgKUL019562 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Tue, 9 Mar 2021 17:42:20 GMT
Received: from xfe-rcd-004.cisco.com (173.37.227.252) by xbe-aln-001.cisco.com (173.36.7.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Tue, 9 Mar 2021 11:42:19 -0600
Received: from xfe-rcd-004.cisco.com (173.37.227.252) by xfe-rcd-004.cisco.com (173.37.227.252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Tue, 9 Mar 2021 11:42:12 -0600
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-004.cisco.com (173.37.227.252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3 via Frontend Transport; Tue, 9 Mar 2021 11:42:12 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HuuG8vNq7dlrqUMixxtMSXxsB1DCxLNmrLnxTMIaC2drMSvXxNcly7g5AnyADwDeUf0nwmTWz4OviAl6+1VPHBiKoguwaLk5H7/D0tiD8YHm22kH/khS3t2JaUiwuoXEnjFSTzUiB7reSWI4kgapCxJAfWzOf8cbSnFpX1Wz9DwRhD1AM2srAeLUDlwxc4K1BmxVXRY4GbHMLlt3pqaNP9J7uzTG41X+nBkZepO1IZm+EKUhyVr+hOm1qnV4Nno5Lxs2oU6w+L+/MPOuw1kuhoBg8sBf34vUm+2AMU2/pbqTgVDrCb5gTNk8HmMjGFTjXX+I2bhlyab0onjpBqndeg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dC9bmru66tnAX/kPHwjK5kAzzjLOzqiO+6VdM6j+xMw=; b=TxyjcHubKYckgQVaUlGrXYVy2iWJCUzy11KRowel3NG5WSOnWZvq77Il3EBTL8DFPCbn1JInm2tJE2EyuYG5q2z60UB2rImZ68pFcSyh2uWrtbrNkCl9mCdiA8pl/zeYxzlnqsz/XFj+uBnc9d/NMcgQoZdAi5O6tRGouTzYwOazS43U7BvdX3TOhcU3FJsmPF2T3Dp+Neqp/MLJN1nsogOVmBChqa2RQNWYGFUAlp9ZBJP0W+/xYCr1VqCRRMf8b+HncO5DcHnt7e6768Hq0Wkq5EcbKLSkc98fVhEE9Y31ZbNgngv+ZoLkA0bkxITXcTe0n1vShEp5F6C3biYOnQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dC9bmru66tnAX/kPHwjK5kAzzjLOzqiO+6VdM6j+xMw=; b=JwXeSvAo4umJKvVLEXtDZAQKcUwNRYWyhYFAxdYkAXRBNSFEW9IqzM9d6Vgzbn7XgMn/KqrTqMVa//y2u4rpPkosIO+LRAib8MYxuksRseiqs/tUrdybrA10dt7gPhOkcvr0fvZRhIxxixjmcbw2pRz7EpTGfjUU8FN7jEg7YP4=
Received: from SA0PR11MB4576.namprd11.prod.outlook.com (2603:10b6:806:97::10) by SN6PR11MB2893.namprd11.prod.outlook.com (2603:10b6:805:dc::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.26; Tue, 9 Mar 2021 17:42:11 +0000
Received: from SA0PR11MB4576.namprd11.prod.outlook.com ([fe80::3515:3204:e764:1242]) by SA0PR11MB4576.namprd11.prod.outlook.com ([fe80::3515:3204:e764:1242%8]) with mapi id 15.20.3912.027; Tue, 9 Mar 2021 17:42:11 +0000
From: "Ketan Talaulikar (ketant)" <ketant@cisco.com>
To: Alvaro Retana <aretana.ietf@gmail.com>, "draft-ietf-lsr-ospf-prefix-originator@ietf.org" <draft-ietf-lsr-ospf-prefix-originator@ietf.org>
CC: John Scudder <jgs@juniper.net>, "lsr-chairs@ietf.org" <lsr-chairs@ietf.org>, "lsr@ietf.org" <lsr@ietf.org>, Christian Hopps <chopps@chopps.org>
Thread-Topic: [Lsr] AD Review of draft-ietf-lsr-ospf-prefix-originator-07
Thread-Index: AQHXAgTWfHHVZjBHn0ex//WfrxLFVKpa2Q8AgB+CcvCAAGQKgIABPVDw
Date: Tue, 09 Mar 2021 17:42:11 +0000
Message-ID: <SA0PR11MB4576F59E059C1F2198BC8A7AC1929@SA0PR11MB4576.namprd11.prod.outlook.com>
References: <CAMMESsx1NLSRj8O4B6qgmZa3sW_nTAt_8inV-rJ_sPtMPJS2Rg@mail.gmail.com> <016001d7046e$8ce7e3c0$a6b7ab40$@org.cn> <MW3PR11MB457060CA68F49896C284537BC1939@MW3PR11MB4570.namprd11.prod.outlook.com> <CAMMESsyGE=Mrz_URAvhX8LCT5+mm+EQK1nrfi0+cq-yTgn4UTA@mail.gmail.com>
In-Reply-To: <CAMMESsyGE=Mrz_URAvhX8LCT5+mm+EQK1nrfi0+cq-yTgn4UTA@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [72.163.220.7]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c5b91d0f-9f1b-4530-bfec-08d8e322ab58
x-ms-traffictypediagnostic: SN6PR11MB2893:
x-microsoft-antispam-prvs: <SN6PR11MB2893D02FA4294BB7844B60DBC1929@SN6PR11MB2893.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4GmprHfXtIrEWZdIMTSrrFfrhTP6mXWeO6mZ1KG3lSCEAGQGH2HIrNg+0akeAdF5ckbvScxSk07zQuvY2ttvvrrv5tOLNF2jdoTq47O4DDYnRENUQ6iWAY8jwCjpGWZkiS65HjteC/gEXjcAAH44ubKTkgoquQsrbnxKfn+L2VM8X0y0ji597WdC+C7I3R0hU6XSG5dofEJd/MZ0I/TFo9As2bxTIzpH+0PaUliGFMIHzGo9s+ZOACCxwQnGekmE4GEmLniOHDDn6bXIXJP4s+VPT06zo7LHkMtUa5/QqnT5yTjyM8AOdBFVqfUHIvg4Ly/mUrFLxdn/UsTygrdX7bu19dldv2QM/4f1grY3+jKy47IGua9vk7+GQQ6ArX0ZIhbVGPbe1vyVo6OzPC8dQYW59W5Agj0WnzvmHZ3rgXHIpAgcQdeojLWIkbGXP8MrOendU43/4shjFUfQ/AhDE5o1GPLbklnb1BLq8tr6KfF/7eiLX7uqptCBiBHpGTCc7mpCLJr3j/Cjk5BU8JXqcw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA0PR11MB4576.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(366004)(346002)(39860400002)(396003)(376002)(8676002)(9686003)(7696005)(71200400001)(66574015)(83380400001)(2906002)(4326008)(186003)(33656002)(5660300002)(54906003)(8936002)(66946007)(64756008)(26005)(478600001)(316002)(76116006)(66556008)(55016002)(66446008)(86362001)(6506007)(52536014)(53546011)(110136005)(66476007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: sx9sTJTgLEPoojHnTySOKaGBWQhEUStgtITTes5f4Tb/lgwrXKKtyzu7xdqFMqqOGX7DY/WYTXOMQ8UdSPjjRRq7xbNiwFqSD4w5RPrLIeVHoNYtHqpwLNwEPGSKi97/nXwSyi+EJrbFkQmZFTncFbg5Enu2Q0ZE6YZsSMZLKhD5/xbA/cos52YDOuhnGzD99ao70TI4nNvux/vdvnhXU6UBY64AYGqeqU36cc0mj5Bs2HdHPBMaLy6gx8FT70W+w3KnL/gTu4v7qlFgBRHjAXguWf2faQE14MmQq9WNWRR94rsU6B43+t7eN3snccjSijaxfNHIHrb7UFyLu4f04onvkyT8W1nK3Oww27U1Xf8B/6zn+GSHxI3KquCs+QNoVUAIV6bVBpMpcsYMActyXEznoID/3pm4LN+c96ah93JjY043s8mT2lReqdtqILQPVL+F8pa0xkQNiAYoPOTlRU13DvXi/8XNHXyKrfMA59W6DA3PK3KQP0M+kPucCoHgQOPw3mnUpc+0YTQeUnJ+B3T+0wXgDVb74v829Rtt9D1d8tCrk3pQjIZAAbBr5FoA1VYgwMUFt+rp29U+ITGf4OGx4msOCt6TgFZeVZvRQW8dIaNUd5HOERSDq5JLsAMHWi682YAZNi5fYYXZU2HKJhiZsGVLz25/lJTgWgrSqCh5j461iQfM08tJ/S6OGrCMPijNJ0HQ+oXlYZNKSLy7CTN+AoaiMTQtc/i9CikZnOoFm1lfayTnZd86092A54bbK1BA2hNCvMTvGiEd0EAqJQQDPku5IE9DTbJOizS96YJaVyyDjnC05UGimTagnoXJWlNoUogAWMT1jYOYWBcMh19bdX3Wtv2l5mRthVspUzZw5gkVH2FWcv9Jk5UwTThd1jC18JWQ4R1gRbu0fDvbNtSVCrGnRjz+4tAgCyjy+STlAonZV+Gvasw53hMPhU/ZFUjPYChYdQUeXRGTo70s8aBQ9AcBPMhhCzKBp1NyFuOx/73vycZ6KaO+v7sqV+Kxov4H87LNHQ2YaTZRC0HAJhhRdr55EeDsIGQCmS5aGhjYCggPRCnlDkb55bw3TroUp/6DOOmknhLxutPi9mItO0boHwcVVR7i1mjBx38qG5sdAUtLRFuwWK/1P/NKP7UhKPcrrrpZbm/MUfuimTJgzxvRZxYN/+fhhSuxvio9/z87F8fajD9nr933ibTJzJGMtXYS/ADi5RmmOUv1/8DRfZeTH6/jp+ZXf947Bh9NDyuv0msGkMxdHK/6OS5Oi0wFpe3WMEQdv8Pga6M7ogW4dtjSijTtWH4MZO2XnC137WHD7Uyaec7lwISfHzAAngWO
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA0PR11MB4576.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c5b91d0f-9f1b-4530-bfec-08d8e322ab58
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Mar 2021 17:42:11.5072 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 2jFs8slmfjfomEBUycg2F42f7rZ1kqWAzuLD4uoLZCgG5W2guuWuPbnnA2nbLprw0W47128tFPkjZ9COyX+Jkg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB2893
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.16, xbe-aln-001.cisco.com
X-Outbound-Node: alln-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/MzbJMGJcW3gog0LU0yGpK1mB5Zg>
Subject: Re: [Lsr] AD Review of draft-ietf-lsr-ospf-prefix-originator-07
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Mar 2021 17:42:24 -0000

Hi Alvaro,

Please check inline below with [KT2]

I will wait for your responses on a few of the points before posting the draft update.

-----Original Message-----
From: Alvaro Retana <aretana.ietf@gmail.com> 
Sent: 09 March 2021 02:57
To: Ketan Talaulikar (ketant) <ketant@cisco.com>; draft-ietf-lsr-ospf-prefix-originator@ietf.org
Cc: John Scudder <jgs@juniper.net>; lsr-chairs@ietf.org; lsr@ietf.org; Christian Hopps <chopps@chopps.org>
Subject: RE: [Lsr] AD Review of draft-ietf-lsr-ospf-prefix-originator-07

On March 8, 2021 at 12:35:52 PM, Ketan Talaulikar (ketant) wrote:


Ketan:

Hi!

I have a couple of comments below, which I think can be handled with other last-call comments.  I'm starting the IETF LC.

Thanks!!

Alvaro.




...
> 127 2. Protocol Extensions
>
> 129 This document defines the Prefix Source Router-ID and the Prefix
> 130 Originator Sub-TLVs for inclusion of the Router ID and a reachable
> 131 address information for the router originating the prefix as a 
> prefix
> 132 attribute.
>
> [major] I understand that the 2 sub-TLVs are optional and complement 
> each other. Is there an expectation for both to be present? Should 
> (SHOULD/MUST) both be present? What if they're not?
>
> [KT] There is no dependency between the two and hence either one or 
> both of them may be advertised.

Why do we need both then?  Can the users of this information figure stuff out with only one?  After all you added the Prefix Originator Sub-TLV for a reason. ;-)
[KT2] One sub-TLV signals the OSPF Router-ID of the originating node in the OSPF domain, the other sub-TLV signals a reachable address of the originating node (may be within or even outside the OSPF domain for external prefixes). The draft explains this in the introduction and the procedures. I think perhaps it helps if we rename as

s/Prefix Source Router-ID Sub-TLV/Prefix Source OSPF Router-ID Sub-TLV
s/Prefix Originator Sub-TLV/Prefix Source Router Address Sub-TLV

...
> 134 2.1. Prefix Source Router-ID Sub-TLV ...
> 161 o OSPF Router ID : the OSPF Router ID of the OSPF router that
> 162 originated the prefix advertisement in the OSPF domain.
>
> [major] Should there be a relationship between the router ID and the 
> Advertising Router field in the LSA containing the prefix? What does 
> it mean if the router ID doesn't match?
>
> [KT] The value MUST match for intra-area. So we can clarify this part 
> and if it does not match then the sub-TLV can be ignored. For external (e.g.
> Type 5), we cannot determine because we don't know if it was not 
> translated from Type 7 to Type 5 by an NSSA ABR. Same way we cannot 
> figure this out reliably for inter-area prefix advertisements. Not 
> sure if there is anything we can say other than intra-area.

Right.

OLD>
   For intra-area prefix advertisements, the Prefix Source Router-ID
   Sub-TLV MUST be considered invalid and ignored if it is not the same
   as Advertising Router ID for the prefix advertisement.

NEW>
   For intra-area prefix advertisements, the Prefix Source Router-ID Sub-TLV
   MUST be considered invalid and ignored if the OSPF Router ID field is not
   the same as the Advertising Router field in the containing LSA.
[KT2] Ack


For inter-area, maybe it's worth mentioning the fact that it cannot be verified, so a rogue ABR (see more on rogue below) can inject incorrect information.
[KT2] Ack. Will add - " Similar validation cannot be reliably performed for inter-area and external prefix advertisements." At the end of the above paragraph. 


> [major] Even though this document doesn't specify any 
> OSPF-in-the-network action based on the new information, it does say 
> that the information is useful for "topology analysis and traffic 
> engineering", which means that the values may have an impact on route 
> calculation (at a controller). I'm asking the questions about matching 
> values because (if they don't) then it would be relatively easy for a 
> rogue node to introduce non-congruent values which could have an effect on the controller's decision.
>
> [KT] We need to remember that we are talking about a prefix 
> advertisement - a rogue would need to make a prefix advertisement 
> first (which is considered for OSPF routing) and only then comes the 
> part when this sub-TLV value is mismatched. Isn't the first part a bigger issue?

Yes.  But a rogue node can already do that!!  This draft adds the second part.

Note that by rogue I mean a router that has been subverted; e.g.
someone got the password and now has the ability to inject anything into the network.  In this case authentication does not help because the router has the proper keys.

Note that I'm not asking you to fix the problem -- just to mention the new risk.
[KT2] I am assuming you are asking for this to be mentioned in the Securities Considerations section. I am not sure what would be a helpful text here. Does the following work?

<NEW/>
A rogue node that can inject prefix advertisements may use the new extensions introduced in this document to indicate incorrect prefix source information.
</NEW>


...
> 172 2.2. Prefix Originator Sub-TLV
> ...
> 198 o Router Address: A reachable IPv4 or IPv6 router address for the
> 199 router that originated the IPv4 or IPv6 prefix advertisement.
> 200 Such an address would be semantically equivalent to what may be
> 201 advertised in the OSPFv2 Router Address TLV [RFC3630] or in the
> 202 OSPFv3 Router IPv6 Address TLV [RFC5329].
>
> [minor] "semantically equivalent" The text in §3 says that the 
> addresses are the same -- what is "semantically equivalent", and is 
> that different from "the same"?
>
> [KT] There are implementation which allow different loopback (i.e. 
> node) addresses being specified/used for the TE Router-ID. So 
> semantically indicates have similar properties (e.g. cannot be 
> anycast) but does not have to be the same address technically.

Ok.  Please explain that in the text.
[KT2] Ack 


> 204 A prefix advertisement MAY include more than one Prefix Originator
> 205 sub-TLV, one corresponding to each of the Equal-Cost Multi-Path
> 206 (ECMP) nodes that originated the given prefix.
>
> [] Same questions as above.

You changed the text in the previous section, but not the one here.
[KT2] Fixed. 


...
> 226 If the originating node is advertising an OSPFv2 Router Address 
> TLV
> 227 [RFC3630] or an OSPFv3 Router IPv6 Address TLV [RFC5329], then 
> that
> 228 value is set in the Router Address field of the Prefix Originator
> 229 Sub-TLV. When the originating node is not advertising such an
> 230 address, implementations MAY support mechanisms to determine a
> 231 reachable address (e.g., advertised with the N-flag set [RFC7684] 
> or
> 232 N-bit set [RFC8362] and either matching the OSPF Router ID or the
> 233 highest IP address) belonging to the originating node to set in 
> the
> 234 Router Address field.
>
> [minor] "then that value is set" Which value?
>
> s/then that value is set/then the same address MUST be used
>
> [KT] I would use SHOULD - please see my previous comment about them 
> being semantically equivalent but not necessary have to be the same 
> (e.g. if an implementation provided a separate knob for it).

Ok.  When is it ok to not use the same address?  Put another way, why would an implementation provide a knob in the first place?
[KT2] We will change this to MUST - this is to be consistent with ISIS and also, there isn't any strong reason that I could think of to do it otherwise.

...
> [major] "MAY support mechanisms to determine a reachable address" I 
> don't understand how this action can be optional.
>
> [KT] An implementation can choose not to advertise this sub-TLV - it 
> is optional and hence we are not mandating. The address just has to be 
> a reachable address of that node.

The specification should be written from the point of view of an implementation of this document.  IOW, if the functionality is implemented would "mechanisms to determine a reachable address" be required?   I think the answer is yes, right?

s/MAY support/MUST support   ("must" is also ok)
[KT2] Ack. Instead of "must", I would propose "can". 



> [minor] "advertised with the N-flag set" Are you suggesting that if 
> the N-flag is set then the Prefix Originator Sub-TLV doesn't need to be present?
> I know it was just an example, but it raises the question of: what if 
> the N-flag is set and the Prefix Originator Sub-TLV is present, and 
> the addresses don't match?
>
> [KT] This is about which address may be picked for advertisement in 
> the Prefix Originator sub-TLV - picking a node address with N-flag set 
> indicates that it is associated with that node and also that it is not anycast.

I think we could live without the example.
[KT2] Have updated the text since this is not an example.

Thanks,
Ketan

v2.23.0 | Report a Bug | By Email