[Lsr] 答复: I-D Action: draft-ietf-lsr-pce-discovery-security-support-01.txt

"Aijun Wang" <wangaijun@tsinghua.org.cn> Wed, 26 June 2019 07:36 UTC

Return-Path: <wangaijun@tsinghua.org.cn>
X-Original-To: lsr@ietfa.amsl.com
Delivered-To: lsr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C35A120153; Wed, 26 Jun 2019 00:36:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SCrxjp9wFUP1; Wed, 26 Jun 2019 00:36:26 -0700 (PDT)
Received: from mail-m17612.qiye.163.com (mail-m17612.qiye.163.com [59.111.176.12]) by ietfa.amsl.com (Postfix) with ESMTP id 9A29B12010E; Wed, 26 Jun 2019 00:36:21 -0700 (PDT)
Received: from WangajPC (unknown [219.142.69.77]) by mail-m17612.qiye.163.com (Hmail) with ESMTPA id 43DCF421D81; Wed, 26 Jun 2019 15:36:14 +0800 (CST)
From: "Aijun Wang" <wangaijun@tsinghua.org.cn>
To: "'Les Ginsberg \(ginsberg\)'" <ginsberg@cisco.com>, "'Acee Lindem \(acee\)'" <acee@cisco.com>, <draft-ietf-lsr-pce-discovery-security-support@ietf.org>
Cc: <lsr@ietf.org>
References: <155953350234.21547.271455258761348084@ietfa.amsl.com> <BYAPR11MB3638D2C9D9D5E8AC8174ADCFC1140@BYAPR11MB3638.namprd11.prod.outlook.com> <B29B0EFC-89D3-48B0-A138-F5DB5C5733A4@cisco.com> <BYAPR11MB3638373AA6FC68382FCBE77CC1E10@BYAPR11MB3638.namprd11.prod.outlook.com>
In-Reply-To: <BYAPR11MB3638373AA6FC68382FCBE77CC1E10@BYAPR11MB3638.namprd11.prod.outlook.com>
Date: Wed, 26 Jun 2019 15:36:11 +0800
Message-ID: <006f01d52bf1$d569efa0$803dcee0$@org.cn>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0070_01D52C34.E38D2FA0"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AQHVGb7XYvB2HV8clE60nbKuVn4cRaaJb0zggB7RggCAAEgfUIAFHVPA
Content-Language: zh-cn
X-HM-Spam-Status: e1kIGBQJHllBWVZKVUlOTktLS0lISE1OS0lKWVdZKFlBSkxLS0o3V1ktWU FJV1kJDhceCFlBWTU0KTY6NyQpLjc#WQY+
X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6Pio6Hio*KTlPLClRLg49FR5O IT4aFE9VSlVKTk1KTkhPTkxCQk1NVTMWGhIXVQwaFRwaEhEOFTsPCBIVHBMOGlUUCRxVGBVFWVdZ EgtZQVlJSkJVSk9JVU1CVUxMWVdZCAFZQU9JQkxJNwY+
X-HM-Tid: 0a6b92b6af5793b9kuws43dcf421d81
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/S8rGWklgifrrrikXUYysmRlv1IA>
Subject: [Lsr] =?utf-8?b?562U5aSNOiAgSS1EIEFjdGlvbjogZHJhZnQtaWV0Zi1sc3It?= =?utf-8?q?pce-discovery-security-support-01=2Etxt?=
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jun 2019 07:36:30 -0000

Hi, Les:

 

For the situation that PCE is not an LSR, this draft also provides some help for other LSRs to find the PCE-----one can configure the PCE related info on one of the LSR/PCC, and then this LSR/PCC flood such information to other LSRs/PCCs? Or else, every PCC/LSR should know the PCE by manually configuration? This is applicable for RFC5088/5089.

The restriction stated in Section <https://tools.ietf.org/html/rfc5088#section-4>  4 of [RFC5088] and Section <https://tools.ietf.org/html/rfc5089#section-4>  4 of [RFC5089] seems not reasonable now, because the security communication consideration between PCE and PCC is important, as that pointed out in this draft.
 
I think we can have two options for such confliction avoidance:
1. Put this draft in individual document, update the RFC5088/5089 in their bis version(just to eliminate the above restriction)----Easy for the author, not for the reader, but is the most common way for such situation?
2. Merger this draft with RFC5088/RFC5089 in their bis version-----As Les pointed out, will be easier for the reader. But how to arrange the author list?
 
And another opinion is that IGP is suitable to transfer the information that needed by routers within the IGP domain. Such piggyback action can simplify the operation of network. Or else, the network should operate different protocols to accomplish such task.

 

Best Regards.

 

Aijun Wang

Network R&D and Operation Support Department

China Telecom Corporation Limited Beijing Research Institute,Beijing, China.

 

-----邮件原件-----
发件人: Les Ginsberg (ginsberg) [mailto:ginsberg@cisco.com] 
发送时间: 2019年6月23日 8:58
收件人: Acee Lindem (acee); draft-ietf-lsr-pce-discovery-security-support@ietf.org
抄送: lsr@ietf.org
主题: Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discovery-security-support-01.txt

 

Acee -

 

Thanx for reviving this thread.

 

In fairness, Qin did respond - and we exchanged a couple of emails on this thread - though I would not say that we had reached closure.

 

He also sent an email to PCE WG asking for an update on their position - but to date I have seen no response to that.

 

So for me - this topic is still open for further discussion - both by the authors and the LSR/PCE WGs.

 

  Les

 

> -----Original Message-----

> From: Acee Lindem (acee)

> Sent: Saturday, June 22, 2019 1:36 PM

> To:  <mailto:draft-ietf-lsr-pce-discovery-security-support@ietf.org> draft-ietf-lsr-pce-discovery-security-support@ietf.org

> Cc:  <mailto:lsr@ietf.org> lsr@ietf.org; Les Ginsberg (ginsberg) < <mailto:ginsberg@cisco.com> ginsberg@cisco.com>;

> Subject: Re: [Lsr] I-D Action: 

> draft-ietf-lsr-pce-discovery-security-support-

> 01.txt

> 

> Authors - can you respond to Les' comments?

> Thanks,

> Acee

> 

> On 6/3/19, 2:22 AM, "Lsr on behalf of Les Ginsberg (ginsberg)" <lsr- 

>  <mailto:bounces@ietf.org> bounces@ietf.org on behalf of  <mailto:ginsberg@cisco.com> ginsberg@cisco.com>; wrote:

> 

>     A few - somewhat tardy - concerns about this draft.

> 

>     1)During adoption call it was mentioned that PCE WG had not taken 

> a position on this draft. Since I don't follow PCE WG (apologies) I 

> need to ask - has that status changed??

> 

>     2)As discussed during the adoption call, the draft removes the 

> restriction specified in RFC 5088/5089 of not allowing further PCE 

> related advertisements in Router Capability TLV/Router Information LSA.

>     Acee had mentioned that he thought this was no longer a concern 

> because in RFC 7770 multiple OSPF Router Information LSA support was introduced.

> But this is really not relevant to the reason that the restriction was 

> originally introduced.

> 

>     The restriction was introduced because of general concern that 

> using IGPs to advertise information not directly relevant to the 

> operation of the IGP as a routing protocol is sub-optimal and 

> negatively impacts the performance of the primary IGP functions.

> 

>     I am aware that this is a line that has been crossed (in modest 

> ways) more than once - and I am not categorically opposing the 

> extensions proposed - but I do wonder if this is the most appropriate 

> way to advertise the new attributes - particularly since this does not 

> solve the general case - it only applies when the PCE is also an LSR. 

> I think a broader discussion of this issue is warranted.

> 

>     3)If the draft goes forward in its current form, it updates RFC 

> 5088/5089 in a significant way (the removal of restriction against 

> additional PCE related IGP

> advertisements) - in which case I wonder if it would be better to 

> write an RFC

> 5088/89 bis document rather than an extension document.

> 

>     And, BTW, do you know why the HTML version of the document has no 

> table of contents?

> 

>        Les

> 

> 

>     > -----Original Message-----

>     > From: Lsr < <mailto:lsr-bounces@ietf.org> lsr-bounces@ietf.org>; On Behalf Of  <mailto:internet-drafts@ietf.org> internet-drafts@ietf.org

>     > Sent: Sunday, June 02, 2019 8:45 PM

>     > To:  <mailto:i-d-announce@ietf.org> i-d-announce@ietf.org

>     > Cc:  <mailto:lsr@ietf.org> lsr@ietf.org

>     > Subject: [Lsr] I-D Action: 

> draft-ietf-lsr-pce-discovery-security-support-

> 01.txt

>     >

>     >

>     > A New Internet-Draft is available from the on-line 

> Internet-Drafts directories.

>     > This draft is a work item of the Link State Routing WG of the IETF.

>     >

>     >         Title           : IGP extension for PCEP security capability support in the

> PCE

>     > discovery

>     >         Authors         : Diego R. Lopez

>     >                           Qin Wu

>     >                           Dhruv Dhody

>     >                           Michael Wang

>     >                           Daniel King

>     >          Filename        : draft-ietf-lsr-pce-discovery-security-support-01.txt

>     >          Pages           : 10

>     >          Date            : 2019-06-02

>     >

>     > Abstract:

>     >    When a Path Computation Element (PCE) is a Label Switching Router

>     >    (LSR) participating in the Interior Gateway Protocol (IGP), or even a

>     >    server participating in IGP, its presence and path computation

>     >    capabilities can be advertised using IGP flooding.  The IGP

>     >    extensions for PCE discovery (RFC 5088 and RFC 5089) define a method

>     >    to advertise path computation capabilities using IGP flooding for

>     >    OSPF and IS-IS respectively.  However these specifications lack a

>     >    method to advertise PCEP security (e.g., Transport Layer

>     >    Security(TLS), TCP Authentication Option (TCP-AO)) support

>     >    capability.

>     >

>     >    This document proposes new capability flag bits for PCE-CAP-FLAGS

>     >    sub-TLV that can be announced as attribute in the IGP advertisement

>     >    to distribute PCEP security support information.  In addition, this

>     >    document updates RFC 5088 and RFC 5089 to allow advertisement of

> Key

>     >    ID or Key Chain Name Sub-TLV to support TCP AO security capability.

>     >

>     >

>     > The IETF datatracker status page for this draft is:

>     >  <https://datatracker.ietf.org/doc/draft-ietf-lsr-pce-discovery-security-> https://datatracker.ietf.org/doc/draft-ietf-lsr-pce-discovery-security-

>     > support/

>     >

>     > There are also htmlized versions available at:

>     > 

>  <https://tools.ietf.org/html/draft-ietf-lsr-pce-discovery-security-supp> https://tools.ietf.org/html/draft-ietf-lsr-pce-discovery-security-supp

> ort-

> 01

>     > 

>  <https://datatracker.ietf.org/doc/html/draft-ietf-lsr-pce-discovery-> https://datatracker.ietf.org/doc/html/draft-ietf-lsr-pce-discovery-

> security-

>     > support-01

>     >

>     > A diff from the previous version is available at:

>     >  <https://www.ietf.org/rfcdiff?url2=draft-ietf-lsr-pce-discovery-security-> https://www.ietf.org/rfcdiff?url2=draft-ietf-lsr-pce-discovery-security-

>     > support-01

>     >

>     >

>     > Please note that it may take a couple of minutes from the time 

> of submission

>     > until the htmlized version and diff are available at tools.ietf.org.

>     >

>     > Internet-Drafts are also available by anonymous FTP at:

>     >  <ftp://ftp.ietf.org/internet-drafts/> ftp://ftp.ietf.org/internet-drafts/

>     >

>     > _______________________________________________

>     > Lsr mailing list

>     >  <mailto:Lsr@ietf.org> Lsr@ietf.org

>     >  <https://www.ietf.org/mailman/listinfo/lsr> https://www.ietf.org/mailman/listinfo/lsr

> 

>     _______________________________________________

>     Lsr mailing list

>      <mailto:Lsr@ietf.org> Lsr@ietf.org

>      <https://www.ietf.org/mailman/listinfo/lsr> https://www.ietf.org/mailman/listinfo/lsr

> 

 

_______________________________________________

Lsr mailing list

 <mailto:Lsr@ietf.org> Lsr@ietf.org

 <https://www.ietf.org/mailman/listinfo/lsr> https://www.ietf.org/mailman/listinfo/lsr