Re: [Lsr] AD Review of draft-ietf-lsr-isis-srv6-extensions-11

Peter Psenak <ppsenak@cisco.com> Thu, 25 March 2021 10:04 UTC

Return-Path: <ppsenak@cisco.com>
X-Original-To: lsr@ietfa.amsl.com
Delivered-To: lsr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29B893A1C37; Thu, 25 Mar 2021 03:04:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.6
X-Spam-Level:
X-Spam-Status: No, score=-4.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, GB_SUMOF=5, NICE_REPLY_A=-0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KFzX6cPndAGo; Thu, 25 Mar 2021 03:04:32 -0700 (PDT)
Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1352D3A1BFD; Thu, 25 Mar 2021 03:03:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=38884; q=dns/txt; s=iport; t=1616666635; x=1617876235; h=from:subject:to:cc:references:message-id:date: mime-version:in-reply-to:content-transfer-encoding; bh=MU+FJpCYdnPl0Vyd/e3fROXrpb1PLC4vXJpJotYi2q8=; b=Ey8Rj7SKj0us9SiF+F1NYguK+jLbndJDGe420WN/BNDmbpO9eX8mJ/e0 ZdOlFKqTDTdWuQ1ozqr3p2vKMCffmdUbhP6cEvClyMkWSqg90A6XB5BpQ /EPL2wSPOpREGGJicq3xa/bFNvuMMDbgew/cLltL3wXoTFEgP0WKiIPj2 Q=;
X-IPAS-Result: =?us-ascii?q?A0CdBQBKX1xglxbLJq1agQmBUIF2gStWAScShHOJBIgXC?= =?us-ascii?q?CUDgQmOGotTgWgLAQEBDygMBAEBgToBgxUCgX0mNwYOAgMBAQEDAgMBAQEBB?= =?us-ascii?q?QEBAQIBBgQUAQEBAQEBAQGGNg2GRAEBAQMBGgEIDwEFLwQDBAcQCw4EBgICJ?= =?us-ascii?q?gICSQ4GAQwIAQGCaAQBgmYhD6o0d4EyhD8BhFSBPgaBDyqLHIInQoFJQoERA?= =?us-ascii?q?QEmDII0NT6CYAKBGBEBEgEHgzCCYASBSwkBUhkGARYbDCYECCcDBhsEHi4II?= =?us-ascii?q?wo9CAIKCAoCEgYBAQENAxYPCwYYAg+QJRMSB4s7jD+QSIEUgxCDOYYghxaLZ?= =?us-ascii?q?gUHAx+DSIpsBIVfih6GGZUGgg6JUpIdLQEZhG6BaiIPXHAzGggbFTuCNQEBM?= =?us-ascii?q?08ZDY4rDQmIYYVGQANnAgYBCQEBAwmFJQIEIgeCFgEB?=
IronPort-HdrOrdr: A9a23:olx4na+wbyejvKv/mXtuk+GRdb1zdoIgy1knxilNYDZeG/b2q+ mFmvMH2RjozBMYX389kd6NUZPwJk/035hz/IUXIPOeRwHgomSlN8VP6oHlzj3mFUTFh4hg/I 1ndLVzD8C1MEhiga/BkW2FOvsp3dXvysCVrMjEyXMFd2tXQoFmqzx0EwOKVnBxLTM2YKYRML q5yo55qyG7eXIRB/7LZEUte+TYvdXEmNbHTHc9ZiIP0wWFgTO25LOSKXHxtSs2aD9Bzawv9m LIiWXCiJmLie2xyRPXygbogqh+pd2J8Ld+LfCXhtNQAjvhjRvAXvUDZ5Sy+BYoveqo9FEm1P 7LrhtIBbUK11rhOkeovBDqxw7slAwL1kan41qZjXz/yPaJPQ4HNw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.81,277,1610409600"; d="scan'208";a="34424528"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 25 Mar 2021 10:03:50 +0000
Received: from [10.60.140.52] (ams-ppsenak-nitro3.cisco.com [10.60.140.52]) by aer-core-2.cisco.com (8.15.2/8.15.2) with ESMTP id 12PA3nme013277; Thu, 25 Mar 2021 10:03:49 GMT
From: Peter Psenak <ppsenak@cisco.com>
To: Alvaro Retana <aretana.ietf@gmail.com>, draft-ietf-lsr-isis-srv6-extensions@ietf.org
Cc: John Scudder <jgs@juniper.net>, "lsr-chairs@ietf.org" <lsr-chairs@ietf.org>, lsr@ietf.org, Christian Hopps <chopps@chopps.org>
References: <CAMMESswF4GiLTRAYeLfhkC4w9tsr2J5YaMNFSG=979Bh2tmULw@mail.gmail.com> <836ca254-1273-7339-4c7d-f92d5e17315f@cisco.com> <CAMMESszNithwE6cGy9pkyb7Zxso=BTqwyO9oza-Ascz-5dU=jg@mail.gmail.com>
Message-ID: <cf0a8c57-96f7-2684-8752-887887dc1831@cisco.com>
Date: Thu, 25 Mar 2021 11:03:49 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <CAMMESszNithwE6cGy9pkyb7Zxso=BTqwyO9oza-Ascz-5dU=jg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Outbound-SMTP-Client: 10.60.140.52, ams-ppsenak-nitro3.cisco.com
X-Outbound-Node: aer-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/VQzBMcrno5z9xhrPh9HGJ1vFers>
Subject: Re: [Lsr] AD Review of draft-ietf-lsr-isis-srv6-extensions-11
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Mar 2021 10:04:37 -0000

Hi Alvaro,

please see inline (##PP2):


On 16/03/2021 21:33, Alvaro Retana wrote:
> On March 11, 2021 at 5:46:51 AM, Peter Psenak wrote:
> 
> 
> Peter:
> 
> Hi!
> 
>> thanks for the review, please see inline (##PP):
> 
> It looks like you didn't get the whole review (Outlook bug).  Take a
> look at it here:
> https://mailarchive.ietf.org/arch/msg/lsr/a4a4I4fP73DyfKsdKnRw_tRuStQ/

##PP2

sigh...

I added the rest of the comments to the end of this email and responded 
inline to them.

> 
> 
> 
> ...
>>> Just one high-level comment: It is not clear to me why all the
>>> behaviors from rfc8986 are not covered in this document. If some are
>>> not applicable, or are covered elsewhere, please explain in the text.
>>
>> ##PP
>> not all behaviors from rfc8986 are applicable to IGPs. Section 10
>> ("Advertising Endpoint Behaviors") lists the ones that are applicable to
>> ISIS.
> 
> I understand that -- other readers may not.

##PP2
we defined all behaviors that rfc8986 mentions should be advertised by 
IGP, except the END.T. The END.T was originally defined, but during the 
WGLC it was removed based on WG discussion:

Mailing list discussion:
Thread1: 
https://mailarchive.ietf.org/arch/msg/lsr/0Bp5DJrRJPvRyzZMZS0P_OE8Y7Q/
Thread2: 
https://mailarchive.ietf.org/arch/msg/lsr/nKJbY5f6SHEwVCqqfoXSPidGKXQ/




> 
> Also, §8.1/rfc8986 talks about what is expected to be carried in the
> IGP.  End.T is not included in this document.
> 
> 
> ...
>>> 148 2. SRv6 Capabilities sub-TLV
>>>
>>> 150 A node indicates that it supports the SR Segment Endpoint Node
>>> 151 functionality as specified in [RFC8754] by advertising a new SRv6
>>> 152 Capabilities sub-TLV of the router capabilities TLV [RFC7981].
> ...
>>> [minor] "router capabilities TLV [RFC7981]" What should be the
>>> flooding scope of the TLV that includes this new sub-TLV?
>>
>> ##PP
>> It's up to the originator to set the S bit or not. We are not limiting
>> it here.
> 
> But if the originator doesn't set the correct flooding scope then the
> information will not make it to where is has to.  I would like to see
> some guidance on the setting of the bit -- I'm assuming that most of
> the cases require the S bit to be set, right?

##PP2
not really. There is no need for the SRv6 Capabilities sub-TLV to be 
propagated across the area for now. If it will become required later, 
the S-bit is there. We don't really want to specify what is required 
because that may change over time. We are defining it in a way that both 
area and domain wide scope is possible. It's up to the user to pick 
which one does he need.

> 
> 
> ...
>>> 200 4.1. Maximum Segments Left MSD Type
> ...
>>> 208 If no value is advertised the supported value is assumed to be 0.
>>>
>>> [major] What exactly does this MSD type signal? Is this the
>>> expectation that the SL will be <= the value when received at the
>>> advertiser? Is there an example of its use? I'm having a hard time
>>> picturing when (for non PSP behaviors) the SL would be more than 0.
>>>
>>
>> ##PP
>>
>> Yes, you are correct. As described in the paragraph right above it, this
>> MSD type specifies what is the maximum value of the "Segments Left"
>> field in the received SRH that this node is capable of processing.
>> A simple example: an ingress PE encapsulates a packet with a new IPv6
>> and SRH. The SRH contains three segments. The Segments Left value of
>> that SRH is set as per RFC8754 4.1, which in this case is equal to 2.
>> The router processing the first segment in the segment list, must
>> support as a minimum an SRH Max SL MSD value of 2 in order to be able to
>> process such packet.
> 
> I see.  It would be very nice if the text said somewhere that the MSD
> applies not just to the final endpoint but also to intermediate nodes.

##PP2
well, I find that a bit misleading. The "router processing the first 
segment" is the one that applies the Endpoint behavior
associated with such SID.

> 
> 
> ...
>>> 252 5. SRv6 SIDs and Reachability
> ...
>>> 280 In cases where a locator advertisement is received in both a Prefix
>>> 281 Reachability TLV and an SRv6 Locator TLV, the Prefix Reachability
>>> 282 advertisement MUST be preferred when installing entries in the
>>> 283 forwarding plane. This is to prevent inconsistent forwarding entries
>>> 284 between SRv6 capable and SRv6 incapable routers.
> ...
>>> [major] "locator advertisement is received in both a Prefix
>>> Reachability TLV and an SRv6 Locator TLV" What information results in
>>> these being an advertisement for the same locator? Is only the
>>> locator (prefix length, etc.) considered, or should the algorithm,
>>> metric, etc. also match?
>>
>> ##PP
>> it's just prefix/mask. I added some text to clarify that.
> 
> So...even if the MT-ID and algorithms are different, the
> advertisements are considered the same?   I don't have a specific case
> right now, but it sounds to me that this could result in some type of
> incongruency.   I'll think more about this later -- no further action
> needed.


##PP2
Prefix Reachability TLV does not have the algo field, so it is 
implicitly associated with Algo 0. Yes, MT-ID needs to be considered, I 
have clarified that in the text.


> 
> 
> ...
>>> [major] The SRv6 Locator TLV is a new TLV. If no Prefix Reachability
>>> TLVs are present, how should the new TLV be used for route
>>> calculation/installation? The text above suggests its use, but there
>>> is no specification.
>>
>> #PP
>> The locator TLV advertises the prefix, same way as the Prefix
>> Reachability. The calculation and installation of the prefix
>> reachability is equal to what is done for regular Prefix Reachability.
>> I added the following text to one of the above paragraphs:
>>
>> "The processing of the prefix advertised in the SRv6 Locator TLV,
>> the calculation of its reachability and the installation in the
>> forwarding plane is similar to one used for Prefix Reachability TLV (236
>> or 237)."
> 
> s/is similar to one used for Prefix Reachability TLV (236 or
> 237)./follows the process defined for the Prefix Reachability TLV (236
> or 237) [rfc5308].
> 
> Would that be ok?

##PP2
done

> 
> 
> 
>>> 291 SRv6 SIDs are not directly routable and MUST NOT be installed in the
>>> 292 forwarding plane. Reachability to SRv6 SIDs depends upon the
>>> 293 existence of a covering locator.
>>>
>>> [major] "MUST NOT be installed" This action depends on how the SIDs
>>> are advertised. For example, if they are included in a Prefix
>>> Reachability TLV then the receiver will install them. IOW, this
>>> action should be specified from the point of view of the sender;
>>
>> ##PP
>> This section talks about received SRv6 SIDs, not locators. SIDs are not
>> advertised in Prefix Reachability TLV. Remote SIDs are never installed
>> in the forwarding.
>>
>> I updated the text to say "SRv6 SIDs received from other nodes..."
>>
>> for
>>> example, "SIDs MUST be advertised in the sub-TLVs...[or maybe]...MUST
>>> NOT be advertised in another TLV...".
>>
>> ##PP
>> the previous section talks about how SIDs are advertised, which is the
>> only way.
> 
> Just to make sure we're talking about the same thing.  The SIDs are
> covered by the LOC, which is routable, installed in the RIB/FIB, etc.

##PP2
yes

> 
> There's nothing in this document or rfc8986 that prevents a SID to
> have the same value as the IP address on a link (see below).  Then
> that link address could be advertised using normal (non-SR-related)
> mechanisms.

##PP2
I'm not sure how one can use the same 128 bit IPv6 address as a local 
address and as a SID at the same time.


> 
> In this case, the receiver would know the address is also a SID.
> Should that result in "MUST NOT be installed"?   Not even the MUSTs
> that I suggested could prevent this situation.

##PP2
regardless of the validity of the case, this section only talks about 
the remote SID. We are not prohibiting the same address advertised 
otherwise to be installed in forwarding in any way.

> 
> 
>>> [major] If some SIDs are advertised as "sub-TLVs in TLVs 22, 23, 222,
>>> 223, and 141", how can the "MUST NOT be installed" be satisfied?
>>
>> ##PP
>> above is the only way how SIDs are advertised.
> 
> This is the text from -11:
> 
>     SRv6 SIDs are advertised as sub-TLVs in the SRv6 Locator TLV except
>     for SRv6 End.X SIDs/LAN End.X SIDs which are associated with a
>     specific Neighbor/Link and are therefore advertised as sub-TLVs in
>     TLVs 22, 23, 222, 223, and 141.
> 
>     SRv6 SIDs are not directly routable and MUST NOT be installed in the
>     forwarding plane.  Reachability to SRv6 SIDs depends upon the
>     existence of a covering locator.
> 
> The text says that there is more than one way to advertise SIDs, *and*
> that they "MUST NOT be installed".

##PP2
there are two ways to advertise SRv6 SIDs in ISIS depending of the SID 
type, but only one way to advertise any particular SID type. So there is 
no duplication possible. I thought the text above is clear on that.

---


...
328	       When the prefix/SRv6 locator is configured as anycast, the A-flag
329	       SHOULD be set. Otherwise, this flag MUST be clear.

[major] When is it ok to not set the flag if advertising an anycast
prefix?  IOW, why is setting the flag recommended and not required?

##PP2
The A-flag is an optional flag. It's hard to mandate the setting of it 
given that anycast has been used for years and we are introducing the 
flag just now.


331	   The A-flag MUST be preserved when leaked between levels.

[minor] s/preserved when leaked/preserved when the advertisement is leaked

##PP2
done



333	   The A-flag and the N-flag MUST NOT both be set.

335	   If both N-flag and A-flag are set in the prefix/SRv6 Locator
336	   advertisement, the receiving routers MUST ignore the N-flag.

[nit] Join the last two paragraphs.

##PP2
done


338	   The same prefix/SRv6 Locator can be advertised by multiple routers.
339	   If at least one of them sets the A-Flag in its advertisement, the
340	   prefix/SRv6 Locator SHOULD be considered as anycast.

[major] "SHOULD be considered as anycast"  Just to make sure I
understand, the A-flag is informational -- there is no action taken by
the receiving router, right?   If so, then there's no interoperability
requirement reflected here.  s/SHOULD/should


##PP2
there can be action on A-flag. For example, you do not want to use the 
SID associated with the anycast Prefix/Locator for TI-LFA or uloop 
prevention. We do not specify the usage here, because the usage is 
optional, but I would keep the SHOULD here.


342	   A prefix/SRv6 Locator that is advertised by a single node and without
343	   an A-Flag SHOULD be interpreted as a node specific locator.

[major] "advertised by a single node and without an A-Flag"  This is
equivalent to the current behavior of a prefix being "advertised by a
single node and without an A-Flag".  IOW, you seem to be specifying
behavior that a node that doesn't implement (or even know about) this
document is expected to follow.

##PP2
if I remove the "prefix" and only keep the SRv6 Locator, would you be 
fine with it? We are defining SRv6 Locator in this document.


[major] Related... What is a "node specific locator"?  The A-flag
functionality could be used in a network that otherwise doesn't
implement SRv6, so calling it a "locator" doesn't seem right.

##PP2
please see my previous response.


[major] "SHOULD be interpreted"  Interpreting is not really an
interoperability-requiring action.  Is there anything here resulting
from the interpretation that requires normative language?

##PP2
what about:

    "An SRv6 Locator that is advertised by a single node and without
     an A-Flag is considered as a node specific locator."


...
349	   The Prefix Attribute Flags Sub-TLV can be carried in the SRv6 Locator
350	   TLV as well as the Prefix Reachability TLVs.  When a router
351	   originates both the Prefix Reachability TLV and the SRv6 Locator TLV
352	   for a given prefix, and the router is originating the Prefix
353	   Attribute Flags Sub-TLV in one of the TLVs, the router SHOULD
354	   advertise identical versions of the Prefix Attribute Flags Sub-TLV in
355	   both TLVs.

[minor] This paragraph doesn't seem necessary given this text in §5:

    In cases where a locator advertisement is received in both a Prefix
    Reachability TLV and an SRv6 Locator TLV, the Prefix Reachability
    advertisement MUST be preferred when installing entries in the
    forwarding plane.

##PP2
above mentioned paragraph does not say anything about the Prefix 
Attribute Flags Sub-TLV present in the advertisement of the same prefix 
in the Locator TLV and Prefix Reachability TLV. So we need to keep it.



[major] If you decide to keep it...  "SHOULD advertise
identical...Prefix Attribute Flags Sub-TLV"   When is it ok to not do
so?  Again, given that the Prefix Reachability TLVs are preferred,
this statement doesn't seem to matter, or carry interoperability
weight.  s/SHOULD/should

##PP
well, not really. The Prefix Attribute Flags Sub-TLV should be the same 
to guarantee the same treatment of both locator and legacy prefix 
advertisements. The fact that the legacy prefix advertisement is 
preferred when installing reachability of the prefix to forwarding does 
not mean the Prefix Attribute Flags Sub-TLV advertised with Locator TLV 
is useless - it can still be used when using Locator for other things - 
e.g. derive SID for TILFA protection, etc.


[] This point is related to Gunter's recent e-mail [1].

##PP2
the text has been updated to address Gunter's comment as follows:

"The Prefix Attribute Flags Sub-TLV can be carried in the SRv6
  Locator TLV as well as the Prefix Reachability TLVs. When a router 
originates both the Prefix Reachability TLV and the SRv6 Locator TLV for 
a given prefix, and the router is originating the Prefix Attribute Flags 
Sub-TLV in one of the TLVs, the router SHOULD advertise same flags in 
the Prefix Attribute Flags Sub-TLV in both TLVs. However, unlike TLVs 
236/237 the X-flag in the Prefix Attributes Flags sub-TLV is valid when 
sent in the SRv6 Locator TLV. The state of the X-flag in the Prefix 
Attributes Flags sub-TLV when included in the Locator TLV MUST match the 
setting of the embedded X-flag in any advertisement of the same prefix 
in TLVs 236/237."


[1] https://mailarchive.ietf.org/arch/msg/lsr/AlglGZ8UsZSaPGwwTeA1qyDWQL0/


...
365	7.1.  SRv6 Locator TLV Format
...
369	    0                   1                   2                   3
370	    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
371	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
372	   |   Type        |     Length    |R|R|R|R|    MTID               |
373	   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

[minor] Please add Figure numbers/names for all packet formats.

##PP2
s that really required? I have never done it in any of RFCs I was editor 
for.


...
382	     MTID: Multitopology Identifier as defined in [RFC5120].
383	     Note that the value 0 is legal.

[major] s/MTID/MT ID/g


[] Is the note necessary?

##PP2
I would keep it to, as RFC5120 prevents 0 to be used for TLVs that are 
defined in RFC5120 itself.


[major] What should the receiver do if the MT ID is outside the valid range?

##PP2
MT-ID is defined as 12 bits, so there is no outside range here.



...
403	       0
404	       0 1 2 3 4 5 6 7
405	      +-+-+-+-+-+-+-+-+
406	      |D|    Reserved |
407	      +-+-+-+-+-+-+-+-+

[major] How should these reserved flags be managed?  Please create a 
registry.

##PP2
I'm following what the WG has been doing so far - no registry for flags 
field. If the WG decides to change its policy on this matter, I will 
update the document with the registries.



409	      where:
410	        D bit: When the Locator is leaked from level-2 to level-1, the D
411	        bit MUST be set.  Otherwise, this bit MUST be clear.  Locators
412	        with the D bit set MUST NOT be leaked from level-1 to level-2.
413	        This is to prevent looping.

[major] Is there any difference between this bit and the up/down bit
defined in rfc5305?   To reuse functionality, generalize (to multiple
levels), and avoid redefining please point to the definition in
rfc5305.

##PP2
done


...
418	     Algorithm: 1 octet. Associated algorithm. Algorithm values
419	      are defined in the IGP Algorithm Type registry.

[major] Use this text for all the Algorithm fields.

NEW>
    Algorithm: 1 octet. As defined in rfc8665.

Add a Normative reference.

##PP2
done


421	     Loc-Size: 1 octet. Number of bits in the SRv6 Locator field.
422	     (1 - 128)

[major] What should the receiver do if the Loc-Size is not in that range?


##PP2
Added:

"MUST be from the range (1 - 128). The TLV MUST be ignored if the 
Loc-Size is outside of this range."

...
429	     Sub-TLV-length: 1 octet. Number of octets used by sub-TLVs

[nit] Note that the name of the field in the packet format shown above
is written as "Sub-tlv-len".  Please be consistent!

##PP2
fixed


[major] Please indicate which sub-TLVs are applicable/can be included
with this new TLV.  I know that §12.1.2 updates the registry, but that
is not normative with respect to the operation of the protocol.  This
seems like a simple (one-sentence) addition since all the sub-TLVs
seem applicable.

##PP2:

Added:
Optional sub-TLVs: Sub-TLVs 1, 2, 4, 5, 11, 12 are allowed. Any other 
Sub-TLVs MUST be ignored.


431	     Optional sub-TLVs.

[] This seems to be leftover text.

##PP2
modified as above.


433	7.2.  SRv6 End SID sub-TLV

435	   The SRv6 End SID sub-TLV is introduced to advertise SRv6 Segment
436	   Identifiers (SID) with Endpoint behaviors which do not require a
437	   particular neighbor in order to be correctly applied
438	   [I-D.ietf-spring-srv6-network-programming].  SRv6 SIDs associated
439	   with a neighbor are advertised using the sub-TLVs defined in
440	   Section 8.

[minor] "which do not require a particular neighbor in order to be
correctly applied"  Which behaviors are those?   I didn't find in
rfc8986 any similar phrasing.  You may want to put a reference to
Section 10 instead.

##PP2
This is ISIS specific categorization, not something specified in 
rfc8986. I removed the reference to rfc8986 and added reference to 
section 10.


...
470	      Flags: 1 octet.  No flags are currently defined.

[minor] How will these flags be managed?  Do you want to define a new 
registry?

##PP2
I'm following what the WG has been doing so far - no registry for flags 
field. If the WG decides to change its policy on this matter, I will 
update the document with the registries.



472	      Endpoint Behavior: 2 octets, as defined in [I-D.ietf-spring-srv6-
473	      network-programming].  Legal behavior values for this sub-TLV are
474	      defined in Section 10 of this document.

[major] What should the receiver do if an illegal value is received?

[nit] s/Legal/Allowed

##PP2
I have changed the text to:

"Supported behavior values for this sub-TLV are defined in Section 10
  of this document. Unsupported or unrecognized behavior values are 
ignored by the receiver."

...
478	      Sub-sub-TLV-length: 1 octet.  Number of octets used by sub-sub-
479	      TLVs.

[nit] Note that the name of the field in the packet format shown above
is written as "Sub-sub-tlv-len".  Please be consistent!

##PP2
fixed


481	      Optional sub-sub-TLVs.

[] Leftover text.

##PP2
I don't think it is leftover text, the list described the content of the 
SRv6 End SID sub-TLV, and "Optional sub-sub-TLVs" are part of it.



483	   The SRv6 End SID MUST be a subnet of the associated Locator.  SRv6
484	   End SIDs which are NOT a subnet of the associated locator MUST be
485	   ignored.

[minor] s/NOT/not/g   This is not an rfc2119 keyword.

##PP2
fixed



...
494	8.  Advertising SRv6 Adjacency SIDs
...
508	   All End.X SIDs MUST be a subnet of a Locator with matching topology
509	   and algorithm which is advertised by the same node in an SRv6 Locator
510	   TLV.  End.X SIDs which do not meet this requirement MUST be ignored.

512	   All End.X and LAN End.X SIDs MUST be subsumed by the subnet of a
513	   Locator with the matching algorithm which is advertised by the same
514	   node in an SRv6 Locator TLV.  End.X SIDs which do not meet this
515	   requirement MUST be ignored.  This ensures that the node advertising
516	   the End.X or LAN End.X SID is also advertising its corresponding
517	   Locator with the algorithm that will be used for computing paths
518	   destined to the SID.

[minor] There is repetition in the last two paragraphs.


[minor] "All End.X SIDs..."  It looks like you're talking about all
SIDs that can be included in the End.X or LAN End.X sub-TLVs, and not
just about End.X (the behavior) SIDs, is that correct?   Please be
specific.


##PP2
correct. Avoided duplication and updated to be specific.



520	8.1.  SRv6 End.X SID sub-TLV
...
561	         B-Flag: Backup flag.  If set, the End.X SID is eligible for
562	         protection (e.g., using IPFRR) as described in [RFC8355].

[minor] "End.X SID"   As mentioned above, the use of this terminology
creates confusion because you should be talking about the SID (in the
End.X SID sub-TLV) and not the End.X SID.

##PP2
I have fixed that across the whole document


564	         S-Flag.  Set flag.  When set, the S-Flag indicates that the
565	         End.X SID refers to a set of adjacencies (and therefore MAY be
566	         assigned to other adjacencies as well).

[major] What should a receiver do if a SID is advertised in multiple
sub-TLVs (associated to different adjacencies) without the S-Flag set?
   What about the case where the SID was first advertised without the
S-Flag set and a second sub-TLV (for a different adjacency) has it
set?  Is this Flag only informational?

##PP2
it is informational. It can be used to avoid picking the shared SIDs for 
things like TILFA or uloop avoidance. It has no impact on the way the 
SID behaves.



...
573	         Reserved bits: MUST be zero when originated and ignored when
574	         received.

[major] How should these bits be managed?  Please set up a new registry.

##PP2
I'm following what the WG has been doing so far - no registry for flags 
field. If the WG decides to change its policy on this matter, I will 
update the document with the registries.

...
579	      Weight: 1 octet.  The value represents the weight of the End.X SID
580	      for the purpose of load balancing.  The use of the weight is
581	      defined in [RFC8402].

[major] What is the relationship between the Weight and the S-Flag?
If the S-Flag is set (in multiple sub-TLVs for different adjacencies),
should a Weight value also be present?   What should the receiver do
if only one of the sub-TLVs includes a weight?

##PP2
The usage of weight is described in rfc8402. We do not define it here. 
We are only defining the way it is advertised. We did the same in rfc8667.


583	      Endpoint Behavior: 2 octets.  As defined in [I-D.ietf-spring-srv6-
584	      network-programming] Legal behavior values for this sub-TLV are
585	      defined in Section 10.

[major] What should the receiver do if an illegal value is received?

[nit] s/Legal/Allowed

##PP2
I have changed the text to:

"Supported behavior values for this sub-TLV are defined in Section 10
  of this document. Unsupported or unrecognized behavior values are 
ignored by the receiver."


...
596	8.2.  SRv6 LAN End.X SID sub-TLV

[] Some of the comments form the previous section apply here as well.

##PP2
fixed them similarly.


598	   This sub-TLV is used to advertise an SRv6 SID associated with a LAN
599	   adjacency.  Since the parent TLV is advertising an adjacency to the
600	   Designated Intermediate System(DIS) for the LAN, it is necessary to
601	   include the System ID of the physical neighbor on the LAN with which
602	   the SRv6 SID is associated.  Given that a large number of neighbors
603	   may exist on a given LAN a large number of SRv6 LAN END.X SID sub-
604	   TLVs may be associated with the same LAN.  Note that multiple TLVs
605	   for the same DIS neighbor may be required in order to advertise all
606	   of the SRv6 End.X SIDs associated with that neighbor.

[nit] s/System(DIS)/System (DIS)

##PP2
fixed



...
666	9.  SRv6 SID Structure Sub-Sub-TLV

[] I don't understand what this sub-sub-TV is used for.  Can you
please explain?  Is there a relationship between it and the SID that
is advertised in the sub-TLVs?  For example, I would assume that the
SID would have the bits that correspond to the argument set to 0 --
what if they're not?  What is the purpose of this information?   [Of
course, none of the supported behaviors take an ARG...]

##PP2
The SRv6 SID Structure Sub-Sub-TLV indicates the structure of the SID 
associated with it. It can be used by implementation for validation of 
the SID for consistency (e.g. if there is no ARG but there is something 
in the ARG bits, then it can be ignored). They can be signalled via 
BGP-LS to controller/apps that can verify the consistency in the block 
and SID addressing in the domain. Details are outside the scope of this 
draft.



...
707	   The sum of all four sizes advertised in ISIS SRv6 SID Structure Sub-
708	   Sub-TLV must be lower or equal to 128 bits.  If the sum of all four
709	   sizes advertised in the ISIS SRv6 SID Structure Sub-Sub-TLV is larger
710	   than 128 bits, the parent Sub-TLV MUST be ignored by the receiver.

[major] s/must be lower/MUST be lower

##PP2
fixed


712	10.  Advertising Endpoint Behaviors

714	   Endpoint behaviors are defined in
715	   [I-D.ietf-spring-srv6-network-programming].  The codepoints for the
716	   Endpoint behaviors are defined in the "SRv6 Endpoint Behaviors"
717	   registry defined in [I-D.ietf-spring-srv6-network-programming].  This
718	   section lists the Endpoint behaviors which MAY be advertised by ISIS,
719	   together with their codepoints.  If this behavior is advertised it
720	   MUST only be advertised in the TLV[s] as indicated by "Y" in the
721	   table below, and MUST NOT be advertised in the TLV[s] as indicated by
722	   "N" in the table below.

[minor] The second sentence is redundant (and inaccurate), please take 
it out.

##PP2
removed


[major] What about other behaviors from rfc8986?  If they are not
applicable, please explain why.

##PP2
section 8.4 of rfc8986 only list subset of behaviors which are to be 
advertised by IGPs. We defined them all except END.T. as I described 
earlier.






724	     Endpoint             |Endpoint          | End | End.X | Lan End.X |
725	     Behavior             |Behavior Codepoint| SID | SID   |   SID     |
726	    ----------------------|------------------|-----|-------|-----------|
727	     End   (PSP, USP, USD)| 1-4, 28-31       |  Y  |   N   |    N      |
728	    ----------------------|------------------|-----|-------|-----------|
729	     End.X (PSP, USP, USD)| 5-8, 32-35       |  N  |   Y   |    Y      |
730	    ----------------------|------------------|-----|-------|-----------|
731	     End.DX6              | 16               |  N  |   Y   |    Y      |
732	    ----------------------|------------------|-----|-------|-----------|
733	     End.DX4              | 17               |  N  |   Y   |    Y      |
734	    ----------------------|------------------|-----|-------|-----------|
735	     End.DT6              | 18               |  Y  |   N   |    N      |
736	    ----------------------|------------------|-----|-------|-----------|
737	     End.DT4              | 19               |  Y  |   N   |    N      |
738	    ----------------------|------------------|-----|-------|-----------|
739	     End.DT64             | 20               |  Y  |   N   |    N      |

[minor] s/End.DT64/End.DT46

##PP2
fixed



741	11.  Implementation Status
...
752	      Types of SID supported: End, End.X, LAN End.X, END.OP

[] "END.OP" is not defined.  Also, the others are not types of SIDs,
but sub-TLVs.

##PP2
removed END.OP. This section is going to be removed anyway.



...
808	12.1.  SRv6 Locator TLV

810	   This document makes the following registrations in the the IS-IS TLV
811	   Codepoints registry:

813	      Type: 27

815	      Description: SRv6 Locator TLV.

817	      Reference: This document (Section 7.1).

[major] Include all the information related to the message types (IIH,
LSP, SNP, Purge).

##PP2
done


819	   A Locator TLV shares sub-TLV space with existing "Sub-TLVs for TLVs
820	   135, 235, 236 and 237 registry".  The name of this registry needs to
821	   be changed to "Sub-TLVs for TLVs 27, 135, 235, 236 and 237 registry".

[major] Use the complete name of the registry.

##PP2
done

NEW>
    The SRv6 Locator TLV shares sub-TLV space with TLVs 135, 235, 236 
and 237.
    IANA is requested to update the name of the "Sub-TLVs for TLVs 135, 235,
    236, and 237 (Extended IP reachability, MT IP. Reach, IPv6 IP. 
Reach, and
    MT IPv6 IP. Reach TLVs)" registry to "Sub-TLVs for TLVs 27, 135, 
235, 236,
    and 237 (SRv6 Locator, Extended IP reachability, MT IP. Reach, IPv6 IP.
    Reach, and MT IPv6 IP. Reach TLVs)".

Also, this action (renaming) should be moved to a common section with
the new SRv6 End SID sub-TLV (§12.1.1) and the updated table
(§12.1.2).  The action of allocating the SRv6 Locator TLV is
independent (different registry, etc.).

##PP2
done


...
834	12.1.2.  Revised sub-TLV table
...
839	      Type  27 135 235 236 237

841	      1     y   y   y   y   y
842	      2     y   y   y   y   y
843	      3     n   y   y   y   y
844	      4     y   y   y   y   y
845	      5     y   n   n   n   n
846	      6     n   y   y   y   y
847	      11    y   y   y   y   y
848	      12    y   y   y   y   y
849	      32    n   y   y   y   y

[major] Because the structure of the registry is changed, this
document should formally Update rfc7370 (where the current registry
was defined).

##PP2
I added following text:

"This document updates the "Sub-TLVs for TLVs 135, 235,
236, and 237 (Extended IP reachability, MT IP. Reach, IPv6 IP. Reach, 
and MT IPv6 IP. Reach TLVs)" registry defined in [RFC7370] to section 
§12.1.1."

Would that be sufficient?


[minor] Please name and number all tables.

##PP2
is that really required? I have never done it in any of RFCs I was 
editor for.



851	12.2.  SRv6 Capabilities sub-TLV

853	   This document makes the following registrations in the "Sub- TLVs for
854	   TLV 242 registry":

[major] s/"Sub- TLVs for TLV 242 registry"/"Sub-TLVs for TLV 242
(IS-IS Router CAPABILITY TLV)" registry

##PP2
done


...
862	   This document requests the creation of a new IANA managed registry
863	   for sub-sub-TLVs of the SRv6 Capability sub-TLV.  The registration
864	   procedure is "Expert Review" as defined in [RFC8126].  Suggested
865	   registry name is "sub-sub-TLVs for SRv6 Capability sub-TLV".  No sub-
866	   sub-TLVs are defined by this document except for the reserved value.

[major] Please indicate tat it should be part of "IS-IS TLV Codepoints".

##PP2
done


[major] ""Expert Review" as defined in [RFC8126]"  Please add that the
guidance for the Designated Experts is provided in rfc7310.

##PP2
done


...
872	12.3.  SRv6 End.X SID and SRv6 LAN End.X SID sub-TLVs

874	   This document makes the following registrations in the "sub- TLVs for
875	   TLV 22, 23, 25, 141, 222 and 223 registry":

[major] s/"sub- TLVs for TLV 22, 23, 25, 141, 222 and 223
registry"/"Sub-TLVs for TLVs 22, 23, 25, 141, 222, and 223 (Extended
IS reachability, IS Neighbor Attribute, L2 Bundle Member Attributes,
inter-AS reachability information, MT-ISN, and MT IS Neighbor
Attribute TLVs)"

Yes, I know that's a long name, but that is the name.

##PP2
done


...
894	12.4.  MSD Types

896	   This document makes the following registrations in the IGP MSD Types
897	   registry:

[minor] s/MSD Types/MSD-Types

#PP2
done

899	   Type  Description
900	   ------------------
901	    41    SRH Max SL
902	    42    SRH Max End Pop
903	    44    SRH Max H.encaps
904	    45    SRH Max End D

[minor] This table should have 3 columns: Value, Name and Reference.

##PP2
done


906	12.5.  Sub-Sub-TLVs for SID Sub-TLVs

908	   This document requests a new IANA registry be created under the IS-IS
909	   TLV Codepoints Registry to control the assignment of sub-TLV types
910	   for the SID Sub-TLVs specified in this document - Section 7.2,
911	   Section 8.1, Section 8.2.  The suggested name of the new registry is
912	   "Sub-Sub-TLVs for SID Sub-TLVs".  The registration procedure is
913	   "Expert Review" as defined in [RFC8126].  The following assignments
914	   are made by this document:

[minor] In line with the name of other registries; suggestion:
"Sub-sub-TLVs for sub-TLVs 5, 43 and 44 (SRv6 End SID , SRv6 End.X SID
and SRv6 LAN End.X SID)".


##PP2
I find that confusing as the sub-TLVs 5 is a locator Sub-TLV, while 
Sub-TLVs 43 and 44 are IS reachability sub-TLVs.
What about:

"Sub-Sub-TLVs for SID Sub-TLVs (SRv6 End SID, SRv6 End.X SID
  and SRv6 LAN End.X SID)"



[major] ""Expert Review" as defined in [RFC8126]"  Please add that the
guidance for the Designated Experts is provided in rfc7310.

##PP2
done


916	      0: Reserved

918	      1: SRv6 SID Structure Sub-Sub-TLV (Section 9).

[minor] Please create a table and include the unassigned range.

##PP2
done


920	12.6.  Prefix Attribute Flags Sub-TLV
...
927	      Description: A bit

[major] Can we please have the registry show "Anycast Flag (A-flag)"?

##PP2
done

...
931	13.  Security Considerations

933	   Security concerns for IS-IS are addressed in [ISO10589], [RFC5304],
934	   and [RFC5310].

<sigh> Well, at least it is not explicitly claimed that no new
security considerations exist. <sigh>

[minor] Please copy the first paragraph of the Security Consideration
from rfc8919.

##PP2
done


[major] Let's add some more meat.

Suggestion>
    This document describes the IS-IS extensions required to support Segment
    Routing over an IPv6 data plane.  The security considerations for 
Segment
    Routing are discussed in [RFC8402].  [RFC8986] defines the SRv6 Network
    Programming concept and specifies the main Segment Routing behaviors to
    enable the creation of interoperable overlays; the security 
considerations
    from that document apply too.

##PP
added


[major] Are there new security issues/risks created by this document?
Sure!  Note that even if the risk existed before, adding new ways to
exploit it is a new attack vector.

(1) Suggestion>
    The advertisement of an incorrect MSD value may have negative
    consequences, see rfc8491 for additional considerations.
##PP2
added

(2) The interaction in §5 between the Prefix Reachability TLV and SRv6
Locator TLV is not completely clear.  Depending on the answers to my
questions, there may be cases where inconsistent information can be
present resulting in unexpected forwarding.

##PP2
I don't see the security risk there. Traffic may be forwarded to a node 
where the SID does not exist and be dropped there, but that is not a 
security risk.


(3) Not following the operational considerations at the end of §5
could also result in unexpected forwarding.

##PP2
yes, but that is not a security concern. Similar to providing 
overlapping static routes pointing to each other. Is that a security 
risk? No, it's a misconfiguration.

What else?


...
982	15.1.  Normative References
...
997	   [ISO10589]
998	              Standardization", I. ". O. F., "Intermediate system to
999	              Intermediate system intra-domain routeing information
1000	              exchange protocol for use in conjunction with the 
protocol
1001	              for providing the connectionless-mode Network Service 
(ISO
1002	              8473), ISO/IEC 10589:2002, Second Edition.", Nov 2002.

[minor] Please use this as the reference:

[ISO10589]

     ISO, "Information technology -- Telecommunications and information
     exchange between systems -- Intermediate System to Intermediate System
     intra-domain routeing information exchange protocol for use in
     conjunction with the protocol for providing the connectionless-mode
     network service (ISO 8473)", ISO/IEC 10589:2002, Second Edition,
     November 2002.

##PP2
done


...
1015	   [RFC5304]  Li, T. and R. Atkinson, "IS-IS Cryptographic
1016	              Authentication", RFC 5304, DOI 10.17487/RFC5304, October
1017	              2008, <https://www.rfc-editor.org/info/rfc5304>.

[minor] This reference can be Informative.

##PP2
done


...
1023	   [RFC5310]  Bhatia, M., Manral, V., Li, T., Atkinson, R., White, R.,
1024	              and M. Fanto, "IS-IS Generic Cryptographic
1025	              Authentication", RFC 5310, DOI 10.17487/RFC5310, February
1026	              2009, <https://www.rfc-editor.org/info/rfc5310>.

[minor] This reference can be Informative.

##PP2
done


...
1067	15.2.  Informative References

1069	   [I-D.ietf-lsr-flex-algo]
1070	              Psenak, P., Hegde, S., Filsfils, C., Talaulikar, K., and
1071	              A. Gulko, "IGP Flexible Algorithm", draft-ietf-lsr-flex-
1072	              algo-12 (work in progress), October 2020.

[major] This reference should be Normative.

##PP2
done


...
1080	   [RFC8402]  Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L.,
1081	              Decraene, B., Litkowski, S., and R. Shakir, "Segment
1082	              Routing Architecture", RFC 8402, DOI 10.17487/RFC8402,
1083	              July 2018, <https://www.rfc-editor.org/info/rfc8402>.

[major] This reference should be Normative.

##PP2
done

[End of Review]