Re: [Lsr] Benjamin Kaduk's No Objection on draft-ietf-lsr-ospf-prefix-originator-10: (with COMMENT)

Benjamin Kaduk <> Thu, 08 April 2021 20:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5CAD73A1E36; Thu, 8 Apr 2021 13:50:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id CvPrKVHup4wS; Thu, 8 Apr 2021 13:50:34 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 946AB3A1D37; Thu, 8 Apr 2021 13:50:13 -0700 (PDT)
Received: from ([]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by (8.14.7/8.12.4) with ESMTP id 138Ko3Gp006901 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 8 Apr 2021 16:50:07 -0400
Date: Thu, 08 Apr 2021 13:50:02 -0700
From: Benjamin Kaduk <>
To: "Ketan Talaulikar (ketant)" <>
Cc: The IESG <>, "" <>, "" <>, "" <>, "" <>, "" <>
Message-ID: <>
References: <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <>
Archived-At: <>
Subject: Re: [Lsr] Benjamin Kaduk's No Objection on draft-ietf-lsr-ospf-prefix-originator-10: (with COMMENT)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Link State Routing Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 08 Apr 2021 20:50:46 -0000

Hi Ketan,

Thanks for the responses and updates; I just make a few notes inline.

On Wed, Apr 07, 2021 at 08:44:42AM +0000, Ketan Talaulikar (ketant) wrote:
> Hi Ben,
> Thanks for your review.
> An update to the draft with to address some of yours, John's and Eric's comments has just been posted :
> Please check inline below for responses.
> -----Original Message-----
> From: Lsr <> On Behalf Of Benjamin Kaduk via Datatracker
> Sent: 07 April 2021 11:38
> To: The IESG <>
> Cc:;;;;
> Subject: [Lsr] Benjamin Kaduk's No Objection on draft-ietf-lsr-ospf-prefix-originator-10: (with COMMENT)
> Benjamin Kaduk has entered the following ballot position for
> draft-ietf-lsr-ospf-prefix-originator-10: No Objection
> When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)
> Please refer to
> for more information about IESG DISCUSS and COMMENT positions.
> The document, along with other ballot positions, can be found here:
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> In the ECMP case is there a way to correlate (order of appearance?) the listed router-IDs with the listed reachable addresses?
> [KT] No.
> Are there cases where you might choose to only advertise one but not the other of the prefix source Router-ID and address?
> [KT] Normally no. However, there is some text in Sec 5 about policies that may be employed to abstract/hide information (e.g. across areas/ASes) - such mechanisms may be used, as necessary, in a deployment.
> Section 2.1
>    The parent TLV of a prefix advertisement MAY include more than one
>    Prefix Source OSPF Router-ID sub-TLV, one corresponding to each of
>    the Equal-Cost Multi-Path (ECMP) nodes that originated the given
>    prefix.
> Is there any subtlety (or complexity, I guess) to how the advertising node knows about the other ECMP nodes advertising the same prefix?  
> [KT] An ABR performs the inter-area prefix advertisements based on its local route computation (i.e. the sources contributing to its local intra-area route). It is not affected by the advertisement of the same prefix by another "peer/pair" ABR. I hope I've got your question right though.

I think you answerd a slightly different question than I intended (but it
is still an interesting answer to hear).
In light of your explanation, I think my intended question degenerates into
"are there any subtleties with how the node performs its local route
computation", which probably gets an answer of "yes" but is clearly out of
scope for this document.

> For example, would there be some transient discovery stage when first setting up the ECMP advertisement and only a subset of the ECMP nodes are actually listed in some advertisements that go out?
> [KT] Taking the scenario of the previous response, the inclusion of ECMP origin node information would depend on how the ABR router receives the intra-area prefix advertisements via LSAs from the nodes owning that prefix, how they get processed by the SPF computation and then how they get included in the inter-area route advertisements that the ABR generates. There are various timers and scheduling mechanisms in the protocol for each of these steps - but I would not call these timers/back-off mechanisms as "discovery".

I think by "discovery" I was thinking of a scenario where a router does a
cold boot and has no local RIB at all -- will it advertise anything
(incomplete) while it is still learning routes, and will such incomplete
advertisements cause issues when processed by its peers?  But I think your
(collective) exchanges with John about how the system is inherently dynamic
make me realize that this scenario is not particularly noteworthy, and is
unlikely to cause significante issues.

> Section 3
>    another non-backbone area.  The ABR performs its prefix calculation
>    to determine the set of nodes that contribute to the best prefix
>    reachability.  It MUST use the prefix originator information only
>    from this set of nodes.  The ABR MUST NOT include the Prefix Source
>    OSPF Router-ID or the Prefix Source Router Address Sub-TLVs when it
>    is unable to determine the information of the best originating node.
> I feel like this text might be hiding some subtlety as to the nature of determining the "nodes that contribute to the best prefix reachability"
> -- is this a concept that is well established in the core OSPF RFCs already (and thus doesn't need further explanation)?
> [KT] Yes, it is a well-established part of the OSPF protocol/implementations.
> Section 4
> We often consider privacy considerations as part of the security considerations section.  Since routers are to some extent inherently "well known", they themselves may not have much privacy considerations but there may be something to say about propagating additional information about the internal structure of a given network.  My understanding is that OSPF areas are all under a common administrative domain, so this mostly only seems relevant to the case of AS-external advertisement.  One potential consideration would be if there is value in hiding that a set of prefixes are all advertised by the same router (the "linkability" of the prefixes, if you well).
> (Hmm, I guess this is somewhat related to the existing operational considerations discussion, but not entirely equivalent.)
> [KT] Yes, it is related. Hence the text in Sec 5 to cover the scenarios where there may be a desire to hide/abstract a set of prefixes' origin info while allowing for other prefixes.
> If we go into more detail on potential use cases, we might accordingly be able to go into more detail on the consequences of a rouge node injecting incorrect prefix source information.
> [KT] We are focusing on the OSPF protocol specification here. The details of the use-cases are beyond the scope of this document.
> Section 5
>    protocol.  Based on deployment design and requirements, a subset of
>    prefixes may be identified for which the propagation of the
>    originating node information across area boundaries is disabled at
>    the ABRs.
> Per my previous comment, is this even more important at ASBRs than ABRs?
> [KT] Ack. I will update this in the text.
> Section 1
>    The identification of the originating router for a prefix in OSPF
>    varies by the type of the prefix and is currently not always
>    possible.  [...]
> (nit) my intuition is suggesting that the intent is that the "procedures for identification" vary and are not always possible; is that correct?
> (It seems to me that "the identification of the originating router varies by the type of prefix" would indicate that the actual identifier used for even the same advertising router will be different for the different type of prefix being advertised, which doesn't seem to be what the subsequent discussion describes.)
> [KT] The procedures are actually described in the further sentences of the paragraph. It also explains the cases where this is not possible.

I do see the procedures described later; this was just a note about the
grammar of this sentence -- I think s/identification/procedures for
identification/ would make the grammatical types match up better.



>    address for the router.  The IPv4/IPv6 Router Address as defined in
>    [RFC3630] and [RFC5329] for OSPFv2 and OSPFv3 respectively provide an
>    address to reach that router.
> (nit) Is it useful to indicate that these are TLVs, here?
> [KT] The IPv4/IPv6 Router Address is in fact the name of the TLVs in the referenced drafts.
>    the core OSPF route computation functionality.  They provide useful
>    information for topology analysis and traffic engineering, especially
>    on a controller when this information is advertised as an attribute
>    of the prefixes via mechanisms such as Border Gateway Protocol Link-
>    State (BGP-LS) [RFC7752] [I-D.ietf-idr-bgp-ls-segment-routing-ext].
> The draft-ietf-idr-bgp-ls-segment-routing-ext reference seems rather unmotivated by the current prose leading up to it.
> [KT] It is an informational reference that explains how the information is provided to an external controller or application via BGP-LS.
>   Per John's Discuss some further exposition on the expected use case might help.
> [KT] As mentioned in my response to John's Discuss, the further detailed discussion on use cases are beyond the scope of this document.
> Thanks,
> Ketan
> _______________________________________________
> Lsr mailing list