IETF Logo Mail Archive

Re: [Lsvr] AD Review of draft-ietf-lsvr-bgp-spf-11.txt

Alvaro Retana <aretana.ietf@gmail.com> Fri, 10 February 2023 19:40 UTC

Return-Path: <aretana.ietf@gmail.com>
X-Original-To: lsvr@ietfa.amsl.com
Delivered-To: lsvr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CBA8C152561; Fri, 10 Feb 2023 11:40:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id inSF4ezfo_ZS; Fri, 10 Feb 2023 11:39:57 -0800 (PST)
Received: from mail-pj1-x1031.google.com (mail-pj1-x1031.google.com [IPv6:2607:f8b0:4864:20::1031]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9733C14CF12; Fri, 10 Feb 2023 11:39:57 -0800 (PST)
Received: by mail-pj1-x1031.google.com with SMTP id f16-20020a17090a9b1000b0023058bbd7b2so6550851pjp.0; Fri, 10 Feb 2023 11:39:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date :mime-version:references:in-reply-to:from:from:to:cc:subject:date :message-id:reply-to; bh=SELDni97sFQDeIhyRd+jbEC9dnsEA8GTCNadAdukMtc=; b=Jdo0uHckZJ2i/Wt+c2Utw7LdUPGvlzKJnnPICYSaZfEJKCF7gKMCLOy4u4vELv+I2Z KGrKTsIHqBjRVZ+NngjwJYrWERm3P+48ygZ3xcCuPOokjhRiSQQn1CXe0z/XMPIno/o+ GV/DXnm53t+9a38tscS2lri7lrbjSHtWl4LHnTcoIMNLIDxpN0+00TsqcAUrjK31nRr1 TPYiaqtGxqbE8BJwo8X6AJmTgNlYpETfebSdprHjDDP/PdV3coOJ+CTcQ+ZYSA+pomVv HQtvfdnE9D9eYuymQwQ6F1KzIVg6WmtjqeOUGBQnOMyLirYQZpcEbEaiet4xJv0R3x6e +R8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date :mime-version:references:in-reply-to:from:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=SELDni97sFQDeIhyRd+jbEC9dnsEA8GTCNadAdukMtc=; b=W8KVKhiJgDvY3kSluSwlzfkwQQj8gqLQMPlCouxEocHSthk4NNFfaulJyR7UO0nqTn f6edF4VvivGFydKsj1RVYGGhK3U8rRz4H511hzIT8ckzUxNeNhVLNGL3uKJ4CNrNh4Tu 532I/f7PLithsf/Mal4VA54hXnoPUiPNT2ia6zExuTDSzEthGMbUJp/5q9xKAsA3V5ge xVJczw/f9zNQxbeBHLwap2qiMLlok2LoxwHOL9eqiOFenWRm7AL/ane/DRp+DX2B7tzX DrNFWwfXHcaNapxrPa1k0VYUoGng+A2zCXJFvWcGKFPpjCm+/968GwDAdbHweRovqg1J kMOg==
X-Gm-Message-State: AO0yUKUfkp5Kn/oV1Y2e1+4ZCO+lVlHKVasks703KhBdgQOgnd1YNbqu o2eSIwvNcKClXf9rKxKE5Y8aLQksyzNJSC857pB21ePe
X-Google-Smtp-Source: AK7set/TGLGt3Dj1RVG8ZUd/5JUkmflOHW9HtWY2CTqVjMZmc9dglQoWq0DOx6Wbz9NH8CtMDtwwsEI/PoY9Z1Vo9i8=
X-Received: by 2002:a17:90a:1d5:b0:233:b56f:a6c1 with SMTP id 21-20020a17090a01d500b00233b56fa6c1mr513194pjd.62.1676057997063; Fri, 10 Feb 2023 11:39:57 -0800 (PST)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Fri, 10 Feb 2023 13:39:56 -0600
From: Alvaro Retana <aretana.ietf@gmail.com>
In-Reply-To: <F1DFEA4B-600C-4989-AA84-F81AAF3BD19B@cisco.com>
References: <F1DFEA4B-600C-4989-AA84-F81AAF3BD19B@cisco.com>
MIME-Version: 1.0
Date: Fri, 10 Feb 2023 13:39:56 -0600
Message-ID: <CAMMESsxryGfFUZ2efvk+3Nt9p8A0Sd7OTQ_uHPvKt_YJD1MGTA@mail.gmail.com>
To: Acee Lindem <acee.ietf@gmail.com>
Cc: "draft-ietf-lsvr-bgp-spf@ietf.org" <draft-ietf-lsvr-bgp-spf@ietf.org>, "lsvr@ietf.org" <lsvr@ietf.org>, lsvr-chairs@ietf.org, Victor Kuarsingh <victor@jvknet.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsvr/kPMory5NbCu6Dgsg5rtzxHyw6Xg>
Subject: Re: [Lsvr] AD Review of draft-ietf-lsvr-bgp-spf-11.txt
X-BeenThere: lsvr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Link State Vector Routing <lsvr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsvr>, <mailto:lsvr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsvr/>
List-Post: <mailto:lsvr@ietf.org>
List-Help: <mailto:lsvr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsvr>, <mailto:lsvr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Feb 2023 19:40:02 -0000

On February 15, 2021 at 10:55:53 AM, Acee Lindem wrote:

Hi!

This message covers the remaining set of up-front comments/questions.

Thanks!

Alvaro.


...
> > (2) Use of the BGP-LS encodings.
> >
> > - This document is effectively defining a new AFI/SAFI combination -- yes,
> > related to BGP-LS, but not the same. IOW, you can define which parts of
> > rfc7752 apply (if any), beyond the encodings.
>
> We have added section 3 to address the relationship to BGP-LS.


307	3.  BGP Link-State (BGP-LS) Relationship

309	   [RFC7752] describes a mechanism by which link-state and TE
310	   information can be collected from networks and shared with external
311	   entities using BGP.  This is achieved by defining NLRI advertised
312	   using the BGP-LS AFI.  The BGP-LS extensions defined in [RFC7752]
313	   make use of the decision process defined in [RFC4271].  This document
314	   reuses NLRI and TLVs defined in [RFC7752].  Rather than reusing the
315	   BGP-LS SAFI, the BGP-LS-SPF SAFI Section 5.1 is introduced to insure
316	   backward compatibility for the BGP-LS SAFI usage.

[nit] s/NLRI/the NLRI/g

[nit] s/SAFI Section 5.1/SAFI (Section 5.1)


318	   The BGP SPF extensions reuse the Node, Link, and Prefix NLRI defined
319	   in [RFC7752].  The usage of the BGP-LS NLRI, attributes, and
320	   attribute extensions is described in Section 5.2.  The usage of
321	   others BGP-LS attributes is not precluded and is, in fact, expected.
322	   However, the details are beyond the scope of this document and will
323	   be specified in future documents.

[nit] s/will be specified/may be specified

[] "others BGP-LS attributes"

There is only one BGP-LS Attribute.  This got me thinking about
clarifying, simplifying and avoiding some redundancy.

Suggestion>

   [Eliminate this sentence from the previous paragraph: "This document
   reuses NLRI and TLVs defined in [RFC7752]."]

   The BGP SPF extensions reuse the format of the Link-State NLRI, the
   BGP-LS Attribute, and the TLVs defined in [RFC7752bis]. The usage of
   is described in Section 5.2. The usage of others BGP-LS TLVs or
   extensions is not precluded and is, in fact, expected. However, the
   details are beyond the scope of this document and may be specified
   in future documents.

   [Eliminate the next paragraph.]


325	   Support for Multiple Topology Routing (MTR) similar to the OSPF MTR
326	   computation described in [RFC4915] is beyond the scope of this
327	   document.  Consequently, the usage of the Multi-Topology TLV as
328	   described in section 3.2.1.5 of [RFC7752] is not specified.

[] See the suggestion above.


[major] Also, unless used as part of the specification, please avoid
references to other protocols -- specially comparing them.



330	   The rules for setting the NLRI next-hop path attribute for the BGP-
331	   LS-SPF SAFI will follow the BGP-LS SAFI as specified in section 3.4
332	   of [RFC7752].

[major] Now that we have rfc7752bis -- it is not just about the NH
attribute, but the contents of the MP_REACH_NLRI attribute as well.

Suggestion>
   The BGP-LS-SPF SAFI uses the specification in Section 5.5 of
   [RFC7752bis] related to the BGP Next-Hop Information.



...
> > - Which Protocol-ID should be used for the NLRI? ??4 suggests 7 (BGP), but
> > I think that is not correct (see more there). What should the receiver do
> > with a different value?
>
> We have clarified this in section 5.2.

>From §5.2:

490	   The protocol identifier specified in the Protocol-ID field [RFC7752]
491	   will represent the origin of the advertised NLRI.  For Node NLRI and
492	   Link NLRI, this MUST be the direct protocol (4).  Node or Link NLRI
493	   with a Protocol-ID other than direct will be considered malformed.
494	   For Prefix NLRI, the specified Protocol-ID MUST be the origin of the
495	   prefix.

[major] "For Prefix NLRI, the specified Protocol-ID MUST be the origin
of the prefix."

What value is that?  Do you expect anything other than Direct?


[minor] The text in rfc7752bis talks about "sourcing" not "origin".

Suggestion>
   The Protocol-ID "Direct" MUST be used in all NLRI.  Any other
   Protocol-ID value results in the NLRI considered malformed.


[] BTW, rfc7752bis opens the door to use other Protocol-IDs even for
local information:  "The 'Direct' and 'Static configuration' protocol
types SHOULD be used when BGP-LS is sourcing local information."
Given that BGP SPF is using the formats from BGP-LS, but not following
all the rules, it could use it's own Protocol-ID.

Regardless of the above, it would be a good idea for this document to
request a new Protocol-ID so that BGP-LS can use it to collect/export
link-state information from BGP SPF.  I haven't thought much about
this: would anything else be needed to enable BGP-LS to carry BGP SPF
or could it just export as-is?



...
> > (3) Link-State
> >
> > - How does BGP SPF guarantee that the nodes are synchronized? Other
> > protocols have DBDs/CSNP/etc. It seems easier in BGP SPF to not exchange
> > all the information with a peer than it is in traditional link-state
> > protocols. Being able to easily break synchronization is a vulnerability
> > that should be mentioned in the Security Considerations section.
>
> Hmmm... Of your high-level meta-comments, this one is a good point.

Thanks! ;-)


> We will discuss how to document this difference and whether an optional
> extension is needed.

So?  I didn't see anything about synchronization in the current version.

v2.23.0 | Report a Bug | By Email