Re: [mpls] [RTG-DIR] Rtgdir early review of draft-ietf-mpls-rmr-09


Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9632712004E; Wed, 5 Jun 2019 08:00:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Ltn7KicZIBnG; Wed, 5 Jun 2019 08:00:44 -0700 (PDT)
Received: from ( [IPv6:2a01:111:f400:fe08::700]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3C97A120033; Wed, 5 Jun 2019 08:00:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UpsVw+TXewfeOHmtIztAZmxgsGWDsalY6zGTvb0T3BE=; b=rbbEaz81DlNC9rhAQwoqoITWNk5qEkcV+RB2b9lUEm9dNrulsAinhZ/UnKr1IC1i6xkwZfwP+ocuNuqRewm7y9ij9gV1fDimVUPodmUDDsTbPTdRHEY5GzbjOhqg0Ce01cfqDm63PyHLj+gizdT7ZTmqOztx5ZHkh/lDcF6CKlw=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1965.12; Wed, 5 Jun 2019 15:00:41 +0000
Received: from ([fe80::141b:89d4:f661:7dc9]) by ([fe80::141b:89d4:f661:7dc9%4]) with mapi id 15.20.1965.011; Wed, 5 Jun 2019 15:00:41 +0000
To: Susan Hares <>, 'Kireeti Kompella' <>
CC: "" <>, "" <>, "" <>
Thread-Topic: [RTG-DIR] [mpls] Rtgdir early review of draft-ietf-mpls-rmr-09
Thread-Index: AQHUwhqrg0Se7Q2Fz0yMwLYoe5aUwqaMgl4AgAC7RgCAAIkMgIAAE1zg
Date: Wed, 05 Jun 2019 15:00:41 +0000
Message-ID: <>
References: <> <028901d51b03$4add0bf0$e09723d0$> <> <00a201d51ba5$73abcb50$5b0361f0$>
In-Reply-To: <00a201d51ba5$73abcb50$5b0361f0$>
Accept-Language: es-ES, en-US
Content-Language: es-ES
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6ca06faa-b23c-4d7e-41e0-08d6e9c693e8
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:AM6PR06MB4899;
x-ms-traffictypediagnostic: AM6PR06MB4899:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 00594E8DBA
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(136003)(39860400002)(396003)(366004)(346002)(40134004)(13464003)(189003)(199004)(59124004)(74316002)(966005)(14454004)(7736002)(26005)(305945005)(508600001)(6306002)(9686003)(229853002)(486006)(55016002)(4326008)(6436002)(71200400001)(71190400001)(66066001)(186003)(99286004)(25786009)(6246003)(53546011)(6506007)(53346004)(53936002)(102836004)(7696005)(66574012)(76176011)(33656002)(68736007)(110136005)(54906003)(476003)(446003)(86362001)(256004)(14444005)(3846002)(6116002)(11346002)(8936002)(66946007)(66476007)(66556008)(2906002)(76116006)(73956011)(5660300002)(66446008)(81156014)(8676002)(786003)(52536014)(81166006)(64756008)(316002)(9010500006); DIR:OUT; SFP:1102; SCL:1; SRVR:AM6PR06MB4899;; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None ( does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: nkxTb7DkeDp+DOBjI7sF8sTAxvaHT8qP+SwSZPVSUDD+FAa/MMCMDIzljcobnthR8TszetXbB3x5A7oz/xjnxxxqKmiUefXNCmfNCuhVhx/AFZGASnKeujtMIzfkUJ27WouWLKxPbjbJSGgiryZG2pzr36EVK2DI9nrVuerV+SE5+BKmcaVTCTDEjq/T0ayJRW1YQkkYVz7J7YXmmhCxN6VCLxGRjY7BfvraPNv0sgKfs4MthP1h51CNJlpXKrF4htgD4aFpHmurX/9Y+p2JHVcB29r7l01ERym//8MRnj3XxCCXNECgnjgF6QmitLXv5GmbGivCDTnRSiDnnacRKuILforsP1VVZgmPEv48w6DDYOeFIeNpFCrU28xogxZNJN0QjtCkPrWPe6g/zjBDbdPGDsHwFBu14zq1hmE0/wI=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 6ca06faa-b23c-4d7e-41e0-08d6e9c693e8
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jun 2019 15:00:41.2552 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9744600e-3e04-492e-baa1-25ec245c6f10
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR06MB4899
Archived-At: <>
Subject: Re: [mpls] [RTG-DIR] Rtgdir early review of draft-ietf-mpls-rmr-09
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multi-Protocol Label Switching WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 05 Jun 2019 15:00:50 -0000

Hi Sue, all,

From my point of view, probably this sentence could fix the point:

"The extensions proposed do not represent per-se a compromise to network security when control plane is secured, since any manipulation of the content of the messages or even the control plane misinterpretation of the semantics are avoided."

Would it be this ok from your point of view?

Best regards


-----Mensaje original-----
De: Susan Hares <>
Enviado el: miércoles, 5 de junio de 2019 15:49
Para: 'Kireeti Kompella' <>
Asunto: RE: [RTG-DIR] [mpls] Rtgdir early review of draft-ietf-mpls-rmr-09


If I could think of a sentence that would fix the problem, you would have had it in my response.

I flagged it for two reasons:
1) OPS-DIR and SEC-DIR reviews - may think of a sentence to add for operators which I could not.

2) By stating it - the IESG members who review the mail will know the issue and why this sentence was written this way.  Hopefully, it will reduce churn.

I'm excited to see this technology be standardized.

Cheers, Sue

-----Original Message-----
From: rtg-dir [] On Behalf Of Kireeti Kompella
Sent: Wednesday, June 5, 2019 1:39 AM
To: Susan Hares
Subject: Re: [RTG-DIR] [mpls] Rtgdir early review of draft-ietf-mpls-rmr-09


I hear you.  But this is not an RMR issue — _networking_ is by nature distributed.  “IS-IS + open linux without security” or “BGP + open linux without security” or ... would all be bad ideas.  That said, do you have a suggested change/addition?  I’ll be happy to amend the sentence.

Thanks for pointing out the superfluous comma.  Will delete.


> On Jun 4, 2019, at 11:28, Susan Hares <> wrote:
> Draft-ietf-mpls-rmr-10.txt resolves 98% of my specific comments.
> Remaining Item: Security section
> Change status: optional.
> Problem:
> The security section has been improved, but the following sentence in
> the second paragraph of section 9 still could be strengthened.
>  This sentence is:
> Current: /One can also ask whether the semantic content of these
> extensions can be used to compromise a network or initiate a denial of
> service attack. To do so would require either compromising the control
> plane processing these requests, or manipulating the content of the
> messages."
> /
> Discussion:
> The authors are precise in this sentence, the import of this sentence
> may be lost on individuals or companies deploying this technology.
> Routing control plane do get compromised.  And when they get
> compromised with a network using RMR, they may have network
> wide problems.    Therefore, the authors assume that
> when you buy RMR from a vendor make sure it comes from with  control
> plane with good security.
> For example,  RMR + open linux without security - is probably a bad idea.
> This is an acceptable choice for routing  but not self-evident from
> the text.
> I pose the question to the authors, do you think most people will
> understand that this is the requirement you are placing for the
> "outside the scope option"?
> If not, will it help to provide additional text?
> Why mention it now?:
> If either the security directorate or OPS-DIR reviewer has strong
> routing clue, the person will probably also notice the issue.  By
> stating it up front, I hope to save the security reviewers time.
> Editorial on -10.txt
> Page 3, section 1, paragraph 3, sentence General comment:  ", and" -
> does not seem to make entire sense.
> Old: The intent is not to construct rings in a mess network, and use
> those for protection./
> New: The intent is not to construct rings in a mess network and use
> the rings in the mess network for protection/
> -----Original Message-----
> From: mpls [] On Behalf Of Susan Hares
> Sent: Monday, February 11, 2019 10:01 AM
> To:
> Cc:;;
> Subject: [mpls] Rtgdir early review of draft-ietf-mpls-rmr-09
> Reviewer: Susan Hares
> Review result: Not Ready
> This is a routing directorate review.  As such, it should be
> considered the same as other later WG LC review.
> overall-comment: Well-written and an exciting new direction.  I
> appreciate Kireeti and Luis work on this topic.
> major concerns:
> 1) security (section 8),
> 2) long-term stability of architecture discussion,
> 3) FRR/Protection sections (3.6/3.7), and
> 4) amount of traffic that auto-discovery will place on the network.
> caveat:  I have not been an WG participant for these discussions.   As such,
> I
> am a "fresh" pair of eyes to read the current specification.
> Major concerns
> =======
> 1) Section 8 - Security considerations.
> "This section states 'It is not anticipated that either the notion of
> MPLS rings or the extensions to various protocols to support them will
> cause security loopholes."
> This statement provides an opinion of the authors without any
> reasoning behind it.  As such, it provide no utility to the reader.
> Inquiring minds would like
> to know "why" the authors feel this true and on what basis.   Launching a
> new
> type of structure within the MPLS cloud that auto-configures it self
> with a great deal of message exchange does not appear to have these qualities.
> Surely, these authors have considered or tried these issues.
> 2) Long-term stability of document - in the face of repeated
> statements of a future version of this document.
> If this is just an interim document, then why is it being
> standardized.  In a specification that is going to include an RFC
> track, the sttaements of scope seem inappropriate in sections 1, 3.3,
> 4.5,  5, 7.1, and 7.2).  This scope should be gathered to a particular place and stated in another.
> I agree with the concept of deployment and then refinement of the
> protocol mechanisms.  However, this document seems to anticipate quick
> refinement of the basic architeture.  If this is really true, then why
> is this document going ot the IESG.  If this is not true, then the
> scoping in above sections needs to be refined.
> 3)  Fast re-routing installation puts details (3.6) before concepts of
> protection. Only after I read section 3.7, did section 3.6 start to
> make sense.
>  If you re-ordered the sections, perhaps you could provide additonal
> depth to section 3.6.
> 4) paragraph 4.3, last sentence  "The nodes that set their M bit
> should be extra careful in advertising their M Bit in subsequent tries".
> As an engineering, I find this description to avoid many of the
> problems about how long the bidding for master will take.  Is there a
> potential for the bidding to repeat over and over.  If so, how does
> the operator detect it.  Can something drop the nodes into membership
> phase or re-identification phase
> repeated?   While the ring announcement and ring identification cycle become
> a
> denial-of-service attack on the IGPs announcing the information?  I
> suspect the authors have investigated these points, but the
> architeture document is the place to indicate why the architecture prevents these problems.
> As an editor, I find the anthropomorphism to be unwarranted in the text.
> While it took me to flights of fantasy where the nodes became
> intelligent silicon
> life forms, I suspect that is not what the authors wanted.   Perhaps after
> clarifying the engineering point, the authors can rewrite the sense of
> the text.
> brief editorial nits:
> 1) page 4, node index linke
> /upto/ to /up to/
> 2) page 5 (Q_jk): - not define earlier, please define it.
> 3) page 5, section 3 paragraph 2, sentence file
> sentence:
> current: /The default is to send traffic along the shortest path./
> new:  /The default policy is to send traffic along the shortest path./
> 4) page 6, section 3.3 sentences 2
> current:/ The last attribute means/
> new: /The "auto-bundled" attribute means/
> While the authors first formi is current, the change makes a
> specification clear.
> 5) page 3.5 - please spell out the first use of UHP
> 6) section 3.6/3.7 - could use a diagram.
> 7) page 11, section 4.3, paragraph 2, sentence 2 (spelling) -
> old/exaclty one;/
> new/exactly one/
> _______________________________________________
> mpls mailing list


Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição