[mpls] Re: Zaheduzzaman Sarker's Discuss on draft-ietf-mpls-inband-pm-encapsulation-15: (with DISCUSS and COMMENT)

Zaheduzzaman Sarker <zahed.sarker.ietf@gmail.com> Thu, 05 September 2024 11:25 UTC

Return-Path: <zahed.sarker.ietf@gmail.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1901CC15108B; Thu, 5 Sep 2024 04:25:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KclMQKP7ssbu; Thu, 5 Sep 2024 04:25:09 -0700 (PDT)
Received: from mail-pg1-x532.google.com (mail-pg1-x532.google.com [IPv6:2607:f8b0:4864:20::532]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15B93C14F6A3; Thu, 5 Sep 2024 04:25:09 -0700 (PDT)
Received: by mail-pg1-x532.google.com with SMTP id 41be03b00d2f7-7d4f85766f0so579144a12.2; Thu, 05 Sep 2024 04:25:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1725535508; x=1726140308; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=SiIajsXaNhsgPfQmqGx9DcBZhYxsqj+cyMnXfO/nulk=; b=MDWPUWFDmrwZw1W3RAj3fmaH/CD7+sB2uhl8VN78+x/17ktjg8PLlzQ7XRFU1JZuqt f1mpY3a9hn0M86AxKCrzDr2gSxRWKXn/7ybYRipfeFLY6eh47vgLcwKgnXsOyJPPnWyu 28cW0OHlq7J1AKgA2+eeMXSXH2hE675ZRmQT2bhLMPj4GuZnUbtcLVhMldHX5NSijoaY qFHOC8PmYGpnZJDnh6rvvj/TTu6t5GVgmQU9mRLstOxZFXGfOOFnX19cpY9K+DiYs4Q5 nn9+XSp2yrkZfas8SkSgDSeWkptZ5NETI+0dQ1RM76AQJGrE+p82twBlwy16i5zxF2da KhQg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725535508; x=1726140308; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=SiIajsXaNhsgPfQmqGx9DcBZhYxsqj+cyMnXfO/nulk=; b=TK/NXAMDPSGWvIQ/Ob79VxpK25RPIg9kHjH5LZSEhegIZDWT6cduNmUxbcK0oQAP5a kngX5zwiExz9WWumlTeCOBOC2EfZnHjyP1u6HAaXE8FR1SKJChP+Rs4qSPyHq2McUqRN 8lT3D2etVYeYs9FxhBidZb+mfgMpHvYHiPHhk7wpumKp9XQlf6M4FYrC7iUs6PQy4qjV 1JSsWJOytuxFHuuhi58hW+2cZEsNsl9s5sdirLE4+2Zij6Hmy2jysUW9vkH4bUsiOu3M kv6tebYnwFX5BkE+UEcbA7zlMaBBkUBE1d3FbgW76VIdK1arBJho8nQM3FjHN1ojN08U pGGQ==
X-Forwarded-Encrypted: i=1; AJvYcCUAO3N7+fZ8tTV/mOYhTWcWJyxdMjnPIItHZIsbJ9UAgvTFj/wsMCGhxq3Nl+NXgZwIHHbZRw==@ietf.org, AJvYcCX+EqXaCsdOYYcgLN5vk3GDBCuLNiI31FrJXbJFNuHn+gUeTmRwAp73qu+dLLn6OC7aQ/0ODVBO24O6UXe3XAr1kTZJXUxvBYjvyQwhuqI5QJsrqx18G9U=@ietf.org, AJvYcCXp9rNe8SjwKe0gWKnyvsvVMbr0p6RdjhUg8wWqFdlX8i6ILWHnYoCzzyu3LmQVEKRr/Gwtb3kova/2V54=@ietf.org
X-Gm-Message-State: AOJu0YwDQEKBbhExu5TETB7nM8CaxqqHciCeyvcn434Tm5z4S3kV7Z3y xf+UhyWeAZDjBsgS7vyQzahpxME1jsyVL+dkW7a5M7uZe/vN/PlXrUqvNCAwf5zeY2XiRgrdIgl orRIlankIPQSnQCrGfUoJQeDqEpNjKnUz
X-Google-Smtp-Source: AGHT+IFoEDY53gm23OZRwOGKjaYYTJiQ7vaSvcTMWX2excyztmKeBeTsY0aypB4ibJbF/d/o3Eu6tRY/hqbHTRXJzZs=
X-Received: by 2002:a05:6a20:3f01:b0:1cf:55e:f893 with SMTP id adf61e73a8af0-1cf055f0513mr5253866637.36.1725535507933; Thu, 05 Sep 2024 04:25:07 -0700 (PDT)
MIME-Version: 1.0
References: <172543283680.1580666.3170986618289853050@dt-datatracker-68b7b78cf9-q8rsp> <20240905153528384nAO1OTdDbV9fGLJkTIqkD@zte.com.cn>
In-Reply-To: <20240905153528384nAO1OTdDbV9fGLJkTIqkD@zte.com.cn>
From: Zaheduzzaman Sarker <zahed.sarker.ietf@gmail.com>
Date: Thu, 05 Sep 2024 14:24:56 +0300
Message-ID: <CAEh=tcc1yrBYVkM1oc3ws3y7O7_W4NEZ2-v+kbvLASOREDNsqQ@mail.gmail.com>
To: xiao.min2@zte.com.cn
Content-Type: multipart/alternative; boundary="000000000000ff73ad06215d8ad6"
Message-ID-Hash: XDJ7B2ZJS6ILHMSBRHDSHBMKIXXAGNJQ
X-Message-ID-Hash: XDJ7B2ZJS6ILHMSBRHDSHBMKIXXAGNJQ
X-MailFrom: zahed.sarker.ietf@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-mpls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: iesg@ietf.org, draft-ietf-mpls-inband-pm-encapsulation@ietf.org, mpls-chairs@ietf.org, mpls@ietf.org, tsaad@cisco.com
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [mpls] Re: Zaheduzzaman Sarker's Discuss on draft-ietf-mpls-inband-pm-encapsulation-15: (with DISCUSS and COMMENT)
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/6gceaGXBbBXdLM_NUc-0WB4F-QY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Owner: <mailto:mpls-owner@ietf.org>
List-Post: <mailto:mpls@ietf.org>
List-Subscribe: <mailto:mpls-join@ietf.org>
List-Unsubscribe: <mailto:mpls-leave@ietf.org>

On Thu, Sep 5, 2024 at 10:35 AM <xiao.min2@zte.com.cn> wrote:

> Hi Zaheduzzaman,
>
>
> Thanks for your review and comments.
>
> Please see inline.
> Original
> *From: *ZaheduzzamanSarkerviaDatatracker <noreply@ietf.org>
> *To: *The IESG <iesg@ietf.org>;
> *Cc: *draft-ietf-mpls-inband-pm-encapsulation@ietf.org <
> draft-ietf-mpls-inband-pm-encapsulation@ietf.org>;mpls-chairs@ietf.org <
> mpls-chairs@ietf.org>;mpls@ietf.org <mpls@ietf.org>;tsaad@cisco.com <
> tsaad@cisco.com>;tony.li@tony.li <tony.li@tony.li>;tony.li@tony.li <
> tony.li@tony.li>;
> *Date: *2024年09月04日 14:54
> *Subject: **Zaheduzzaman Sarker's Discuss on
> draft-ietf-mpls-inband-pm-encapsulation-15: (with DISCUSS and COMMENT)*
> Zaheduzzaman Sarker has entered the following ballot position for
> draft-ietf-mpls-inband-pm-encapsulation-15: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to
> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
>
> for more information about how to handle DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-mpls-inband-pm-encapsulation/
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
> Thanks for working on this specification.
>
>
> I have noted this specificaiton uses RFC 9341 performance measurement methods.
> RFC 9341 says -
>
>    "the Alternate-Marking Method MUST only be applied to controlled domains."
>
>
> Hence, I would like to discuss
>
>   - if MPLS performance measurement will be done in "controlled domains" or
>   not. If yes, should this specification not discuss and state about
>   measurement done in "controlled domains"?
> [XM]>>> Yes, on this point the MPLS performance measurement follows what
> RFC 9341 says. To make this explicit, I propose to add a new paragraph to
> the beginning of the Security section.
>
> NEW
>
> As specified in Section 7.1 of RFC9341, for security reasons, the
> Alternate-Marking Method MUST only be applied to controlled domains. That
> requirement applies when the MPLS performance measurement with the
> Alternate-Marking Method is taken into account, which means the MPLS
> encapsulation and related procedures defined in this document MUST only be
> applied to controlled domains, otherwise the potential attacks discussed in
> Section 10 of RFC9341 may be applied to the deployed MPLS networks.
>
Thanks the text looks good, however, I am not sure if MPLS perfomance can
be done in controlled domains or not i.e. what is the controlled domain
mean here in this context. I will left that to MPLS expert to comment on.

//Zahed




>
>
>   - current security consideration does not describe the implications if the
>
>   measurement is not done in the controlled domains, should this specification
>   not describe those?
> [XM]>>> Please see above. Is the text of the proposed new paragraph
> applicable?
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> I have not marked any other transport protocol related issues.
>
> Best Regards,
>
> Xiao Min
>
>
>