Re: [mpls] draft-ietf-mpls-lspping-norao-03 - Review

Greg Mirsky <> Tue, 03 October 2023 09:47 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 940BEC1522AB for <>; Tue, 3 Oct 2023 02:47:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id K0bgNAVNQZYf for <>; Tue, 3 Oct 2023 02:47:32 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::b2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id CFE72C1519BF for <>; Tue, 3 Oct 2023 02:46:49 -0700 (PDT)
Received: by with SMTP id 3f1490d57ef6-d7e904674aeso741824276.3 for <>; Tue, 03 Oct 2023 02:46:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20230601; t=1696326409; x=1696931209;; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=md3PGETnWMY3nRIw/yG3h5eAaNRa323KobM3LKt52bI=; b=ILlioFW5yE026MddLmNJvnS4y4bsc/t3ojgTjKPMaIPh2XZKvGM4NGf3pBYrl8QBWt J53WpWYHGQCSDonKRvrwy/4PiUL3heZ2JNTfEIG265rtshyz42hnvVVpDjPdIlUSXZNc jcetsKYtfivSBszZdq2puKq4O5YRWPo1uGjG+eFhWf9j/UjHGAZ+T8LmqtHyYua4+gYf +5SX5AvMh5H3RDhiULuEvdAGsurS0GUhsFiadUwM3p4wwSP3ScJRggOUS14IEgbWukLk tLAzD1K061rQS8KlhdkJr66TkKNeaimVvPsu6uu58z/kJMM7KOB1NYIcQLtprRfSqrHB Eg8Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20230601; t=1696326409; x=1696931209; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=md3PGETnWMY3nRIw/yG3h5eAaNRa323KobM3LKt52bI=; b=B83aGUs5kvIa+FpV9jLSgYJk/gk+rnWplMcX1iQ1mr1YZM8zpVZynfmnAfrXl8Ir5Z PawRBTgZV1o6TkVQ1WzgjxX+HMn7Na+t0Ow1raKVySJCkWx5falUMBXZw6eYxFvQM+VR YigkvWJwxH9NEMzzZK1/0v+zWpwOcJQwQdaPd78b7VD0RQrA/c4cafWA4euub6MnXcXL VlQNUOhL5Zqb5HGy5j9vQVAoIZvbWBarSwNjik8QVXXQXv+Dm3+m+3NXM+QAJKTw4yqm svEXY2uPAOx/qySfXhy1QzAqYbVKVU6oS9XBFDhJY2LDEhlT2rV7V7Pz1lhDlE8TCsmX CExw==
X-Gm-Message-State: AOJu0Yw+MRj2B4yTPh+ImCjqWhjS2fg9QSeC8CNZhXBnUURIo6qDrt2y tNCq+XSWpH9E+Zp5FYuobiZkxFrTtUVRruboBV0mB6/4RUxpLjH5
X-Google-Smtp-Source: AGHT+IFZ1iBfY4O8LuV8y2SIaGL3yxY75kjjzb2ir8HywtstdYJ7YbjuX3OG11BGo+uYbpYDT9GI1qelhPLhFGMKlS8=
X-Received: by 2002:a25:6b01:0:b0:d89:88ac:7bf with SMTP id g1-20020a256b01000000b00d8988ac07bfmr11984765ybc.61.1696326408788; Tue, 03 Oct 2023 02:46:48 -0700 (PDT)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: Greg Mirsky <>
Date: Tue, 03 Oct 2023 11:46:37 +0200
Message-ID: <>
To: Gyan Mishra <>
Cc: mpls <>
Content-Type: multipart/alternative; boundary="00000000000004df9b0606ccc54e"
Archived-At: <>
Subject: Re: [mpls] draft-ietf-mpls-lspping-norao-03 - Review
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Multi-Protocol Label Switching WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 03 Oct 2023 09:47:36 -0000

Hi Gyan,
thank you for the review and your helpful suggestions. Please find my notes
below under the GIM>> tag.


On Tue, Oct 3, 2023 at 7:15 AM Gyan Mishra <> wrote:

> Dear authors
> Below is a review of this draft.
> I think it would be good to explain what a controlled versus not
> controlled environment is and could be a simple sentence of single
> administrative domain versus inter domain over public Internet.
GIM>> Would the following update in the Introduction make the text
sufficiently clear:
   Furthermore, [RFC6398] identifies security vulnerabilities associated
   with the RAO in non-controlled environments, e.g., the case of using
   the MPLS echo request/reply as inter-area OAM, and recommends against
   its use outside of controlled environments.
   Furthermore, [RFC6398] identifies security vulnerabilities associated
   with the RAO in non-controlled environments, e.g., the case of using
   the MPLS echo request/reply as inter-domain OAM over the public
   Internet, and recommends against its use outside of controlled
   environments, e.g., outside a single administrative domain.

> There are three options available for the LSP ping so as we are
> deprecating the use of LSP ping with ROA both the link local and TTL=1
> should be valid options.
GIM>> As I understand the intent of IP/UDP encapsulation of MPLS echo
request/reply messages, using the IP loopback address as the IP destination
address serves as the exception mechanism. The TTL-based exception is used
but for the MPLS underlay network.

> RFC 5082 GTSM talks about TTL spoofing and that 255 is hard to spoof
> opposed to TTL 1.  It maybe a good idea to mention that link local is the
> recommendation and reasons why TTL 1 is not recommended option due to
> spoofing.
GIM>> It is not clear to me how a link-local address can be used in IP/UDP
encapsulation of an MPLS echo request/reply message. Could you kindly give
an example of the encapsulation?

> This draft below on deprecating IPv6 RAO option goes into more detail and
> reason why due to issue with HBH EH and RAO bring a HBH option makes it a
> security risk to use HBH.  This draft has some more detail about control
> plane and forwarding plane Figure 1 that could be applicable to LSP ping
> RAO depreciation draft as well.
GIM>> It seems like replicating information may not be the most efficient
WoW.  I'll discuss with Ron plans for the work in 6man and if referencing
it in the MPLS draft is useful.

> Thank you
> Gyan
> _______________________________________________
> mpls mailing list