Re: [mpls] Mirja Kühlewind's No Objection on draft-ietf-mpls-rfc4379bis-07: (with COMMENT)
"Nagendra Kumar Nainar (naikumar)" <naikumar@cisco.com> Wed, 26 October 2016 13:15 UTC
Return-Path: <naikumar@cisco.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5002012967E; Wed, 26 Oct 2016 06:15:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.951
X-Spam-Level:
X-Spam-Status: No, score=-14.951 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y74T6uiPrFXj; Wed, 26 Oct 2016 06:15:45 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 91D46129BBF; Wed, 26 Oct 2016 06:15:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=13437; q=dns/txt; s=iport; t=1477487738; x=1478697338; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=/h5ygItlbXx+yskd7muNjTbd0tPoe+ekC4rEJqa+hVE=; b=TRwHrFjG/OkvuUXoes47996KdXxIyMg8UOExB9r/ACAn8ozs81GnF2ze GQ/S3lGwUdm3PSb8a2J0/6totYP6dFjjTbQumr+V6SvXoVyHnlo2IDzON lI5ZswgKTSijc+WRgdoKpJD4r6V9kSzjL9fPEQS+TfLVrE5MErZ//Sf/R I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CoAQAPqxBY/5hdJa1dGgEBAQECAQEBAQgBAQEBgnM3AQEBAQEdWH0HjS6Wfodeh0uDB4IPggknhXsCgX4/FAECAQEBAQEBAWIohGIBAQECAnkQAgEIEQMBAigHIREUCQgCBAENBYg6AxcOvBUNg3ABAQEBAQEBAQEBAQEBAQEBAQEBAQEXBYsSgkeBUhEBIxkYhScFiEWGQIpcNQGGK4ZRgyOBboRtiSmIcIQahAABHjZegxkcGIE6cgGGLw0XB4ECgQkBAQE
X-IronPort-AV: E=Sophos;i="5.31,550,1473120000"; d="scan'208,217";a="338975063"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Oct 2016 13:15:37 +0000
Received: from XCH-RCD-019.cisco.com (xch-rcd-019.cisco.com [173.37.102.29]) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id u9QDFbru029349 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 26 Oct 2016 13:15:37 GMT
Received: from xch-rcd-015.cisco.com (173.37.102.25) by XCH-RCD-019.cisco.com (173.37.102.29) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 26 Oct 2016 08:15:36 -0500
Received: from xch-rcd-015.cisco.com ([173.37.102.25]) by XCH-RCD-015.cisco.com ([173.37.102.25]) with mapi id 15.00.1210.000; Wed, 26 Oct 2016 08:15:36 -0500
From: "Nagendra Kumar Nainar (naikumar)" <naikumar@cisco.com>
To: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>, Mirja Kuehlewind <ietf@kuehlewind.net>
Thread-Topic: Mirja Kühlewind's No Objection on draft-ietf-mpls-rfc4379bis-07: (with COMMENT)
Thread-Index: AQHSLuwBtgjqFU6gEEeW1K5hHrffDqC6iQEAgAA/+oA=
Date: Wed, 26 Oct 2016 13:15:36 +0000
Message-ID: <D43623D0.19F996%naikumar@cisco.com>
References: <147741942986.1480.9692706368109608681.idtracker@ietfa.amsl.com> <23E7818F-7EC2-4D11-8F48-87BBE8B5FEB0@cisco.com>
In-Reply-To: <23E7818F-7EC2-4D11-8F48-87BBE8B5FEB0@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.7.151005
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.24.18.92]
Content-Type: multipart/alternative; boundary="_000_D43623D019F996naikumarciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/WBAzB4fg_AO7vRE92jCZ3Ncvuxs>
Cc: "mpls-chairs@ietf.org" <mpls-chairs@ietf.org>, "draft-ietf-mpls-rfc4379bis@ietf.org" <draft-ietf-mpls-rfc4379bis@ietf.org>, "mpls@ietf.org" <mpls@ietf.org>, The IESG <iesg@ietf.org>
Subject: Re: [mpls] Mirja Kühlewind's No Objection on draft-ietf-mpls-rfc4379bis-07: (with COMMENT)
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Oct 2016 13:15:49 -0000
Hi Mirja, Is there a rational for copying this ICMP hack? <Nagendra> Using a flag in the header and sending it hop-by-hop will end up taking soft path (CPU punt path) and may not validate the actual data path. Use of TTL trick will help validate if the transit nodes are forwarding it as per control plane. With this machinery, we get the Downstream TLV details as per control plane, include it in the next probe and validate it with the actual Downstream node. Thanks, Nagendra From: "Carlos Pignataro (cpignata)" <cpignata@cisco.com<mailto:cpignata@cisco.com>> Date: Wednesday, October 26, 2016 at 1:26 AM To: Mirja Kuehlewind <ietf@kuehlewind.net<mailto:ietf@kuehlewind.net>> Cc: The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>, "draft-ietf-mpls-rfc4379bis@ietf.org<mailto:draft-ietf-mpls-rfc4379bis@ietf.org>" <draft-ietf-mpls-rfc4379bis@ietf.org<mailto:draft-ietf-mpls-rfc4379bis@ietf.org>>, Loa Andersson <loa@pi.nu<mailto:loa@pi.nu>>, "mpls-chairs@ietf.org<mailto:mpls-chairs@ietf.org>" <mpls-chairs@ietf.org<mailto:mpls-chairs@ietf.org>>, "mpls@ietf.org<mailto:mpls@ietf.org>" <mpls@ietf.org<mailto:mpls@ietf.org>> Subject: Re: Mirja Kühlewind's No Objection on draft-ietf-mpls-rfc4379bis-07: (with COMMENT) Resent-From: <alias-bounces@ietf.org<mailto:alias-bounces@ietf.org>> Resent-To: <kireeti.kompella@gmail.com<mailto:kireeti.kompella@gmail.com>>, <cpignata@cisco.com<mailto:cpignata@cisco.com>>, Nagendra Kumar Nainar <naikumar@cisco.com<mailto:naikumar@cisco.com>>, <aldrin.ietf@gmail.com<mailto:aldrin.ietf@gmail.com>>, <mach.chen@huawei.com<mailto:mach.chen@huawei.com>> Resent-Date: Wednesday, October 26, 2016 at 1:26 AM Hi, Mirja, Thanks, please see inline. On Oct 25, 2016, at 11:17 AM, Mirja Kuehlewind <ietf@kuehlewind.net<mailto:ietf@kuehlewind.net>> wrote: Mirja Kühlewind has entered the following ballot position for draft-ietf-mpls-rfc4379bis-07: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-mpls-rfc4379bis/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- A few not very important comments: 1) To me it seems a bit unfortunate that this draft points to rfc6425 and rfc6426 for the definition of the T and R flags, given the goal was to have all specifications in one doc. Not sure if that can or should be fixed. Just wanted to mention it. Thanks for mentioning it. The WG did discuss this. You can see https://www.ietf.org/proceedings/96/slides/slides-96-mpls-2.pdf Since 4379bis is not obsoleting rfc6525 and rfc6526, the idea was to keep the definition in those RFCs, but mention them in the bis. 2) I would expect that the security section recommends border filtering of MPLS ping message, given that these are usually used within one domain, no? There is inter-as and inter domain lsp ping. 3) I know this is a bis doc but I'm still wondering why this TTL trick is used here. For ICMP that was a way that utilizes the existing specification and implementation to get further information. Here, the TTL expiration in traceroute mode is used to intercept the packet and send it to the control plane. Additionally see below. However here, you could just have used a flag in the header either saying 'only forward to the end' or 'reply and still forward', or something like this, to cover the two modes. This would also allow to just send one packet to the end instead of sending one for each hop. That's a great question for RFC4379, but not for the bis :-) Could have done a lot of things at the time. A major departure from the existing paradigm, and a potentially nice attack vector, would be to generate multiple response packets from a single packet. But nonetheless, that would be a different protocol and not a bis. Is there a rational for copying this ICMP hack? Hack for one, elegant engineering for another, maybe both :-) Thanks, - Carlos.
- [mpls] Mirja Kühlewind's No Objection on draft-ie… Mirja Kuehlewind
- Re: [mpls] Mirja Kühlewind's No Objection on draf… Carlos Pignataro (cpignata)
- Re: [mpls] Mirja Kühlewind's No Objection on draf… Nagendra Kumar Nainar (naikumar)