Re: [mpls] draft-ietf-mpls-spring-lsp-ping: resolution of issues raised in my RTG-DIR review

"Nagendra Kumar Nainar (naikumar)" <naikumar@cisco.com> Tue, 17 October 2017 01:15 UTC

Return-Path: <naikumar@cisco.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E44B127005; Mon, 16 Oct 2017 18:15:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W-D2Yq5Ey9Jn; Mon, 16 Oct 2017 18:15:28 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2D0F12ECEC; Mon, 16 Oct 2017 18:15:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=66544; q=dns/txt; s=iport; t=1508202928; x=1509412528; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=D94A6GMfSWABcI3iNIx0Y+XxOknvcMuf0LpWYlVumUc=; b=fXnTturryYj3WHZvgDYI1MPt8wH/inw3ajLQffaaMpnfUAKYIwgq7Rj0 D2PsnXdMjAZm1gjlUp+ZhPN5vH1wsg5jmE/Hw+kwm1pylpjsJmoyMr4fO wqfxl2sYx9zsYQscDdADRXfODfU48Vf4+pU+qeVIPV9D4Ug+XyaTwMFMp w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CjAABkWOVZ/4kNJK1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgm9CLmRuJweDc4ofjzeBdnmVNhCCBAqFOwIahEA/GAECAQEBAQE?= =?us-ascii?q?BAWsohR0BAQEEIwo6Eg4CAgEIEQQBASEBBgMCAgIUHBQJCAEBBA4FiTlkqmCCJ?= =?us-ascii?q?yaLGgEBAQEBAQEBAQEBAQEBAQEBAQEBAR0FgyiCB4M7K4FxWTWEUgESASYHCR8?= =?us-ascii?q?CglsvgjIFihCJIo4WAoh0gkuJKoIUhXaDfocOiiKLIAIRGQGBOAEfOIEDVnoVd?= =?us-ascii?q?gGCNoJcHBmBTnaIWg0YB4EFgREBAQE?=
X-IronPort-AV: E=Sophos; i="5.43,389,1503360000"; d="scan'208,217"; a="17916938"
Received: from alln-core-4.cisco.com ([173.36.13.137]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 17 Oct 2017 01:15:26 +0000
Received: from XCH-ALN-012.cisco.com (xch-aln-012.cisco.com [173.36.7.22]) by alln-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id v9H1FQlV026992 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 17 Oct 2017 01:15:26 GMT
Received: from xch-rcd-015.cisco.com (173.37.102.25) by XCH-ALN-012.cisco.com (173.36.7.22) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Mon, 16 Oct 2017 20:15:25 -0500
Received: from xch-rcd-015.cisco.com ([173.37.102.25]) by XCH-RCD-015.cisco.com ([173.37.102.25]) with mapi id 15.00.1320.000; Mon, 16 Oct 2017 20:15:25 -0500
From: "Nagendra Kumar Nainar (naikumar)" <naikumar@cisco.com>
To: Alexander Vainshtein <Alexander.Vainshtein@ecitele.com>
CC: "rtg-ads@ietf.org" <rtg-ads@ietf.org>, "mpls@ietf.org" <mpls@ietf.org>, "spring@ietf.org" <spring@ietf.org>, "Jonathan Hardwick (Jonathan.Hardwick@metaswitch.com)" <Jonathan.Hardwick@metaswitch.com>, "rtg-dir@ietf.org" <rtg-dir@ietf.org>, "draft-ietf-mpls-spring-lsp-ping.authors@ietf.org" <draft-ietf-mpls-spring-lsp-ping.authors@ietf.org>, "BRUNGARD, DEBORAH A" <db3546@att.com>
Thread-Topic: draft-ietf-mpls-spring-lsp-ping: resolution of issues raised in my RTG-DIR review
Thread-Index: AdM87VBWMwQpWk20SYuuvpBxKKubvgD/JaaAASd6g7AAWX4xgA==
Date: Tue, 17 Oct 2017 01:15:25 +0000
Message-ID: <4E95B90B-43FD-4DC6-A052-19B0C00A866D@cisco.com>
References: <AM4PR03MB1713BACBB06A4157DFE2F3889D730@AM4PR03MB1713.eurprd03.prod.outlook.com> <34333AE3-B0F1-43C3-A9DE-2BB3AAD7E7BA@cisco.com> <AM4PR03MB171301482FC7A31B2C92728A9D4E0@AM4PR03MB1713.eurprd03.prod.outlook.com>
In-Reply-To: <AM4PR03MB171301482FC7A31B2C92728A9D4E0@AM4PR03MB1713.eurprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.25.0.170815
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.24.26.108]
Content-Type: multipart/alternative; boundary="_000_4E95B90B43FD4DC6A05219B0C00A866Dciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/YY_DyZMD4E1A_PA8kfxJGPuG-20>
Subject: Re: [mpls] draft-ietf-mpls-spring-lsp-ping: resolution of issues raised in my RTG-DIR review
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Oct 2017 01:15:32 -0000

Hi Sasha,

Thanks again for your comments and review. I believe, the below addresses the pending comments for good. Please see below for <Nagendra2>

Nagendra and all,
Apologies for a long delayed response. I was not checking my email for the last week or so.
Please see responses to your comments inline below.

Regards,
Sasha

Office: +972-39266302
Cell:      +972-549266302
Email:   Alexander.Vainshtein@ecitele.com

From: Nagendra Kumar Nainar (naikumar) [mailto:naikumar@cisco.com]
Sent: Monday, October 9, 2017 12:32 PM
To: Alexander Vainshtein <Alexander.Vainshtein@ecitele.com>om>; BRUNGARD, DEBORAH A <db3546@att.com>
Cc: rtg-ads@ietf.org; mpls@ietf.org; spring@ietf.org; Jonathan Hardwick (Jonathan.Hardwick@metaswitch.com) <Jonathan.Hardwick@metaswitch.com>om>; rtg-dir@ietf.org; draft-ietf-mpls-spring-lsp-ping.authors@ietf.org
Subject: Re: draft-ietf-mpls-spring-lsp-ping: resolution of issues raised in my RTG-DIR review

Hi Sasha,

Please see inline..

Deborah and all,

I have read the latest (-11) version of the draft in order to check to which extent my RTG-DIR review comments (that referred to the -06 version of the draft) have been addressed.

Here are the results of this check:

Major Issue #1 in the -06 version of the draft:
Section 7.4 “Segment ID Check” of the draft claims to update “the procedure defined in Step 6 of Section 4.4  of [RFC8029]”. However, I have failed to integrate the logic defined by the pseudocode in this section with the logic defined by the referenced pseudocode.

  *   I have suspected that the newly introduced logic should be part of the Egress FEC Validation logic defined in Section 4.4.1 of RFC 8029.  This suspicion has been acknowledged by the authors, and they plan to fix the wrong reference in the next revision of the draft.
  *   From my POV the best way to avoid possible misinterpretation by the implementers would be inclusion of the updated version of the pseudocode (with explicit marking of the new logic) directly in the document. I have suggested this to the authors, but I did not get their response so far.

Status in the -11 version of the draft:
The problematic text has been replaced with pseudocode that integrates the logic that has been defined in Section 4.4.1 of RFC 8029 with the new, SR-specific pseudocode. So, in a way, the original issue has been resolved. However, I have several issues with the current text:

  *   From my POV, the pseudocode could be made much more readable if it were better structured. One possible way to do so could be defining how IGP extensions for SR can be treated as distributing if they distributed labels (including Implicit Null) for Node Segment IDs, and using the results in the original pseudocode of RFC 8029
<Nagendra> I couldn’t understand what you meant by “SR can be treated as distributing if they distributed labels”.  Can you clarify this?
[[Sasha]] Oops! I should have said “IGP extensions to SR can be treated as if they were distributing labels for IGP Prefix/Node and IGP adjacency SIDs”.

<Nagendra2> There are some architectural difference about how label is assigned/advertised by traditional MPLS label distribution protocol and SR. To accommodate such differences, the validation machinery for SR FEC is defined to be within a container (Step 4a). Based on your comments, I understand that there is nothing broken and IMHO, it is good to leave it this way.


  *   The proposed pseudocode seems to lack the check of Label-L matching the Node Segment ID in the SRGB of the responder
<Nagendra>The Segment ID Sub-TLV defined in draft-ietf-mpls-spring-lsp-ping does not carry the SID value.
[[Sasha]] There is no need for that, each node in the SR domain can map each IGP prefix to its SID (index) and vice versa
Incorrect SRGB range or incorrect index will result in wrong segment/label to FEC mapping and this will be detected by the defined machinery. When a node is receiving LSP Ping packet with incoming label as L which is not within the SRGB, I can think of 2 possible scenarios:
                Scenario 1 – The incoming label is not in ILM. In this case, the node will reply with a return code of 11 (No label entry in ILM)
                Scenario 2 – The incoming label is not mapped to the right FEC. In this case, the FEC mapping will not be validated.

The same is applicable for label in DDMAP.
[[Sasha]] The pseudocode in Step 4 says:
      4.  If the label mapping for FEC is Implicit Null, set FEC-status to
           2 and proceed to step 4a.  Otherwise, if the label mapping for FEC
           is Label-L, proceed to step 4a.
But I do not see an explicit definition of the label mapping rules for the new sub-TLVs anywhere in the draft. Did I miss something?

<Nagendra2> In Section 7.1, we already covered about the Segment ID to Prefix mapping and Section 7.3 covers the definition of Implicit-null for Segment Routing. Hope that clarifies your comments.

Please note also that one of the sub-steps in (4a) mentions checking that the Segment ID is advertised with PHP – but should not this check be part of checking whether the label mapping for FEC is Implicit NULL?

<Nagendra2> In RFC8029, any FEC validation is explicitly done in Step 4.4.1. Step 4 of Section 4.4.1 (of RFC8029) doesn’t do any additional check when label-mapping for FEC is Implicit-null. With Step 4a, we introduce the additional SR specific check. The sub-section is required to check if the P/NP flag is cleared while advertising.


  *   It is not obvious how the proposed pseudocode treats previously defined FECs in the target FEC stack

<Nagendra> By defining the procedure in this draft as Step 4a, we execute Step 4a if FEC==SR and skip step 5. When FEC!=SR, we execute step 5. I think we discussed and clarified this already. Are you pointing to a different issue?
[[Sasha]] The modified pseudocode in Step 4 does not differentiate between “old” and SR-related FECs, it sends all FECs that match certain conditions to 4a. It is by only after checking all the conditions in Step 4a (which fail for “old” FECs”) that execution will reach Step 5. This is what I call “not obvious”.

<Nagendra2> None of the condition in step 4a will match for Old FEC. Please help clarify why would it fail for “old” FECs?. Below is the summarized version of step 4a.

If the Label-stack-depth is 0 and Target FEC Stack Sub-TLV at
         FEC-stack-depth is 34 (IPv4 IGP-Prefix Segment ID), {

IPv4 IGP Prefix-SID related Validation

         }

         Else if the Label-stack-depth is greater than 0 and Target FEC
         Stack Sub-TLV at FEC-stack-depth is 34 (IPv4 IGP-Prefix Segment
         ID), {

IPv4 IGP Prefix-SID related Validation

         }

         Else if the Label-stack-depth is 0 and Target FEC Sub-TLV at
         FEC-stack-depth is 35 (IPv6 IGP-Prefix Segment ID), {

IPv6 IGP Prefix SID validation

         }

         Else if the Label-stack-depth is greater than 0 and Target FEC
         Sub-TLV at FEC-stack-depth is 35 (IPv6 IGP-Prefix Segment ID),
         {

IPv6 IGP Prefix SID validation

         }

         Else if the Target FEC sub-TLV at FEC-stack-depth is 36 (IGP-
         Adjacency Segment ID), {

Adj-SID validation
          }

None of the If-else condition matches as they match on Target FEC Stack Sub-TLV. When a node receives LSP Ping with LDP FEC, it will not match any of the below if-else condition and so none of the machinery defined in step 4a will be executed. So eventually, it skips step 4a and goes to step 5


  *   Interface-I (the ingress interface of the received LSP Ping request) is only mentioned in the check of Adjacency SID. It is also not clear to me why the check expects its match with the Remote Interface ID in the Adjacency SID TLV.

<Nagendra> Adj-SID requires strict incoming interface check and so is the reason we are checking Interface-I for Adj-SID. Remote Interface ID in TLV is the interface identifier assigned by the downstream node for which the Adj-SID is assigned by upstream node. In example R1-R2, assume R1 assigns Ad-SID of A1 for R2. The “Remote Interface ID” field of Adj-SID FEC Sub-TLV will carry the interface ID assigned by R2 for interface connected to R1.
[[Sasha]] Does the node that has advertised an Adjacency-SID (and a label that was assigned to it) perform any specific checks? Or are these checks covered by the generic “label mapping for FEC is Label-L” check in Step 4?

<Nagendra2> Right, Assigning node does not perform any additional check.

In addition, I wonder if reception of an LSP Ping request packet that carries SR-Related target FEC stack entries from an interface on which no IGP is enabled would be detected by the machinery defined in the draft? For “old” FECs such a check would be done at Step 5 of the validation algorithm, but this step is bypassed for SR-related FECs.

<Nagendra2> Ok. We already have Interface-I check for Adj-SID. I included the below for Prefix SIDs:

<t>If it can be determined that no protocol associated with Interface-I would have advertised FEC-Type at FEC-stack-depth,
                                Set Best return code to 12, "Protocol not associated with interface at FEC stack-depth" and return.

Once again, thanks for your review comments.

Thanks,
Nagendra

Regards,
Sasha

Office: +972-39266302
Cell:      +972-549266302
Email:   Alexander.Vainshtein@ecitele.com<mailto:Alexander.Vainshtein@ecitele.com>


___________________________________________________________________________

This e-mail message is intended for the recipient only and contains information which is
CONFIDENTIAL and which may be proprietary to ECI Telecom. If you have received this
transmission in error, please inform us by e-mail, phone or fax, and then delete the original
and all copies thereof.
___________________________________________________________________________




___________________________________________________________________________

This e-mail message is intended for the recipient only and contains information which is
CONFIDENTIAL and which may be proprietary to ECI Telecom. If you have received this
transmission in error, please inform us by e-mail, phone or fax, and then delete the original
and all copies thereof.
___________________________________________________________________________