Re: [mpls] MPLS-RT review of draft-bryant-mpls-sfl-control

Tarek Saad <> Thu, 25 June 2020 05:25 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B76143A00D3; Wed, 24 Jun 2020 22:25:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id xGXjDXkgv-yz; Wed, 24 Jun 2020 22:25:33 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::d35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C9BFB3A0121; Wed, 24 Jun 2020 22:25:32 -0700 (PDT)
Received: by with SMTP id a12so4694052ion.13; Wed, 24 Jun 2020 22:25:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=from:to:cc:subject:thread-topic:thread-index:date:message-id :references:in-reply-to:accept-language:content-language :content-transfer-encoding:mime-version; bh=xkRcRq5ErO2Xcep7dSmomAQqLxWdBsaUjEg63XsCh+g=; b=WyP5Dp0WHu3/gRZakY+dOxmzK/qKh11S/GgsakrGv2sxi4SjHnQqjqPBQPMeUbvOVB HTKcMt7repEAWFmFE2PJGOGMNB38OcbW68EleVmoeSrUpnbEND1aFSW8WuRjGtY51TDA tmmlG2ue/XOEN2DK3OOr+m+YUPUp685d0H2y3176bpde7IYG2VMY9pKmWzobQQwE2jB0 JnYgB4KGqhdvzKwcijNP5eNAkEka9quOLPgAaqrEqnSw61m3q3tRfEmBAxI9WP3xkY5s 0pcRjK0o6OljEMnEq3Xqzk7kmgEVcqalL7/kTL8BEx0cbf/MEbqXXDuDkNd8vrquORaO ABTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:to:cc:subject:thread-topic:thread-index :date:message-id:references:in-reply-to:accept-language :content-language:content-transfer-encoding:mime-version; bh=xkRcRq5ErO2Xcep7dSmomAQqLxWdBsaUjEg63XsCh+g=; b=U6HUqztvszvMXSUWZVL9Fgz7USYMoKarmYn9N92xvEXjk6FcEQwkZajMy8ffkPGx18 bsIPwI6u/xLLoNH8VgJyMWrUOa3NAocsH1AS11v2m6/hWIl1RjE6jTxcc7chKg2d3WJr WU7wamY9Y0UvieP14PlsTX9xXW6a+9DgzHX5SgDmqshSyaXQhM3Zapdq88W85RzCZo+1 MJqZGpDkgAwZTCv4jyH5JyGhyCz36Y25YRYVt1XkCVLl8ADhRMIxPNWWzFUqHp1Hn7lN CY9YpdmHcCroMcMm66r0RfOkzNKftqUJDmuwhcm43eyZQKvnePcxnZivlSp291UW85Tp AE3Q==
X-Gm-Message-State: AOAM532dEd/QlKDcvVxQYUMf5CpQF5QxwePIPFpJtWvn9nL3rShMvfzy DU27xx62SrRyONbko6FqqFvyqnEdpaE=
X-Google-Smtp-Source: ABdhPJyBMCbNNtHveo9ms+X7/ZtSDAVrVJLvhG9g6dqJ5cLC0WeCEigYLOZotA39GL4sK5Kx6OZGLg==
X-Received: by 2002:a6b:7d02:: with SMTP id c2mr33124112ioq.146.1593062731873; Wed, 24 Jun 2020 22:25:31 -0700 (PDT)
Received: from ([2603:1036:304:2892::5]) by with ESMTPSA id u15sm6735402iog.18.2020. (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 Jun 2020 22:25:30 -0700 (PDT)
From: Tarek Saad <>
To: Stewart Bryant <>
CC: "" <>, mpls <>, mpls-chairs <>
Thread-Topic: MPLS-RT review of draft-bryant-mpls-sfl-control
Thread-Index: ATAxRUIz0qsKtGHlIv6ANjLcHwobnThFNTRDynCt5gE=
X-MS-Exchange-MessageSentRepresentingType: 1
Date: Thu, 25 Jun 2020 05:25:29 +0000
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
X-MS-Exchange-Organization-SCL: -1
X-MS-Exchange-Organization-RecordReviewCfmType: 0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [mpls] MPLS-RT review of draft-bryant-mpls-sfl-control
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multi-Protocol Label Switching WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 25 Jun 2020 05:25:35 -0000

Hi Stewart,

Thanks for getting back on my comments. I am OK with your planned actions, and I am OK from my side to proceed with the WG adoption of this document.


On 6/4/20, 5:11 AM, "Stewart Bryant" <> wrote:

    Dear Tarek

    Tjhankl you for your review, please see below:

    > On 3 Jan 2020, at 18:43, Tarek Saad <> wrote:
    > Hi,
    > I’ve been selected as an MPLS-RT reviewer for this draft being considered for WG adoption.
    > After reading it, I have the following comments on it:
    > 1. Since the SFL control protocol uses ACH – the SFL control messages flow in-band over the MPLS datapath (e.g. PW, LSP, etc.). Is this restriction required? How does it differ from other protocol(s) that do out-of-band control messaging -- e.g. BGP, T-LDP, etc. that allocate PW labels?

    SB> BGP and LDP run over TCP, which in turn runs over IP.

    This simple protocol can run directly over the LSP and thus can run over MPLS without IP, although I anticipate that we could run the same format over IP if needed, for instance using MPLS over UDP, and would seek the advice of the MPLS WG on how much to put in the text to cover this case.

    > 2. It would be useful to have text for any considerations/comparison given to existing control plane protocols that can do same/similar function and if/why they are not adopted/extended

    SB>There was a laundry list of protocols that people wanted, but when I asked for help none was forthcoming. I then offered to continue to
    Work on this design sketch I made several years ago and the WG asked me to complete this.  I have text in tat says that this is a method that can be used without changing the existing protocols, and that alternatives are not prohibited. In the circumstances that should be sufficient.

    > 3. Section 3 mentions, the SFL ACH can be carried over PW, or LSP. What about MPLS section/i.e. MPLS link? E.g. for use with single-hop LM? Any restrictions for this?

    SB> I cannot see a restriction, can you? The packet will arrive on the GAL if there is PHP and on the delivery label in other circumstances. This is regular MPLS

    > 4. Section 3.1:
    > 	a. Some flags may be meaningful at one side (i.e. either querier or responder) and depending if CC flag is R set or not -- some flags may be invalid if received - e.g. W Lflag is not expected to be received by a querier. Do such cases necessitate errors? How is it handled - rejecting the whole SFL batch or the whole SFL message?

    SB> There is a note that the error cases need more work, and I would like to do this as part of the WG process. I would certainly be interested in the observations of the WG.

    > 	b. s/Responser/Responder

    SB> Done

    > Section 3.2.1
    > 	a. May clarify that “SFL Control Request” message, is “SFL Control Message” with CC Flag (R=1)

    SB> There is clearly some clarifying text needed. As written the text is a clone of the RFC 6374 control text. There is advantage in making it the same as RFC 6374 for familiarity and possible code reuse. On the other hand the terms would be wrong in a control protocol designed in isolation and seem a bit strange.

    I would appreciate the view of the WG.

    > 	b. Can the same message serve as Request, Refresh and Withdraw for a specific Batch? i.e. to allow existing (allocated) SFL batch to be resized by refreshing some existing SFL(s), withdrawing some, and requesting some new ones? If yes, may clarify it - since as-is the sections defined in the document hint that a message can be one of (request/refresh/withdraw) at any time

    SB> That reflects the RFC 6374 heritage. Having a single instruction per message simplifies things and I am include to leave it that way, but I would talk this on advisement by the WG. That is why I really would like to get this into the WG to get their wisdom on the matter.

    > 	c. In cases where a  node functions as both requester and responder, can same session Id be used for sending requests and respond by the same node?

    SB> The session identifier has the context of the LSP and the request vector so yes, I think the same session ID can be used in both cases.
    If this were not the case there would be a race condition to deal with as both ends of a link initiated, so I think the answer has to be yes and the  node has to keep the context.

    > 	d. As per, the high runner case for SFL is for additional action packet counter - is this action assumed implicit always for all SFL(s)? Is there a way in the protocol to associate different/additional action with a specific SFL?

    SB> No, we are just doing the label exchange with this. If we think that we need to add an action registry we can do that, or we can manage it another way. What is the view of the WG?

    > 	e. “A Querier MUST NOT send an expired SFL to a Responder since to do so may invalidate another SFL operation.”: this may be considered a security for a DoS, you may want to highlight this in the security section

    SB> Well MPLS is fragile against this and the assumption is that MPLS is sheltered from bad actors. It would not be a DoS attack, it would trigger a malfunction. I think this is covered by the well managed network text in the security section.

    > 	f. s/SFV/SFL

    SB> Done

    > 	g. The text “All other LFlags are cleared.” Seem to override the previous text that. V LFlag can be also set at same time to cover requesting a specific label

    SB> I just looked again at the text and that expression seems only to be used on the send side so it lived in the context of the V Flag having been set or cleared appropriately and be overridden. Can you see a case where the wrong thing would happen?

    > 6. For unidirectional LSP(s), how is the return path for response messages specified? Is the Querier source address derived from LSP control plane state? Or, is the SA TLV from RFC6374 for p2p unidirectional added too? In this case, how to force the SFL Control Response message – e.g. be IP routed back or go over a specific reverse LSP?

    SB> I will adds some text to cover this in version 08. I will upload 07 and we can then decide if it needs to be fixed before WG adoption.

    > 7. "3.2.3.  Withdraw  
    >           [...] via an appropriate path.", does this mean control messages can be sent over any path (other than the underlying LSP or PW)?

    SB> Yes. We use the term a number of times and it is intended to add generality since restricting the path does not add any useful benefit.

    > 8. "
    >   A Querier MUST wait a configured time (suggested wait of 60 seconds)
    >   before reattempting a Withdraw request.", may be useful to highlight why the restriction? Is this to avoid frequent sending of control plane messaging?
    SB> Text now says

    A Querier MUST wait a configured time (suggested wait of 60 seconds)
    before re-attempting a Withdraw request.
    No more than three Withdraw
    requests SHOULD be made. These restricctions are to prevent overloading the
    control plane of the actioning router.

    Best regards


    > Regards,
    > Tarek