Re: [mpls] Updated rev -08 posted [Re: Benjamin Kaduk's Discuss on draft-ietf-mpls-ldp-yang-07: (with DISCUSS and COMMENT)]

tom petch <ietfc@btconnect.com> Fri, 20 March 2020 18:02 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 622263A0D5D; Fri, 20 Mar 2020 11:02:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kSRkCj-zpme3; Fri, 20 Mar 2020 11:02:31 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on0728.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0e::728]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D16DD3A0A38; Fri, 20 Mar 2020 11:01:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; =?utf-8?q?b=3Dniiu56PeGOFHseoyfQActyx68iCfVGDAGGhcFmaVRRSW7Em2nISWzRPZfZ/Wh?= =?utf-8?q?LH4+eq2HN9jk3kOvjBzWU1ZtUU1tKUAHaw5GjUdwx+JF3Ya32nLZy4aL4LX7WhJSD?= =?utf-8?q?Vm+dos1g4NoGW2O+seJm8fCU9EUgsAby1j5mF90glRSgD47ZMqebBhLSXeUgiZ0BT?= =?utf-8?q?YI+u66803Xtrd02hCfS/j4MA0gTLdzu7BckPmivxSW4/mQGYAIfFnexzrqPuqp8mf?= =?utf-8?q?XLLPQLKcAHI++B26lKfJOQo+U7ZnuGS6KK5SQbo9DU621kCuaj02ThZ33d/v9x6vq?= =?utf-8?q?pF6omJbq34W9iGF5XXVsw=3D=3D?=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AMessage-ID=3ACont?= =?utf-8?q?ent-Type=3AMIME-Version=3AX-MS-Exchange-SenderADCheck=3B?= =?utf-8?q?bh=3DHqtcAdCQ5OmRw5w7k5Kyl/72vq+AMypM1aSJu7K9JT0=3D=3B_b=3Ddwt3Su?= =?utf-8?q?f6rlQWHWrbrtRtagB7WsoeGlqMtcajnkjJbOJrIce43twlY9VsNLei3pb9GbRWj+/?= =?utf-8?q?t42+KvIjKwqvHXEJxrq316MYsIUG9ECqf7qypM0UkX14nifa+3kO5ZB0t8tyq7RCZ?= =?utf-8?q?dyVQeEqt+x74soE4vrCkHMG5+ie+493/quV7vvGsUdJgwDAmCVauJOsFQDTYQLkYy?= =?utf-8?q?KI+GksMe2hVMutKqarVrYCfDm34F3qEe5fGL52b/ftl0d3Ik7+qFdnxSyn+rwiHl+?= =?utf-8?q?M/ABupcNN9vU5PfATyn0bQC/4w8g2yeXVRbPtCFnnshhkBFcyru7LP231JtPXQ2Em?= =?utf-8?q?P6GLg0+qs9A=3D=3D?=
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AMessage-ID=3AContent-Type=3AMIME-Vers?= =?utf-8?q?ion=3AX-MS-Exchange-SenderADCheck=3B?= =?utf-8?q?bh=3DHqtcAdCQ5OmRw5w7k5Kyl/72vq+AMypM1aSJu7K9JT0=3D=3B_b=3DveYBLm?= =?utf-8?q?yyW7YJEwk7dBw3ekDOewXfSlMfcW6SH6wwLr3MTTBmZj3/5cSsDunzdYU0KZpzbnL?= =?utf-8?q?g8gLxATIGIVihsYMeKBwbVjZPymFYv4LlJVTQiSiHoeeNqAzxZWopEwAYCG3onZlA?= =?utf-8?q?H/GuqQnvpeh66qQOhkqU5WGxk4kTxcziNoY=3D?=
Received: from DB7PR07MB5657.eurprd07.prod.outlook.com (20.178.85.222) by DB7PR07MB5751.eurprd07.prod.outlook.com (20.177.123.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.12; Fri, 20 Mar 2020 18:01:39 +0000
Received: from DB7PR07MB5657.eurprd07.prod.outlook.com ([fe80::a438:bbc9:2ffe:33ee]) by DB7PR07MB5657.eurprd07.prod.outlook.com ([fe80::a438:bbc9:2ffe:33ee%5]) with mapi id 15.20.2835.017; Fri, 20 Mar 2020 18:01:39 +0000
From: tom petch <ietfc@btconnect.com>
To: "Rob Wilton (rwilton)" <rwilton@cisco.com>, Benjamin Kaduk <kaduk@mit.edu>, "Kamran Raza (skraza)" <skraza@cisco.com>
CC: "mpls@ietf.org" <mpls@ietf.org>, "mpls-chairs@ietf.org" <mpls-chairs@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-mpls-ldp-yang@ietf.org" <draft-ietf-mpls-ldp-yang@ietf.org>
Thread-Topic: Updated rev -08 posted [Re: Benjamin Kaduk's Discuss on draft-ietf-mpls-ldp-yang-07: (with DISCUSS and COMMENT)]
Thread-Index: AQHV/ggfur4rVuWjo0SCHtVebIZE3qhQHmPUgAAhcgCAAYJhtg==
Date: Fri, 20 Mar 2020 18:01:39 +0000
Message-ID: =?utf-8?q?=3CDB7PR07MB565733213CF7E46996CB8409A0F50=40DB7PR07MB5?= =?utf-8?q?657=2Eeurprd07=2Eprod=2Eoutlook=2Ecom=3E?=
References: <A3E24404-81B0-4B35-A04F-478FFF17F083@cisco.com> <20200317205553.GO50174@kduck.mit.edu>, =?utf-8?q?=3CMN2PR11MB43666D942EB3F?= =?utf-8?q?EF317EFE8C6B5F40=40MN2PR11MB4366=2Enamprd11=2Eprod=2Eoutlook=2Eco?= =?utf-8?q?m=3E_=3CDB7PR07MB56573D386B04B4EE40EDCD13A0F40=40DB7PR07MB5657=2E?= =?utf-8?q?eurprd07=2Eprod=2Eoutlook=2Ecom=3E=2C_=3CMN2PR11MB43661A0E7191210?= =?utf-8?q?5C8FD713FB5F40=40MN2PR11MB4366=2Enamprd11=2Eprod=2Eoutlook=2Ecom?= =?utf-8?q?=3E?=
In-Reply-To: =?utf-8?q?=3CMN2PR11MB43661A0E71912105C8FD713FB5F40=40MN2PR11MB?= =?utf-8?q?4366=2Enamprd11=2Eprod=2Eoutlook=2Ecom=3E?=
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ietfc@btconnect.com;
x-originating-ip: [81.131.229.19]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1a42c3d4-a45f-43d3-bd87-08d7ccf8bd4a
x-ms-traffictypediagnostic: DB7PR07MB5751:
x-microsoft-antispam-prvs: =?utf-8?q?=3CDB7PR07MB57519BB46E096BB6DE11E2DFA0F?= =?utf-8?q?50=40DB7PR07MB5751=2Eeurprd07=2Eprod=2Eoutlook=2Ecom=3E?=
x-ms-oob-tlc-oobclassifiers: OLM:5797;
x-forefront-prvs: 03484C0ABF
x-forefront-antispam-report: SFV:NSPM; =?utf-8?q?SFS=3A=2810019020=29=281360?= =?utf-8?b?MDMpKDM5ODYwNDAwMDAyKSgzOTYwMDMpKDM3NjAwMikoMzY2MDA0KSgzNDYwMDIp?= =?utf-8?b?KDE5OTAwNCkoNzYxMTYwMDYpKDExMDEzNjAwNSkoMzE2MDAyKSg4MTE1NjAxNCko?= =?utf-8?q?30864003=29=2891956017=29=2866476007=29=2864756008=29=2854906003?= =?utf-8?b?KSg2NjQ0NjAwOCkoNjY1NTYwMDgpKDY2OTQ2MDA3KSgyNjAwNSkoOTY2MDA1KSgx?= =?utf-8?q?5650500001=29=289686003=29=2818074004=29=2855016002=29=284326008?= =?utf-8?b?KSg1MzU0NjAxMSkoNjUwNjAwNykoNTI1MzYwMTQpKDc2OTYwMDUpKDg5MzYwMDIp?= =?utf-8?q?=28478600001=29=2881166006=29=2871200400001=29=282906002=29=28665?= =?utf-8?b?NzQwMTIpKDg2MzYyMDAxKSgzMzY1NjAwMikoMTg2MDAzKSg4Njc2MDAyKSg0?= =?utf-8?q?5080400002=29=285660300002=29=28579004=29=28559001=29=3B?= DIR:OUT; SFP:1102; SCL:1; SRVR:DB7PR07MB5751; H:DB7PR07MB5657.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:0;
received-spf: None (protection.outlook.com: btconnect.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: =?utf-8?q?i67bfwxHgtIGAXBwyIqi7ynwlwM5DoR?= =?utf-8?q?JwKjpGx2jcpc7u77t+IYZN5kBXrVXBhLWyhzh88Dkvt6+eF8wEnMWg9kjGekPy6ud?= =?utf-8?q?a85R5zDIi4hBZ1ScI66MesulvOMYbG6B+5GNfBo4hSkZ07dyuIi8dw0B87O3s/9Et?= =?utf-8?q?eHsxdpJaZlgr9ItUbIqRniy5kgx3yBUx6mLHo9mr11e3Eat50lbf5MmKToQnrr9ex?= =?utf-8?q?DKy5984+r55tqwRw11p22BxZyxce7qZB3y6yV50vEYHrod4AlSCl/vBewFaO/NcO7?= =?utf-8?q?MvKtAB4gMh3BTxyRcuKeA8lbQwyEdjBNnQUMey8habjpeyaspTgEWhDGpYOgfIl7K?= =?utf-8?q?cRHAxONVhiNs1T4aSci1wUyUIvypL4PF28jKm/yIb5k+Y4Zi1zvS/KhooBr38yr4q?= =?utf-8?q?PnPbiSNeX+bzB3c82zdXc4T3WFo+erl3sBKXDXpbZc3xqlnlWH2GFrrUsm9j1xZYC?= =?utf-8?q?bizMfgXeO3p//2PR0m2edaPCcmQVC8zlI8UT3KRuQpCQOjug=3D=3D?=
x-ms-exchange-antispam-messagedata: =?utf-8?q?FHs0zB5F4fNPI5T2VEUEEmyY3bRh4Q?= =?utf-8?q?aNQL/Gz3nr6Q4powmUrKpYmJOvMMiaLLigIerzYen5/EcnLF6NYTBH0elLJ/cm30o?= =?utf-8?q?ex9r9kKGKeNXZq/rnlqPYmzuv7eO/XhKYLWU8Ns7GL6ZpzZPk9lZu3w=3D=3D?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1a42c3d4-a45f-43d3-bd87-08d7ccf8bd4a
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Mar 2020 18:01:39.4842 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: =?utf-8?q?hYOgGcbGSepEqrXlj5eS0?= =?utf-8?q?FfgJjIc8enVsdin9ulYJzwHqLZGhzkBKyhxQYCw0vOj2Zjv2p/aCInepa4O9h6Lzg?= =?utf-8?q?=3D=3D?=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR07MB5751
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/vqJzL0UATp441CNYarCqvloBqYE>
Subject: Re: [mpls] Updated rev -08 posted [Re: Benjamin Kaduk's Discuss on draft-ietf-mpls-ldp-yang-07: (with DISCUSS and COMMENT)]
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Mar 2020 18:02:43 -0000

From: Rob Wilton (rwilton) <rwilton@cisco.com>
Sent: 19 March 2020 18:41
Hi Tom, Ben, Kamran,

<tp>
Rob
picking up separately on the question of security inline

Thanks for the comments.

> -----Original Message-----
> From: tom petch <ietfc@btconnect.com>
> Sent: 19 March 2020 17:04

> Rob sorry for the top posting but my e-mail is difficult currently.
[RW]
No problem.  I have to use Outlook, and that doesn't seem to be optimized for replying to emails either!

>
> The use of four presence containers seems wrong; it allows ipv4  or ipv6
> to be enabled for one part of LDP and not for others which is not LDP as I
> know it (which could be ignorance).
[RW]
Yes, I agree that this is also not ideal and not the problem that I responded to previously.  I have now commented below.

  The author cites IP YANG module but I
> think that different; there there is only one presence container which can
> be set to turn on IPv4 without needing to add any more parameters ie no
> need to set the enable leaf.
[RW]
In the general case, this feels like a poor optimization to me.  It feels like it adds quite a lot of extra bespoke complexity for little gain, e.g. one data node (the ipv4 presence container) is used to enable IPv4, and a different data node (the enable leaf) is used to disable it. It also looks a bit like an adhoc version of inactive configuration, i.e. why does a client need to configure disabled IPv4 configuration in the first place.

However, I appreciate that this construct is used elsewhere in IETF models, and hence it is at least consistent across the IETF YANG models to use it here.


  This not unlike  the use of presence in
> RIP, OSPF, BFD  but there is only one presence container. in all such
> cases.  Having four presence containers and four enable leaf for IPV4 (not
> for the features) seem to me only a possible source of misconfiguration.
>
[RW]
I agree that having the presence/enable leaf in 4 places is not ideal.  Although, it looks like the enable leaf is only in two of those places, but an ipv4 p-container is used in all 4 places.

I'm not really familiar with the details of LDP, but it seems that the configuration for basic discovery, extended discovery, and statically configured peers logically sits at the same level.  Hence I think I can see why IPv4/v6 might all need to be configured/enabled separately for each of them.

But I wasn't sure why the global ipv4 configuration needs a presence container and an enable keyword.  Perhaps it could be changed to a non-presence container, and the enable keyword removed?  I.e. does it make sense to enable IPv4 globally in LDP but not also in the basic discovery, extended discovery, or peer configuration?  Or does the global IPv4 configuration only really apply if IPv4 has been enabled elsewhere?

These comments may equivalently apply to IPv6 as well.


> I echo Ben's concern about the string password.  Usually this is base64
> and I would hope to reference the basic Netconf configuration I-D on such
> matters but progress on these has not been NETCONF WG finest hour.
[RW]
Yes, we need to get those drafts finished.  This might be something that I need to discuss with the NETCONF chairs and possibly the security ADs to figure out how we have something that is good enough.

But I also have to confess that I don't fully understand the nuances of this issue well enough to really know whether string vs binary is the right answer here.

<tp>
I think that it can be summed up as the Routing Area uses string with an associated algorithm which implies the format - could be ASCII, Hex, base64, ... and so covers anything.

Operations Areas, at least in Netconf and Netmod, uses  binary which in YANG means base64 and so can be anything.  draft-ietf-netconf-crypto-types defines YANG identity such as one-symmetric-key-format referencing RFC6031 and DER encoding.

So string or binary may not matter or at least not as much as having a format/algorithm alongside it which nails down the format and gives interoperability and entropy etc.

I suspect that I-D such as ldp-yang should specify what is acceptable in Security Considerations in terms of format/algorithm eg saying that MD5 is not or is as the case may be - currently the I-D only mentions MD5, as an example, and I thought the IETF was seeking to wean people off that.

I think that the work in the Routing Area, such as RFC8177, is somewhat ahead of work in the Operations Area and could provide a source of guidance on what is acceptable.
Tom Petch
(not a security expert)





>
> I agree that the issue with hello timers is sorted (although the use of
> refine and uses and the mix of the terminology 'all-interfaces' and
> 'global' does not make for an easy read.
[RW]
I'm okay with the refine statements.  Do you have a specific suggestion on how the terminology could perhaps be tweaked to make it easier to read/understand?

>
> Sorry this is after the telechat.
[RW]
No worries.  All constructive input is appreciated by this incoming AD who is trying to find his feet ;-)

Regards,
Rob


>
> Tom Petch
> ________________________________________
> From: mpls <mpls-bounces@ietf.org> on behalf of Rob Wilton (rwilton)
> <rwilton=40cisco.com@dmarc.ietf.org>
> Sent: 19 March 2020 16:04
> To: Benjamin Kaduk; Kamran Raza (skraza)
> Cc: mpls@ietf.org; mpls-chairs@ietf.org; The IESG; draft-ietf-mpls-ldp-
> yang@ietf.org
> Subject: Re: [mpls] Updated rev -08 posted [Re: Benjamin Kaduk's Discuss
> on draft-ietf-mpls-ldp-yang-07: (with DISCUSS and COMMENT)]
>
> Hi Ben, Kamran,
>
> > -----Original Message-----
> > From: iesg <iesg-bounces@ietf.org> On Behalf Of Benjamin Kaduk
> > Sent: 17 March 2020 20:56
> > To: Kamran Raza (skraza) <skraza@cisco.com>
> > Cc: mpls@ietf.org; mpls-chairs@ietf.org; Nicolai Leymann
> > <n.leymann@telekom.de>de>; The IESG <iesg@ietf.org>rg>; draft-ietf-mpls-ldp-
> > yang@ietf.org; Tarek Saad <tsaad.net@gmail.com>
> > Subject: Re: Updated rev -08 posted [Re: Benjamin Kaduk's Discuss on
> > draft-ietf-mpls-ldp-yang-07: (with DISCUSS and COMMENT)]
> >
> > On Fri, Feb 28, 2020 at 04:39:14AM +0000, Kamran Raza (skraza) wrote:
> > > Thanks for your detailed review, Ben.
> > > We have posted a new rev -08 that takes care almost all of your
> > > comments
> > and comments from other IESG reviewers.
> > > On behalf of authors, Please see inline [skraza] for each of your
> > comment/Q:
> > >
> > >
> > >
> > > --------------------------------------------------------------------
> > --
> > >     DISCUSS:
> > >
> > > --------------------------------------------------------------------
> > > --
> > >
> > >     The YANG doctor last call review of the -06 notes that these
> > > modules
> > are
> > >     in violation of the expectations of RFC 8349 (at least w.r.t.
> > defining a
> > >     new identity for the control-plane protocol and possibly more).
> > This
> > >     document should either be brought into compliance or explain why
> it
> > >     diverges.
> > >
> > > [skraza]: Fixed.
> > >
> > >     The YANG doctor's comments about default values for "local"
> > >     configuration (e.g., graceful-restart configuration) causing the
> > global
> > >     configuration to never take effect should also be addressed.
> > >
> > > [skraza]: Fixed.
> >
> > These both look addressed, to my eye, but I am very much not a YANG
> > expert.
> > I'd recommend trying to get a dedicated YANG review, perhaps from the
> > incoming Management AD Rob Wilton.
> [RW]
> I've checked the graceful-restart configuration and it looks fine.
>
> Is there further hierarchical configuration that needs to be checked?
>
> >
> > >     Please include some justification for why LDP IPv6 is considered
> an
> > >     "extended feature" (which is particularly surprising given that
> > Section
> > >     2 classifies "IP" to refer to both IPv4 and IPv6 together).
> > >
> > > [skraza]:  This was an early decision taken and presented to WG and
> > > WG
> > had agreed.
> > > Moreover, Sec 1.1 does points out why LDP IPv6 is considered as an
> > extended feature. The "base" features are the one most commonly
> > implemented and deployed features.
> > > The idea was that base must not contain any if-feature - given that
> > LDPv6 is not widely implemented and was branded as if-feature, it is
> > classified in the extended category then.
> > > BTW, note that LDP has separate RFC for LDP IPv6.
> >
> > It's not really clear to me that just because the protocol is
> > described in separate RFCs for IPv4 and IPv6 we cannot present a
> > unified management interface on top of it.  I note that several other
> > ADs expressed concern about this topic, so I've moved this document
> > onto the agenda for this week's IESG telechat to get a better sense on
> > what the right thing to do is here.
> [RW]
> I note that IPv6 isn't under if-feature in the extension module.  This
> would imply that implementations that wish to implement optional features
> in the extension module must also support LDP IPv6 (or deviate).  Is that
> intentional?
>
>
> >
> > >
> > >     We need to define the format/semantics of the md5-key string
> > > (e.g.,
> > is
> > >     it hex? base64{url,}?) either directly or by reference (as the
> YANG
> > >     doctor notes).  Using a crypto-type would probably be
> > > appropriate,
> > as
> > >     would adding a note that tcp-md5 is obsoleted by TCP-AO.
> > >
> > > [skraza]: It is beyond our control as we are using it as-is from the
> > RFC. Made the change anyways to add crypto-algo to widen the
> > scope/type of key beyond MD5.
> >
> > I'm still concerned that there isn't enough text here for me to be
> > able to implement something and have confidence it will interoperate.
> > For example, the recommendations in RFC 3562 include the ability to
> > use a direct binary key for TCP-md5.  Does this YANG stanza allow for
> doing so?
> > If yes, what mechanism is used for converting input into "raw" binary,
> > if needed?
> >
> > That is, even if the actual protocol semantics for how TCP-MD5 uses a
> > given key/password are out of your control, there is still ambiguity
> > as to what mapping (if any) occurs between the YANG-configured value
> > and what is passed to the TCP-MD5 implementation.
> >
> > Furthermore, the authentication-type still only has a "string" leaf
> > for the key, with (if I am reading the YANG correctly) the recommended
> > key- chain functionality for protected key storage being left as an
> extension.
> > It's not clear to me why we should be leaving the best-practice
> > formulation as an extension.
> >
> > >     In the peer-af-policy-container grouping's
> > >     label-policy/advertise/prefix-list, we need to say if the filter
> > > is
> > for
> > >     inclusion or exclusion of outgoing label advertisements.
> > >     Similarly for the incoming label advertisements in the 'accept'
> > >     container (and most of the <foo>-list-ref usages?).
> > >
> > >     In the policy-container grouping's
> > >     label-policy/assign/independent-mode/prefix-list, the description
> > >     suggests that the contents will provide not just a list of
> > > prefixes
> > that
> > >     act as a filter, but also a map from prefix to label.  This is a
> > >     qualitatively different usage than the previous occurrences of
> > >     prefix-list-ref, and it seems like a different type may be
> > > needed
> > for
> > >     it.  Similarly for ordered-mode.
> > >
> > > [skraza]: Fixed as per latest changes that use rtgwg policy model
> > constructs.
> >
> > Ah, this took me a little more work to find, since the changes were in
> > the prefix-list-ref typedef.  Thanks.
> >
> > >     (pro-forma) This document has 6 authors, and per RFC 7322, as
> > > this
> > is
> > >     more than five, we are supposed to consider whether that's
> > appropriate.
> > >     Seeing nothing in the shepherd writeup or similar, I mention it
> > here.
> > >
> > > [skraza]: We had taken an advise from Loa (MPLS WG chair) and would
> > > like
> > to keep it to 6.
> >
> > Sure; this was presumed to just be "pro forma" but I put it in since
> > the shepherd writeup didn't mention it specifically.
> >
> > >
> > > --------------------------------------------------------------------
> > --
> > >     COMMENT:
> > >
> > > --------------------------------------------------------------------
> > > --
> > >
> > >     Please also respond to the other YANG doctor, rtg-dir, and other
> > >     directorate reviewers' comments.
> > >
> > >     I support Roman's Discuss.
> > >
> > >     I suggest making a reference to RFC 5920 at some point, perhaps
> > > from
> > the
> > >     security considerations.
> > > [skraza]: Done.
> > >
> > >     We have several instances of a "container ipv4" that's a
> > > "container
> > with
> > >     presence" in the jargon of RFC 7950.  As SEC AD one thing I look
> > > for
> > is
> > >     edge cases, such as when a subset of these containers are
> > > present
> > but
> > >     not all (and not none).  While for this specific case, it seems
> > fairly
> > >     natural to assume that IPv4 is enabled if any are present, it
> > > does
> > make
> > >     me wonder if the modeling is at an optimal state if there's even
> the
> > >     possibility for such skewed signals.  (I didn't specifically
> > > audit
> > for
> > >     any other cases of "redundant" containers-with-presence.)
> > >
> > > [skraza]: This is the same structure as RFC 8344. The edge cases are
> OK..
> > The ipv4/ipv6 container may contain none, one, or more nodes in the
> > container. ipv4/ipv6 address family is enabled as long as the
> > container is "present". Your assumption is correct, and the modeling
> > (and the protocol as well) is in a good state, even with such
> > possibilities. The signals should be clear enough.
> [RW]
>
> Intuitively, I don't like the combination of a presence container + enable
> leaf below it.  I've asked Martin (author of RFC 8344) why the construct
> is used in this way, since he must have had a good reason.  It isn't
> immediately obvious to me why what is written isn't a convoluted way of
> making it a non-presence container.
>
> Regards,
> Rob
>
>
> > >
> > >     It's not entirely clear to me why we need (all of) the
> > specialization of
> > >     structures into using inet:ipv4-address and inet:ipv6-address as
> > opposed
> > >     to just inet:ip-address.  I do see that the latter is used in
> > several
> > >     places already, and so assume that this was already considered;
> > perhaps
> > >     some of the discussion/motivation could be included in the
> document,
> > >     though.
> > >
> > > [skraza]: When the type of an attribute is for a specific address
> > > family
> > (ipv4 or ipv6), we use the address family specific type
> > (inet:ipv4-address or inet:ipv6-address), so that user cannot provide
> > a value of the wrong format.  inet:ip-address is simply a union of
> > net:ipv4-address and inet:ipv6-address, and is used when the address
> family is not restricted.
> > This is particular convenient when the user makes a query on a
> > particular peer when the user does not have a particular address
> > family in mind. The system will provide the address in a proper format.
> > >
> > >     Section 1
> > >
> > >        The data model is defined for following constructs that are
> > > used
> > for
> > >        managing the protocol:
> > >
> > >     nit: "the following".
> > > [skraza]: Fixed.
> > >
> > >     I share the YANG doctor's concern that separating the
> > > configuration
> > and
> > >     operational state constructs is not consistent with the NMDA
> model.
> > > [skraza]: Fixed.
> > >
> > >     Section 1.1
> > >
> > >        The "base" category contains the basic and fundamental
> > > features
> > that
> > >        are covered in LDP base specification [RFC5036] and
> > > constitute
> > the
> > >        minumum requirements for a typical base LDP deployment.
> > > Whereas,
> > the
> > >        "extended" category contains all other non-base features.
> > > All the
> > >
> > >     This statement ("all other") is not future-proof.
> > > [skraza]:  Removed the "all".
> > >
> > >     Section 3
> > >
> > >        o  This module aims to address only the core LDP parameters
> > > as
> > per
> > >           RFC specification, as well as some widely deployed non-RFC
> > >           features (such as label policies, session authentication
> etc)..
> > >           Any vendor specific feature should be defined in a vendor-
> > specific
> > >           augmentation of this model.
> > >
> > >     [Even for widely-deployed non-RFC features we still need to
> > > provide
> > a
> > >     clear description of what semantics are being covered, whether
> > >     in-document or via an external reference.]
> > >
> > > [skraza]: The only non-RFC config was related to label policies -
> > Reworked/enhanced the text.
> > >
> > >        o  This model is a VPN Forwarding and Routing (VRF)-centric
> > model.
> > >           It is important to note that [RFC4364] defines VRF tables
> > > and
> > >
> > >     side note: I would like the IETF to someday get to a point where
> > "VPN"
> > >     (the 'P' is for "private") is used only for
> > > protocols/deployments
> > that
> > >     provide confidentiality protection ("privacy") for the data being
> > >     conveyed.  We are, of course, not there now, and I cannot insist
> > > on
> > any
> > >     change here.  But please consider whether an alternate phrasing
> > would
> > >     suffice, that includes just the "virtual" part but not "VPN".
> > > Since
> > we
> > >     are mostly using "VRF" in the rest of the document, this is not as
> > >     daunting as it sometimes is...
> > >
> > >     Section 4
> > >
> > >     It might be nice to have the tree show the ipv4 and ipv6 children
> in
> > >     as similar an order as is possible (with the understanding that
> the
> > >     semantics are not affected by the order of appearance, of course).
> > >
> > >            |  +--rw address-families
> > >            |  |  +--rw ipv4!
> > >            |  |  |  +--rw enable?                           boolean
> > >            |  |  |  +--ro label-distribution-controlmode?
> enumeration
> > >            |  |  |  +--ro bindings
> > >            |  |  |  |  +--ro address* [address]
> > >            |  |  |  |  |  +--ro address               inet:ipv4-
> address
> > >            |  |  |  |  |  +--ro advertisement-type?   advertised-
> > received
> > >            |  |  |  |  |  +--ro peer
> > >            |  |  |  |  |     +--ro lsr-id?           leafref
> > >            |  |  |  |  |     +--ro label-space-id?   leafref
> > >
> > >     Does this imply that there is only one peer per address?  Is
> > > that
> > going
> > >     to be a limitation for any deployment cases?
> > >
> > > [skraza]: Not an issue. Note that a peer may have one or more bound
> > addresses.
> > >
> > >               +--rw ldp-ext:session-downstream-on-demand
> > >               |       {session-downstream-on-demand-config}?
> > >               |  +--rw ldp-ext:enable?      boolean
> > >
> > >     nit(?): missing '|' to connect down to ldp-ext:enable?
> > >     Similarly for ldp-ext:max-wait a few lines later, and some other
> > >     occurrences later in the document.
> > >
> > >
> > > [skraza]: Some of these instances/typos were due to hand picked sub-
> > tree.
> > > Not an issue anymore as we are printing the entire tree as generated
> > > by
> > the tool.
> > >
> > >
> > >     Section 5.1.2
> > >
> > >     Am I reading this right that (e.g.) per-interface hello-holdtime
> is
> > >     configurable as an extension and only the global hello-holdtime is
> > >     present in the "base" module?
> > >
> > > [skraza]: Yes.
> > >
> > >     Section 7
> > >
> > >     "NHLFE" is used only once in this document (and is not listed as
> > >     "well-known" at
> > >     https://www.rfc-editor.org/materials/abbrev.expansion.txt); please
> > >     expand it out.
> > >
> > > [skraza]: It is well known and listed in the above url. Please x-chk.
> >
> > To be clear, the linked content uses the convention of an "*" marking
> > to indicate that the expansion is "well-known" and does not need to be
> > provided in a given document.  The entry for "Next Hop Label
> > Forwarding Entry" does not include such a marking; perhaps the
> > responsible AD should request it to be added, if it is indeed well-
> known?
> >
> > >     Section 9
> > >
> > >     Is 2018 still the right copyright year for the modules themselves?
> > >
> > >
> > > [skraza]: 2020-02-25 rev now.
> > >
> > >
> > >     Section 9.1
> > >
> > >          typedef ldp-address-family {
> > >            type identityref {
> > >              base rt:address-family;
> > >            }
> > >
> > >     Why can't we use rt:address-family directly in the one container
> > that
> > >     uses this?
> > >
> > > [skraza]: Fixed now.
> > >
> > >            description
> > >              "Duration represented as 32 bit seconds with
> > > infinite.";
> > >
> > >     nits: "32-bit" (hyphenated), "with infinity".
> > > [skraza]:  Fixed.
> > >
> > >          typedef downstream-upstream {
> > >            type enumeration {
> > >              enum downstream {
> > >                description "Downstream information.";
> > >              }
> > >              enum upstream {
> > >                description "Upstream information.";
> > >              }
> > >            }
> > >            description
> > >              "Received or advertised.";
> > >          }
> > >
> > >     nit: copy/paste on the description?
> > > [skraza]:  Fixed.
> > >
> > >              leaf used-in-forwarding {
> > >                type boolean;
> > >                description
> > >                  "'true' if the lable is used in forwarding.";
> > >
> > >     nit: s/lable/label/
> > > [skraza]:  Fixed.
> > >
> > >          grouping graceful-restart-attributes-per-peer {
> > >            description
> > >              "Per peer graceful restart attributes.
> > >               On the local side, these attributes are configuration
> and
> > >               operational state data. One the peer side, these
> > attributes
> > >               are operational state data reveiced from the peer.";
> > >
> > >     nit: s/reveiced/received/
> > > [skraza]:  Fixed.
> > >
> > >          grouping peer-state-derived {
> > >            description
> > >              "The peer state information derived from the LDP protocol
> > >               operatoins.";
> > >
> > >     nit: s/operatoins/operations/
> > > [skraza]:  Fixed.
> > >
> > >          grouping peer-state-derived {
> > >          [...]
> > >            leaf next-keep-alive {
> > >              type uint16;
> > >              units seconds;
> > >              config false;
> > >              description "Time to send the next KeepAlive message.";
> > >            }
> > >
> > >     nit: this description text sounds like it's giving an absolute
> > > time,
> > but
> > >     given that it's a uint16 I presume it's "time [from now] until
> > sending".
> > > [skraza]:  Clarified.
> > >
> > >            container received-peer-state {
> > >              config false;
> > >              description
> > >                "Operational state information learned from the
> > > peer.";
> > >
> > >              uses graceful-restart-attributes-per-peer;
> > >
> > >              container capability {
> > >                description "Configure capability.";
> > >
> > >     This is config-false; "Configure" in the description cannot be
> > correct,
> > >     though I suppose "Configured" could be.
> > >     (Also applies to several of the child containers' descriptions.)
> > >
> > > [skraza]:  Fixed all these.
> > >
> > >            leaf up-time {
> > >              type string;
> > >              config false;
> > >              description "Up time. The interval format in ISO
> > > 8601.";
> > >
> > >     We probably should have some sort of reference for ISO 8601
> > > (though
> > of
> > >     course it cannot actually *be* a <xref> in the YANG module
> > > itself)
> > >
> > > [skraza]:  Changed to use timeticks64 now.
> > >
> > >            leaf notification {
> > >              type yang:counter64;
> > >              description
> > >                "The number of messages sent or received.";
> > >
> > >     Is this the same as or different than "leaf total-messages"?
> > > [skraza]:  Fixed.
> > >
> > >                    leaf label-distribution-controlmode {
> > >
> > >     nit: any reason to not hyphenate control-mode as well?
> > > [skraza]:  Fixed.
> > >
> > >                container interfaces {
> > >                  description
> > >                    "A list of interfaces for LDP Basic Descovery.";
> > >
> > >     nit: s/Descovery/Discovery/
> > > [skraza]:  Fixed.
> > >
> > >              container discovery {
> > >                description
> > >                  "Neibgbor discovery configuration and operational
> > > state.";
> > >
> > >     nit: s/Neibgbor/Neighbor/
> > > [skraza]:  Fixed.
> > >
> > >                        // ipv4
> > >                        container hello-adjacencies {
> > >                          config false;
> > >                          description
> > >                            "Containing a list of hello
> > > adjacencies.";
> > >
> > >                          list hello-adjacency {
> > >                            key "adjacent-address";
> > >                            config false;
> > >                            description "List of hello adjacencies.";
> > >
> > >                            leaf adjacent-address {
> > >                              type inet:ipv4-address;
> > >                              description
> > >                                "Neighbor address of the hello
> > adjacency.";
> > >                            }
> > >
> > >     I'm not an expert here, but I'm not really seeing why we need to
> > >     specialize this container for v4 vs v6 as opposed to just using
> > >     inet:ip-address and having something that's applicable to both.
> > >
> > > [skraza]: We could. There are pros and cons either way. The reasons
> > > to
> > use separate containers in this model are:
> > > 1) Operators usually plan and configure IPv4 and IPv6 separately,
> > > rather
> > than mixing the address family together. The separate containers
> > provide more focus and clear separations.
> > > 2) Often times, there are attributes with different types for
> > > different
> > address families. Mixing two together brings up some modeling
> > difficulties to specifies differently for different address families.
> > > 3) Sometimes, there are attributes that are applicable to one
> > > address
> > family but not the other. Mixing the two containers together would
> > require some difficult conditions, which would complicate the model
> > and make the model less usable.
> > > 4) Mixing the two containers can make the YANG file more compact,
> > > but
> > not the configuration data and operational state data.
> > > 5) The existing RFCs use the style of separate containers, such as
> > > RFC
> > 8344 and RFC 8349.
> >
> > Thanks for writing this out; it helps me understand the situation
> better.
> >
> > >                        leaf adjacent-address {
> > >                          type inet:ipv4-address;
> > >                          description
> > >                            "Configures a remote LDP neighbor and
> enables
> > >                             extended LDP discovery of the specified
> > >                             neighbor.";
> > >
> > >     Given that there's a sibling leaf "enable", do we still want "and
> > >     enables" here?
> > > [skraza]: We don't need "enables" here. Removed it.
> > >
> > >
> > >     Should peer/capability have a comment in its description that the
> > >     container exists to be augmented by other (extension) modules?
> > >
> > > [skraza]: Yes. It is better. Added as suggested.
> > >
> > >          notification mpls-ldp-fec-event {
> > >
> > >     Am I reading this right that we only generate notifications on
> > > 0->1
> > and
> > >     1->0 transitions of "number of prefixes active for a given FEC"?
> > Would
> > >     we ever want to know about addition/removal of prefixes that do
> > leave
> > >     the FEC up?
> > >
> > > [skraza]: Here, the prefix is the FEC. Addition/removal of a prefix
> > > is
> > equivalent to the addition/removal of the FEC. Changed the leaf name
> > from prefix to fec to avoid the confusion.
> > >
> > >     Section 9.2
> > >
> > >     I can't find a pattern into which if-feature statements go into
> > >     containers used to augment things vs. the augment directives
> > themselves.
> > >     Can we be more consistent (or am I missing the pattern)?
> > >
> > > [skraza]: It is not intended to set up a strict pattern between
> > > feature
> > name and containers, while the purpose is to provide more descriptive
> > feature names. That said, the parent container names are often used to
> > provide the contexts for the feature name. e.g. In the case of "dual-
> > stack-transport-pereference", it seems that the parent container name
> > "peers" is also beneficial, so we have the feature name "dual-stack-
> > transport-preference" to "peers-dual-stack-transport-preference" to
> > make the feature name fit better with the pattern and more descriptive.
> >
> > Thanks for the explanation
> >
> > >          feature dual-stack-transport-pereference {
> > >            description
> > >              "This feature indicates that the system allows to
> configure
> > >               the transport connection pereference in a dual-stack
> > > setup.";
> > >
> > >     nit: s/pereference/preference/ (twice)
> > > [skraza]: Fixed.
> > >
> > >          feature policy-targeted-discovery-config {
> > >            description
> > >              "This feature indicates that the system allows to
> configure
> > >               policies to control the acceptance of targeted neighbor
> > >               discovery hello messages.";
> > >
> > >     nit: s/hello/Hello/
> > >     [skraza]: Fixed.
> > >
> > >          typedef neighbor-list-ref {
> > >            type string;
> > >            description
> > >              "A type for a reference to a neighbor address list.
> > >               The string value is the name identifier for uniquely
> > >               identifying the referenced address list, which
> > > contains a
> > list
> > >               of addresses that a routing policy can applied. The
> > definition
> > >               of such an address list is outside the scope of this
> > >               document.";
> > >
> > >     If I'm reading correctly between here and where this is used, the
> > >     semantics of this are better described as "implementation-
> specific"
> > --
> > >     that is, this is a label that refers to some local configured
> state,
> > >     specifically, a list of neighbor addresses used as an ACL.
> > (Emphasis on
> > >     *local* -- it seems like it does not need to interact with
> anything
> > >     else.)
> > >     I do sympathize with the YANG doctor, though -- as-is, this feels
> > >     underspecified.
> > >     (BTW, IP ACLs are not considered to be a security measure by the
> > broader
> > >     security community.)
> > >     Similarly for the subsequent <foo>-list-refs.
> > >
> > > [skraza]: We do understand the concerns, and have fixed these two
> > > types
> > by using the
> > https://tools.ietf.org/html/draft-ietf-rtgwg-policy-model,
> > which was not available when we initially started to work on this model.
> >
> > Great!
> >
> > >              container interfaces {
> > >                description
> > >                  "A list of interfaces on which forwarding is
> > > disabled.";
> > >
> > >     nit: given the separate 'ldp-disable' leaf, perhaps s/is/can be/
> > > is
> > in
> > >     order.
> > > [skraza]: Understand the confusion. Changed as suggested.
> > >
> > >     Also, the description of the list itself implies additional
> > >     functionality, of listing the interfaces used for basic discovery.
> > >
> > > [skraza]: The description was wrong. We don't intend to use this
> > > list
> > for discovery. Fixed.
> > >
> > >          grouping graceful-restart-augment {
> > >            description "Augmentation to graceful restart.";
> > >
> > >            leaf helper-enable {
> > >              if-feature graceful-restart-helper-mode;
> > >              type boolean;
> > >              default false;
> > >              description
> > >                "Enable or disable graceful restart helper mode.";
> > >
> > >     Where is this "helper mode" documented?
> > > [skraza]: This is not an RFC defined term but commonly known and
> > > used
> > when GR timer is set to 0.
> > >   Fixed the description in yang to highlight this.
> >
> > Is this just staged for the -09?  I am not seeing it in the -08.
> >
> > >          augment "/rt:routing/rt:control-plane-protocols/ldp:mpls-
> ldp/"
> > >            + "ldp:global" {
> > >            description "Graceful forwarding nexthop augmentation.";
> > >            uses global-forwarding-nexthop-augment;
> > >          }
> > >
> > >     nit: I don't think "Graceful" is correct, in the description.
> > >     [skraza]: Removed it.
> > >
> > >     Why is (the augmented)
> > >     /rt:routing/rt:control-plane-protocols/ldp:mpls-
> > ldp/ldp:global/ldp:address-families/ipv6/label-distribution-controlmod
> > e
> > >     'config false'?  Doesn't RFC 5036 say that an LSR might support
> > either
> > >     as a configuration option?
> > >
> > > [skraza]: Yes, but no implementation supports such a cfg as change
> > > of
> > such a mode is a massive disruptive operation - all implementation
> > pick one mode as the default and only supported mode and stick to it.
> > >   The LDP YANG design team had discussed this early enough and
> > > agreed to
> > not provide this a cfg option.
> >
> > Ah, understood.
> >
> > >                leaf adjacent-address {
> > >                  type inet:ipv6-address;
> > >                  description
> > >                    "Configures a remote LDP neighbor and enables
> > >                     extended LDP discovery of the specified
> > >                     neighbor.";
> > >
> > >     As for the ipv4 case, do we still want "and enables" here?
> > > [skraza]: Fixed by removing it.
> > >
> > >          augment "/rt:routing/rt:control-plane-protocols/ldp:mpls-
> ldp/"
> > >            + "ldp:discovery/ldp:interfaces/ldp:interface/"
> > >            + "ldp:address-families/ldp-ext:ipv6" {
> > >            description "Interface address family IPv6 augmentation.";
> > >            uses interface-address-family-ipv6-augment;
> > >
> > >     Didn't we just create .../ldp:address-families/ldp-ext:ipv6 with
> an
> > >     earlier augmentation in this module?  (Similarly for
> > >     /rt:routing/rt:control-plane-protocols/ldp:mpls-
> > ldp/ldp:peers/ldp:peer/ldp:address-families/ldp-ext:ipv6
> > >     which we augment with "uses peer-af-policy-container".)
> > >
> > > [skraza]: Yes. It is ok to augment a node which is part of another
> > augmentation. The result is to add them all together. Doing so is to
> > avoid too much irregular patterns, so that we have more similar
> > construction between IPv4 and IPv6.
> > >
> > >     Appendix A
> > >
> > >                      "is-router": [null],
> > >
> > >     This looks weird to me ("array containing one element with value
> > literal
> > >     null") -- why does the array come into play?
> > >
> > >     [Xufeng]: Here is a little explanation to the seemingly
> > > confusing
> > notation: the pair of square brackets does not indicate a normal array.
> > Instead, it is a special notation to indicate that the value of a
> "empty"
> > type leaf is "present" (Section 6.9. of RFC 7951). Semantically the
> > line above says that "(the neighbor) is a router."
> >
> > Ah, thanks for the explanations.
> >
> > -Ben
>
> _______________________________________________
> mpls mailing list
> mpls@ietf.org
> https://www.ietf.org/mailman/listinfo/mpls