Re: [mpls] Genart last call review of draft-ietf-mpls-summary-frr-rsvpte-07

Tarek Saad <tsaad@juniper.net> Sun, 29 December 2019 19:38 UTC

Return-Path: <tsaad@juniper.net>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 593351200F4; Sun, 29 Dec 2019 11:38:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=vRIKvbAX; dkim=pass (1024-bit key) header.d=juniper.net header.b=MYbaz1tL
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BrjON0gG5nMI; Sun, 29 Dec 2019 11:38:20 -0800 (PST)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FACA120110; Sun, 29 Dec 2019 11:38:20 -0800 (PST)
Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xBTJaY27008286; Sun, 29 Dec 2019 11:38:19 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=hz+FPMRkqbjzb5OOoh1rsHKMXwT2+mHAsGmN6XXuLt4=; b=vRIKvbAX6XT4RJrmZ6Kykr6dHIAkVUMIY+Tq8E1U8vsSFOt3BoFG0gJMqWhTFzFj+W1H fdhAvDELSzi4Y/bCOiEs5+SX88Bs8AqbZwQmqBWuUlL/UCy55m1x08bq5eJkzMwz2pQl mbNlBt7dh+8/lI6mbFtbCcHF2F56F4IYm7C4QwLKDni8DuW48U0gVmKSYL1ohv4ovisn W0jKVlcGSLCTWpSEVD9xTcjROm2ymDfA5AHYZpNG3h6f6288GLT97/JQYerrAHWNu1hD SUKEOWXtvnG1lX6Bm32sK1lhRnL4anaZhdxhM14xVkp4NbRfaLgmf1IxXPHGyJxfJw2j Sw==
Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2177.outbound.protection.outlook.com [104.47.56.177]) by mx0a-00273201.pphosted.com with ESMTP id 2x66xv19ws-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 29 Dec 2019 11:38:19 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=c4OobttHaeWtIoj/ytnslGVPxb4Bp+bSfGvuvT4pGJOqdbgZkV1dGI6kD1G9NGMoaJrohaUkZULOj+EvpU/d27EqwgRvQzOfaBg70Kkwr0JmgmlsL2r5i+qq+5ore2DHhZjP5lz1rRrzDfP/Twc3RuvEZ9gx0rXAfh6d0zQHaWl2BhMQ63CY3tnPpvnUN9oVyVbMCvePQBPddqBuub5EiW+ekhtY23cBZBbXqTimyM+QeebwfMpjGJQNsCyM2+KuewZqU5rnKOc5p6oHMqXhiwaqLfz0hBZbTHCGZVlirU5lmA8h5vDwIjw1/JBsaARYkpCfW+Lrg8VqVyPdmKuNpQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hz+FPMRkqbjzb5OOoh1rsHKMXwT2+mHAsGmN6XXuLt4=; b=Y5/3BtAaSZoXZV4B7jy7w1liQicu7iKDNJ/gEpHUCdV4A92aEH7F1MQIzW64gYhdT94jWSPRnULhgjwSqFXKT0LOVUv+SDlTDow2g/Og/4QNs2f6D5hCZ8pOjDKSDr4qvYBSd8y9Isi2rOxuufOwDMrHrXXBR69DNJKgPD3L5ZeXYb8BedtGZOrg1k2y4EPQKsnymcp/uHXo31c2WwwxJ8OAD9Xg0ZRtGsW1DrT5YKBh4yLXymaosu2oZrGEz0gvg6DfxqBowJWna/T39d/NEQcRfnDO+iq5k0i1TpjJceW4C7txZYpGJ0VNGSiMTYqAaCzq8HlFR8qJ8Pr9XDW8fw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hz+FPMRkqbjzb5OOoh1rsHKMXwT2+mHAsGmN6XXuLt4=; b=MYbaz1tLpPZXQei8+VI8k/HkhbZIZW1e1zWBx/l7auftUWOeWMCE2gx4QabEqzvQH3SWhnOe2ObQhG4kKiSW+SUF+96yPFHwlkHh2OYTe9tqsPpsk9pijQPWIHqkl0l8j1DnfY0gDaynlO94PwIbpI1VsFEj0rWM+QXYgY6Mtq8=
Received: from BYAPR05MB4341.namprd05.prod.outlook.com (20.176.252.21) by BYAPR05MB5895.namprd05.prod.outlook.com (20.178.50.96) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2602.9; Sun, 29 Dec 2019 19:38:17 +0000
Received: from BYAPR05MB4341.namprd05.prod.outlook.com ([fe80::d14c:cc1b:8d10:19d3]) by BYAPR05MB4341.namprd05.prod.outlook.com ([fe80::d14c:cc1b:8d10:19d3%7]) with mapi id 15.20.2602.009; Sun, 29 Dec 2019 19:38:16 +0000
From: Tarek Saad <tsaad@juniper.net>
To: Theresa Enghardt <theresa@inet.tu-berlin.de>, "gen-art@ietf.org" <gen-art@ietf.org>
CC: "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-mpls-summary-frr-rsvpte.all@ietf.org" <draft-ietf-mpls-summary-frr-rsvpte.all@ietf.org>, "mpls@ietf.org" <mpls@ietf.org>
Thread-Topic: Genart last call review of draft-ietf-mpls-summary-frr-rsvpte-07
Thread-Index: AQHVtB2gKMhMR6kDoUOtsgNVZD0ep6fRQvgA
Date: Sun, 29 Dec 2019 19:38:15 +0000
Message-ID: <7E4C7DF8-7264-4871-A15A-13EFD123B5F2@juniper.net>
References: <157650673758.21483.7390224855901982297@ietfa.amsl.com>
In-Reply-To: <157650673758.21483.7390224855901982297@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_9784d817-3396-4a4f-b60c-3ef6b345fe55_Enabled=true; MSIP_Label_9784d817-3396-4a4f-b60c-3ef6b345fe55_Name=Juniper Business Use Only; MSIP_Label_9784d817-3396-4a4f-b60c-3ef6b345fe55_Enabled=true; MSIP_Label_9784d817-3396-4a4f-b60c-3ef6b345fe55_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_9784d817-3396-4a4f-b60c-3ef6b345fe55_ContentBits=0; MSIP_Label_9784d817-3396-4a4f-b60c-3ef6b345fe55_Method=Standard; MSIP_Label_9784d817-3396-4a4f-b60c-3ef6b345fe55_ActionId=4f2d7c6e-3b9b-4e0e-9976-0000c2b67287; MSIP_Label_9784d817-3396-4a4f-b60c-3ef6b345fe55_SetDate=2019-12-29T19:18:52Z;
user-agent: Microsoft-MacOutlook/10.20.0.191208
x-originating-ip: [66.129.241.14]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: fad82c26-1e8e-4bf2-c726-08d78c96a6ef
x-ms-traffictypediagnostic: BYAPR05MB5895:
x-microsoft-antispam-prvs: <BYAPR05MB589574D25B54B5DA516091F5B7240@BYAPR05MB5895.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6430;
x-forefront-prvs: 0266491E90
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(39860400002)(376002)(346002)(136003)(366004)(37854004)(199004)(189003)(2906002)(8936002)(4326008)(6486002)(54906003)(81156014)(110136005)(81166006)(8676002)(316002)(2616005)(6512007)(86362001)(36756003)(33656002)(478600001)(4001150100001)(6506007)(66446008)(5660300002)(66476007)(76116006)(186003)(66556008)(64756008)(66946007)(26005)(71200400001); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR05MB5895; H:BYAPR05MB4341.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: VSreSkaSRXValQ1W3CDmiSNr4UvNiU8kNKxfdR6wFa4Ff2SHvsezm0gWMUBxgVC/NX0dyOttSfXFKA4ktzRHAEwxF4WhiaczFW3A4NO3RTHpsfwxV88EMl79vI0dshcVb65oMfPzawfbuB2WBvKb3R6r3Es3d8wkl1MwlyxWf9p/IRdltq1+Q7WPimGSiz/6yvMLWzlhMKyxLR3SOtzQA6MolBjwu0jJpJjJpEvuQQAh7TH7S2gheBQkfwVc6pTd8pfQsw4rxZ3cOf76OTwAeunDseo/v27QimaTubLOr465H7/iprjO3qY28gHwlypeQbnUDY5ABSY7JFNN6uLgWbV4UjwHkFdpVL7o73vru095lxhR2oWeG1jhj6PL69ATGl4Le08uRj6SE3zyNcYiJJ9r1/9ZwbYy0O6eYQLF1EgcMryJxsPZPXjCd+0md+cpnQ3X/gkcMwToRUMJ5VvDP+I4MIbU8iJ81vyXuR4b51RhMEJMUAmwcdLt3jxdZBv7uWw0dn95hVMZ86GdzlE8HG2Z5IA4YkxaC2D7vqPRlW8=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <A065D7AB19DC6F4FBFB279E2B2F8E5D4@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: fad82c26-1e8e-4bf2-c726-08d78c96a6ef
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Dec 2019 19:38:15.7376 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: l5GawqEvpSz5n55Zn+0nXnXDK+4yd/f8tLgNDDzgITa60zJBW1qLJUYua2FBV42n1D1bLaa+K/toAlynU1o4hg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB5895
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,18.0.572 definitions=2019-12-29_03:2019-12-27,2019-12-29 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 spamscore=0 bulkscore=0 adultscore=0 mlxlogscore=999 priorityscore=1501 lowpriorityscore=0 clxscore=1011 phishscore=0 mlxscore=0 malwarescore=0 suspectscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1912290184
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/o8sEHURpsYy0m910UGBMutgKoV4>
Subject: Re: [mpls] Genart last call review of draft-ietf-mpls-summary-frr-rsvpte-07
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Dec 2019 19:38:29 -0000

Hi Theresa,

Happy new year!
Thanks for your thorough review and comments. We have reviewed them, and provided responses inline below. Please let us know if you have further comments.

On 12/16/19, 9:32 AM, "Theresa Enghardt via Datatracker" <noreply@ietf.org> wrote:

    Reviewer: Theresa Enghardt
    Review result: Almost Ready
        
    I am the assigned Gen-ART reviewer for this draft. The General Area
    Review Team (Gen-ART) reviews all IETF documents being processed
    by the IESG for the IETF Chair.  Please treat these comments just
    like any other last call comments.
    
    For more information, please see the FAQ at
    
    <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.
    
    Document: draft-ietf-mpls-summary-frr-rsvpte-07
    Reviewer: Theresa Enghardt
    Review Date: 2019-12-16
    IETF LC End Date: 2019-12-25
    IESG Telechat date: Not scheduled for a telechat
    
    Summary: This document is well-written and almost ready for publication. There
    are just a few minor points that should be addressed to make the contributions
    of this document clearer to non-experts.
    
    Major issues: None.
    
    Minor issues:
    
    After the motivation and problem statement (control plane gets overwhelmed),
    the current text does not introduce what a bypass tunnel assignment group is or
    give a high-level summary of what the solution to the problem is. To make the
    text easier to understand, consider including a brief summary by adding some
    text like the following: "Right now, for each LSP the FRR is signaled
    individually. With the extension defined in this document, a PLR can assign
    multiple LSPs to a bypass tunnel assignment group and communicate this
    information to the MP, such that upon failure, the LSP only has to send one
    message per LSP."
[TS]: it seems useful. We can add this to the introduction section 1 as:
NEW:
"   [...]
     large number of protected LSPs that traverse the same PLR and Merge
     Point (MP) nodes.

+   Right now, for each protected LSP the FRR is signaled
+   individually. With the extension defined in this document, a PLR can assign
+   multiple LSPs to a bypass tunnel assignment group and communicate this
+   information to the MP, such that upon failure, the LSP only has to send one
+   message per bypass tunnel group."


>> Is the bypass tunnel assignment group or bypass group
>> identifier a new concept or has it already existed at the PLR, but now it is
>> additionally communicated to the MP?
[TS]: the per bypass tunnel group is a new concept introduced in this document.


"[…] to enable a MP node to become aware
    of the PLR node's bypass tunnel assignment group" sounds like it has existed
    before. In this case, it would be good to provide a reference where it has been
    defined.
[TS]:
OLD:
[...] to enable a MP node to
become aware of the PLR node's bypass tunnel assignment group and
allow the FRR procedures between PLR node and MP node to be signaled
and processed on groups of protected LSPs.
NEW:
The extensions defined in this document update the procedures defined
in [RFC4090] for facility backup protection and enable the PLR and MP nodes to
signal and activate FRR on per bypass group of protected LSP(s).



    Is the Summary Refresh procedure mentioned in the last paragraph of the
    Introduction the same as the solution introduced above, i.e., signaling the
    bypass tunnel for multiple LSPs, or is this another MPLS mechanism that is
    being extended? In other words, is this solving the same problem (communicating
    backup tunnels for multiple LSPs after a node or link has failed) or is this
    solving a different but related problem?
[TS]: Summary Refresh is an existing solution (RFC2961) that allows reduction in the amount of soft-state refresh signaling between neighboring RSVP nodes by exchanging only ID(s) - as opposed to exchanging full RSVP Path and Resv messages. The Summary FRR procedures introduced in this document build on those concepts to allow further reduction in the signaling that occurs between PLR and MP after FRR and continue to use Summary refresh to refresh the soft-state after rerouting the signaling over the bypass tunnel.



    Was it previously not possible to
    exchange MESSAGE_ID information for rerouted Path and Resv states? Consider
    changing the beginning of this paragraph to make it clear whether another
    mechanism is introduced or whether this just provides more details on the
    mechanism that was already mentioned.
[TS]: Yes, previously the MESSAGE_ID can be exchanged for each protected LSP between neighboring RSVP nodes. Using Summary FRR procedures defined in this document, the MESSAGE_ID can be exchanged per bypass tunnel group.
    
    3. Extensions for Summary FRR Signaling
    Does the previously defined RSVP ASSOCIATION object only allow to associate one
    LSP to one backup tunnel, and now the extension allows to signal multiple LSPs
    to the same backup tunnel? Consider stating this explicitly.
[TS]: The Association Type defined in RFC4872 and RFC49873 are specific to end-to-end and per segment LSP protection recovery and do not apply to the facility backup protection as defined in RFC4090. Hence, this document is defining a new Association type for the RSVP ASSOCIATION object to carry the needed information to do the per bypass tunnel group association.


    3.3
    "the PLR MUST ensure bypass tunnel assignment can satisfy the protected LSP MTU
    requirements post FRR" - Is there an existing mechanism to do this?
[TS]: Section 2.6 in RFC3209 describes a mechanism to determine whether a node should fragment or drop a packet that exceeds the Path MTU as discovered using RSVP signaling on primary LSP path. A PLR can leverage the RSVP discovered Path MTU on the backup and primary LSP path to ensure MTU is not exceeded after rerouting traffic on to the bypass tunnel.


    3.4.1
    "The RSVP_HOP_Object field in the B-SFRR-Active Extended ASSOCIATION
       ID is set to the common RSVP_HOP that was used by the PLR in
       Section 3.4 of this document."
    → "was used by the PLR in Section 3.4"? But this text is in 3.4. Is this really
    referencing to the same section? Or, as RSVP_HOP has been mentioned in the
    previous sections, is the intention to refer back to a previous section?
[TS]: this was a typo. The correct section is 3.3 and will be corrected.

    5. Security Considerations
    "slightly more information could be deduced about the state of the network"?
    Consider providing one or two examples of additional information that could be
    deduced. What could be the impact of an adversary deducing this information?
[TS]: A possible implication is:
when using producers defined in this document, FRR (reroute of protected LSP(s) on to the bypass tunnel) can be activated on per group of protected LSP(s). This allows an intruder to possibly impact and manipulate a set of protected LSP that are assigned to the same group.

    Nits/editorial comments:
    
    Introduction:
    "MP" is currently expanded on second use, should be on first use
    "when the failure affects large number of protected LSPs" -> "when the failure
    affects a large number of protected LSPs" Consider expanding "LER"
    
    3.4.2
    "and that would have exchanged in a Path message sent to the MP" -> "and that
    would have been exchanged in a Path message sent to the MP"?
[TS]: suggestion accepted and will be updated.

Regards,
Tarek