Re: [mpls] Mirja Kühlewind's No Objection on draft-ietf-mpls-rfc4379bis-07: (with COMMENT)
"Carlos Pignataro (cpignata)" <cpignata@cisco.com> Wed, 26 October 2016 05:26 UTC
Return-Path: <cpignata@cisco.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C62712959F; Tue, 25 Oct 2016 22:26:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.951
X-Spam-Level:
X-Spam-Status: No, score=-14.951 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5DpXAdonY5b7; Tue, 25 Oct 2016 22:26:50 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 609BF12957A; Tue, 25 Oct 2016 22:26:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10940; q=dns/txt; s=iport; t=1477459610; x=1478669210; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=TaJGEefUcpA/DZWudtjeMokUtmjNX1EqbMl7+fZuW1A=; b=b8yE6PMAqzItSiHGj7AFOZ9j24b8cjxtclyCUIXOano/uwf2Qz8efO1m rlNEFrnzZ045+lUyPk1kGyvYe0gdBFiAEltjdrkuWOoWJHfeHU+WvXUH0 uNICFXMLSEXjkCGaM82M98HF6uomu1z+8JsEB8L0YkAtN/QWeQctLkKuI w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0B+AgBEPhBY/5ldJa1cGgEBAQECAQEBAQgBAQEBgyoBAQEBAR1YfQeNLqYnTII7gg+CByeFewIagVo/FAECAQEBAQEBAWIohGMBAQICI1YQAgEIDjEDAgICMBQGCwIEDgWIVA6zIox1AQEBAQEBAQEBAQEBAQEBAQEBAQEBFwWGPYF9gliEGREBgyAsgi8FiEWRUQGGKYlugW6EbYkojQiEAAEeNl6DGBwYgTpyAYY8gSCBCQEBAQ
X-IronPort-AV: E=Sophos;i="5.31,549,1473120000"; d="scan'208,217";a="340343718"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Oct 2016 05:26:35 +0000
Received: from XCH-RTP-017.cisco.com (xch-rtp-017.cisco.com [64.101.220.157]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id u9Q5QYKc030792 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 26 Oct 2016 05:26:35 GMT
Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-017.cisco.com (64.101.220.157) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 26 Oct 2016 01:26:34 -0400
Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1210.000; Wed, 26 Oct 2016 01:26:34 -0400
From: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
To: Mirja Kuehlewind <ietf@kuehlewind.net>
Thread-Topic: Mirja Kühlewind's No Objection on draft-ietf-mpls-rfc4379bis-07: (with COMMENT)
Thread-Index: AQHSLuwCUkRRcOc7F0yHrkMcXjN6t6C6eDyA
Date: Wed, 26 Oct 2016 05:26:34 +0000
Message-ID: <23E7818F-7EC2-4D11-8F48-87BBE8B5FEB0@cisco.com>
References: <147741942986.1480.9692706368109608681.idtracker@ietfa.amsl.com>
In-Reply-To: <147741942986.1480.9692706368109608681.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.24.5.58]
Content-Type: multipart/alternative; boundary="_000_23E7818F7EC24D118F4887BBE8B5FEB0ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/omboTOiKSvgW85pYyWaCJu_R5-s>
Cc: "mpls-chairs@ietf.org" <mpls-chairs@ietf.org>, "draft-ietf-mpls-rfc4379bis@ietf.org" <draft-ietf-mpls-rfc4379bis@ietf.org>, "mpls@ietf.org" <mpls@ietf.org>, The IESG <iesg@ietf.org>
Subject: Re: [mpls] Mirja Kühlewind's No Objection on draft-ietf-mpls-rfc4379bis-07: (with COMMENT)
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Oct 2016 05:26:52 -0000
Hi, Mirja, Thanks, please see inline. On Oct 25, 2016, at 11:17 AM, Mirja Kuehlewind <ietf@kuehlewind.net<mailto:ietf@kuehlewind.net>> wrote: Mirja Kühlewind has entered the following ballot position for draft-ietf-mpls-rfc4379bis-07: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-mpls-rfc4379bis/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- A few not very important comments: 1) To me it seems a bit unfortunate that this draft points to rfc6425 and rfc6426 for the definition of the T and R flags, given the goal was to have all specifications in one doc. Not sure if that can or should be fixed. Just wanted to mention it. Thanks for mentioning it. The WG did discuss this. You can see https://www.ietf.org/proceedings/96/slides/slides-96-mpls-2.pdf Since 4379bis is not obsoleting rfc6525 and rfc6526, the idea was to keep the definition in those RFCs, but mention them in the bis. 2) I would expect that the security section recommends border filtering of MPLS ping message, given that these are usually used within one domain, no? There is inter-as and inter domain lsp ping. 3) I know this is a bis doc but I'm still wondering why this TTL trick is used here. For ICMP that was a way that utilizes the existing specification and implementation to get further information. Here, the TTL expiration in traceroute mode is used to intercept the packet and send it to the control plane. Additionally see below. However here, you could just have used a flag in the header either saying 'only forward to the end' or 'reply and still forward', or something like this, to cover the two modes. This would also allow to just send one packet to the end instead of sending one for each hop. That’s a great question for RFC4379, but not for the bis :-) Could have done a lot of things at the time. A major departure from the existing paradigm, and a potentially nice attack vector, would be to generate multiple response packets from a single packet. But nonetheless, that would be a different protocol and not a bis. Is there a rational for copying this ICMP hack? Hack for one, elegant engineering for another, maybe both :-) Thanks, — Carlos.
- [mpls] Mirja Kühlewind's No Objection on draft-ie… Mirja Kuehlewind
- Re: [mpls] Mirja Kühlewind's No Objection on draf… Carlos Pignataro (cpignata)
- Re: [mpls] Mirja Kühlewind's No Objection on draf… Nagendra Kumar Nainar (naikumar)