IETF Logo Mail Archive

Re: [mpls] Roman Danyliw's Discuss on draft-ietf-mpls-egress-protection-framework-06: (with DISCUSS and COMMENT)

Yimin Shen <yshen@juniper.net> Fri, 12 July 2019 13:59 UTC

Return-Path: <yshen@juniper.net>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D50F1120118; Fri, 12 Jul 2019 06:59:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6oGNUku90aNk; Fri, 12 Jul 2019 06:59:22 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C7B31200CD; Fri, 12 Jul 2019 06:59:22 -0700 (PDT)
Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x6CDxH0A019602; Fri, 12 Jul 2019 06:59:17 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=puHR4f4W9BGbiLYDzYlPHhvEFKF4fOGrf0Jqmn4Hkwg=; b=Xc66AxnwctP2VQcX4IOsRvJT26YXOV2hduKpzh9/JuKRobDL6vYm8t3yHoFuPs8wbRg/ +mp6TTV53Y4cvwqCVsQHbWDOoBHFtG6Ug5GlGZHqai9YXSbp1ZGCXZn/gClFDLSKm4PE GDkaWAIJF6pIs/0DNxKSAnfPo45zsT20553BI2PE93Ydxz3h/cov/CG0EBL+AN2dTuRm O3H0qCH4xKMLwEuGvVcxKpjFYKxXrfpk7/fHyrYpuJoWpf+n5AY77M0RQoSx9xrzQCcD b7NWhnKSVC7QHTWAnOnL3kfRlHzIfuxCdGan8/p+4PVy/JZAycqbJdzdfKerGgxPfqtb VQ==
Received: from nam01-by2-obe.outbound.protection.outlook.com (mail-by2nam01lp2053.outbound.protection.outlook.com [104.47.34.53]) by mx0a-00273201.pphosted.com with ESMTP id 2tpr4jgb4f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 12 Jul 2019 06:59:17 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EYkztwJvmlmnDFcwKWF1Cz0GHsntcIpeXK9B5+Uldk/fUR8Fb/vb/8XTqFRXGIuvPtJFE32joJkO+zJBqy/whJgdNC2LGOFwChWXCt12sDVclNGD/tHf74aGjXVxKJijRkolrKx4spyWpZuBDu9spAPIIdSyH2v7V2Inv0o0PSNCaJgBMSvheb5YV4R8GpirJPtVAJAC4UEeh/v3V71HAgSj2POUdI2KWEQseavR+Rhi+MNzBxD7En6hsuhjS2axPQ8Lkup5zQVC1kt/eNRHpb2TOLjX9dsfc+wr6eFtJM3XJ37oO9q5JGfy/5m/mterVENbk4j64WHyrh0dTbDCzw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=puHR4f4W9BGbiLYDzYlPHhvEFKF4fOGrf0Jqmn4Hkwg=; b=Tkg8v6VOBUkIMflrZHjYXgqEyDHKFHk12l5mr1CFUneVzPRLh4q7JAMEefP5aot4W2LzvlUdZmGebzMXwH/uROcqaEuPiopBdsG0XKanI9guRAxWOVs+TZjLyf89UP8HVTCuryyN6ZoC2R1IQ7LC5HbewprmzePgI4QcQKpgKKN/i0QrfLu7QMTEvjzWVMex5H7KJ1AUTx9/f3wBr3eAzCeyF8HfaSTH2HXF61cNh47gpRkUxciHZSP63BzeKliBWzyGIYAIH0w6Cg4lJ487vsg4VfZyPC7uQm+FbKyzeaGoqPSB3u8D3cmtXfpG3kKQVqGhl1j9zDgFIWwqQ19+WQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=juniper.net;dmarc=pass action=none header.from=juniper.net;dkim=pass header.d=juniper.net;arc=none
Received: from BYAPR05MB5256.namprd05.prod.outlook.com (20.177.231.94) by BYAPR05MB4389.namprd05.prod.outlook.com (52.135.202.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2073.10; Fri, 12 Jul 2019 13:59:13 +0000
Received: from BYAPR05MB5256.namprd05.prod.outlook.com ([fe80::9888:79c2:fa09:2995]) by BYAPR05MB5256.namprd05.prod.outlook.com ([fe80::9888:79c2:fa09:2995%7]) with mapi id 15.20.2094.001; Fri, 12 Jul 2019 13:59:13 +0000
From: Yimin Shen <yshen@juniper.net>
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
CC: "draft-ietf-mpls-egress-protection-framework@ietf.org" <draft-ietf-mpls-egress-protection-framework@ietf.org>, Loa Andersson <loa@pi.nu>, "mpls-chairs@ietf.org" <mpls-chairs@ietf.org>, "mpls@ietf.org" <mpls@ietf.org>
Thread-Topic: Roman Danyliw's Discuss on draft-ietf-mpls-egress-protection-framework-06: (with DISCUSS and COMMENT)
Thread-Index: AQHVNpIdMylsKTiOdUiLwxWif3+RsKbGw8aA
Date: Fri, 12 Jul 2019 13:59:13 +0000
Message-ID: <F0304867-E97D-48EB-AC7D-525E84AE4199@juniper.net>
References: <156270292067.15831.1558464118600381453.idtracker@ietfa.amsl.com>
In-Reply-To: <156270292067.15831.1558464118600381453.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.b.190609
x-originating-ip: [66.129.241.12]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 04c2d7b1-8d7e-491c-7478-08d706d11f3a
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:BYAPR05MB4389;
x-ms-traffictypediagnostic: BYAPR05MB4389:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <BYAPR05MB4389A1332302BC25156D8D88BDF20@BYAPR05MB4389.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-forefront-prvs: 00963989E5
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(39860400002)(136003)(346002)(376002)(366004)(396003)(189003)(199004)(58126008)(76176011)(66556008)(66476007)(99286004)(110136005)(14454004)(76116006)(5660300002)(68736007)(6506007)(186003)(66066001)(4326008)(2906002)(71190400001)(966005)(86362001)(91956017)(66446008)(26005)(64756008)(66946007)(102836004)(305945005)(33656002)(476003)(478600001)(14444005)(256004)(446003)(53936002)(81156014)(54906003)(6436002)(11346002)(81166006)(486006)(6116002)(3846002)(2616005)(7736002)(8936002)(25786009)(36756003)(6306002)(8676002)(316002)(6246003)(6512007)(6486002)(71200400001)(229853002); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR05MB4389; H:BYAPR05MB5256.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: l/fw8yKcgbgPY5DmeT+4Bsyivyh6vCRoQ74u3r9zVy/ErauqqddlOegFwqFupeeGEZkXfcyKZF524QsHw0sonDrzqjXvlIO/ac6AyDoIP8r0YiUyuJpmMkPrTbQA0nVQYGKzAgz0KagANWadUQ/4TQidlRxAKpmm+o6WHOTcWGjID03AH+fXWjdoA5C5sMo0R5M3qwh8r+RcJ6JTMTIXH93gCBfi7KimyHQ4RkHKgSGegnrAzzesrP8vXEqc/vc5BbkNa4z1nGLkN82I+Cz1HaRMQqWxteGJxuDEUMOq3Iqx4kYoFyY5ZHFgt43n531mWRC/Gvj352JIAN8Y9VNNyVEj+ca5nqA20oyip7V1OjaUEeNuCpcdRbUFKN2VNPHo4Xlj6DDW3a+ZZazhm0Ih/2aY/N0tBgpi5hMUuP3e0Ho=
Content-Type: text/plain; charset="utf-8"
Content-ID: <4FEAC2221F047A4CAB6C02385FC7FF81@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 04c2d7b1-8d7e-491c-7478-08d706d11f3a
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jul 2019 13:59:13.6451 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: yshen@juniper.net
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB4389
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-12_04:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907120152
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/qzz0ovzgn_1AI5mv18VzMcbATWk>
Subject: Re: [mpls] Roman Danyliw's Discuss on draft-ietf-mpls-egress-protection-framework-06: (with DISCUSS and COMMENT)
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jul 2019 13:59:25 -0000

Hi Roman,

Thanks very much for your review! 

Please see inline below for the changes we plan to make, and let us know if they are sufficient to resolve this discussion. 

Thanks,

-- Yimin

On 7/9/19, 4:08 PM, "Roman Danyliw via Datatracker" <noreply@ietf.org> wrote:

    Roman Danyliw has entered the following ballot position for
    draft-ietf-mpls-egress-protection-framework-06: Discuss
    
    When responding, please keep the subject line intact and reply to all
    email addresses included in the To and CC lines. (Feel free to cut this
    introductory paragraph, however.)
    
    
    Please refer to https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_iesg_statement_discuss-2Dcriteria.html&d=DwIDaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=2-nT7xvtgxYac4wpYxwo_jh5rZM2uwTLxgRhaObwYug&m=X9HyscF98j23N9gokdZCH9iEG0x_yrqq45haf_Mseus&s=3coZyWz9ap2Zfz4Y4g17fpbs5CyIQnK3OecHx5BBXDE&e= 
    for more information about IESG DISCUSS and COMMENT positions.
    
    
    The document, along with other ballot positions, can be found here:
    https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf-2Dmpls-2Degress-2Dprotection-2Dframework_&d=DwIDaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=2-nT7xvtgxYac4wpYxwo_jh5rZM2uwTLxgRhaObwYug&m=X9HyscF98j23N9gokdZCH9iEG0x_yrqq45haf_Mseus&s=6r9KW52kfdX1MRN_rfpiU1ILMNibzZh7ub-VcoEKCQM&e= 
    
    
    
    ----------------------------------------------------------------------
    DISCUSS:
    ----------------------------------------------------------------------
    
    A few questions about the Security Considerations:
    
    (1) Section 11.  I appreciate that this a framework document that is trying to
    be generic.  Section 4 (and others) seem to lay out generic requirements. 
    However, this Security Considerations section is both vague on the protocol
    choices (understandable) and the security services/properties they would have
    (the gap).   For example, “The general security measures of the protocols
    SHOULD be used whenever applicable.” and “The available security measures of
    the chosen protocol SHOULD be used to achieve a secured session between the two
    routers.”  Some discussion of what a “secured session” would look like would be
    helpful.
    
[yshen] We could say that “The general security measures of the protocols SHOULD be used whenever needed and applicable, e.g. an authentication method or password. The framework does not require additional security measures for these protocols, other than what they already have."

    (2) Section 11.  What are the elements and enablers of “a certain level of
    trust … [being] established between the routers for the protocols to run
    securely”?
    
[yshen] Here, the "trust" simply means that, first the routers are allowed to run the protocols between them; and second, the protocols are run securely like the above. Again, this should be the same manner as that of an inter-AS protocols.
   
    ----------------------------------------------------------------------
    COMMENT:
    ----------------------------------------------------------------------
    
    (3) Section 4.  Per “The framework MUST consider minimizing disruption during
    deployment”, why is this MUST only to _consider_ minimizing rather than
    actually minimizing the disruption?
    
[yshen] Will change this to "This framework must minimize disruption ...". Also pointed out by some other viewers, the normative terms MAY/SHOULD/MUST are not suitable for this "consideration" section. Will replace them with may/should/must.

    (4) Section 5.7.  Per “a globally unique IPv4/v6 address  is assigned to a
    protected egress {E, P} as the identifier of the protected egress {E, P}”, I
    recommend being explicit and saying and s/IPv4\\v6/IPv4 or v6/

[yshen] Will fix this.
    
    (5) Section 9.  I’m missing something obvious -- what is a “label table
    pe2.mpls”?

[yshen] I think you are talking about the example in section 10. As it specifies in the first paragraph, " On PE3, ....., and a table pe2.mpls is created to represent PE2's label space."

v2.23.0 | Report a Bug | By Email