Re: [OSPF] Gen-ART and OPS-Dir review of draft-ietf-ospf-node-admin-tag-06: A-D issues

Shraddha Hegde <shraddha@juniper.net> Thu, 08 October 2015 12:03 UTC

Return-Path: <shraddha@juniper.net>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95D7D1B32D7; Thu, 8 Oct 2015 05:03:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.998
X-Spam-Level:
X-Spam-Status: No, score=0.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_35=0.6, MANGLED_MEDS=2.3, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JPUVA-bmc1fR; Thu, 8 Oct 2015 05:03:12 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0146.outbound.protection.outlook.com [207.46.100.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 013041B32F4; Thu, 8 Oct 2015 05:03:11 -0700 (PDT)
Received: from BY1PR0501MB1381.namprd05.prod.outlook.com (10.160.107.139) by BY1PR0501MB1384.namprd05.prod.outlook.com (10.160.107.142) with Microsoft SMTP Server (TLS) id 15.1.286.20; Thu, 8 Oct 2015 12:03:05 +0000
Received: from BY1PR0501MB1381.namprd05.prod.outlook.com ([10.160.107.139]) by BY1PR0501MB1381.namprd05.prod.outlook.com ([10.160.107.139]) with mapi id 15.01.0286.019; Thu, 8 Oct 2015 12:03:05 +0000
From: Shraddha Hegde <shraddha@juniper.net>
To: "Black, David" <david.black@emc.com>, Rob Shakir <rjs@rob.sh>, "as@cisco.com" <as@cisco.com>, "bruno.decraene@orange.com" <bruno.decraene@orange.com>, "ops-dir@ietf.org" <ops-dir@ietf.org>, "General Area Review Team (gen-art@ietf.org)" <gen-art@ietf.org>, "lizhenbin@huawei.com" <lizhenbin@huawei.com>
Thread-Topic: Gen-ART and OPS-Dir review of draft-ietf-ospf-node-admin-tag-06: A-D issues
Thread-Index: AdEBDEziYmBkLZJnTki1S2UszA0okAAgLDsQ
Date: Thu, 8 Oct 2015 12:03:04 +0000
Message-ID: <BY1PR0501MB138194B0DA5750DEDE2A5FE5D5350@BY1PR0501MB1381.namprd05.prod.outlook.com>
References: <CE03DB3D7B45C245BCA0D24327794936166B26DA@MX104CL02.corp.emc.com>
In-Reply-To: <CE03DB3D7B45C245BCA0D24327794936166B26DA@MX104CL02.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=shraddha@juniper.net;
x-originating-ip: [116.197.184.14]
x-microsoft-exchange-diagnostics: 1; BY1PR0501MB1384; 5:FMmGBhXtsh4U89xyTMq/O5TCgoIp6cLIuygkbGOLNvMxZTNANjG4m9ArwxfH3JeAa707Kb7apdTp7xbK5aUAKIFtsgfKIamZIZfrTMXBHGkpNxR0Trxlljyxrj/qo7Z5CWFt61KG5X5GT7TlDO9KeA==; 24:sLZeo/4uhdLSTWS0J/uVZg6c+9/UYJCr3mySdPInm+46L58qz6SNByVLMQGlOVAQg+pUF+zecX9XeZlr+Xnc9wFOVkYAZxz5mreGM8nEJkE=; 20:2zJYUKvOrvEt1QwTGpymTVomgv9uG+X+n8FumGZK2yd0XxuVISckxFA/mK92d67e+YuLCDQnXBv5Sxj0CDMTKQ==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY1PR0501MB1384;
x-microsoft-antispam-prvs: <BY1PR0501MB1384CD4A593F21336EC288FAD5350@BY1PR0501MB1384.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(95692535739014);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(520078)(5005006)(8121501046)(3002001); SRVR:BY1PR0501MB1384; BCL:0; PCL:0; RULEID:; SRVR:BY1PR0501MB1384;
x-forefront-prvs: 0723A02764
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(13464003)(377454003)(189002)(199003)(41584004)(164054003)(51444003)(5008740100001)(64706001)(40100003)(99286002)(2501003)(92566002)(76576001)(189998001)(74316001)(46102003)(5004730100002)(230783001)(11100500001)(19580395003)(5007970100001)(19580405001)(81156007)(2900100001)(10400500002)(102836002)(5003600100002)(77096005)(87936001)(97736004)(5001770100001)(101416001)(122556002)(105586002)(5001960100002)(33656002)(2950100001)(99936001)(2201001)(76176999)(50986999)(54356999)(106356001)(86362001)(66066001)(5002640100001)(7059030); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR0501MB1384; H:BY1PR0501MB1381.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/mixed; boundary="_002_BY1PR0501MB138194B0DA5750DEDE2A5FE5D5350BY1PR0501MB1381_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Oct 2015 12:03:04.9510 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR0501MB1384
Archived-At: <http://mailarchive.ietf.org/arch/msg/ospf/NgsILVSnJwEs4f2ikf8IZFZN-dU>
Cc: "ospf@ietf.org" <ospf@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: [OSPF] Gen-ART and OPS-Dir review of draft-ietf-ospf-node-admin-tag-06: A-D issues
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ospf/>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Oct 2015 12:03:18 -0000

Thanks David for the follow-up.
Pls find details below.

[...Snip to open comments...]

David> Please add that statement, specifically that a receiver may have 
David> to ignore tags that do not match any local policies.  

<Shraddha>Updated as below.

"If a receiving node does not
understand the tag value or does not have a local policy corresponding to the tag,
it ignores the specific tag and floods the RI LSA without any change as defined in <xref target="RFC4970"/>."


David> For the first requirement, I was expecting the "MUST" to apply 
David> only to "independent identifier," i.e.:

    Each tag MUST be treated as an independent identifier that MAY be
    used in policy to perform a policy action.

<Shraddha> OK. Updating the draft as suggested.

<t>Each tag MUST be treated as an independent
identifier that MAY be used in policy to perform a policy
action. Tags carried by the administrative tag TLV SHOULD be used to indicate
independent characteristics of a node. The administrative tag list within the TLV MUST be considered 
an unordered list. Whilst policies may be implemented based on the 
presence of multiple tags (e.g., if tag A AND tag B are present), 
they MUST NOT be reliant upon the order of the tags (i.e.,
all policies should be considered commutative operations, such that
tag A preceding or following tag B does not change their outcome).
</t>
------------------------------------------------------------------------------------------------------------

David> The last sentence appears to still have a problem:  How does a 
David> receiving node determine when it has a complete set of tags?  Suggested rephrase:

	When an RI LSA is received that changes the set of tags applicable to
	any originating node, a receiving node MUST repeat any computation or
	processing that is based on those administrative tags.

David> I think that captures the underlying point that processing MUST 
David> always be based on current tag information.
 <Shraddha> Updated as per suggestion

<t> Multiple node administrative tag TLVs MAY appear in an RI LSA or 
   multiple node administrative tag TLVs MAY be contained in different
   instances of the RI LSA.  The node administrative tags associated
   with a node that originates tags for the purpose of any computation or processing at a receiving node
   SHOULD be a superset of node administrative tags from all the TLVs in all the
   received RI LSA instances originated by that node.When an RI LSA is received that changes the set of 
   tags applicable to any originating node, a receiving node MUST repeat any computation or
	processing that is based on those administrative tags.
</t>
-------------------------------------------------------------------------------------------------------------------------------------

David> I don't understand how a receiving node can be certain that a tag 
David> has been removed based on this sentence in Section 2:

   Multiple TLVs MAY be added in same RI-LSA or in a different instance
   of the RI LSA as defined in [I-D.acee-ospf-rfc4970bis].

David> How does a receiving node determine that it has seen all the 
David> relevant RI LSAs and hence that absence of a previously seen tag 
David> renders that tag no longer applicable?  The "seen all the 
David> relevant RI LSAs" portion of this answer probably belongs in Section 2.

<Shraddha> A node cannot determine that it has all the complete and current information at any point of time.
This is true for any link state IGP protocol which floods the data for distribution. 
The flooding mechanism is reliable and ensures the changes are propagated
Domain wide. The receivers have to process any database change and apply it to the entire link state database every-time it receives any change from any node.
This is so fundamental to the link state protocols, I don't see the necessity of repeating that concept in this document.


---------------------------------------------------------------------------------------------------------------------------------------

> [D] No management support
> 
> From OPS-Dir Q&A: At a minimum, reporting of tag values ought to be 
> defined via an OSPF MIB extension or analogous functionality.
> 
> <shraddha> I think this should be taken separately as part of OSPF MIB 
> RFC update, which will combine multiple features which require new definitions.
> 
> Acee, How do we go about this?

David> At the very least, the draft that updates that MIB should be referenced.

<Shraddha>Currently there is no active draft working on OSPF MIB to update the node admin tag related configs.
 Yang data models are extensively being referred and recommended for management.
Have included a reference to the document and requested authors of yang draft to consider adding the node-admin-tag
Related interfaces to the data model.

7.  Manageability Considerations

   Node administrative tags are configured and managed using routing
   policy enhancements.  YANG data definition language is the latest
   model to describe and define configuration for network devices.  OSPF
   YANG data model is described in [I-D.ietf-ospf-yang] and routing
   policy configuration model is described in
   [I-D.ietf-rtgwg-policy-model].  These two documents will be enhanced
   to include the node administrative tag related configurations.

-----Original Message-----
From: Black, David [mailto:david.black@emc.com] 
Sent: Wednesday, October 07, 2015 7:58 PM
To: Shraddha Hegde <shraddha@juniper.net>et>; Rob Shakir <rjs@rob.sh>sh>; as@cisco.com; bruno.decraene@orange.com; ops-dir@ietf.org; General Area Review Team (gen-art@ietf.org) <gen-art@ietf.org>rg>; lizhenbin@huawei.com
Cc: acee@cisco.com; ospf@ietf.org; ietf@ietf.org; Black, David <david.black@emc.com>
Subject: Gen-ART and OPS-Dir review of draft-ietf-ospf-node-admin-tag-06: A-D issues

David> Inline.  I'll deal with the A-D issues here and the editorial 
David> items/nits in a separate message.

> David,
> 
> Thanks a lot for your detailed review and comments.
> 
 
[... snip ...]

> --- Minor issues: ----
> 
> -- 3.2 Elements of procedure:
> 
> [A] I see what look like some underspecified requirements:
> 
>    Each tag SHOULD be treated as an independent identifier that MAY be
>    used in policy to perform a policy action.
> 
>    The administrative tag list within the
>    TLV SHOULD be considered an unordered list.
> 
> Why are those two not "MUST" requirements?  What happens if either is 
> not done?
> 
> <Shraddha> It's perfectly valid for the receiver of the node admin tag 
> to ignore a certain tag or set of tags if there are no local policies.
> I think MUST will be too restrictive statement.

David> Please add that statement, specifically that a receiver may have 
David> to ignore tags that do not match any local policies.  That still 
David> doesn't explain why "MUST" is inappropriate in either case.

David> For the first requirement, I was expecting the "MUST" to apply 
David> only to "independent identifier," i.e.:

    Each tag MUST be treated as an independent identifier that MAY be
    used in policy to perform a policy action.


David> The "SHOULD" in the second requirement appears to be asking for 
David> interoperability problems if it's ignored.  I think that ought to be:

    The administrative tag list within the
    TLV MUST be considered an unordered list.

> ----------------------------------------------------------------------
> --------
> --------------------------------------------
> 
> [B] Tag set completeness:
> 
>    Multiple node administrative tag TLVs MAY appear in an RI LSA or
>    multiple node administrative tag TLVs MAY be contained in different
>    instances of the RI LSA.  The node administrative tags associated
>    with a node for the purpose of any computation or processing SHOULD
>    be a superset of node administrative tags from all the TLVs in all
>    instances of the RI LSA originated by that node.
> 
> This paragraph is about processing at that node.  It's easy to 
> misread, as that implication
> 
> is buried in the word "originated" in the last line.
> Suggested change:
> 
> 	"for the purpose of any computation or processing SHOULD" ->
> 	"for the purpose of any computation or processing performed
> 		at that node SHOULD"
> 
> Also, it looks like it's acceptable for other nodes to perform such 
> computation or processing based on a partial tag set for this node 
> (e.g., when some other node has not received all the RI LSAs with all the tags).  That should be stated.
> 
> <Shraddha> This is talking about processing at the receiver. Will update as below.
> 
> 
>    Multiple node administrative tag TLVs MAY appear in an RI LSA or
>    multiple node administrative tag TLVs MAY be contained in different
>    instances of the RI LSA.  The node administrative tags associated
>    with a node for the purpose of any computation or processing at the receiver SHOULD
>    be a superset of node administrative tags from all the TLVs in all
>    instances of the RI LSA originated by that node. Receiver MAY perform the processing on
>    administrative node tags when only a partial set is receieved but the receiver
>    node MUST repeat the computation or processing when the complete set of node
>    administrative tags for that node is received.

David> That's much clearer.  Some minor editorial suggestions:

	- "associated with a node" -> "associated with a node that originates tags"
	- "processing at the receiver" -> "processing at a receiving node"
	- "instances of the RI LSA" -> "received RI LSA instances"

David> The last sentence appears to still have a problem:  How does a 
David> receiving node determine when it has a complete set of tags?  Suggested rephrase:

	When an RI LSA is received that changes the set of tags applicable to
	any originating node, a receiving node MUST repeat any computation or
	processing that is based on those administrative tags.

David> I think that captures the underlying point that processing MUST 
David> always be based on current tag information.

> ----------------------------------------------------------------------
> --------
> ---------------------------------------------------
> [C] Tag change/removal:
> 
>    When there is a change in the node administrative tag TLV or removal/
>    addition of a TLV in any instance of the RI-LSA, implementations MUST
>    take appropriate measures to update its state according to the
>    changed set of tags.  Exact actions depend on features working with
>    administrative tags and is outside of scope of this specification.
> 
> Inability to interoperably remove a tag value (e.g., distribute the 
> update that tag X no longer applies to node Q) seems like a 
> significant omission, but I'm not a routing expert, so I'll defer to 
> the WG's and ADs' judgment on the importance of this.  At a minimum, 
> the rationale for not specifying an interoperable tag value removal mechanism ought to be added to this document.
> 
> <Shraddha> Added the tag updations at the origination.
> 
> When there is a change or removal of an adminstrative affiliation of a 
> node, the node MUST
> 
> re-originate the RI LSA with the latest set of node administrative tags.
> On the receiver, When there is a change in the node administrative tag 
> TLV or removal/
>    addition of a TLV in any instance of the RI-LSA, implementations MUST
>    take appropriate measures to update its state according to the
>    changed set of tags.  Exact actions depend on features working with
>    administrative tags and is outside of scope of this specification.

David> I don't understand how a receiving node can be certain that a tag 
David> has been removed based on this sentence in Section 2:

   Multiple TLVs MAY be added in same RI-LSA or in a different instance
   of the RI LSA as defined in [I-D.acee-ospf-rfc4970bis].

David> How does a receiving node determine that it has seen all the 
David> relevant RI LSAs and hence that absence of a previously seen tag 
David> renders that tag no longer applicable?  The "seen all the 
David> relevant RI LSAs" portion of this answer probably belongs in Section 2.

> ----------------------------------------------------------------------
> --------
> -----------------------------------------------------------
> 
> [D] No management support
> 
> From OPS-Dir Q&A: At a minimum, reporting of tag values ought to be 
> defined via an OSPF MIB extension or analogous functionality.
> 
> <shraddha> I think this should be taken separately as part of OSPF MIB 
> RFC update, which will combine multiple features which require new definitions.
> 
> Acee, How do we go about this?

David> At the very least, the draft that updates that MIB should be referenced.

[... Nits/editorial comments snipped - will send separate email ...]

Thanks,
--David
----------------------------------------------------
David L. Black, Distinguished Engineer
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786
david.black@emc.com        Mobile: +1 (978) 394-7754
----------------------------------------------------