Re: [OSPF] Gen-ART and OPS-Dir review of draft-ietf-ospf-node-admin-tag-06
Shraddha Hegde <shraddha@juniper.net> Wed, 07 October 2015 07:08 UTC
Return-Path: <shraddha@juniper.net>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47DEC1B2B55; Wed, 7 Oct 2015 00:08:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.998
X-Spam-Level:
X-Spam-Status: No, score=0.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_35=0.6, MANGLED_MEDS=2.3, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wu9eZZNMn2RT; Wed, 7 Oct 2015 00:08:21 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0111.outbound.protection.outlook.com [65.55.169.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31AE01B2B2C; Wed, 7 Oct 2015 00:08:20 -0700 (PDT)
Received: from BY1PR0501MB1381.namprd05.prod.outlook.com (10.160.107.139) by BY1PR0501MB1381.namprd05.prod.outlook.com (10.160.107.139) with Microsoft SMTP Server (TLS) id 15.1.286.20; Wed, 7 Oct 2015 07:08:17 +0000
Received: from BY1PR0501MB1381.namprd05.prod.outlook.com ([10.160.107.139]) by BY1PR0501MB1381.namprd05.prod.outlook.com ([10.160.107.139]) with mapi id 15.01.0286.019; Wed, 7 Oct 2015 07:08:17 +0000
From: Shraddha Hegde <shraddha@juniper.net>
To: "Black, David" <david.black@emc.com>, Rob Shakir <rjs@rob.sh>, "as@cisco.com" <as@cisco.com>, "bruno.decraene@orange.com" <bruno.decraene@orange.com>, "ops-dir@ietf.org" <ops-dir@ietf.org>, "General Area Review Team (gen-art@ietf.org)" <gen-art@ietf.org>, "lizhenbin@huawei.com" <lizhenbin@huawei.com>
Thread-Topic: Gen-ART and OPS-Dir review of draft-ietf-ospf-node-admin-tag-06
Thread-Index: AdEAjEvpIy25ziWfRACBnPhaH7xx5wAQREsQ
Date: Wed, 07 Oct 2015 07:08:17 +0000
Message-ID: <BY1PR0501MB1381335E0F1E66737F21D930D5360@BY1PR0501MB1381.namprd05.prod.outlook.com>
References: <CE03DB3D7B45C245BCA0D24327794936166B1AFC@MX104CL02.corp.emc.com>
In-Reply-To: <CE03DB3D7B45C245BCA0D24327794936166B1AFC@MX104CL02.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=shraddha@juniper.net;
x-originating-ip: [116.197.184.16]
x-microsoft-exchange-diagnostics: 1; BY1PR0501MB1381; 5:Ibt5+6dCWefH1iOshdukttVKb85csv3iZWqupOC0LqqXuTnP8TVQxZ2L5hryrSTLgLkuWy7H5le7lfMKlGZIdbQvQDV8gaCEcPPN4AfIe/Mj8ZcGDgQp07u1+FWhbDJe8MAWpqchKIP1SqfCXh4HgQ==; 24:KeFFTfJY0XqqybL+MM9WXa/jQNNAVDSWc9eyC6I+PkiQF4oUqlB4KVYffUETQFeUvOpYQZfF9psEEponcYz2wWNUYEs+LmXYmXEzBrHhWHY=; 20:swFcIQm1Rhxq30s/YRTj1jUo7GH8Hq//F919H36ENtBRomQJclS2Z01Yc4veQlQh6Wf4MTLrSdW80lEJ2KvgsQ==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY1PR0501MB1381;
x-microsoft-antispam-prvs: <BY1PR0501MB138197741E1C9293CC88524FD5360@BY1PR0501MB1381.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(95692535739014);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(520078)(5005006)(3002001); SRVR:BY1PR0501MB1381; BCL:0; PCL:0; RULEID:; SRVR:BY1PR0501MB1381;
x-forefront-prvs: 0722981D2A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(164054003)(71364002)(13464003)(199003)(189002)(377454003)(24454002)(10400500002)(5001770100001)(19580405001)(97736004)(105586002)(99286002)(106356001)(122556002)(76576001)(64706001)(19580395003)(87936001)(189998001)(5890100001)(66066001)(102836002)(77096005)(92566002)(2950100001)(81156007)(2900100001)(40100003)(230783001)(5002640100001)(50986999)(5007970100001)(54356999)(5001960100002)(33656002)(5004730100002)(86362001)(2201001)(74316001)(5008740100001)(11100500001)(46102003)(99936001)(101416001)(2501003)(5003600100002)(76176999)(7059030); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR0501MB1381; H:BY1PR0501MB1381.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/mixed; boundary="_002_BY1PR0501MB1381335E0F1E66737F21D930D5360BY1PR0501MB1381_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Oct 2015 07:08:17.3102 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR0501MB1381
Archived-At: <http://mailarchive.ietf.org/arch/msg/ospf/WNcfZ3gbG-l_tjaq2Xtm1r-YkKs>
Cc: "ospf@ietf.org" <ospf@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: [OSPF] Gen-ART and OPS-Dir review of draft-ietf-ospf-node-admin-tag-06
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ospf/>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2015 07:08:30 -0000
David, Thanks a lot for your detailed review and comments. Here are the details of responses. I have also attached the updated document. ---- Major issues: ---- [1] Operational considerations: There appears to be more than enough enabled by this draft to wreak serious operational havoc, but the draft seems to sidestep all operational topics, primarily by treating all usage of tags as vendor- or implementation- specific and trusting the vendors and operators not to foul things up. I'm not sure that's wise. <Shraddha> Added a new "Operational Considerations" section as suggested in other mail threads on this topic. ----------------------------------------------------------------------------------------------------- See end of OPS-Dir review below for more on this concern. --- Minor issues: ---- -- 3.2 Elements of procedure: [A] I see what look like some underspecified requirements: Each tag SHOULD be treated as an independent identifier that MAY be used in policy to perform a policy action. The administrative tag list within the TLV SHOULD be considered an unordered list. Why are those two not "MUST" requirements? What happens if either is not done? <Shraddha> It's perfectly valid for the receiver of the node admin tag to ignore a certain tag or set of tags if there are no local policies. I think MUST will be too restrictive statement. -------------------------------------------------------------------------------------------------------------------------- [B] Tag set completeness: Multiple node administrative tag TLVs MAY appear in an RI LSA or multiple node administrative tag TLVs MAY be contained in different instances of the RI LSA. The node administrative tags associated with a node for the purpose of any computation or processing SHOULD be a superset of node administrative tags from all the TLVs in all instances of the RI LSA originated by that node. This paragraph is about processing at that node. It's easy to misread, as that implication is buried in the word "originated" in the last line. Suggested change: "for the purpose of any computation or processing SHOULD" -> "for the purpose of any computation or processing performed at that node SHOULD" Also, it looks like it's acceptable for other nodes to perform such computation or processing based on a partial tag set for this node (e.g., when some other node has not received all the RI LSAs with all the tags). That should be stated. <Shraddha> This is talking about processing at the receiver. Will update as below. Multiple node administrative tag TLVs MAY appear in an RI LSA or multiple node administrative tag TLVs MAY be contained in different instances of the RI LSA. The node administrative tags associated with a node for the purpose of any computation or processing at the receiver SHOULD be a superset of node administrative tags from all the TLVs in all instances of the RI LSA originated by that node.Receiver MAY perform the processing on administrative node tags when only a partial set is receieved but the receiver node MUST repeat the computation or processing when the complete set of node administrative tags for that node is received. --------------------------------------------------------------------------------------------------------------------------------- [C] Tag change/removal: When there is a change in the node administrative tag TLV or removal/ addition of a TLV in any instance of the RI-LSA, implementations MUST take appropriate measures to update its state according to the changed set of tags. Exact actions depend on features working with administrative tags and is outside of scope of this specification. Inability to interoperably remove a tag value (e.g., distribute the update that tag X no longer applies to node Q) seems like a significant omission, but I'm not a routing expert, so I'll defer to the WG's and ADs' judgment on the importance of this. At a minimum, the rationale for not specifying an interoperable tag value removal mechanism ought to be added to this document. <Shraddha> Added the tag updations at the origination. When there is a change or removal of an adminstrative affiliation of a node, the node MUST re-originate the RI LSA with the latest set of node administrative tags. On the receiver, When there is a change in the node administrative tag TLV or removal/ addition of a TLV in any instance of the RI-LSA, implementations MUST take appropriate measures to update its state according to the changed set of tags. Exact actions depend on features working with administrative tags and is outside of scope of this specification. ----------------------------------------------------------------------------------------------------------------------------------------- [D] No management support From OPS-Dir Q&A: At a minimum, reporting of tag values ought to be defined via an OSPF MIB extension or analogous functionality. <shraddha> I think this should be taken separately as part of OSPF MIB RFC update, which will combine multiple features which require new definitions. Acee, How do we go about this? ----------------------------------------------------------------------------------------------------------------------------- --- Nits/editorial comments: ---- -- 1. Introduction The Abstract says that the tags are for "route and path selection"; the Introduction should also say that. Suggestion - at the end of this sentence in the first paragraph: It is useful to assign a per-node administrative tag to a router in the OSPF domain and use it as an attribute associated with the node. add the text "for route and path selection". This will help with the second sentence in the second paragraph: <Shraddha>Modified as per suggestion. Path selection is a functional set which applies both to TE and non-TE applications and hence new TLV for carrying per-node administrative tags is included in Router Information LSA [RFC4970] . If "path selection" and "functional set" are specific terms with specialized meaning in OSPF context, that sentence is fine as-is, otherwise it would read better if it began with: Route and path selection functionality applies to both ... <Shraddha> Modified as per suggestion. This document provides mechanisms to advertise per-node administrative tags in OSPF for route and path selection. Route and path selection functionality applies to both to TE and non-TE applications and hence new TLV for carrying per-node administrative tags is included in Router Information LSA ... -- 3.1. TLV format Type : TBA, Suggested value 10 Please add an RFC Editor Note asking the RFC Editor to replace this with the actual IANA- assigned value. <Shraddha> Does the RFC Editor Note go as part of this document. -- 3.2. Elements of procedure While it's obvious that tag usage should be confined to the administrative domain that understands the tag, it's worth stating. At the end of this sentence: Interpretation of tag values is specific to the administrative domain of a particular network operator. I'd suggest adding: , and hence tag values SHOULD NOT be propagated outside the administrative domain to which they apply. <Shraddha> Modified as per suggestion -- 4.4. Mobile back-haul network service deployment Please expand "eNodeB" acronym on first use. <Shraddha> Added -- 4.5. Explicit routing policy In Figure 3: - The link from the leftmost pair of A nodes to the pair of T nodes do not have link weights. - The link from the left R node to the left T node does not have a link weight - The following example of an explicitly routed policy: - Traffic from A nodes to I nodes must not go through R and T nodes prevents the leftmost pair of A nodes from sending traffic to the I nodes. Was this "black hole" intended as part of the example? Also: "explicitly routed policies" -> "explicit routing policies" <Shraddha> It's probably not intended. Bruno, can you pls confirm? But, the example in itself is very much valid, with node admin tags operators can have policies to drop traffic if destined towards certain prefixes. As Rob and Bruno, this is nothing new as such an operation is possible today with routing policies. - 5. Security considerations I'd add discussion that advertisement of tag values for one administrative domain into another risks misinterpretation of the tag values (if the two domains have assigned different meanings to the same values), which may have undesirable and unanticipated side effects. <Shraddha> Added this point to security considerations. In addition, injection of tag values from the outside (e.g., forge OSPF traffic that appears to be from a node in the domain and carries administrative tag values) is at least a possible denial-of-service attack vector, and could also be used for more nefarious purposes (e.g., reroute otherwise unobservable [to the attacker] VPN traffic via a route where the attacker can observe it). <Shraddha> In the absence of authentication, such attacks are possible on existing OSPF implementations and I don't think it's a new risk added by this extension. idnits 2.13.02 did not find any nits. ---- Selected RFC 5706 Appendix A Q&A for OPS-Dir review ---- A.1.2. Has installation and initial setup been discussed? A.1.5. Has the impact on network operation been discussed? A.1.6. Have suggestions for verifying correct operation been discussed? No - given the impact that these tags could have on route and path computation, likely implementations will be powerful "guns" with which network operators can readily shoot themselves in far more than just their "feet." These considerations would have to be documented based on the specific uses made of these tags by specific implementations and deployments. All of that appears to be outside the scope of this draft. A.1.7. Has management interoperability been discussed? No - at a minimum, reporting of tag values ought to be defined via an OSPF MIB extension or analogous functionality. This is minor issue [D]. A.1.8. Are there fault or threshold conditions that should be reported? Yes, but they're implementation-specific - see response to A.1.[2,5,6] above. A.2. Management Considerations Do you anticipate any manageability issues with the specification? Yes, manageability has been largely ignored. A.3. Documentation Is an operational considerations and/or manageability section part of the document? No. Does the proposed protocol have a significant operational impact on the Internet? Yes, the anticipated uses will. Is there proof of implementation and/or operational experience? Nothing was stated in the draft or shepherd write-up. As an OPS-Dir member, I'm concerned by the above RFC 5706 answers, and in particular treating all operational issues as vendor- and/or operator-specific. One possible alternative would be to scope the draft down to interoperably specify what's needed for LFA, as indicated by this answer from the Shepherd write-up: (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? There is consensus from the WG and others outside the WG that this document can progress. It complements work done on LFA manageability in the RTG Working Group. Another alternative could be Experimental RFC status for the full tag mechanism (e.g., to figure out what it'll be used for in practice, how and why) rather than Proposed Standard. This is major issue [1]. -----Original Message----- From: Black, David [mailto:david.black@emc.com] Sent: Wednesday, October 07, 2015 4:41 AM To: Rob Shakir <rjs@rob.sh>; as@cisco.com; bruno.decraene@orange.com; ops-dir@ietf.org; Shraddha Hegde <shraddha@juniper.net>; General Area Review Team (gen-art@ietf.org) <gen-art@ietf.org>; lizhenbin@huawei.com Cc: acee@cisco.com; ospf@ietf.org; ietf@ietf.org; Black, David <david.black@emc.com> Subject: RE: Gen-ART and OPS-Dir review of draft-ietf-ospf-node-admin-tag-06 Rob, I think something needs to be said on use of tags for preference in route selection vs. prohibition on use of routes, e.g., as Section 4.5 starts out with a discussion of preference and then supplies two example policies that are prohibitions. While Section 4.5 appears to need some attention, that seems to be a bit late in the draft to cover this topic - perhaps this would be fodder for an "Operational Considerations" section, as suggested in my reply to Bruno. That could include a statement that route preference policies are a less risky use of tags by comparison to route prohibition policies. Now that I have a better idea of what this draft is intended for, please ignore my suggestions to scope it to LFA or make it Experimental. Thanks, --David > -----Original Message----- > From: Rob Shakir [mailto:rjs@rob.sh] > Sent: Tuesday, October 06, 2015 1:22 PM > To: as@cisco.com; bruno.decraene@orange.com; Black, David; > ops-dir@ietf.org; shraddha@juniper.net; General Area Review Team > (gen-art@ietf.org) lizhenbin@huawei.com > Cc: acee@cisco.com; ospf@ietf.org; Black, David; ietf@ietf.org > Subject: RE: Gen-ART and OPS-Dir review of > draft-ietf-ospf-node-admin-tag-06 > > > On October 6, 2015 at 17:46:41, Black, David (david.black@emc.com) wrote: > > Rob, > > > > > Given that we are really selecting candidates from within a set of > > > paths > that > > > have already been selected by OSPF as valid, and usable - then I’m > > > not > sure > > > that I can understand the logic behind this sentence from your review: > "There > > > appears to be more than enough enabled by this draft to wreak > > > serious operational havoc”. > > > > Perhaps, I'm not understanding something, but I thought I saw an > unreachability > > problem in the example in Section 4.5/Figure 3: > > > > - The following example of an explicitly routed policy: > > > > - Traffic from A nodes to I nodes must not go through R and T nodes > > > > prevents the leftmost pair of A nodes from sending traffic to the I > > nodes. Was this "black hole" intended as part of the example? > > > > Was that a mistake, and at least one path from the leftmost pair of > > A nodes to the I nodes will be selected despite that "explicitly routed policy”? > > If the operator chooses to deny prefixes being installed in the RIB > based on these tags, then yes, they could end up with unreachability > problems. However, an operator can do this today with any routing > policy (a number of implementations already have inbound route > filtering) - we should not prevent this kind of mechanism based on the > fact that an erroneous config might be problematic. > > In the case that the operator *preferences* things based on the tags, > then this would not be an unreachability problem - OSPF would still > correctly determine that there is a path between all nodes in the > pictured network - and this would be installed in the RIB as per normal operation. > > (My memory is not 100% clear on whether this is intended as part of > the example, if it is, then the text should be clarified I agree.) > > Kind regards, > r.
- Re: [OSPF] Gen-ART and OPS-Dir review of draft-ie… Rob Shakir
- Re: [OSPF] Gen-ART and OPS-Dir review of draft-ie… bruno.decraene
- Re: [OSPF] Gen-ART and OPS-Dir review of draft-ie… Rob Shakir
- Re: [OSPF] Gen-ART and OPS-Dir review of draft-ie… Shraddha Hegde
- Re: [OSPF] Gen-ART and OPS-Dir review of draft-ie… bruno.decraene