[Pce] Benjamin Kaduk's No Objection on draft-ietf-pce-segment-routing-14: (with COMMENT)
Benjamin Kaduk <kaduk@mit.edu> Fri, 30 November 2018 23:27 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: pce@ietf.org
Delivered-To: pce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 36616126DBF; Fri, 30 Nov 2018 15:27:00 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benjamin Kaduk <kaduk@mit.edu>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-pce-segment-routing@ietf.org, Dhruv Dhody <dhruv.ietf@gmail.com>, pce-chairs@ietf.org, dhruv.ietf@gmail.com, pce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.89.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <154362042021.27428.14843328031369141534.idtracker@ietfa.amsl.com>
Date: Fri, 30 Nov 2018 15:27:00 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/-UngPIKxvqG3jW4ALUr1DMU8BbA>
Subject: [Pce] Benjamin Kaduk's No Objection on draft-ietf-pce-segment-routing-14: (with COMMENT)
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2018 23:27:00 -0000
Benjamin Kaduk has entered the following ballot position for draft-ietf-pce-segment-routing-14: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-pce-segment-routing/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Abstract This document specifies extensions to the Path Computation Element Communication Protocol (PCEP) that allow a stateful PCE to compute and initiate Traffic Engineering (TE) paths, as well as a PCC to request a path subject to certain constraints and optimization criteria in SR networks. Why are we talking about TE paths now instead of SR? Section 1 Several types of segment are defined. A node segment represents an ECMP-aware shortest-path to a specific node, and is always identified uniquely within the SR/IGP domain. [...] A path to a node is only going to be unique if the starting node is also included, is it not? Section 3 The sentences: In an SR network, the ingress node of an SR path prepends an SR header to all outgoing packets. The SR header consists of a list of SIDs (or MPLS labels in the context of this document). Appear virtually unchanged in both the start of the first paragraph and the middle of the second paragraph; is this duplication really needed? A PCC MAY include an RRO containing the recorded LSP in PCReq and PCRpt messages as specified in [RFC5440] and [RFC8231], respectively. This document defines a new RRO subobject for SR networks. The methods used by a PCC to record the SR-TE LSP are outside the scope of this document. It's not entirely clear that we need to define a standard container to carry site-local data when a site-local container could also be used. Section 5.2 Please expand SRP (and RP, for that matter) on first usage. (Interestingly, https://www.rfc-editor.org/materials/abbrev.expansion.txt does not seem to have the correct expansion for this usage.) Section 5.3.1 * C: If the M bit and the C bit are both set to 1, then the TC, S, and TTL fields in the MPLS label stack entry are specified by the PCE. However, a PCC MAY choose to override these values according its local policy and MPLS forwarding rules. If the M bit is set to 1 but the C bit is set to zero, then the TC, S, and TTL fields MUST be ignored by the PCC. The PCC MUST set these fields according to its local policy and MPLS forwarding rules. [...] Must be ignored in incoming messages received from where? Isn't the 'F' bit fully redundant with NT? Section 5.3.2 Do we need to say anything about which node is the reference point for evaluating "local" and "remote" w.r.t. IP addresses? (Maybe we don't, since these are always unidirectional adjacencies, right?) Section 6.1 If a PCC sets the N flag to 1, then the PCE MAY send an SR-ERO subobject containing NAI and no SID (see Section 6.2). Otherwise, the PCE MUST NOT send an SR-ERO subobject containing NAI and no SID. Sets the N flag in what message? If a PCE receives an SR-PCE-CAPABILITY sub-TLV with the L flag set to 1 then it MUST ignore the MSD field and MUST assume that the sender can impose a SID stack of any depth. [...] nit: this second MUST seems like overkill; "and assumes" would probably work fine. (Similarly for the following case.) It's interesting that the routing protocols' MSD value supersedes the PCE-obtained one, given that all three (IS-IS, OSPF, and BGP-LS) documents have text to the effect of "PCEP provides a way to get this, but if PCEP is not used you can use our thing", which a naive reader would take to mean that PCEP is intended to be the primary distribution mechanism. Section 7 Is there some history regarding making it MUST-level mandatory to treat top-level SR-CAPABILITY-TLV in OPEN for backwards-compatibility (as opposed to SHOULD-level but leaving open the option of a strict implementation)? (The guidance for what to do when both forms appear seems good to have at MUST-level, to me.) Section 9 RFC 8281's security considerations incorporate those of RFC 8231 by reference; we could save the reader a step and also mention it at the toplevel here. I don't think it's a good idea to just refer to "the security mechanisms of [RFC 5440] and [RFC8281]", since there are qualitative differences between the TCP authentication schemes and the full-on encryption provided by TLS and IPsec. (Also, what exactly are the security mechanisms of RFC8281 supposed to be -- a quick look only sees the new guidance to apply resource limits?) The second paragraph only requires integrity protection to avoid the vulnerability mentioned there, but the third paragraph requires confidentiality protection to preent the attack. Section 10.6 RFC 8408 does not "request" the creation of the registry; IANA has already created the registry. I would just say "[RFC8408] created a sub-registry [...]" but the smaller change to "requested" would be okay, too.
- [Pce] Benjamin Kaduk's No Objection on draft-ietf… Benjamin Kaduk
- Re: [Pce] Benjamin Kaduk's No Objection on draft-… Jonathan Hardwick
- Re: [Pce] Benjamin Kaduk's No Objection on draft-… Benjamin Kaduk
- Re: [Pce] Benjamin Kaduk's No Objection on draft-… Jeff Tantsura
- Re: [Pce] Benjamin Kaduk's No Objection on draft-… Jonathan Hardwick
- Re: [Pce] Benjamin Kaduk's No Objection on draft-… Benjamin Kaduk