[Pce] Benjamin Kaduk's No Objection on draft-ietf-pce-segment-routing-14: (with COMMENT)

[Benjamin Kaduk <kaduk@mit.edu>]

Benjamin Kaduk has entered the following ballot position for
draft-ietf-pce-segment-routing-14: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-pce-segment-routing/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Abstract

                   This document specifies extensions to the Path
   Computation Element Communication Protocol (PCEP) that allow a
   stateful PCE to compute and initiate Traffic Engineering (TE) paths,
   as well as a PCC to request a path subject to certain constraints and
   optimization criteria in SR networks.

Why are we talking about TE paths now instead of SR?

Section 1

   Several types of segment are defined.  A node segment represents an
   ECMP-aware shortest-path to a specific node, and is always identified
   uniquely within the SR/IGP domain.  [...]

A path to a node is only going to be unique if the starting node is also
included, is it not?

Section 3

The sentences:

   In an SR network, the ingress node of an SR path prepends an SR
   header to all outgoing packets.  The SR header consists of a list of
   SIDs (or MPLS labels in the context of this document).

Appear virtually unchanged in both the start of the first paragraph and the
middle of the second paragraph; is this duplication really needed?

   A PCC MAY include an RRO containing the recorded LSP in PCReq and
   PCRpt messages as specified in [RFC5440] and [RFC8231], respectively.
   This document defines a new RRO subobject for SR networks.  The
   methods used by a PCC to record the SR-TE LSP are outside the scope
   of this document.

It's not entirely clear that we need to define a standard container to
carry site-local data when a site-local container could also be used.

Section 5.2

Please expand SRP (and RP, for that matter) on first usage.
(Interestingly, https://www.rfc-editor.org/materials/abbrev.expansion.txt
does not seem to have the correct expansion for this usage.)

Section 5.3.1

      *  C: If the M bit and the C bit are both set to 1, then the TC,
         S, and TTL fields in the MPLS label stack entry are specified
         by the PCE.  However, a PCC MAY choose to override these values
         according its local policy and MPLS forwarding rules.  If the M
         bit is set to 1 but the C bit is set to zero, then the TC, S,
         and TTL fields MUST be ignored by the PCC.  The PCC MUST set
         these fields according to its local policy and MPLS forwarding
         rules.  [...]

Must be ignored in incoming messages received from where?

Isn't the 'F' bit fully redundant with NT?

Section 5.3.2

Do we need to say anything about which node is the reference point for
evaluating "local" and "remote" w.r.t. IP addresses?  (Maybe we
don't, since these are always unidirectional adjacencies, right?)

Section 6.1

   If a PCC sets the N flag to 1, then the PCE MAY send an SR-ERO
   subobject containing NAI and no SID (see Section 6.2).  Otherwise,
   the PCE MUST NOT send an SR-ERO subobject containing NAI and no SID.

Sets the N flag in what message?

                                                 If a PCE receives an
   SR-PCE-CAPABILITY sub-TLV with the L flag set to 1 then it MUST
   ignore the MSD field and MUST assume that the sender can impose a SID
   stack of any depth.  [...]

nit: this second MUST seems like overkill; "and assumes" would probably
work fine.  (Similarly for the following case.)

It's interesting that the routing protocols' MSD value supersedes the
PCE-obtained one, given that all three (IS-IS, OSPF, and BGP-LS) documents
have text to the effect of "PCEP provides a way to get this, but if PCEP is
not used you can use our thing", which a naive reader would take to mean
that PCEP is intended to be the primary distribution mechanism.

Section 7

Is there some history regarding making it MUST-level mandatory to treat
top-level SR-CAPABILITY-TLV in OPEN for backwards-compatibility (as opposed
to SHOULD-level but leaving open the option of a strict implementation)?
(The guidance for what to do when both forms appear seems good to have at
MUST-level, to me.)

Section 9

RFC 8281's security considerations incorporate those of RFC 8231 by
reference; we could save the reader a step and also mention it at the
toplevel here.

I don't think it's a good idea to just refer to "the security mechanisms of
[RFC 5440] and [RFC8281]", since there are qualitative differences between
the TCP authentication schemes and the full-on encryption provided by TLS
and IPsec.  (Also, what exactly are the security mechanisms of RFC8281
supposed to be -- a quick look only sees the new guidance to apply resource
limits?)  The second paragraph only requires integrity protection to avoid
the vulnerability mentioned there, but the third paragraph requires
confidentiality protection to preent the attack.

Section 10.6

RFC 8408 does not "request" the creation of the registry; IANA has already
created the registry.  I would just say "[RFC8408] created a sub-registry
[...]" but the smaller change to "requested" would be okay, too.