Re: [Pce] Gunter Van de Velde's No Objection on draft-ietf-pce-segment-routing-ipv6-22: (with COMMENT)
Dhruv Dhody <dd@dhruvdhody.com> Wed, 03 April 2024 09:41 UTC
Return-Path: <dd@dhruvdhody.com>
X-Original-To: pce@ietfa.amsl.com
Delivered-To: pce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 375EAC151984 for <pce@ietfa.amsl.com>; Wed, 3 Apr 2024 02:41:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dhruvdhody-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QkB-E871W7D9 for <pce@ietfa.amsl.com>; Wed, 3 Apr 2024 02:41:32 -0700 (PDT)
Received: from mail-oo1-xc2e.google.com (mail-oo1-xc2e.google.com [IPv6:2607:f8b0:4864:20::c2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DC31C15108C for <pce@ietf.org>; Wed, 3 Apr 2024 02:41:31 -0700 (PDT)
Received: by mail-oo1-xc2e.google.com with SMTP id 006d021491bc7-5a9c71969f1so162922eaf.0 for <pce@ietf.org>; Wed, 03 Apr 2024 02:41:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dhruvdhody-com.20230601.gappssmtp.com; s=20230601; t=1712137291; x=1712742091; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=6IOQ4sXi+PCiDTjr1aiWa93Mw6nUWLOr9DFQazlaz4A=; b=Qfy8QBFVGcFIl3YxDYOOtNP4R9ksMIPy+Kczl6ULpaZCAp9ZJcV8EBZyKjMkdPMGZr 9Ysb+7YsIs/7Zoz9Wui0YGc1BfhGdOxsN6DaJhhnhz/wO+cSqPZ1o531vnKKcp+Kvlvj VRoR9QyqMLrk9jHSBQ1CqVntWf4nBGP3vdTuSC5k/OGBPDzGPr1t/vgR+xZ9E2daXXe9 R/uRUgpklwKUH6m+9gOxAXzBLVHferXD61imYzUFm54bcKgG4bwtojhNhMXeD5MpMZ3+ hVxp81Iu7NpZ/VCMQhYyHo/tYpcOKKld3OcmcIc8uBcts0HG+6ZgXC/sD7+TNhNctgqq +QHA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712137291; x=1712742091; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=6IOQ4sXi+PCiDTjr1aiWa93Mw6nUWLOr9DFQazlaz4A=; b=DZl+Mwrheu353sWTHN2b4vBKiveTZ6vtVPB+FtNX7oeENuzp5Y3mT9+PEfaqDkx7rq t7+T5xdsg0Op0tGfNiebGcVdNZqkS9JXpiJY/Y4t/9PN8Cpfclw5zAYa45pjLew/JiFY dF5ixWiO5TphnkePRQW2FqQUulPFdRM5KC0RzCeS02yepc8CzXA/81vAgWLGOzqM2Uin b/yBjCLAJMVPVUitvPt5icZAD17afdVAr0Eiol1Heoy42RfQZyxT5rAqcg4jE1aNqdOM ZTr0XnTGY4hgjQ0/LccBf1K+1Q5IqPJv1f488+IzTLK5IxsV4YpnsLbmML/wzCv1bgcP /YWw==
X-Forwarded-Encrypted: i=1; AJvYcCW44UW//k9iSXbBp+rrSzw2jEl0hcQysYg+kua+sR/t3UTeipT5PNArASWIz8VtAfr8dgbtUsp4rSWzfJU=
X-Gm-Message-State: AOJu0YwVjFe8oLIZgk6kblKX9gYmgrekvQsFdTReFiKlMI0+XDnWt1lk VLQj+AUsDJWpnAYN3tYfpagh2SmnLR2CwTHylzm6AbgRD6YUQvBkk1+Upc5ZJFxknJ5tAN54nlM Z1G1PoEqd0HkB0eY5Lr4TqisZHAmFNy4Uh3Fm6w==
X-Google-Smtp-Source: AGHT+IF+wAiz8gZKq0gpYxMU3GHfDMv8V9lsQCFx0iEkO3O3R6Qi/wf0ggw8cykXUrieCX1RvEPEz4xPPBu3RBEQ3do=
X-Received: by 2002:a05:6820:1e0e:b0:5a7:c78e:410e with SMTP id dh14-20020a0568201e0e00b005a7c78e410emr7956036oob.2.1712137290862; Wed, 03 Apr 2024 02:41:30 -0700 (PDT)
MIME-Version: 1.0
References: <171207835017.33225.8639359205255430908@ietfa.amsl.com>
In-Reply-To: <171207835017.33225.8639359205255430908@ietfa.amsl.com>
From: Dhruv Dhody <dd@dhruvdhody.com>
Date: Wed, 03 Apr 2024 15:10:54 +0530
Message-ID: <CAP7zK5b+Gnk44a0-thHfpSu4LcLc4WaLKPo4xbb=_Fe1HDGyJg@mail.gmail.com>
To: Gunter Van de Velde <gunter.van_de_velde@nokia.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-pce-segment-routing-ipv6@ietf.org, pce-chairs@ietf.org, pce@ietf.org, hariharan.ietf@gmail.com
Content-Type: multipart/alternative; boundary="000000000000076edb06152e0741"
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/PfWGzAo0afLGZCa4FVUtaOUVglE>
Subject: Re: [Pce] Gunter Van de Velde's No Objection on draft-ietf-pce-segment-routing-ipv6-22: (with COMMENT)
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2024 09:41:36 -0000
Hi Gunter, Thanks for a detailed review. On Tue, Apr 2, 2024 at 10:49 PM Gunter Van de Velde via Datatracker < noreply@ietf.org> wrote: > Gunter Van de Velde has entered the following ballot position for > draft-ietf-pce-segment-routing-ipv6-22: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-pce-segment-routing-ipv6/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Please find this review using a fresh pair of eyes upon the draft. feel > free to > use or ignore these comments. Comments are ordered with some first set of > idnit > typo's, followed with observations when reading the document. > > **Idnits:** > > 349 Endpoint node as well as the tailend node also need to be > considered > > I believe that the grammatically correct form is "tail-end," which refers > to > the final part of something, such as a process, activity, or physical > object. > Using a hyphen clarifies that the two words function together as a single > concept. Not sure if there is earlier art that uses the term with the > proposed > spelling in the document? > > Dhruv: I checked; authors - please change to tail-end! > 659 PCE. As such,the flags MUST be set to zero and a (MSD-Type,MSD- > > s/such,the/such, the/ > > 635 mechanisms, e.g routing protocols [RFC9352], then it ignores the > > s/e.g/e.g./ > > 653 SRv6 MSD capabilties, the PCC MUST send a PCErr message with > Error- > > s/capabilties/capabilities/ > > Dhruv: Ack for above! > **Observations when reading through the document:** > > 20 Segment Routing (SR) can be used to steer packets through an > IPv6 or > 21 MPLS network using the source routing paradigm. SR enables any > head- > 22 end node to select any path without relying on a hop-by-hop > signaling > 23 technique (e.g., LDP or RSVP-TE). > > Proposed rewrite > Segment Routing (SR) can be used to steer packets through a network using > the > IPv6 or MPLS data plane, employing the source routing paradigm. SR enables > any > head-end node to select any path without relying on hop-by-hop signaling > techniques (e.g., LDP or RSVP-TE). > > Dhruv: Thanks for the rewrite, it reads better! > 29 Since SR can be applied to both MPLS and IPv6 forwarding > planes, a > 30 PCE should be able to compute an SR Path for both MPLS and IPv6 > 31 forwarding planes. > > I suspect we are talking dataplane instead of forwarding plane? I see the > terms > "forwarding plane" and "data plane" often used interchangeably, but they do > seem to have nuanced differences. The forwarding plane deals with the > logical > decision-making process of packet forwarding, the data plane deals with the > physical implementation of forwarding those packets based on those > decisions. > In addition the term dataplane is used later in this same abstract. Maybe > best > to use single terminology (maybe dataplane) through the document? > > Dhruv: Looking at spring RFCs I see a mix of terms but when talking about SR instantiation as SR-MPLS and SRv6, the term data-plane is used and thus we should also use the same. > 31 forwarding planes. The PCEP extension and mechanisms to > support SR- > 32 MPLS have been defined. > > What about adding the reference to RFC5440? > Dhruv: I would avoid adding references in the abstract. > > 32 MPLS have been defined. This document describes the extensions > 33 required for SR support for the IPv6 data plane in the Path > 34 Computation Element communication Protocol (PCEP). > > This text reads a bit odd. What about a readability rewrite: > “This document outlines the necessary extensions to support Segment Routing > (SR) for the IPv6 data plane within the Path Computation Element > Communication > Protocol (PCEP).” > > Dhruv: Ack, with slight modification as the whole para can be read as - "Since SR can be applied to both MPLS and IPv6 data-planes, a PCE should be able to compute an SR Path for both MPLS and IPv6 data-planes. The Path Computation Element communication Protocol (PCEP) extension and mechanisms to support SR-MPLS have been defined. This document outlines the necessary extensions to support SR for the IPv6 data-plane within PCEP." > 126 When the SR architecture is applied to the MPLS forwarding > plane, it > 127 is called SR-MPLS. When the SR architecture is applied to the > IPv6 > 128 data plane, is is called SRv6 (Segment Routing over IPv6 data > plane) > 129 [RFC8754]. > > See earlier comments. Data plane vs forwarding plane. > > 133 IGP SPT. Such paths may be chosen by a suitable network > planning > 134 tool, or a PCE and provisioned on the ingress node. > > The correlation between PCE and suitable network planning tool is unclear. > Can > the following text be used to close down on the ambiguity: “Such paths can > be > selected either by an appropriate network planning tool or by a Path > Computation Element (PCE) and then provisioned on the ingress node.” > > Dhruv: The text is borrowed for RFC8664 but I agree that using Network Controller is a better term. > 143 [RFC8231] specifies extensions to PCEP that allow a stateful > PCE to > 144 compute and recommend network paths in compliance with > [RFC4657] and > 145 defines objects and TLVs for MPLS-TE LSPs. Stateful PCEP > extensions > > I am unclear what 'recommend' means in this context? Can this be better > explained and clarified? In RFC8231 there is no mentioning of recommended > paths. > Dhruv: In RFC 8231 you will note "LSP Update Request" i.e. PCE is requesting the PCC to update and PCC can report that the update is rejected. Also RFC 8664 uses similar framing. This could be updated to "compute and update" but it then loses the point that the PCC is free to reject. I will let this be... > > 157 account various constraints and objective functions. Once a > path is > 158 chosen, the stateful PCE can initiate an SR-TE path on a PCC > using > 159 PCEP extensions specified in [RFC8281] and the SR-specific PCEP > > “Once a path is chosen” seems to imply that there are multiple paths > calculated > and the best one is selected or chosen. Is this what is implied with this? > > Dhruv: Yes, 'computed' is better than 'chosen'! > 161 extensions for supporting a SR-TE LSP for the MPLS data plane. > This > 162 document extends [RFC8664] to support SR for the IPv6 data > plane. > 163 Additionally, using procedures described in this document, a > PCC can > 164 request an SRv6 path from either a stateful or stateless PCE. > This > 165 specification relies on the PATH-SETUP-TYPE TLV and procedures > 166 specified in [RFC8408]. > > This section is explaining what this draft is standardizing. It is a bit > hidden > and tucked all the way in the back of the introduction, a bit less trivial > for > the reader to discover. > > Dhruv: This can be put in its own paragraph. > 168 This specification provides a mechanism for a network controller > 169 (acting as a PCE) to instantiate candidate paths for an SR > Policy > 170 onto a head-end node (acting as a PCC) using PCEP. For more > > Before there was mentioning of a “network planning tool”. Maybe instead the > term network controller can be used? > > Dhruv: agree > 212 Basic operations for PCEP speakers are as per [RFC8664]. SRv6 > Paths > 213 computed by a PCE can be represented as an ordered list of SRv6 > 214 segments > > Reading this gives wrong indication that RFC8664 computes SRv6 paths. In > the > RFC8664 is explicitly written that “This document is relevant to the MPLS > forwarding plane only.” > > Dhruv: maybe "built on" instead of "as per". > 250 In SR networks, an SR source node encodes all packets being > steered > 251 onto an SR path with a list of segments. > > “SR source node”. I am unsure what this refers towards. Would this be the > segment routing ingress node? In Segment Routing (SR), the ingress node is > known by the fact that it is the node where the packet enters the Segment > Routing domain. When a packet enters a network that employs Segment > Routing, it > is typically tagged with a Segment List at the ingress node. > > Dhruv: RFC 8754 and RFC 8986 use the term. Maybe we can reframe this as - "In SR networks, an SR source node [RFC8754] steers a packet into an SR Policy resulting in a segment list." > 363 order to indicate that the path is for SRv6, any RP or SRP > object > > These acronyms are not specified in the terminology section: Request > Parameters > (RP) [RFC5440] and the Stateful PCE Request Parameters (SRP) > > Dhruv: They are expanded on first use in section 3.2 > 398 The 'L' Flag: Indicates whether the subobject represents a > loose-hop > 399 (see [RFC3209]). If this flag is set to zero, a PCC MUST NOT > 400 overwrite the SID value present in the SRv6-ERO subobject. > 401 Otherwise, a PCC MAY expand or replace one or more SID values > in the > 402 received SRv6-ERO based on its local policy. > > The exact meaning of L-flag is confusing for SRv6. When looking at RFC3209 > it > reflects upon nodes, however with SRv6 this may be an adj-SID or some other > instruction. Maybe the L-flag can be enhanced to described what this means > in > the context of SRv6 SID. > > Dhruv: The text is the same as RFC 8664 (SR-MPLS) and within the context of PCEP it means that PCC should use the SID as it is v/s PCC being able to apply suitable changes. If the intention is that the path as computed by PCE should be used as it is, it is expected that the L flag would be set accordingly. > From RFC3209: > The path between a strict node and its preceding node MUST include > only network nodes from the strict node and its preceding abstract > node. > > 438 Flags: Used to carry additional information pertaining to the > 439 SRv6-SID. This document defines the following flag bits. The > other > 440 bits MUST be set to zero by the sender and MUST be ignored by > the > 441 receiver. > > There is mentioning of S/F/T/V. is there a reason they are called like > that? I > suspect I am missing the history of naming of these flags and it just looks > mostly random at this stage > > Dhruv: The trend that started from RFC 8664 :) > 475 SRv6 SID: SRv6 Identifier is an 128-bit value representing the > SRv6 > 476 segment > > Any special considerations for csid? > Dhruv: As stated in the compression draft, no change is needed in PCEP. > 481 At least one SRv6-SID or the NAI MUST be included in the > SRv6-ERO > 482 subobject, and both MAY be included. > > Is there any checking or processing to check if the NAI and SRV6-SID > belong to > the same node? Can they belong to different nodes? > > Dhruv: Note that such a such is not done in SR-MPLS either, I would assume that the SID value trumps NAI. > 731 If a PCC receives an SRv6 path that exceeds the SRv6 MSD > 732 capabilities, it MUST send a PCErr message with Error-Type = 10 > 733 ("Reception of an invalid object") and Error-Value = 43 > ("Unsupported > 734 number of SRv6-ERO subobjects") as per [RFC8664]. > > I assume this is about exceeding the local PCC capabilities? A local PCC > router > may have enough intelligence to understand the capability of all nodes > through > which the datapacket will be steered. In theory the encoded payload may > traverse a node that is not capable to process the SRH pushed by the SR PCC > ingress router. > > Dhruv: Yes, this is about local. > 738 The SRv6-ERO contains a sequence of subobjects. According to > 739 [RFC9256], each SRv6-ERO subobject in the sequence identifies a > 740 segment that the traffic will be directed to, in the order > given. > 741 That is, the first subobject identifies the first segment the > traffic > 742 will be directed to, the second SRv6-ERO subobject represents > the > 743 second segment, and so on > > Is there expectation that the node of a NAI corresponds with the node > owning a > SRv6-SID > Dhruv: Yes > > 771 Note that this specification enables a network controller to > 772 instantiate an SRv6 path in the network. This creates an > additional > > Would it be more correct to indicate that it enables both to initiate and > to > monitor an SRv6 path? > > > Dhruv: The security vulnerability is more about instantiation. Authors, please feel free to add your comments especially if you disagree with my responses here. Thanks! Dhruv
- [Pce] Gunter Van de Velde's No Objection on draft… Gunter Van de Velde via Datatracker
- Re: [Pce] Gunter Van de Velde's No Objection on d… Dhruv Dhody
- Re: [Pce] Gunter Van de Velde's No Objection on d… Cheng Li
- Re: [Pce] Gunter Van de Velde's No Objection on d… Cheng Li
- Re: [Pce] Gunter Van de Velde's No Objection on d… Cheng Li
- Re: [Pce] Gunter Van de Velde's No Objection on d… Gunter van de Velde (Nokia)