IETF Logo Mail Archive

Re: [Pce] AD review of draft-ietf-pce-local-protection-enforcement-09

"Andrew Stone (Nokia)" <andrew.stone@nokia.com> Thu, 18 May 2023 22:52 UTC

Return-Path: <andrew.stone@nokia.com>
X-Original-To: pce@ietfa.amsl.com
Delivered-To: pce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EF81C151075; Thu, 18 May 2023 15:52:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.085
X-Spam-Level:
X-Spam-Status: No, score=-2.085 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_HTML_ATTACH=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nokia.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eGb6vKNsZxZn; Thu, 18 May 2023 15:51:56 -0700 (PDT)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on20700.outbound.protection.outlook.com [IPv6:2a01:111:f400:7eae::700]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8889BC14CE24; Thu, 18 May 2023 15:51:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RACiqFgXrulibQv+QzIwQRIYBaH9RHq3lZhNrrA8VZhGnmvdUIvs2Vkzum7PpuOYmie8NcxzKY6+t8egY8d1855tpU8QWVaBCCIEuFMXxRx/8y1FSJ6uW2AyUr+ZbsYPp+tvBSiLzdnBDkywmQ1GZQWq84zXS8JM1jNZfxAkus7QiXhnxDfRRxilUM3zC5jVBI+l+XCcp3SKAXMveBsm44SHoUOxP8axDX+9Atn5Mcyzua5dIu+KuyGGphYy7O31kvptMKBVbN51XKUJr017gy8ErZjl7oPvcDA1VbFljkR61Sl2caPI+qiPYwHd5skievbxBiafTokz7Rp1Hq+iIg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zIFuiV6BTVMmOGq01ba7Tfq6/5hIs+qg8DsMXY90/Go=; b=RpXXb/veOgut70EXZoi0fOq5KHy5itPLEwKOcGoogXH5WcfkuZ8aHPX3SWk78k1GWNm0zSsIa4/3SU8ICpu1dFRaFlqU8jvy9z8+Is2sEl0NytVeCfYK7zO8dsm+nnfohNitUjV5gNTdLcAow0VLd0oMrYlBmBm1v8BlnP6CwfZRUB4M0g8kjvrSMPUf0+0iN47JA1IigZi/7pxhFEdGSC8r9Pjf3mjurfvEPGm57IrYz0GkobYzQrPOta6ELtIadB4SdmT+VIicg1jmqV5IqliG0B9AZbv0C9fRGB2v5h6of5f1QzjC4jRJDWYPZzpdVjobMpphVersJIdp6Oyebw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zIFuiV6BTVMmOGq01ba7Tfq6/5hIs+qg8DsMXY90/Go=; b=UUcYVhHLm8GgY4A0BXDiiqUoEQYDe39N0vfzWCaDYaBuxRIFJN8+LE33yoi0rvvJs3YB9JQh68f1jNf3s0BZwDtQO2EyO4rPmo99MQfwrkYmSHYYNs7VLU5bqs//DC3X/xE67za8IV/nfV4r74fb/hsEBNMIVappKbqJDh9eIR3gXt3JJF33pd20rpf/C6Sn9/3dByvh4Lv8lN3MlGzuHxys7tHBiegf1MlxztI2AVTDbKCU+3mfHspC9DvLARyDxW9w/ifYB/yi/9aLannYy8XTcfD7AAapMvJTxa8bIwOYoim7wPacRwnaY9B+WSUPVO/6mz96YBCa4jhhOorPgg==
Received: from CH0PR08MB7353.namprd08.prod.outlook.com (2603:10b6:610:102::22) by DS0PR08MB8541.namprd08.prod.outlook.com (2603:10b6:8:116::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.29; Thu, 18 May 2023 22:51:48 +0000
Received: from CH0PR08MB7353.namprd08.prod.outlook.com ([fe80::311d:7f8d:9583:c52a]) by CH0PR08MB7353.namprd08.prod.outlook.com ([fe80::311d:7f8d:9583:c52a%7]) with mapi id 15.20.6411.019; Thu, 18 May 2023 22:51:48 +0000
From: "Andrew Stone (Nokia)" <andrew.stone@nokia.com>
To: John Scudder <jgs@juniper.net>, "draft-ietf-pce-local-protection-enforcement@ietf.org" <draft-ietf-pce-local-protection-enforcement@ietf.org>
CC: "pce@ietf.org" <pce@ietf.org>, "Mustapha Aissaoui (Nokia)" <mustapha.aissaoui@nokia.com>, "ssidor@cisco.com" <ssidor@cisco.com>, "ssivabal@ciena.com" <ssivabal@ciena.com>
Thread-Topic: AD review of draft-ietf-pce-local-protection-enforcement-09
Thread-Index: AQHZiCQTSMjzga3oAkO9qp4CFS4CHq9gY04A
Date: Thu, 18 May 2023 22:51:47 +0000
Message-ID: <56D6921A-AC67-48FC-A677-E0D9B5370483@nokia.com>
References: <AB24087A-B877-4793-ABA9-6866C623487A@juniper.net>
In-Reply-To: <AB24087A-B877-4793-ABA9-6866C623487A@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.73.23051401
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nokia.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR08MB7353:EE_|DS0PR08MB8541:EE_
x-ms-office365-filtering-correlation-id: 7b7b3e84-a6b7-4268-1079-08db57f27603
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: QzKwnWoo0yAdkHvRGHdkYAVXhyGXADXFoIu97xEDX4k/T3nCgwYqOyD0Xhpe+NYDvgK4il0rN8OAKy7Vwop6SUkVJmAS6dzk3r9xeYbwyY3nNmv6MH2/1gmzIaqJ/pYkXlKEPwp8fieRNyb3E8Rp4jEBawtdbwAu2N3XZ38SmOuLUeB+c2hS9IH/3XNC9PHD2T+vFMWDVaEhtz894yzzcpTIkYCgK7j8q0KyZ5tIWMyj223IKHUc0KdrTpAAvcMfHxVmfuJzTSxucWQzVswR/jMeLqcnzeCjMl1pXiycBdt02Y9j+O2/l8DWyfUANmIdtqWbU7YEvX9d82YLv9F+LxWMiGnyEdbOMjWLdkXwOdfvccbVhyak0abhBRCfweZn4XmwErwVY9pBJGVO6z5fpGXsCOZ3eAvxFF+/P4gOtHGp6nVAt/5OV5MKS2GNJ2IYeRV/9T537OfQkv9FLEnxIPO7s+gRupVvqXL8rQCWfdeS/doBqX3ejOf8sfJlH7EZhStGzbJKfN+Y3PoCpzBxeAZNfdEdeP5Ah+fmIfUlui+1Kaw9ykdW2gEaInns8kRxFJpHl4/3tD31EeQZDPb0TQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR08MB7353.namprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(136003)(39860400002)(346002)(376002)(366004)(396003)(451199021)(83380400001)(36756003)(478600001)(66946007)(66556008)(54906003)(66476007)(966005)(33656002)(66446008)(316002)(110136005)(76116006)(6486002)(4326008)(64756008)(86362001)(71200400001)(8936002)(41300700001)(8676002)(2906002)(5660300002)(99936003)(38070700005)(82960400001)(122000001)(38100700002)(6512007)(186003)(2616005)(26005)(6506007)(66899021)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: kCrpkXcIKHaBHGQTpyp6+UjjeH2HAq7v61gOXhFf0m6GNLkSiKe8OZ/CoGV8Qk9xQW21B66cQkIkTkkFj/CWkYanDv6Ya0DOQ3+wqEjwmOXqxuo7Q2N+1VA95n4on38cOicq4JpeOzUVPM42v2OB7q6gvYXM+9zns5Q8jWKJfkZ4dKqECPWarCA0pTokLZE5/502G+ua/GdjZni9gDCBT9etNMc24u0KiiZ/AYoLfKsq9Fa/IviGRxykI5J1/lRZMFiBYXGJr7DqRPfr2Z16Hc8uSN3jqI+fdyFmWD+KLiWXupFcBD5z7kzxb+SIzllsO3SAa9GrM3EtRll4rVbj/DMi4l49es2+7tXpxiLf8GxFbgGIpI2XIQIFMW8R0FJIeubM8o5eBx3EdclLqxNwEnPwYp1sn0Vlm7729GCfLtOkkIvRav9oUoT30N4HqqGZZKb+6DaBz7Pr+K0rArRIhw548ybdA7nnEPDTZAm4jlAIhpwQZ0GkP+4LREY5xRsFekLQqQt+MlpaSE82j6v89I4owovxlr2rpbLsU55VCNPAa7FVElIRwe+xFHAqgWBRuvvpOLLdaVFj+ahOim3j7Nm2H/E2wg7gCLXX3ReiRgmtKLZ/S3jJgewgzWpLsQn2na6urw7KqqRr4IhvfODqoFGDYahjH8zheu90gNbPGdSgFp5NNxWFHjbLhnR4LdhUIpMpOSyJB3EUtLx4iRtgoWmoroRhktHUYCyDMiJkRz+/LV3N3k0RHB66BVOShtJz/Jrb4hognh4+Trk9ZLtdGeORFzaWUJthWEtjBq/t4ilHa4xtMXV98LkKl+/7pVmSBFYQFHYADnxXNqE3cVJ34kEnykDlVNtc/K0C9fxi67Upnm3JoA3zgszVkLx0lqLMhmI2nRxWVZNKRPALfoM/pqaB5FiBqZEpB31u9cGDWKDEdd8GCzxM6MrVSqLOIcUneMYz11xLrPbQpNCaPrTiEwQuqswd2nRhrWl2BPFsnRMYOlV2jVVhiTaIXKiekfJvFRytM3gEKMXGHQnJIOk4s7FoNdS7c1Hg1Ulw7bhdb6utG08TWp5Z+f/j7u12XxOCHl5d3NRfa5IMMxjDMcRKEy87UAQEDdw48eYEtaJfun28x5PXBTb6X9DZoHEt6mKg7qr0LOnnI6yhVyL78aRwkQQijYYzmixTyaUrI4ZVconIwNn5IH1spis1/MPnzB8Nkxo+lX5GKWNCUq54esCzzlGs7VVOfnzUBDmVwAbjSMIpf2j6bWYK2JADA97kwfwIuWai7k8af3fkh7hWhoQa1dsH4+uls0C10CIqF+U48tMc7E0+Xmo0lPFTDqcQIedZZP4fFkHJg5pGjZHGawaS9tl2AIG5XwdSDNone0KW6PkIK3dZ7xTHf5OadpgOKh+ra/pXWkHv+XlWaOFGunn+5R9SGNtpgtlH4O5DJhLaaWaOx0lsz509aSZe7xw3OCRd7Zm0ojvo8fAFXcf89A9GyN/OtrIKCpOI1ZlavXkayP/gnkRk6k8JckbIly+aSkM37EoYJa3laWWna/aD3Ldhpe5AzUx2PN/Va8d4Vctm2UrZQJv869blUP9WiC0Tm3P+NyoPDhwYXuOlhBevQnNDxw==
Content-Type: multipart/mixed; boundary="_002_56D6921AAC6748FCA677E0D9B5370483nokiacom_"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR08MB7353.namprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7b7b3e84-a6b7-4268-1079-08db57f27603
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 May 2023 22:51:47.6178 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Y2QPOdQFj5PZfcXHqjzssl6kAAZbhDQo7ITimROjhBay8gtQ8ZSJ23B6o1RCqvXBPzDuGdO6J+LxqBRHKZqV6A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR08MB8541
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/TvUcSgP2u-CpHDApdIvggZGKrNA>
Subject: Re: [Pce] AD review of draft-ietf-pce-local-protection-enforcement-09
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 May 2023 22:52:01 -0000

To the PCE WG: 

Any preference regarding changing the capitalization text? i.e from PROTECTION MANADATORY to Protection Mandatory? The intent with capitalization was to try and pop out the values in the description text to make it clear to refer back to the terminology section. If this conflicts with RFC 2119 and/or if the WG doesn't have any preferences, we could certainly change to 'Capitalized First Letter'.



Hi John,

Thank you once again for the review comments. Diff attached, please let me know if this looks okay and I'll upload the new version. ACK/Agreed with your comments. Regarding should/may language, I see what you mean on the literal expansion. Your interpretation is correct that it was intended to say "unless not possible and gaps may be filled". I've changed should/might but do not currently think additional text is needed to dive further, and I've included your suggestion text from the related email thread. 

Regarding the PCE 'SHOULD ignore', yes, it coincides with leaving the door open for a PCE implementation dealing with legacy nodes. The current intention is that PCE doesn't overwrite its own local state for the E flag on the LSP based on what the node is echoing back for legacy compatibility, but an implementation might want or need to do that using its own knobs. 

Thanks again,
Andrew






On 2023-05-16, 2:28 PM, "John Scudder" <jgs@juniper.net <mailto:jgs@juniper.net>> wrote:

Hi Andrew and all,


Thanks for your replies to my previous review, and for the new version, it clears up most of my concerns. In reviewing the changes, I did come upon some other things, some of which were introduced in 09 and others which were things I’d overlooked on my first pass. I’m sorry not to have gotten these the first time through, but better late than never.


Once we’ve closed on these points [*] I think we’ll be ready for IETF Last Call.


Thanks,


—John


[*] Keeping in mind that “we’ve considered your input but decided to keep the text as written” is usually a way to resolve any given point. :-)


--- draft-ietf-pce-local-protection-enforcement-09.txt 2023-05-15 20:21:43.000000000 -0400
+++ draft-ietf-pce-local-protection-enforcement-09-jgs-comments.txt 2023-05-16 14:19:03.000000000 -0400
@@ -130,6 +130,9 @@
PCEP Extensions for Segment Routing ([RFC8664]) extends support in
PCEP for Segment Routed paths. The path list is encoded with Segment
Identifiers, each of which offer local protection. The PCE may
+---
+jgs: Should that be "each of which might offer"?
+---
discover the protection eligibility for a Segment Identifier (SID)
via BGP-LS [RFC9085] and take the protection into consideration as a
path constraint.
@@ -156,6 +159,17 @@
3. Terminology


This document uses the following terminology:
+---
+jgs: While I don't insist, I think the document will have a smoother
+approval path if the terms below were not rendered in ALL CAPS. If the
+WG feels that ALL CAPS is necessary or preferable, so be it, I'll take
+it forward that way -- I don't have a strong preference about this
+myself, but I know for certain that some reviewers will see it as
+unnecessarily confusing vs. RFC 2119 keywords.
+
+Another option would be to use initial caps as many specs do with terms
+they define, e.g. "Protection Mandatory", "Unprotected Mandatory", etc.
+---


PROTECTION MANDATORY: The Path MUST have protection eligibility on
all links.
@@ -173,10 +187,59 @@
PROTECTION PREFERRED: The Path SHOULD have protection eligibility on
all links but MAY contain links which do not have protection
eligibility.
+---
+jgs: I'm sorry to not have raised this in my first round of review, but
+I just noticed it. It's clear to me what your intent is (or, what I
+think it is!), which is probably why I didn't pick up on this earlier,
+but I think if subjected to a close reading of the RFC 2119 definitions
+of SHOULD and MAY this doesn't work right.
+
+Let's recall how SHOULD and MAY are defined in RFC 2119:
+
+```
+3. SHOULD This word, or the adjective "RECOMMENDED", mean that there
+ may exist valid reasons in particular circumstances to ignore a
+ particular item, but the full implications must be understood and
+ carefully weighed before choosing a different course.
+
+5. MAY This word, or the adjective "OPTIONAL", mean that an item is
+ truly optional. One vendor may choose to include the item because a
+ particular marketplace requires it or because the vendor feels that
+ it enhances the product while another vendor may omit the same item.
+ An implementation which does not include a particular option MUST be
+ prepared to interoperate with another implementation which does
+ include the option, though perhaps with reduced functionality. In the
+ same vein an implementation which does include a particular option
+ MUST be prepared to interoperate with another implementation which
+ does not include the option (except, of course, for the feature the
+ option provides.)
+```
+
+So if we did a "macro expansion" of your sentence, using those
+definitions, we'd find that the Path has to have protection eligibility
+on all links unless the implementor has understood and carefully weighed
+the implications of not doing so... but optionally (and this is truly
+optional) some vendors might choose to include links that don't have
+protection eligibility (and might choose this regardless of whether a
+protection-elegible link was also available).
+
+I bet this isn't what you mean to say. If it is, let's have a
+discussion. But I'm guessing what you really intend is that the Path
+will be built using protection-eligible links, unless it's not possible
+to form a Path in that way, in which case gaps may be closed using
+whatever links are available. If the latter is the case, let's find some
+wording that says that, without abusing RFC 2119 terms. A minimal fix
+would be to simply swap out the 2119 SHOULD/MAY for normal lower-case
+should/may, but I'd encourage you to do a little more if you're up for
+it.
+---


UNPROTECTED PREFERRED: The Path SHOULD NOT have protection
eligibility on all links but MAY contain links which have protection
eligibility.
+---
+jgs: same comment applies here.
+---


PCC: Path Computation Client. Any client application requesting a
path computation to be performed by a Path Computation Element.
@@ -346,12 +409,29 @@
consider the protection eligibility as an UNPROTECTED PREFERRED
constraint but MAY consider protection eligibility as an UNPROTECTED
MANDATORY constraint.
+---
+jgs: See my comment at https://mailarchive.ietf.org/arch/msg/pce/Ai6XH04JtVZCIPNTLLszytFC8FU/ <https://mailarchive.ietf.org/arch/msg/pce/Ai6XH04JtVZCIPNTLLszytFC8FU/>
+
+Repeated here for convenience, my suggestion in that comment --
+
+NEW:
+ When both L flag and E flag are set to 0, then the PCE SHOULD
+ consider the protection eligibility as an UNPROTECTED PREFERRED
+ constraint but MAY consider protection eligibility as an UNPROTECTED
+ MANDATORY constraint. An example of when the latter behavior might
+ be chosen is if the PCE has some means (outside the scope of this
+ document) to detect that it’s interacting with a legacy PCC that
+ expects the legacy behavior.
+
+Or something to that effect -- an example and/or explanation of the
+circumstances under which the SHOULD might reasonably be disregarded.
+---


When L flag is set to 0 and E flag is set to 1, then the PCE MUST
consider the protection eligibility as an UNPROTECTED MANDATORY
constraint.


- If a PCE is unable to infer protection status of a resource, PCE MAY
+ If a PCE is unable to infer the protection status of a resource, the PCE MAY
use local policy to define protected status assumptions. When
computing a Segment Routed path, It is RECOMMENDED that a PCE assume
a Node SID is protected. It is also RECOMMENDED that a PCE assume an
@@ -397,6 +477,11 @@
behaviour specified in [RFC5440] and will ignore the E flag. Thus,
it may compute a path which may not respect the enforcement
constraint.
+---
+jgs: this is only a small point, but I like to avoid "may" where possible
+for avoidance of confusion with MAY, so I might reword as "Thus, it could
+compute a path which might not respect..."
+---


For PCC-initiated LSPs, the PCC SHOULD ignore the E flag value
received from the PCE in a PCUpd message as it may be communicating
@@ -406,6 +491,13 @@
from the PCE in a PCUpd message. The PCE SHOULD ignore the E flag
value received from the PCC in a PCRpt message as it may be
communicating with a PCC which does not support this document.
+---
+jgs: While I have my RFC 2119 eyes peeled, I guess in the case of the
+two SHOULD above, you are deliberately leaving the door open for a
+PCE implementation which either has a strict-mode knob, or which is
+a greenfield implementation and doesn't want to bother with
+support of legacy behaviors. Or...?
+---


6. Implementation Status

v2.23.0 | Report a Bug | By Email