Re: [pim] Benjamin Kaduk's No Objection on draft-ietf-pim-bfd-p2mp-use-case-09: (with COMMENT)
Benjamin Kaduk <kaduk@mit.edu> Wed, 08 December 2021 23:37 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5837B3A0820; Wed, 8 Dec 2021 15:37:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.498
X-Spam-Level:
X-Spam-Status: No, score=-1.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.399, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mJmbb0D9VW7R; Wed, 8 Dec 2021 15:37:52 -0800 (PST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E868A3A086F; Wed, 8 Dec 2021 15:37:51 -0800 (PST)
Received: from mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 1B8NbfVW021416 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 8 Dec 2021 18:37:47 -0500
Date: Wed, 08 Dec 2021 15:37:41 -0800
From: Benjamin Kaduk <kaduk@mit.edu>
To: Greg Mirsky <gregimirsky@gmail.com>
Cc: draft-ietf-pim-bfd-p2mp-use-case@ietf.org, pim-chairs@ietf.org, Alvaro Retana <aretana.ietf@gmail.com>, mmcbride7@gmail.com, The IESG <iesg@ietf.org>, pim@ietf.org
Message-ID: <20211208233741.GH11486@mit.edu>
References: <163806638538.718.3161034904456828276@ietfa.amsl.com> <CA+RyBmXXOea7ETLkduboC+GW1kNfxN+r9hCovsy5x+c9TZSQrQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CA+RyBmXXOea7ETLkduboC+GW1kNfxN+r9hCovsy5x+c9TZSQrQ@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/pim/IoGa5TZRhqJrIZ2DDu3aG24EuTI>
Subject: Re: [pim] Benjamin Kaduk's No Objection on draft-ietf-pim-bfd-p2mp-use-case-09: (with COMMENT)
X-BeenThere: pim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Protocol Independent Multicast <pim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pim>, <mailto:pim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim/>
List-Post: <mailto:pim@ietf.org>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pim>, <mailto:pim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Dec 2021 23:37:57 -0000
Hi Greg, Sorry for the slow response -- I had balloted early since I expected the telechat week itself to be very busy, and it did prove to be so. On Sun, Nov 28, 2021 at 01:17:45PM -0800, Greg Mirsky wrote: > Hi Ben, > thank you for the review and detailed comments. Please find my notes > in-lined below under the GIM>> tag. Attached is the diff that highlights > all proposed updates (these also include updates to address comments by > Martin). > > Regards, > Greg > > > > On Sat, Nov 27, 2021 at 6:26 PM Benjamin Kaduk via Datatracker < > noreply@ietf.org> wrote: > > > Benjamin Kaduk has entered the following ballot position for > > draft-ietf-pim-bfd-p2mp-use-case-09: No Objection > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/ > > for more information about how to handle DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-pim-bfd-p2mp-use-case/ > > > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > Do we want to provide any guidance on how to configure the BFD > > parameters (most notably the timeout intervals)? (I assume the answer > > is "no", but still have to ask.) > > > > Section 1 > > > > Among specific characteristics of p2mp BFD that particularly benefit > > PIM-SM over a LAN segment is a faster transition to the Up state of > > the p2mp BFD session due to avoidance of the three-way handshake > > required in p2p BFD [RFC5880]. [...] > > > > I'm not sure I understand how this works. RFC 8562 seems to require the > > head node to stay in down state for the max timeout before transitioning > > to "up" and starting to send control packets. With a three-way > > handshake there is immediate feedback at startup and, while there is a > > round-trip cost incurred, there is no mandatory enforced delay. Could > > you say a bit more about which scenarios are being compared so that p2mp > > BFD is faster to Up than p2p BFD? > > > GIM>> Thinking of your question, I've realized that this text is not > essential, doesn't lead to the solution. You're right, in some scenarios, > "classical" p2p RFC 5880-based BFD with the three-way handshake will be > reaching the Up state faster than for p2mp scenario with the > same bfd.DesiredMinTxInterval and bfd.DetectMult. But, as I've realized, > that is not why the described mechanism is based on p2mp BFD, and not on > p2p BFD. I propose removing the sentence and slightly rewording the next > one: > OLD TEXT: > Also, because the router that > transmits BFD Control messages uses the BFD Demand mode [RFC5880], it > maintains less BFD state than the Asynchronous mode. > NEW TEXT: > A BFD system in > p2mp environment that transmits BFD Control messages uses the BFD > Demand mode [RFC5880] creates less BFD state than the Asynchronous > mode. (nit) s/uses/using/, but sounds good. > > > > Point-to- > > multipoint (p2mp) BFD can enable faster detection of PIM-SM router > > failure and thus minimize multicast service disruption. [...] > > > > Just to confirm: here, the comparison is PIM-SM without BFD against > > PIM-SM with (p2mp) BFD, right? So that we're going from 105 seconds to > > potentially sub-second detection. Assuming that, I'd consider "faster > > detection of PIM-SM router failure compared to PIM-SM without BFD". > > > GIM>> You're interpretation of this text is correct. Thank you for the > suggested improvement. > > > > > Section 2.1 > > > > Note that any PIM-SM router, regardless of its role, MAY become a > > head of a p2mp BFD session. [...] > > > > While I don't see any problem with this behavior, I'm also a bit > > confused as to when an arbitrary (i.e., non-RP) router would benefit > > from being the head of a p2mp BFD session. Also, RFC 7761 doesn't seem > > to use "role" as a defined term, so there may be some room for > > clarification if we had particular roles in mind. > > > GIM>> Thank you for the question. Our intention was to define a mechanism > that can be used in different scenarios, perhaps some that might not be > defined yet. Ah, okay. No change needed, then :) > > > > If a PIM-SM router is configured to monitor the head by using p2mp > > BFD, referred to through this document as 'tail', receives a PIM- > > Hello packet with the BFD Discriminator PIM Hello option, the tail > > > > Since we're presuming that the tail is configured to monitor "the head", > > does this behavior only apply to PIM-Hello packets received specifically > > from "the head" (as opposed to all received PIM-Hello packets)? > > > GIM>> The intended behavior is that a PIM-SM router may be enabled as a > tail for all possible heads on the given LAN segment. On the other hand, it > can be more restrictive and act the BFD Discriminator option from the > particular PIM-SM router. In other words, we wanted to leave the choice to > the implementors and operators. > > > > > If the tail detects a MultipointHead failure [RFC8562], it MUST > > delete the corresponding neighbor state and follow procedures defined > > in [RFC7761]. > > > > Do we want to give a more precise reference for which RFC 7761 > > procedures are to be followed in this case? (Perhaps, the > > neighbor.timeout behavior?) (Also, we might clarify that the neighbor > > state being deleted is the PIM state, not the BFD state.) > > > GIM>> Yes, you are right, a tail is required to act as if the neighbor > timeout has expired. I've found that there are several places in RFC 7761 > referencing actions upon the timer expiration. Perhaps the clarification > that the actions are as if the neighbor timeout expired make the text > clearer: > NEW TEXT: > If the tail detects a MultipointHead failure [RFC8562], it MUST > delete the corresponding neighbor state and follow procedures defined > in [RFC7761] for the DR and additional neighbor state deletion after > the neighbor timeout expires. Looks great; thanks! > > > > Section 2.2 > > > > The head router administratively sets the > > bfd.SessionState to Up in the MultipointHead session [RFC8562] only > > if it is a Group Designated Router (GDR) Candidate, as specified in > > Sections 5.5 and 5.6 of [RFC8775]. If the router is no longer the > > GDR, then it MUST shut down following the procedures described in > > Section 5.9 [RFC8562]. [...] > > > > There seems to be a slight mismatch, here -- we start the BFD session if > > we're a GDR *Candidate*, and stop it if we're no longer *the GDR*. So > > what do we do if we are a candidate but not the selected GDR? > > > GIM>> A GDR Candidate acts as the MultipointHead, which enables monitoring > of all active GDR Candidates by the PIM-SM DR. Okay. Sorry for not following the reference myself... > > > > For each GDR Candidate that includes BFD > > Discriminator option in its PIM Hello, the PIM DR creates a > > MultipointTail session [RFC8562]. [...] > > > > Interestingly, this seems to be a stronger requirement on the tail than > > in the non-RFC8775 case, where we just say "MAY create a p2mp BFD > > session of type MultipointTail". It might be worth emphasizing the > > contrast by using "MUST" here (assuming that the contrast is intended). > > > GIM>> Thank you for the suggestion. Yes, the text needs the normative > language to be clearer. Done. > > > > > If PIM DR detects a failure of one of the sessions, it MUST > > remove that router from the GDR Candidate list and immediately > > transmit a new DRLB-List option. > > > > Is this "MUST ... immediately transmit" going to run any risk of causing > > a traffic spike/congestion? I find it unlikely, but am not really an > > expert here. > > > GIM>> We didn't receive any warnings from the multicast experts (I am far > from that myself). Would s/immediately/as soon as possible/ elevate your > concern? It would, but honestly, just your email here would address my concern, even without changing the text in the draft. Everything else looks good -- thanks again! -Ben > > > > Section 2.3 > > > > The MultipointHead of a p2mp BFD session when transmitting BFD > > Control packets: > > > > MUST set TTL or Hop Limit value to 255 (Section 5 [RFC5881]); > > > > Is there a corresponding requirement or recommendation on tails to > > reject BFD Control packets with received TTL or Hop Limit not equal to > > 255? Where is this requirement specified? > > > GIM>> I agree, a requirement to discard demultiplexed BFD Control packet, > similar to the one in RFC 5881, is beneficial. Added > OLD TEXT: > MUST set TTL or Hop Limit value to 255 (Section 5 [RFC5881]); > NEW TEXT: > MUST set TTL or Hop Limit value to 255 (Section 5 [RFC5881]). > Similarly, all received BFD Control packets that are demultiplexed > to the session MUST be discarded if the received TTL or Hop Limit > is not equal to 255; > > > > > Section 4 > > > > The security considerations discussed in [RFC7761], [RFC5880], > > [RFC8562], and [RFC8775] apply to this document. > > > > Do the considerations of RFC 5881 also apply? > > > GIM>> A good question, thank you. Based on the use of GTSM/RFC 5082, these > also apply. Added. > > > > > NITS > > > > Section 1 > > > > Bidirectional Forwarding Detection (BFD) [RFC5880] had been > > originally defined to detect a failure of a point-to-point (p2p) > > > > I'd s/had been/was/ -- the "had been" verb tense feels out of place > > here. > > > GIM>> Thanks, agree.
- [pim] Benjamin Kaduk's No Objection on draft-ietf… Benjamin Kaduk via Datatracker
- Re: [pim] Benjamin Kaduk's No Objection on draft-… Greg Mirsky
- Re: [pim] Benjamin Kaduk's No Objection on draft-… Benjamin Kaduk
- Re: [pim] Benjamin Kaduk's No Objection on draft-… Greg Mirsky