IETF Logo Mail Archive

Re: [pim] Benjamin Kaduk's No Objection on draft-ietf-pim-bfd-p2mp-use-case-09: (with COMMENT)

Greg Mirsky <gregimirsky@gmail.com> Sun, 28 November 2021 21:18 UTC

Return-Path: <gregimirsky@gmail.com>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7920D3A045E; Sun, 28 Nov 2021 13:18:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.696
X-Spam-Level:
X-Spam-Status: No, score=-0.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_COMMENT_SAVED_URL=1.391, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_HTML_ATTACH=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B09JMfiTxkVl; Sun, 28 Nov 2021 13:18:04 -0800 (PST)
Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FD223A0443; Sun, 28 Nov 2021 13:18:03 -0800 (PST)
Received: by mail-ed1-x531.google.com with SMTP id t5so63643472edd.0; Sun, 28 Nov 2021 13:18:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2wmFLtgclaAaIcUIwAr9r4QERp+t9kdsg1Bsit78YoQ=; b=BaHVJyar/QJo/i0QS1FToIL4632by0kk++g6pM7fSPEtUxVZIWPPeySOwu3rXeUu/4 LWrR1OaOf27zSGIabEJatKZ97qCVU5MiHhMu9MQpVCT3ruz8PPy0ZwCZTsV3F8w3zcRh BH317TDGeSLdUMvRdPfLZSZUG8hgJnjfpLyV0rSz4WXlND9p6hDmSyarWOHoL0DiWjQ/ /D7ulbn4mI+PiZvM3BIV1ETgsyAhdxo5QR8HXsmKoNJ8vOSDvOdywFIJjaM2LquWLskG /BrxY4LxGkHZ2oWbYJftMn4jRr0DBJgawZPvoOmXFhecCeiPUMtqJVxeo0SkPgJ4gwi/ Lsig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2wmFLtgclaAaIcUIwAr9r4QERp+t9kdsg1Bsit78YoQ=; b=RqvVQwDzIiJRHYUhvKbyzHmwu7GKd5/kPdRxpkSHJsQI/yycNll3w35cpoK0Q/C9jJ b2I8Y6quJ5UlafojPRyNw5Jnjbhg84LX1LDPQn6RmKCSSRikErB1OuHc1PNnNATZ867z Pf8zXRM+Az8ZPEB7GF/lQdx9d+AWTa4Cl/YKLPaBBEOmkQ3kcq2e0vl63AsWEZjghAbY 92Z++4I2PDgubuIUAv2y6l8AoVuF0x0AXlrLp8qCqYonxUwZQZ3bxabH4SzSV3xUvpd3 MxX1F6io3JFRRh3NKOXVwavCNZT4VFY2aL0Roy6NVMMH5fc4ixkfY+QDgrYQ7YvrKK/u dpTg==
X-Gm-Message-State: AOAM530uO/EpxwEBV2qRTXCN4lICyOSABMbivL1WWcNoPPWYUbdP/EqJ mmqO8Ld7S3TtRJ4D/wttoNviMY2uQ53Dtfv9iYI=
X-Google-Smtp-Source: ABdhPJyV3Yb1CA1dz/FKoBPbYBGYnv/NXA7mjyF0jQMBhaDPrrzrBAfa5bM178cLzLVyNAIo72JXhwauIZWgueS58wY=
X-Received: by 2002:aa7:dc14:: with SMTP id b20mr67717845edu.133.1638134276904; Sun, 28 Nov 2021 13:17:56 -0800 (PST)
MIME-Version: 1.0
References: <163806638538.718.3161034904456828276@ietfa.amsl.com>
In-Reply-To: <163806638538.718.3161034904456828276@ietfa.amsl.com>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Sun, 28 Nov 2021 13:17:45 -0800
Message-ID: <CA+RyBmXXOea7ETLkduboC+GW1kNfxN+r9hCovsy5x+c9TZSQrQ@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: The IESG <iesg@ietf.org>, draft-ietf-pim-bfd-p2mp-use-case@ietf.org, pim-chairs@ietf.org, pim@ietf.org, mmcbride7@gmail.com, Alvaro Retana <aretana.ietf@gmail.com>
Content-Type: multipart/mixed; boundary="000000000000ab708105d1dfdb59"
Archived-At: <https://mailarchive.ietf.org/arch/msg/pim/OKG8y_B2TI63j4sGieakGOXKcrg>
Subject: Re: [pim] Benjamin Kaduk's No Objection on draft-ietf-pim-bfd-p2mp-use-case-09: (with COMMENT)
X-BeenThere: pim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Protocol Independent Multicast <pim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pim>, <mailto:pim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim/>
List-Post: <mailto:pim@ietf.org>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pim>, <mailto:pim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Nov 2021 21:18:09 -0000

Hi Ben,
thank you for the review and detailed comments. Please find my notes
in-lined below under the GIM>> tag. Attached is the diff that highlights
all proposed updates (these also include updates to address comments by
Martin).

Regards,
Greg



On Sat, Nov 27, 2021 at 6:26 PM Benjamin Kaduk via Datatracker <
noreply@ietf.org> wrote:

> Benjamin Kaduk has entered the following ballot position for
> draft-ietf-pim-bfd-p2mp-use-case-09: No Objection
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/
> for more information about how to handle DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-pim-bfd-p2mp-use-case/
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Do we want to provide any guidance on how to configure the BFD
> parameters (most notably the timeout intervals)?  (I assume the answer
> is "no", but still have to ask.)
>
> Section 1
>
>    Among specific characteristics of p2mp BFD that particularly benefit
>    PIM-SM over a LAN segment is a faster transition to the Up state of
>    the p2mp BFD session due to avoidance of the three-way handshake
>    required in p2p BFD [RFC5880].  [...]
>
> I'm not sure I understand how this works.  RFC 8562 seems to require the
> head node to stay in down state for the max timeout before transitioning
> to "up" and starting to send control packets.  With a three-way
> handshake there is immediate feedback at startup and, while there is a
> round-trip cost incurred, there is no mandatory enforced delay.  Could
> you say a bit more about which scenarios are being compared so that p2mp
> BFD is faster to Up than p2p BFD?
>
GIM>> Thinking of your question, I've realized that this text is not
essential, doesn't lead to the solution. You're right, in some scenarios,
"classical" p2p RFC 5880-based BFD with the three-way handshake will be
reaching the Up state faster than for p2mp scenario with the
same bfd.DesiredMinTxInterval and bfd.DetectMult. But, as I've realized,
that is not why the described mechanism is based on p2mp BFD, and not on
p2p BFD. I propose removing the sentence and slightly rewording the next
one:
OLD TEXT:
   Also, because the router that
   transmits BFD Control messages uses the BFD Demand mode [RFC5880], it
   maintains less BFD state than the Asynchronous mode.
NEW TEXT:
   A BFD system in
   p2mp environment that transmits BFD Control messages uses the BFD
   Demand mode [RFC5880] creates less BFD state than the Asynchronous
   mode.

>
>                                                          Point-to-
>    multipoint (p2mp) BFD can enable faster detection of PIM-SM router
>    failure and thus minimize multicast service disruption.  [...]
>
> Just to confirm: here, the comparison is PIM-SM without BFD against
> PIM-SM with (p2mp) BFD, right?  So that we're going from 105 seconds to
> potentially sub-second detection.  Assuming that, I'd consider "faster
> detection of PIM-SM router failure compared to PIM-SM without BFD".
>
GIM>> You're interpretation of this text is correct. Thank you for the
suggested improvement.

>
> Section 2.1
>
>    Note that any PIM-SM router, regardless of its role, MAY become a
>    head of a p2mp BFD session.  [...]
>
> While I don't see any problem with this behavior, I'm also a bit
> confused as to when an arbitrary (i.e., non-RP) router would benefit
> from being the head of a p2mp BFD session.  Also, RFC 7761 doesn't seem
> to use "role" as a defined term, so there may be some room for
> clarification if we had particular roles in mind.
>
GIM>> Thank you for the question. Our intention was to define a mechanism
that can be used in different scenarios, perhaps some that might not be
defined yet.

>
>    If a PIM-SM router is configured to monitor the head by using p2mp
>    BFD, referred to through this document as 'tail', receives a PIM-
>    Hello packet with the BFD Discriminator PIM Hello option, the tail
>
> Since we're presuming that the tail is configured to monitor "the head",
> does this behavior only apply to PIM-Hello packets received specifically
> from "the head" (as opposed to all received PIM-Hello packets)?
>
GIM>> The intended behavior is that a PIM-SM router may be enabled as a
tail for all possible heads on the given LAN segment. On the other hand, it
can be more restrictive and act the BFD Discriminator option from the
particular PIM-SM router. In other words, we wanted to leave the choice to
the implementors and operators.

>
>    If the tail detects a MultipointHead failure [RFC8562], it MUST
>    delete the corresponding neighbor state and follow procedures defined
>    in [RFC7761].
>
> Do we want to give a more precise reference for which RFC 7761
> procedures are to be followed in this case?  (Perhaps, the
> neighbor.timeout behavior?)  (Also, we might clarify that the neighbor
> state being deleted is the PIM state, not the BFD state.)
>
GIM>>  Yes, you are right, a tail is required to act as if the neighbor
timeout has expired. I've found that there are several places in RFC 7761
referencing actions upon the timer expiration. Perhaps the clarification
that the actions are as if the neighbor timeout expired make the text
clearer:
NEW TEXT:
   If the tail detects a MultipointHead failure [RFC8562], it MUST
   delete the corresponding neighbor state and follow procedures defined
   in [RFC7761] for the DR and additional neighbor state deletion after
   the neighbor timeout expires.

>
> Section 2.2
>
>                  The head router administratively sets the
>    bfd.SessionState to Up in the MultipointHead session [RFC8562] only
>    if it is a Group Designated Router (GDR) Candidate, as specified in
>    Sections 5.5 and 5.6 of [RFC8775].  If the router is no longer the
>    GDR, then it MUST shut down following the procedures described in
>    Section 5.9 [RFC8562].  [...]
>
> There seems to be a slight mismatch, here -- we start the BFD session if
> we're a GDR *Candidate*, and stop it if we're no longer *the GDR*.  So
> what do we do if we are a candidate but not the selected GDR?
>
GIM>> A GDR Candidate acts as the MultipointHead, which enables monitoring
of all active GDR Candidates by the PIM-SM DR.

>
>                            For each GDR Candidate that includes BFD
>    Discriminator option in its PIM Hello, the PIM DR creates a
>    MultipointTail session [RFC8562].  [...]
>
> Interestingly, this seems to be a stronger requirement on the tail than
> in the non-RFC8775 case, where we just say "MAY create a p2mp BFD
> session of type MultipointTail".  It might be worth emphasizing the
> contrast by using "MUST" here (assuming that the contrast is intended).
>
GIM>> Thank you for the suggestion. Yes, the text needs the normative
language to be clearer. Done.

>
>              If PIM DR detects a failure of one of the sessions, it MUST
>    remove that router from the GDR Candidate list and immediately
>    transmit a new DRLB-List option.
>
> Is this "MUST ... immediately transmit" going to run any risk of causing
> a traffic spike/congestion?  I find it unlikely, but am not really an
> expert here.
>
GIM>> We didn't receive any warnings from the multicast experts (I am far
from that myself). Would s/immediately/as soon as possible/ elevate your
concern?

>
> Section 2.3
>
>    The MultipointHead of a p2mp BFD session when transmitting BFD
>    Control packets:
>
>       MUST set TTL or Hop Limit value to 255 (Section 5 [RFC5881]);
>
> Is there a corresponding requirement or recommendation on tails to
> reject BFD Control packets with received TTL or Hop Limit not equal to
> 255?  Where is this requirement specified?
>
GIM>> I agree, a requirement to discard demultiplexed BFD Control packet,
similar to the one in RFC 5881, is beneficial. Added
OLD TEXT:
      MUST set TTL or Hop Limit value to 255 (Section 5 [RFC5881]);
NEW TEXT:
      MUST set TTL or Hop Limit value to 255 (Section 5 [RFC5881]).
      Similarly, all received BFD Control packets that are demultiplexed
      to the session MUST be discarded if the received TTL or Hop Limit
      is not equal to 255;

>
> Section 4
>
>    The security considerations discussed in [RFC7761], [RFC5880],
>    [RFC8562], and [RFC8775] apply to this document.
>
> Do the considerations of RFC 5881 also apply?
>
GIM>> A good question, thank you. Based on the use of GTSM/RFC 5082, these
also apply. Added.

>
> NITS
>
> Section 1
>
>    Bidirectional Forwarding Detection (BFD) [RFC5880] had been
>    originally defined to detect a failure of a point-to-point (p2p)
>
> I'd s/had been/was/ -- the "had been" verb tense feels out of place
> here.
>
GIM>> Thanks, agree.

v2.23.0 | Report a Bug | By Email