[pim] [Shepherding AD review] review of draft-ietf-pim-light-03
"Gunter van de Velde (Nokia)" <gunter.van_de_velde@nokia.com> Tue, 30 July 2024 16:16 UTC
Return-Path: <gunter.van_de_velde@nokia.com>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2FBBC14F5FA; Tue, 30 Jul 2024 09:16:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.254
X-Spam-Level:
X-Spam-Status: No, score=-2.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nokia.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wo2c8cuFyhRf; Tue, 30 Jul 2024 09:16:49 -0700 (PDT)
Received: from EUR03-DBA-obe.outbound.protection.outlook.com (mail-dbaeur03on2056.outbound.protection.outlook.com [40.107.104.56]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 336ECC14F5E4; Tue, 30 Jul 2024 09:16:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=R1IBGt3r8y/tGMpIoKoSQa5Oz6LW9U5OR7BDs8i7pDwlB1EzD97oam7ggz/StCIskEDq3KJGiaRiM1jhEf2qwiM7VkpK0rBrBlHpJL7IMIU02ahqCMInokKrqw5tQZ2/cQJl7kyp7thXau08/59XlvmaoDkqp2ck2D31ZmrnhEh4AmW5dlyqFmHFNe7sJ4UXcdiVtvKfPSVIJMUJqNaR8WrJ6Oy8QiRoUflftYmM4fdonuMEO8cA9INf3kq+z54SsqlAM2Y7meFALANJQF2MKWBJvm9ctFHm+MutKF4yVNCzHw1TRc5kNyndHl6v8qXwOYPTjjhSN0Erg4fO/oI9pg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GGAgeiQzrAQy1S7RoyEiaG3MEDjBnn20OBbB5DaOhkA=; b=AADtBaTlsJ80zfReDig/F5EtQamHjif0WaLUP0AhSq6Y6+E5gxX8V/dDp47eErvSlfsmcRTfgPzJCZ+WjXWP/b8nY0lef/acV2O+I1OKdhcFutgsSbftsoAyLy0adnJrOcAbL+bARAI/I3WRciLpNGNL3II4b4PWN9tZTHYKqrIgQVNoEWbqFSFFoLKjoMhVITHJG4VcztL/8JPtRUTUyTsucyjPa75awmtewVjHBhTLE9Im9O/SU85OP7wDzVk2dac6XRcWUOswNiRCSOIsHH+jncVJJ8huFcyotSwvELW/6C7MoWaZ/F1s7f+1Reldw9U69wViDIuz1C+jadN+YQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GGAgeiQzrAQy1S7RoyEiaG3MEDjBnn20OBbB5DaOhkA=; b=sRsQo7sADWdipHn5Zt4gmB1/EkZvDWpVRaQWRp6j/KsTwGH1G9CTyXVAhYKajW6obv4qZSLgKWBrNnO32gypDASJ1GCwIqdXKRiqKLL/GwhavvipxtulrHtdQViojZV2qQb1zNvlQDVmNGfZuRA0kv6Fbm7m7mc/8SJcgLFHr/EgemjDNRlzE1ZmevycJ5gCPBnOxlLI7Po9s+m7pXz8r1mwfYlMqFKQN/xaLlCS7RD1eE5vFVvmZu33BlEHXIsYuCjp+q4I9xl1Qik6VLNPgtkYPR7JlnanqRiseBxsHS6Sd/dBbPaRiVMDry8gT5ZovoMDr2nL/PAQXYKYrjG01Q==
Received: from AS1PR07MB8589.eurprd07.prod.outlook.com (2603:10a6:20b:470::16) by PAWPR07MB9710.eurprd07.prod.outlook.com (2603:10a6:102:390::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7828.19; Tue, 30 Jul 2024 16:16:42 +0000
Received: from AS1PR07MB8589.eurprd07.prod.outlook.com ([fe80::5ca6:f902:8e31:6f3e]) by AS1PR07MB8589.eurprd07.prod.outlook.com ([fe80::5ca6:f902:8e31:6f3e%7]) with mapi id 15.20.7828.016; Tue, 30 Jul 2024 16:16:42 +0000
From: "Gunter van de Velde (Nokia)" <gunter.van_de_velde@nokia.com>
To: "pim@ietf.org" <pim@ietf.org>
Thread-Topic: [Shepherding AD review] review of draft-ietf-pim-light-03
Thread-Index: Adrim3LOZuVmp5ytS96ghBxkM5lglQ==
Date: Tue, 30 Jul 2024 16:16:42 +0000
Message-ID: <AS1PR07MB85895734C715DD2F1BDEAD3FE0B02@AS1PR07MB8589.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nokia.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AS1PR07MB8589:EE_|PAWPR07MB9710:EE_
x-ms-office365-filtering-correlation-id: b2fd8a0c-a63c-412d-5de8-08dcb0b2ffca
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|366016|1800799024|38070700018;
x-microsoft-antispam-message-info: SK784mBZ9QyUdOoLYRmEkQM0g0sqlQfA3TvvTqKFwCMjSmCAnLYhcl3GaNWoz0E6/L7lmuIXTMOqG8EHdFDK53YfiIPbv1Dc71wLmyiK7xEV/h1tRzU9fzesLTYBjl7MBI7UDoCNdfDRnyKWi3G7Nkv2kpqDLS6tK+MwqLqD1MwUsJvwMGy4j4Yn02fip7GYDRrxflqFzdrOEjKlBYmP4HdOxEHilBojMk0OcJnVCXpztI852GMKbgVpwkJ5/oz46uDyZ8KTbFXMOaUNN7/vLYKTI0RXSr6saZs0NqNshBBV+A9TuYHdORG4uhGZcB1mEVpIkPz+7A9/fGRNAXW8y7HOjavmloMghkNjhlCTgr+weWYFAgMyQKLStdV4tw30mWB12a0qrfYXiQwEWJVJl7ckWnARFZxGd/v9aAfdbhjwn0KKdCW0VUp/yislkQjX8z9gtNJJtt260LnA8nFm7LQjvLoUVeP1E78z6bfTxR0Y0K7LI8V+TUEVEyaxC8AYPZrEqUDW9mx6YDJe63QzATi2MAIu9kAHn1d+gEaI26mMznXs8Duua7qq59J4ItU2wgv79SG3UlQgY/ICc9c8KPMSJl+Sf8IuwjyPp5rQk+5L5+2w+un1oZTtU+gDgpNAqIpLV14Fdm2KZiTW4t8PMg6UGkPeNTdJl1kLuEAC+tAk2WCPuvp/kMAtv2cdqYZF+gVQ5iUSM+Wqpu9o8crL9G2jbrv/1fib5RRIVNUh9YYRRoRr5+w+orI9eeFi5ES5j3fjzuElgaQH3rbCbBcoap1FEyvajhbgYmRgvfemVGSEVim7AutXJYW1Uc5DYpkoQO9rzqsyilVKeFUuB1wlPRxQkNgfqOs5w6RsmITIqxY1p5z7utNnfpyj9SiGCG/aMRS3J0/xSc7IXym14tuHE0s0bPMYhOee4FHKQER3P4L9Xoy7Z62ervCI2cSPV0mHYngvz8+Vzvlko4Wvjsg1FcLbBW6y7q3ZSo0GaN/ebDzpKkAvZe0Pa92zQtzlSge6e8MrtUzc9lwGSmyJXmciKdqWR7M2ZSU0VbmOp4s3CswE+UH7zg+aKR5BI2dUQrJVQ1V1p7iSd6Bd+4cpOxbVN/50hQqJ4kIQdWhgUzA5Wsd+2qcSgVZLd1y6+aG/w4jGN+aktj5gH2sejktCxXizey9EmX48DaVKLycYi1NcrTRkta/+P72fuRK0gBX9W05AJst2sVLVXqwAWYaoiQGyZIsci7b9mEcUWkmp05bMw8/rAFy6bw5/WU6q4bWJXbFIH2mK71LNDMmX6hOI4W2iUt/jHW/jjNFiDkTKKSTTiHArb0q4VFEOnzAj+HzgzW7Hd7IBjWoe8GuHWqAR0KDTomKOftvANY1uCG/FMKh0pX4=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS1PR07MB8589.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 6pmHh52KDbvzPpup04dRjJvpbMUPfq5oxy2/dxicNIpgkErN1rCbZi1IJnFbdzuU51GQ/I+PGOEzQ+VdC1BOFUPkBWqN3GanoDNZT31B0DchBpwiYTEJAluxdb5fYqtBge3wLErjT+Yvdpyvdsf1KzIFcRW5ptv2DBlWr19m7544BjXzDBTy5hMuzRGfxbK3/jGa6ACSO5WO5W6Ld3gILZXkFjE95A5mxL1EudAQ1nwDwUe53mJcOPovPt0aS/geVmY+KmkAizffWpx3YE5FMgoB0szdOINhTawg9yHt+9zkcRD1nVdJmTYpBBh9xflMqiSU9h69G8VY7Mb0dqhNOCb5kPZ80u7xnbSGyGPE0CjBHrLS/5Ef3eOWWftnPWWuEyVBCityaJBAyJhIrl/ma9wgTd3Lg5g/rPN8acITSI1bddFtciPAq2UqxFvVqJYV02ux0OCrgSQZTmGjIENWaNc0IW3zz8JLiBA82FKpy4zxIL1Ir+kDCgg59y8iKQLyrf5HhhVKmBLHOKWyPalzzC6M/rXuW5rXpvk9KajzpXLrj107FFzWJQkK5o58lKQOm5pJFK+qYvTZGq/s2XMnK4u/cwjJrDTcGDUn9WGob80g/3BfClYRkdAFp/L5S4zjN+FmkaQHt/r54gCMTdvBQQw7iAP+VO53nOIGpc8Dv29QyZsYXwJjMhCvmKVqya/slMd8iP8GsGl3FBQCo5xViuhnTrbEwcdGjNl0Z2tEzGtIokzRfmZf8lbMZsSk7A+cfUAB+T0GR5DmSk+Qfr80SXm7cbP7Mq0ZcZVVSfbO3XLZd7dB4pYXYKcLi8xLMY2VOld11SXAwarprHh5QBlb8TbSzcVmAk4C2uE9I4RpRF7zf/VTciNrX4eZOx9mgo7il1P4lBTCfOJigMG7U//uSn2frJlrHgM/iz6zJBBuJEJhKlmHdSBEU1sAwX5UyQ2DCTlzR9Q1dcP3PX2u4jATUzPi8piLe7PAe1QhsTrFmfu/G7Uong6+bdN6+uOSGRK0K0QrHhJnh0uz17kS1oDr1udNC825UNJBUn/9rh/W+pNMla3i9Q4lmgH026HOL6ibTME8ClcXm9LdVGVYEgwcGTHId7MI6cLS3FF/UAvTF3f1u0c+sO8jELlaCxd6UZ5deSvPbuHVF17/R+LKaQUuw6wuVBtYlW9wQx4kv2RnFQUrEkbecaiB7pSsaWMnLHqi9lCzRv3X55htT81rHnKd5IaaFMkRZ7d+tzViMU2Eqb6WT1idihgg3wdbTl/ynElA9A6boM+JCYacGepSmQtCfw7bwxeym8LQ8bP7J9ULzOv4Jp7VO+aMH4lgNFGJs9MMlhf2GiCxJ/S6SXqOUt3EZ5BbHQZ4cqmYgR+gGTk7NlgeHQFpqMlI+fD2Re+kgt4BbS4GkKxqcq6+gIQyULP10zL6MKy3BC3gRsyiCRSNpfmbuVr3V7r57uda/apNauFbE3MGJHX80xMZM37VgYC/emGozOLQyezodim71N9kKJ8Z5h0Fp1tx49vJPqeudKHUuTQ4iv1ifyI/Y5KWUwgwUTEOdvk3A/lC4zmsNgInIM0qE7TnLGgKptCXiWzUR8hmg9vGmPPo1IJng6t7DVMtpw==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AS1PR07MB8589.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b2fd8a0c-a63c-412d-5de8-08dcb0b2ffca
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jul 2024 16:16:42.1390 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: u8uyw+RveCCnqodgLcQDEElsmAnuqJRHRSGG9Ogz5Bi+QaroFr0+8NfTLflOV8YNnxjA/Ai0O+7tt38uk/Xevns6lOiqK43JtCaSj1VrKnc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR07MB9710
Message-ID-Hash: FZT63BDWWZEB4ZTAZJNIA7OR7CXHVWLW
X-Message-ID-Hash: FZT63BDWWZEB4ZTAZJNIA7OR7CXHVWLW
X-MailFrom: gunter.van_de_velde@nokia.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-pim.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-pim-light@ietf.org" <draft-ietf-pim-light@ietf.org>, "pim-chairs@ietf.org" <pim-chairs@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [pim] [Shepherding AD review] review of draft-ietf-pim-light-03
List-Id: Protocol Independent Multicast <pim.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/pim/Xt_YS32WgmuWsHELSP6zNNtlX14>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Owner: <mailto:pim-owner@ietf.org>
List-Post: <mailto:pim@ietf.org>
List-Subscribe: <mailto:pim-join@ietf.org>
List-Unsubscribe: <mailto:pim-leave@ietf.org>
# Gunter Van de Velde, RTG AD, comments for draft-ietf-pim-light-03 Hi All, Please find here a shepherding AD review of draft-ietf-pim-light-03 I started reviewing this document before we kick off the IETF Last Call process and have some shepherding AD comments and observations. Once we address these points, we can move forward with the document through the IESG chain. A big thank you to Sandy for the Shepherd document discussion. I noticed that there has been no Routing Directorate review yet, and as result i requested (30 July 2024) (https://datatracker.ietf.org/doc/draft-ietf-pim-light/reviewrequest/20052/) In my review, I've noted some final observations while going through the document. For better readability, I've suggested some numereous edits. The line numbering has been rendered from the earlier mentioned idnits tool. #GENERIC COMMENTS #================ ## The idnits tool spits out some comments on badly used normative language. Please correct where required: https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-pim-light-03.txt ## The detailed review mainly has lots of revised textblob proposed updates ## IANA section says N/A but we should consider updating the existing IANA PIM Message Types with an additional column to display validity of the message for PLI ## Security section is rather light. When a router starts processing packets from unauthenticated peers, then that increases risk. How can this be mitigated? Is there some operational process or could these messages be exchanged using other security mechanisms? ## After reading the full document in great detail, i missed a section that decsribes the formal procedure of what makes a PIM system a PIM Light system? ## Interop with non PIM Light systems is not discussed in the PIM light when brownfield deployments are expected #DETAILED COMMENTS #================= ##classified as [minor] and [major] 17 Abstract 19 This document specifies a new Protocol Independent Multicast 20 interface which does not need PIM Hello to accept PIM Join/Prunes. [major] The abstract for this document is rather short and can use slightly more details about the document intent. This document can do better and be more meaningful for consumers of the draft. What about using something as follows as abstract: " This document specifies a new type of Protocol Independent Multicast (PIM) interface called PIM Light (PLI). Unlike traditional PIM interfaces, PLI does not require PIM Hello messages for accepting Join/Prune messages. PLI supports multicast state signaling over networks that do not support or need full PIM neighbor discovery, such as BIER networks. It ensures efficient multicast routing without the need for full adjacency, making it suitable for specific deployment scenarios. The document outlines PLI configuration, message handling, and considerations for ensuring non-duplicative multicast traffic. " 78 It might be desirable to create a PIM interface between routers where 79 only PIM Join/Prunes packets are signaled over it without having a 80 full PIM neighbor discovery. This type of PIM interface can be 81 useful in some scenarios where the multicast state needs to be 82 signaled over a network or medium which is not capable of or has no 83 need for creating full PIM neighborship between its peer Routers. 84 These type of PIM interfaces are called PIM Light Interfaces (PLI). [minor] I do not feel that the word desirable fits properly in this context. This document is providing formal procedures for PIM light and the text should reflect this. I did not add refereces to PIM and the Join/Prune message. Please add such references in the updated document. What about following rewrite: " This document specifies the Protocol Independent Multicast (PIM) Light Interface (PLI), a new type of PIM interface that allows signaling of PIM Join/Prune packets without full PIM neighbor discovery. PLI is useful in scenarios where multicast state needs to be signaled over networks or media that do not support or require full PIM neighborship between routers. The document details PLI configuration, message handling, and considerations to prevent duplicate multicast traffic, offering an efficient multicast routing solution for specific deployment environments. " 94 2.1. Definitions 95 96 This draft uses definitions used in [RFC7761] [minor] It would not hurt and make the document better readable to indicate thet RFC7761 is "Protocol Independent Multicast - Sparse Mode (PIM-SM): Protocol Specification" 100 RFC [RFC7761] section 4.3.1 describes the PIM neighbor discovery via 101 Hello messages. In section 4.5 it describes that If a router 102 receives a Join/Prune message from a particular IP source address and 103 it has not seen a PIM Hello message from that source address, then 104 the Join/Prune message SHOULD be discarded without further 105 processing. [minor] sections 4.3.1and 4.5 formally specify the procedure used by PIM Sparse Mode. " RFC 7761, Section 4.3.1, outlines the PIM neighbor discovery mechanism using Hello messages. Section 4.5 specifies that if a router receives a Join/Prune message from an IP source address without having previously received a PIM Hello message from that source, the router SHOULD discard the Join/Prune message without further processing. This procedure ensures that only messages from authenticated PIM neighbors are processed, maintaining the integrity and reliability of the multicast routing infrastructure. " 107 In some scenarios it is desirable to communicate and build multicast 108 states between two L3 adjacent routers without establishing a PIM 109 neighborship. There could be many reasons for this desired, but one 110 example is the desired to signal multicast states upstream, between 111 two or more PIM Domains via a network or medium that is not optimized 112 for PIM or does not require PIM Neighbor establishment. An example 113 is a BIER network connecting multiple PIM domains. In these BIER 114 networks PIM Join/prune messages are tunneled via bier as per 115 [draft-ietf-bier-pim-signaling]. [minor] Slightly rewriting to help readability. What about: " In certain scenarios, it is desirable to establish multicast states between two Layer 3 adjacent routers without forming a PIM neighborship. This can be necessary for various reasons, such as signaling multicast states upstream between multiple PIM domains over a network that is not optimized for PIM or does not necessitate PIM Neighbor establishment. For example, in a Bit Index Explicit Replication (BIER) [RFC8279] network connecting multiple PIM domains, PIM Join/Prune messages are tunneled via BIER as specified in [draft-ietf-bier-pim-signaling]. " 117 A PIM Light Interface (PLI) ONLY accepts Join/Prune messages from an 118 unknown PIM router and it accepts these messages without receiving a 119 PIM Hello message form the router. Lack of Hello Messages on a PLI 120 means there is no mechanism to learn about the neighboring PIM 121 routers on each interface and their capabilities or run some of the 122 basic algorithms like DR Election between the routers. As such the 123 PIM Light router doesn't create any General-Purpose state for 124 neighboring PIM and it only process Join/Prune message from 125 downstream routers in its multicast routing table. [major] This is weirdly written. what does the upper case ONLY eactly intent to explain? Why is it upper case? Does this mean that when the PIM neighbor is not unknown it must ignore these messages? There are more typos in this paragraph. " A PIM Light Interface (PLI) accepts Join/Prune messages from an unknown PIM router without requiring a PIM Hello message from the router. The absence of Hello messages on a PLI means there is no mechanism to discover neighboring PIM routers or their capabilities, nor to execute basic algorithms such as Designated Router (DR) election [RFC7761]. Consequently, the PIM Light router does not create any general-purpose state for neighboring PIM routers and only processes Join/Prune messages from downstream routers in its multicast routing table. " In the above, i was wondering if the PIM LIght Router does introduce state due to the Join/Prune messages. If the answer is yes, then that should be explicit mentioned to complete the paragraph. 127 Because of this, a PLI needs to be created in very especial cases and 128 the application that is using these PLIs should ensure there is no 129 multicast duplication of packets. As an example, multiple upstream 130 routers sending the same multicast stream to a single downstream 131 router. [minor] The following rewrite may be more clear for consumers of the document. The fact that with PIM Light there is processing of packets from an unauthenticated neighbor seems as a serious security concern. This shoul dbe mentioned as a concern and operational guidelines to reduce the risk vector " Due to these constraints, a PLI should be deployed in very specific scenarios. The application using these PLIs must ensure there is no multicast packet duplication, such as multiple upstream routers sending the same multicast stream to a single downstream router. " 133 3.1. PLI supported Messages 135 As per IANA [iana_pim-parameters] PIM supports more than 12 message 136 types, PIM Light only supports message type 3 (Join/Prune) from the 137 ALL-PIM-ROUTERS message types listed in RFC7761, other unicast 138 destination message types are supported by PIM light. All other 139 message types are not supported for PIM Light and SHOULD not be 140 process if received on a PLI. [major] The URL reference to the IANA "PIM Message Types" registery is missing. Can the following wbe added: https://www.iana.org/assignments/pim-parameters/pim-parameters.xhtml#message-types I am not sure what the value is in saying that there are more as 12 message types. It would be more correct that there are multiple message types, but that PIM light only supports "3 Join/Prune 0-7: Unassigned [RFC3973][RFC7761]" to ALL-PIM-ROUTERS to be specific. Please condider the following (fixing few remaining typos): " According to IANA [iana_pim-parameters], PIM supports numerous message types. However, PIM Light only supports message type 3 (Join/Prune) from the ALL-PIM-ROUTERS message types listed in RFC 7761. Other unicast destination message types are supported by PIM Light. All other message types are not supported for PIM Light and SHOULD NOT be processed if received on a PLI. " Would it make sense to explicit call out all Message Types supported by PIM light in the above text blob? does this impact IANA registery and maybe the existing table needs to be updated to become an extended table with a column specifying suport in PIM Light, so that in future it becomes easierto track what is supported in PIM Light and what is not supported in PIM Light? 142 3.2. Lack of Hello Message consideration 143 144 The following should be considered on a PIM Light domain since Hello 145 messages are not processed. [minor] The section title is slightly misleading. Hello messages still exist, but are abscent or not processed. " 3.2. Considerations for Absence of Hello Messages In a PIM Light domain, the following considerations should be taken into account due to the lack of processing Hello messages " 147 3.2.1. Join Attribute 149 Since PLI does not process the PIM Hello message, processing of the 150 join attributes option in PIM Hello as per [RFC5384] is also not 151 supported, leaving PIM Light unaware of its neighbor capability of 152 processing the join attribute. A PIM Light Router that does not 153 understand the type 1 Encoded-source Address and per [RFC7761] SHOULD 154 not process a join message that contains it. Otherwise the PLI can 155 process the Join Attribute accordingly. [major] This text blob can use some formal style BCP14 language. I added one single SHOULD and hope that this did not break the WG consensus? s/can/SHOULD/ " 3.2.1. Join Attribute Since a PLI does not process PIM Hello messages, it also does not support the join attributes option in PIM Hello as specified in [RFC 5384]. Consequently, PIM Light is unaware of its neighbor's capability to process join attributes. A PIM Light router that does not recognize the type 1 Encoded-source Address, as per [RFC 7761], SHOULD NOT process a join message containing it. Otherwise, the PLI SHOULD process the join attribute accordingly. " 157 3.2.2. DR Selection 158 159 Since DR Election is not supported on PIM Light because of lack of 160 Hello messages, the network design should ensure that DR Election is 161 achieve on the PIM domain, assuming the PIM Light domain is 162 connecting PIM domains. 163 [minor] Slightly re-edited to help readability. " 3.2.2. DR Selection Due to the absence of Hello messages, DR Election is not supported on a PLI. Consequently, network design must ensure DR Election occurs within the PIM domain, assuming the PIM Light domain interconnects PIM domains. " 164 As an example, in a BIER domain which is connecting 2 PIM networks, a 165 PLI can be used between the BIER edge routers. The PLI will be only 166 used for multicast states communication, by transmitting ONLY PIM 167 Join/prunes over the BIER domain. In this case to ensure there is no 168 multicast stream duplication the PIM routers attached on each side of 169 the BIER domain might want to establish PIM Adjacency via [RFC7761] 170 to ensure DR election on the edge of the BIER router, while PLI is 171 used in the BIER domain, between BIER edge routers. When the Join or 172 Prune message arrives from a PIM domain to the down stream BIER edge 173 router, it can be send over the BIER tunnel to the upstream BIER edge 174 router only via the selected designated router. [minor] To help readability this textblob could be as follows: " For instance, in a BIER domain connecting two PIM networks, a PLI can be used between BIER edge routers solely for multicast state communication, transmitting only PIM Join/Prune messages. To prevent multicast stream duplication, PIM routers on either side of the BIER domain should establish PIM adjacency as per [RFC 7761] to ensure DR election at the BIER edge. Join or Prune messages from a PIM domain to the downstream BIER edge router can then be sent over the BIER tunnel to the upstream BIER edge router only via the designated router. " [major] However, this leaves room for confusion. Is the above intending to outline that each PIM side must have a DR at the BIER edge? This example may need some additional clarification on the topology intended. A simple diagram or more elaborate explanation would help reader understand the intended objective from the usecase description. 176 3.2.3. PIM Assert 177 178 Where multiple PIM routers peer over a shared LAN or a Point-to- 179 Multipoint medium, it is possible for more than one upstream router 180 to have valid forwarding state for a packet, which can lead to packet 181 duplication. When this is detected PIM Assert is used to select one 182 transmitter. That said as per [RFC7761] PIM Assert should only be 183 accepted if it comes from a known PIM neighbor. With PIM LIGHT the 184 implementation SHOULD ensure there is no duplicate streams arriving 185 from upstream PIM Light routers to a single downstream PIM LIGHT 186 router. If this condition is not possible to be met because of 187 network design, the implementation should ensure there is no 188 duplication of stream. As an example in PIM LIGHT over a BIER domain 189 implementation, for IBBR (Down stream PIM LIGHT router) in a BIER 190 domain to find the EBBRs closes to the source (upstream PIM LIGHT 191 routes), SPF can be use with a post processing as per 192 [draft-ietf-bier-pim-signaling] Appendix A.1. With this post 193 processing if 2 EBBRs are found by the downstream IBBR, then this 194 downstream IBBR router can choose one of the EBBRs with a unique IP 195 selection algorithm. As an example the EBBR with lowest IP address 196 or largest IP address can be the EBBR that the downstream PIM LIGHT 197 (IBBR) router sends the join/prune message to. When this EBBR goes 198 offline the downstream router can send the join to the next EBBR 199 based on the IP selection algorithm. This IP selection algorithm is 200 outside of scope of this draft. [minor] SUggested readability revised textblob suggestion. In this section it may be useful for a reader to explicit say that assert is not supported with PIM Light. [major] This section introduces new abbreviations. This can use a reference to the RFC where these are specified and explained. [major] Is the use of 'implementation' in "the implementation should ensure no stream duplication" seems incorrect. Is this trying to say that the network architecture must ensure no stream duplication? The examplethat follows was to me as a first time reader slightly confusing on the exact objective. In addition the usage of the word 'downstream IBBR' confused me. Is it not just the IBBR that intended, and is the IBBR from the stream perspective not the upstream router? Why is the tie breaking mechanism not formally defined in the the pim-signalling draft as either the highest ip or lowest ip address? This section is pointing to the " 3.2.3. PIM Assert In scenarios where multiple PIM routers peer over a shared LAN or a Point-to-Multipoint medium, more than one upstream router may have valid forwarding state for a packet, potentially causing packet duplication. PIM Assert is used to select a single transmitter when such duplication is detected. According to [RFC 7761], PIM Assert should only be accepted from a known PIM neighbor. In PIM Light implementations, care must be taken to avoid duplicate streams arriving from upstream PIM Light routers to a single downstream PIM Light router. If network design constraints prevent this, the implemented network architecture should take measures to avoid traffic duplication. For example, in a PIM Light over a BIER domain scenario, downstream IBBR (Ingress BIER Border Router) in a BIER domain can identify the nearest EBBRs (Egress BIER Border Routers) to the source using SPF with post-processing as described in [draft-ietf-bier-pim-signaling] Appendix A.1. If the downstream IBBR identifies two EBBRs, it can select one using a unique IP selection algorithm, such as choosing the EBBR with the lowest or highest IP address. If the selected EBBR goes offline, the downstream router can use the next EBBR based on the IP selection algorithm, which is beyond the scope of this draft. " 202 3.3. PLI Configuration 203 [major] To me this section should make it more clear that there are operational considerations to embrace with PLI. Could be good to spell it all explicit out to avoid readers of this PIM Light document to make assumptions 204 Since a PLI doesn't require PIM Hello Messages and PIM neighbor 205 adjacency is not checked for join/prune messages, there needs to be a 206 mechanism to enable PLI on interfaces for security purpose, while on 207 some other interfaces this may be enabled automatically. An example 208 of the latter is the logical interface for a BIER sub-domain 209 [draft-ietf-bier-pim-signaling]. [major] To enable PLI may be not only be tied to security. It could also be that it is not required for the system? The text implies that the only reason to not enable PLI is for security. 210 211 If a system explicitly needs a PLI to be configured, then this system 212 SHOULD not accept the Join/Prune messages on interfaces that the PLI 213 is not configured on, and it should drop these messages on a non PLI 214 interface. If the system automatically enables PLI on some special 215 interfaces, as an example interfaces facing a BIER domain, then it 216 should accept Join/Prune messages on these interfaces only. [minor] Is the text here not duplicated in the sentense? First "If a system explicitly needs a PLI to be configured, then this system SHOULD not accept the Join/Prune messages on interfaces that the PLI is not configured on" and then the next text says in different words "and it should drop these messages on a non PLI interface." [minor] "on some special interfaces" is that correct? maybe you are saying 'interfaces with a specific function'? 218 3.4. Failures in PLR domain 219 220 Because the Hello messages are not processed on the PLI, some 221 failures may not be discovered in PLI domain and multicast routes 222 will not be pruned toward the source on the PIM domain, leaving the 223 upstream routers continuously sending multicast streams until the out 224 going interface (OIF) expires. 225 226 Other protocols can be used to detect these failures in the PIM Light 227 domain and they can be implementation specific. As an example, the 228 interface that PIM Light is configured on can be protected via BFD or 229 similar technology. If BFD to the far-end PLI goes down, and the PIM 230 Light Router is upstream and is an OIF for a multicast route <S,G>, 231 PIM should remove that PLI from its OIF list. In addition if 232 upstream PLI is configured automatically, as an example in BIER case, 233 when the downstream BFR is no longer reachable, the upstream PIM 234 Light Router can prune the <S,G> advertised by that BFR, toward the 235 source to stop the transmission of the multicast stream. [minor] What are 'some failures'? which faiures exactly are not discovered? Is BFD the only mechanism that is used to detect peer livelyness? 237 3.5. Reliable Transport Mechanism for PIM LIGHT 238 239 [RFC6559] defines a reliable transport mechanism for PIM transmission 240 of Join/Prune messages. PIM over reliable transport (PORT) uses TCP 241 port 8471 which is assigned by IANA. [RFC6559] mandates that if a 242 router is configured to use PIM over TCP or SCTP on a given interface 243 it must include the PIM-over-TCP-Capable or PIM-over-SCTP-Capable 244 Hello option in its Hello messages for that interface. These options 245 also communicate the connection ID of TCP for the appropriate address 246 family. PIM Light lacking Hello messages, can be configured to use 247 PORT under a PLI. That said the TCP connection ID of local router 248 and peer router has to be configured manually under each side of the 249 PLI. The PLI uses these local and peer connection ID to setup a TCP 250 connection. As per [RFC6559] section 4 the routers use the 251 connection IDs to figure out which side will do a passive transport 252 open and which side of the PLI with do a active open. If TCP 253 connection failed to open then PLI will revert back to Datagram mode. [major] TCP with port 8471 is mentioned, however later SCTP is mentioned. This section may need some BCP14 language to prescribe exactly what is supproted and how the PIM Light must behave under condition of using reliable transport. 255 3.6. PIM Variants not supported 256 257 The following PIM variants are not supported with PIM Light and not 258 covered by this draft: 259 260 1. Protocol Independent Multicast - Dense Mode (PIM-DM)[RFC3973] 261 262 2. Bidirectional Protocol Independent Multicast (BIDIR-PIM) 263 [RFC5015] [minor] For completeness what about PIM-SSM? PIM Dense-Sparse Mode? PIM-Any-source-multicast? 265 4. IANA Considerations 266 267 NA [major] The existing IANA registery for "PIM Message Types" may not be sufficient for PIM Light and may need update. The existing table may need a new column, used explicit for PIM Light to show which of the PIM Message Types is supported. It would be to lock the Message types currently supported and allows a framework for the future, unless through WG consensus the expectation is never any message ar eto be supported for PLI? 269 5. Security Considerations 270 271 Since PIM Light can be used for signaling Source-Specific and Sparse 272 Mode Join/Prune messages, security considerations of [RFC7761] and 273 [RFC4607] SHOULD be considered. 274 275 It should be noted a PIM Light can also use [RFC5796] as indicated in 276 [RFC7761] for authentication. [major] in the text security was mentioned, but the same topc is not discussed in this section. Processing Join/Prune from non-neighbors could be a DOS attack vector. Is there any other PIM threat that can exploited now that PIM routers start processing packets received from unauthenticated PIM peers? 325 Authors' Addresses [minor] the names of authors are not 100% correct and miss family names Brgds, G/
- [pim] [Shepherding AD review] review of draft-iet… Gunter van de Velde (Nokia)
- [pim] Re: [Shepherding AD review] review of draft… Hooman Bidgoli (Nokia)
- [pim] Re: [Shepherding AD review] review of draft… Gunter van de Velde (Nokia)
- [pim] Re: [Shepherding AD review] review of draft… Hooman Bidgoli (Nokia)
- [pim] Re: [Shepherding AD review] review of draft… Stig Venaas
- [pim] Re: [Shepherding AD review] review of draft… Hooman Bidgoli (Nokia)
- [pim] Re: [Shepherding AD review] review of draft… Gunter van de Velde (Nokia)