IETF Logo Mail Archive

Re: [pim] AD Review of draft-ietf-pim-explicit-rpf-vector-06

Stig Venaas <stig@venaas.com> Mon, 26 October 2015 22:43 UTC

Return-Path: <stig@venaas.com>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AA1F1A1BA2 for <pim@ietfa.amsl.com>; Mon, 26 Oct 2015 15:43:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AbqEtjxeM66u for <pim@ietfa.amsl.com>; Mon, 26 Oct 2015 15:43:03 -0700 (PDT)
Received: from mail-lb0-x22f.google.com (mail-lb0-x22f.google.com [IPv6:2a00:1450:4010:c04::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D50CD1A0163 for <pim@ietf.org>; Mon, 26 Oct 2015 15:43:02 -0700 (PDT)
Received: by lbbwb3 with SMTP id wb3so51097027lbb.1 for <pim@ietf.org>; Mon, 26 Oct 2015 15:43:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=venaas_com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=rxutRxftM7xsDLJTloqTFu6wsv/+W0IyAARFDYxQ3KM=; b=eyJzdMKgF9RVy/rRrz0DNH3TG3VosbSwVGqOpeTJna9+XSQWsyn1gNmh9VuE7zM1PY idHSNJ31N2cLWCazZ1ygUTUMoDGSFJgb2JS26p4jFjQhwbKbLUuWsyMkWStgcEZt+vQ1 I3QImjbg//F1sBIbJDPSnbi75DDL8i2/k2/JjERn1bxp672UgfaQZlaIkFAkV13jyhJe wM2UTfPhakndAb+wKL/mvbkjWX1TKTwtkgNAcSoD+zi9VW9j9Ud8XfG4DKH9oOBymEFv t6cQkZ/VV6Ss5LVhHwfUHPdbIM/QD70WH9MaL1apyEl9FMdpGfJx1+4wsyJXeJilCL4b hYqQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=rxutRxftM7xsDLJTloqTFu6wsv/+W0IyAARFDYxQ3KM=; b=XZ/BVfw4egVhKQss3Qs70SCHi9p/zaHwNIDQZHtoy18p/6JzZOFHXT8soRms2LuNuc O9mJU9xcsce8mXhzV/VgTrYEhDkIny/xZKApjadS5ktniewykG19fVa5HyVxT+YrUKga 3sVgkFv4ET9UFQu0nYDY3RHwKVgplLWyIOldU0LQrkR3ZHRKPIY3aEUodz03qPS4QPd5 Q8QFEVBrpnFD2hMKMIVxgCxBw7i4D/iIPNXd4z/hqzykh3r9NwDFTreiVZXfNexwt0vl lFdfD+k8h07SaEf6qUbSyinjxxn31de93tny7nqg6zOhaWfatThbS7ujx8yy+9LBW7Jn j/fg==
X-Gm-Message-State: ALoCoQkY3ZeR/W2lM5F1by8ReAvivEaIQClPwwSk3P0WtsO++Bjm3xSQ2bDFY9ZQz1E1jHL3rB4x
MIME-Version: 1.0
X-Received: by 10.112.147.10 with SMTP id tg10mr18694515lbb.58.1445899381108; Mon, 26 Oct 2015 15:43:01 -0700 (PDT)
Received: by 10.25.42.19 with HTTP; Mon, 26 Oct 2015 15:43:01 -0700 (PDT)
In-Reply-To: <D239907B.D7D75%aretana@cisco.com>
References: <D239907B.D7D75%aretana@cisco.com>
Date: Mon, 26 Oct 2015 15:43:01 -0700
Message-ID: <CAHANBtL2qESkhkQOSZZ4SatkYXh9RhaD=FduPpp36sp1w+08sw@mail.gmail.com>
From: Stig Venaas <stig@venaas.com>
To: "Alvaro Retana (aretana)" <aretana@cisco.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/pim/l4vUWQPM0BcHKfNsNyfSO97xObo>
Cc: "draft-ietf-pim-explicit-rpf-vector@ietf.org" <draft-ietf-pim-explicit-rpf-vector@ietf.org>, "mmcbride7@gmail.com" <mmcbride7@gmail.com>, "pim-chairs@ietf.org" <pim-chairs@ietf.org>, "pim@ietf.org" <pim@ietf.org>
Subject: Re: [pim] AD Review of draft-ietf-pim-explicit-rpf-vector-06
X-BeenThere: pim@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Protocol Independent Multicast <pim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pim>, <mailto:pim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim/>
List-Post: <mailto:pim@ietf.org>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pim>, <mailto:pim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Oct 2015 22:43:04 -0000

I see an email by Alia to the list on Tue, 26 August 2014, where she writes:

Finally - I really don't see this as being informational.  Either it's
experimental or, since the chairs believe that it has WG consensus, it is
standards track.

That's what I can find so far. Can the authors please help do some
digging, or do you remember? You remember Mike?

Maybe worth listening to the audio of the meeting right before?

Stig



On Wed, Oct 7, 2015 at 8:32 AM, Alvaro Retana (aretana)
<aretana@cisco.com> wrote:
> Hi!
>
> I just finished reading this document.  I have a couple of Mayor items that
> should be easy to resolve and a some Minor ones.
>
> My main concern with this document is around the validation of the
> correctness of the information.  While  there is no specified mechanism to
> validate the correctness of the vectors, the Security Considerations section
> says that "the Explicit RPF Vector list should be subject to a policy to
> validate the list consists of a valid path before its used by a receiver to
> build a multicast tree"..so there seems to be a contradiction between that
> is expected and what is being specified.
>
> Knowing that we're in a world where external agents
> (controllers/administrators/etc.) somehow "know everything", I am ok with
> the assumption that they came up with a valid path ("How the Explicit RPF
> Vector list is determined is outside the scope of this document.") as long
> as potential risks are explicitly outlined, and some of the basics are
> clarified.
>
> I expect at least some discussions and an update to the document.  When that
> is done I'll start the IETF Last Call and move this document forward.
>
> Thanks!
>
> Alvaro.
>
>
>
> Major:
>
> Indented Status.  The datatracker page and the Shepherd Writeup both mention
> that the document should be "Informational because its useful primarily in
> specific scenarios and it's what the WG agreed upon", but the header says
> "Standards Track".  It looks like the status on the document changed in –05,
> which came out after the current Shepherd Writeup, but it's not clear from
> the mailing list if that was discussed (and the datatracket/writeup are just
> outdated) or if the document needs to be updated.
> Correctness and Validation.  As identified in Section 3. (Motivation), there
> are no "new mechanism in PIM to validate the correctness of the RPF
> vectors".
>
> New?  Are there existing mechanisms?
> Section 10. (Unsupported Explicit Vector Handling)
>
> The document expects "that the administrator computes the path to include
> routers that support explcit (sp) vector and check that the state is created
> correctly on each router along the path."  That is a very nice expectation,
> but what happens if something changes?
> What about the case where a mixed set of vectors exists, and the Explicit
> Vectors are the unsupported ones?
> Do changing conditions in the network with the potential of nodes not
> supporting the vectors, create a (security or operational) vulnerability?
>
> Section 13. (Security Considerations) does say that "the Explicit RPF Vector
> list should be subject to a policy to validate the list consists of a valid
> path before its used by a receiver to build a multicast tree."  This is
> interesting specially because there's text that says that "how the Explicit
> RPF Vector list is determined is outside the scope of this document."  IOW,
> the document is not saying how to build the information, but it does say
> that it has to be validated.  I have several questions about this — it would
> go a long way if you could be more explicit.  I don't think we need to
> include all the answers or be too specific, but a little more clarity might
> help with any concerns from the SecDir or Security ADs.
>
> What do you mean by a "policy"?  Are you hinting at a gating function to
> either accept or not a vector list?  If so, how would/could that be
> coordinated across multiple nodes?
> What is a "valid path"?  I assume that means a path made of "valid
> addresses", but is the validity determined just by a reachable address?  Or
> should the validator be looking for the addresses to be reachable in a
> specific order (path)?  Or ??
> BTW, in 11. (Explicit RPF Vector Attribute TLV Format) the address is
> defined as "Value: … This could be a valid primary or secondary address."
> "Could be", meaning it can be just that, or that it could be anything?
> Maybe just don't be so specific (primary or secondary) and leave it at
> "valid address".
>
> Section 11. (Explicit RPF Vector Attribute TLV Format)
>
> "Length:  Length depending on the Address Family of the Encoded-Unicast
> address."  [I know this is the same text as in rfc5496.]  The description
> sounds like I need to know what type of address I have in the next field to
> determine if the length is correct..but there is no explicit indication of
> which AF is being used.  In fact, nowhere in the document is there a mention
> that the possible AFs are IPv4/IPv6 — it would be very nice if that was
> explicitly mentioned.  I don't think we need to change the encoding at thins
> point, but knowing that (today) there are only two expected lengths would
> help with determining validity.
>
>
> Minor:
>
> References:
>
> The reference to I-D.ietf-rtgwg-mofrr is outdated (now rfc7431).  I also
> think we could make it an Informational Reference.
> Change the reference to rfc4601 to I-D.ietf-pim-rfc4601bis.  Please take a
> look at the updated Security Considerations (in draft-ietf-pim-rfc4601bis
> wrt rfc4601) to make sure that the reference still works.
>
> It looks like Section 5. (Explicit RPF Vector Attribute) is superfluous as
> the details of the TLV are defined elsewhere.  In fact, I would move Section
> 11 to this position (just a nit).
> Section 7. (Conflicting RPF Vectors)
>
> "…the content of the RPF Vectors MUST be compared ([RFC5384])."  It seems
> like this reference is out of place as rfc5384 was already positioned as not
> addressing the specific problem of mixed RPF vectors.

v2.23.0 | Report a Bug | By Email