Re: [pim] Benjamin Kaduk's Discuss on draft-ietf-pim-msdp-yang-15: (with DISCUSS and COMMENT)

"Rob Wilton (rwilton)" <rwilton@cisco.com> Thu, 05 March 2020 12:46 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9875B3A1443; Thu, 5 Mar 2020 04:46:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=RYDwaw51; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=iByVWDHY
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OcuveaCZxTnT; Thu, 5 Mar 2020 04:46:02 -0800 (PST)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DD6F3A144A; Thu, 5 Mar 2020 04:46:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=18010; q=dns/txt; s=iport; t=1583412362; x=1584621962; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=6TxmBb/bjrJFE3aoOs+lcyVlo+QHyX3Z7Ryc0tz0GIY=; b=RYDwaw51kn6/dVgoz77KOwukZ4OXerNyXCqv0MUFUZN+wdqwD0ZE/XuT g/x7VqwvfzPDodLhFAKTfUKxu7VLdOE2mzxyAVg0oZSNeSWI3SNr09wFv BRb2OAvLfQE2l9BJbthjQ3iRLaxxn3El033VMyiVq7F93Sdea4X6vbhKD M=;
IronPort-PHdr: =?us-ascii?q?9a23=3Anic/WRfDIHE5dVKJRlrlvdvTlGMj4e+mNxMJ6p?= =?us-ascii?q?chl7NFe7ii+JKnJkHE+PFxlwGRD57D5adCjOzb++D7VGoM7IzJkUhKcYcEFn?= =?us-ascii?q?pnwd4TgxRmBceEDUPhK/u/dTM7GNhFUndu/mqwNg5eH8OtL1A=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0ACAgDS82Be/4wNJK1mDg0BAQEBAQE?= =?us-ascii?q?BBQEBAREBAQMDAQEBgXuBVFAFbFggBAsqhBWDRgOKa4JfiWOOMoFCgRADVAk?= =?us-ascii?q?BAQEMAQEjCgIEAQGEQwIXgXUkOBMCAwEBCwEBBQEBAQIBBQRthVYMhWMBAQE?= =?us-ascii?q?BAgESEREMAQErDAEEBwQCAQgRBAEBAwIUEgICAh8RFQgIAgQBDQUIGoMFgko?= =?us-ascii?q?DDiABDqIlAoE5iGJ1gTKCfwEBBYFDQYMTDQuCDAMGgQ4qimQlgR4agUE/gRF?= =?us-ascii?q?HgX1QPoIbSQIBAgGBLAESAQgbFTiCQjKCLI1PJC2CSIYWiWiOSTJECoI8h1K?= =?us-ascii?q?KXoRSgkmIIYRNi32OGVyIfIIwkCECBAIEBQIOAQEFgWkiKhojWBEIcBWDJ1A?= =?us-ascii?q?YDY4dDAEWFYM7hRSFBD10AoEniz+BPl8BAQ?=
X-IronPort-AV: E=Sophos;i="5.70,518,1574121600"; d="scan'208";a="442753350"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 05 Mar 2020 12:46:00 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by alln-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id 025Ck0IU018077 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 5 Mar 2020 12:46:00 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 5 Mar 2020 06:46:00 -0600
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 5 Mar 2020 06:45:59 -0600
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 5 Mar 2020 06:45:59 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; =?utf-8?q?b=3DeM5f3BuZXvRMqmiSivRdgI5mlqTVFmSiovK7m02ZpDVU4xaZ+valyUWZr9fGw?= =?utf-8?q?YBe4xhxgD8Fcvf9sqqTPg3cUuhLJBhlh0fyEhKHmBP+xKUMRP7vdqw9/mtfLaqSEP?= =?utf-8?q?JOYxrvnELIJT4hw8vnsSa2A5+bo4ZWIegGrhC6HtgncrDzbqZKqavD37++LO8b6EJ?= =?utf-8?q?fPsym1CbMvtPHqlLyXudhAT6hUP4tQM7a61897yuWuO7IpvSFgrbyoEI8WKA3cAGu?= =?utf-8?q?V3ezSc/8arJBYOdLcx+hamhtVobZNqTdzszn0Ok5zAaSCsLVNRQ68Df6mrV7EfQaP?= =?utf-8?q?kJyqKQPvXFwLVO2keSH1g=3D=3D?=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AMessage-ID=3ACont?= =?utf-8?q?ent-Type=3AMIME-Version=3AX-MS-Exchange-SenderADCheck=3B?= =?utf-8?q?bh=3D6TxmBb/bjrJFE3aoOs+lcyVlo+QHyX3Z7Ryc0tz0GIY=3D=3B_b=3DMWF1IJ?= =?utf-8?q?5wh/Iq7dSpyheHpRDL12Qa2KB9LQQGDpR3+LeDsWGp2Xz8C7x9ILABNtyWzud1jua?= =?utf-8?q?oA+KmmBVIMX+Ux8wWEilNMa35QWpP+YHYQNmXZWWg/WnjiyIQZbE9kOokMsQn4S9Z?= =?utf-8?q?CNSAcYg7Fv+ufmaV51ic1cF6gxoZLjOajHY4AuKwWuKl1Ho8k4a24nC1heArfwePN?= =?utf-8?q?xI5tL9l0YA0lksxL2fyljRmfTk2Xv90dvQm6Uahd2lTj1PUf91++XNCJzFPARUlv/?= =?utf-8?q?Sg+okpmea2u1ube2ZSsFbsnRqeByATbpQGXTPNQjMCE2o2DzLdOj+8Je+o0f4Cy+3?= =?utf-8?q?bo3Yo5jCQHQ=3D=3D?=
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AM?= =?utf-8?q?essage-ID=3AContent-Type=3AMIME-Version=3AX-MS-Exchange-SenderADC?= =?utf-8?q?heck=3B_bh=3D6TxmBb/bjrJFE3aoOs+lcyVlo+QHyX3Z7Ryc0tz0GIY=3D=3B_b?= =?utf-8?q?=3DiByVWDHYVyvGXeMtCvSJj9Ojtl0Ujm1In1MGkCT3bs8bkD3U4abb7dkKw8cQXv?= =?utf-8?q?tyvZ4DimDNGPQcWDMC+FV/SrTVnKjtdRvxLkOQkczL+Ao1eQn5iF5LsRKHr0lIXB2?= =?utf-8?q?KoSo3LwU33LUegtm3x5MNWie5x2KDczbOFH/qGujPfRo=3D?=
Received: from BY5PR11MB4355.namprd11.prod.outlook.com (2603:10b6:a03:1c3::13) by BY5PR11MB4119.namprd11.prod.outlook.com (2603:10b6:a03:190::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.14; Thu, 5 Mar 2020 12:45:59 +0000
Received: from BY5PR11MB4355.namprd11.prod.outlook.com ([fe80::5434:7127:ff4b:e6f4]) by BY5PR11MB4355.namprd11.prod.outlook.com ([fe80::5434:7127:ff4b:e6f4%4]) with mapi id 15.20.2772.019; Thu, 5 Mar 2020 12:45:58 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: "draft-ietf-pim-msdp-yang@ietf.org" <draft-ietf-pim-msdp-yang@ietf.org>, "pim@ietf.org" <pim@ietf.org>, Benjamin Kaduk <kaduk@mit.edu>
CC: "stig@venaas.com" <stig@venaas.com>, "aretana.ietf@gmail.com" <aretana.ietf@gmail.com>, "pim-chairs@ietf.org" <pim-chairs@ietf.org>, "The IESG" <iesg@ietf.org>
Thread-Topic: Benjamin Kaduk's Discuss on draft-ietf-pim-msdp-yang-15: (with DISCUSS and COMMENT)
Thread-Index: AQHV7pP+Gu0xDp1EsU21XSx09cSSlag5xWKA
Date: Thu, 5 Mar 2020 12:45:58 +0000
Message-ID: =?utf-8?q?=3CBY5PR11MB4355EEDAC3E7F74E30513F77B5E20=40BY5PR11MB4?= =?utf-8?q?355=2Enamprd11=2Eprod=2Eoutlook=2Ecom=3E?=
References: <158293472729.19702.5439622676048995721@ietfa.amsl.com>
In-Reply-To: <158293472729.19702.5439622676048995721@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rwilton@cisco.com;
x-originating-ip: [2001:420:c0c0:1007::12f]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c76c3d23-6aa3-44a3-94be-08d7c1032793
x-ms-traffictypediagnostic: BY5PR11MB4119:
x-microsoft-antispam-prvs: =?utf-8?q?=3CBY5PR11MB4119BDE3F6A835267CC37ABAB5E?= =?utf-8?q?20=40BY5PR11MB4119=2Enamprd11=2Eprod=2Eoutlook=2Ecom=3E?=
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-forefront-prvs: 03333C607F
x-forefront-antispam-report: SFV:NSPM; =?utf-8?q?SFS=3A=2810009020=29=284636?= =?utf-8?b?MDA5KSgxMzYwMDMpKDM5ODYwNDAwMDAyKSgzNzYwMDIpKDM0NjAwMikoMzY2?= =?utf-8?b?MDA0KSgzOTYwMDMpKDE4OTAwMykoMTk5MDA0KSg5Njg2MDAzKSg4NjM2MjAwMSko?= =?utf-8?q?4326008=29=28966005=29=2855016002=29=288676002=29=2881166006=29?= =?utf-8?q?=2881156014=29=288936002=29=2871200400001=29=28478600001=29=28316?= =?utf-8?q?002=29=28110136005=29=2830864003=29=2866556008=29=2853546011=29?= =?utf-8?q?=2866476007=29=2866946007=29=2864756008=29=286506007=29=287611600?= =?utf-8?b?NikoNTQ5MDYwMDMpKDE4NjAwMykoMjkwNjAwMikoNjY0NDYwMDgpKDUyNTM2?= =?utf-8?q?014=29=287696005=29=285660300002=29=2833656002=29=3B?= DIR:OUT; SFP:1101; SCL:1; SRVR:BY5PR11MB4119; H:BY5PR11MB4355.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: =?utf-8?q?GLNlkAlaj49xzrRyUqu+ALOmtjSeJ0Q?= =?utf-8?q?q4Gh+f+M8DqYsTRf1kmaFs5i1szr5+A3G80sIt8/zwnjgdKBmnCXmC8CpLPJ7KRzl?= =?utf-8?q?vnnu6xZg7H6K/3pmh22q7bKaGwyYeQsT1Tz2EJwL6RVxtpitx2sY81TGQVD0muD1m?= =?utf-8?q?k7OcjoRaYUex59T3LFNnyMeUmwqd5WO0I0OYVuYe1qsGImbFcWrJUqAJonVWswvGS?= =?utf-8?q?kK00jPm68IT0s9EksH00ROesvtGG0lfgyg5EK7feSz7Vs/WnvbdiyAN60EUW4nzDc?= =?utf-8?q?tPHRmqAvO6b71dWqnjozfJbk+dNlMR3xpoSbnyqH4ana89WttUgukdLvFo8Ywn9eE?= =?utf-8?q?809mAc0tZ+owJLXADF2PwidXVi7qAub47yVbIZnpPX56K9qni2ugAP3bOs33Bk04t?= =?utf-8?q?B/LQik/6Mwaq4RiI9YR3ewOO2WhkvvrWnGTDg191N3lt7PWIp2Q40iFDwfED+NBxO?= =?utf-8?q?P8TwpTlT/+2z4+OjOr05BXfnKSjUB45lkg0zWS7fL+qISi8g=3D=3D?=
x-ms-exchange-antispam-messagedata: =?utf-8?q?Eox7mEjau922vZi84mdYzQrKIFwdKI?= =?utf-8?q?9h9Esi2uqWpSSWHMJGKYXKdf5uR8/Xe2fgTXxsfLjgtEdRXjnBCvLaM6bombW3JCU?= =?utf-8?q?W37/QjTFlxsKkTzZ2Q/N2lOWgPijhch+2Cup+5xk17+UQYerrPJ5EGjp2IFpKLtB7?= =?utf-8?q?WM2KfKGcz0o=3D?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: c76c3d23-6aa3-44a3-94be-08d7c1032793
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Mar 2020 12:45:58.6462 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: =?utf-8?q?Uuhb9OrQXmv37SUhd7UR3?= =?utf-8?q?LNtIUUd0uP8k3++YAV8RFlzn6NEgds1CIsksEmsBNUKPsYTvYw0um+x9nOKmZ8nDw?= =?utf-8?q?=3D=3D?=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR11MB4119
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.11, xch-rcd-001.cisco.com
X-Outbound-Node: alln-core-7.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/pim/lQ6va3Eub1-Y_zgjfvOE8A3M4cI>
Subject: Re: [pim] Benjamin Kaduk's Discuss on draft-ietf-pim-msdp-yang-15: (with DISCUSS and COMMENT)
X-BeenThere: pim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Protocol Independent Multicast <pim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pim>, <mailto:pim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim/>
List-Post: <mailto:pim@ietf.org>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pim>, <mailto:pim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2020 12:46:12 -0000

Hi,

Some additional comment on Ben's comments, and also a comment about actions.

> site note: Both holdtime-interval and keepalive-interval have "must"
> statements asserting that keepalive < holdtime when both are present.
> Is it well-defined which one will trigger if an attempt is made to violate
> the condition?  (The error message is the same for both, so this is
> basically just for my personal edification.)

Both of these would trigger.

I believe that these must statements can be simplified:
 - It is only necessary (and more correct) to only have one of them.
 - No special handling is required for defaults.  At the point in the instance data tree that the must statements is evaluated, it will be known that the other leaf semantically exists because it has a defined default value.

So, these two leaf statements can just be written as:

        leaf holdtime-interval {
          type uint16 {
            range "3..65535";
          }
          units seconds;
          default 75;
          description "The SA hold down period of this MSDP peer.";
        }
        leaf keepalive-interval {
          type uint16 {
              range "1..65535";
          }
          units seconds;
          must '. < ../holdtime-interval' {
            error-message
              "The keepalive interval must be smaller than the
               hold time interval";
          }
          default 60;
          description "The keepalive timer of this MSDP peer.";
        }


In addition to this, I think that it would be helpful for the draft to highlight that it defines action statements, along with a brief description of what they do.  This could probably just be added to the end of section 3.2.

For the action statements in the YANG model, did you consider binding them more directly to the data nodes that they are affecting?

For example, I would suggest splitting the "clear-peer" action into two separate actions:
 1) clear - that could be defined within the "peer" entry (and hence would require no arguments)
 2) clear-all - defined under the "peers" container, but requiring no arguments.

For the "clear-sa-cache" action, this could be defined under "sa-cache", and renamed to "clear", but otherwise the definition would stay as is.

Thanks,
Rob


> -----Original Message-----
> From: iesg <iesg-bounces@ietf.org> On Behalf Of Benjamin Kaduk via
> Datatracker
> Sent: 29 February 2020 00:05
> To: The IESG <iesg@ietf.org>
> Cc: stig@venaas.com; aretana.ietf@gmail.com; pim-chairs@ietf.org;
> pim@ietf.org; draft-ietf-pim-msdp-yang@ietf.org
> Subject: Benjamin Kaduk's Discuss on draft-ietf-pim-msdp-yang-15: (with
> DISCUSS and COMMENT)
> 
> Benjamin Kaduk has entered the following ballot position for
> draft-ietf-pim-msdp-yang-15: Discuss
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-pim-msdp-yang/
> 
> 
> 
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
> 
> I don't think there's enough clarity on what authentication schemes are
> supported and how the YANG configuration interacts with MSDP operation.
> If I'm reading^Wsearching through RFC 3618 correctly, the only supported
> authentication mechanism is TCP-MD5 (RFC 2385), and there have been no
> updates to RFC 3618 that are indicated in the RFC database.  However, RFC
> 2385 is obsoleted by RFC 5925 (TCP-AO).  Can TCP-AO be used with MSDP?
> What protocol elements or operation are controlled by the "authentication"
> container?  What algorithms are valid for use with the "password" case?
> RFC 8177 is the sole reference for both the "key-chain" leaf and the
> "password" case, but that does not seem a sufficient reference from which
> to implement.
> 
> Also, there are a couple of elements in the "state-attributes" container
> that say they indicate a time when something will/did happen and measure
> it in seconds.  I don't see an indication of what the reference point is
> for them, though -- "seconds since when?".  Further context in the COMMENT
> to avoid too much quoted text here.
> 
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> This document (and the YANG module) lists six authors, which is more than
> the typical five and would normally spark some discussion.  I do see that
> the shepherd writeup indicates that all six members of the design team
> were quite active, and presume that this indicates that it is appropriate
> to have the larger author count than is typically seen.
> 
> Section 2.1
> 
>    This model can be used to configure and manage MSDP protocol.  The
> 
> nit: "the MSDP protocol".
> 
> Section 3.1
> 
>    MSDP configurations require peer configurations.  Several peers may
> 
> nit: this sentence on first read sounds like it is instantiating a
> dependency loop ("my MDSP configuration depends on my peers' MSDP
> configuration, which in turn depends on mine").  I suspect the intent is
> to say something like "MSDP operation requires configuration information
> that is distributed amongst several peers" or "MSDP operation requires
> that all peers active in a given group receive identical configuration
> information for that group" or similar.
> 
> Section 4
> 
>     grouping authentication-container {
>           [...]
>           case password {
>             leaf key {
>               type string;
>               description
>                 "This leaf describes the authentication key.";
>               reference
> 
> I'm not entirely sure what is being "described" -- if this is the
> "password" choice (vs. key-chain), is it not the actual password itself
> (versus a description thereof)?
> 
>             leaf crypto-algorithm {
>               type identityref {
>                 base key-chain:crypto-algorithm;
>               }
>               description
>                 "Cryptographic algorithm associated with key.";
> 
> This is still in the "password" case, and I'm not entirely sure which
> sorts of algorithms you're expecting to see here.  Things like "hmad-sha-
> 256" don't really apply directly to a password, and bare hashes like sha-1
> are cryptographically bad choices.
> 
>     grouping global-config-attributes {
>         [...]
>           "The default peer accepts all MSDP SA messages.
>            A default peer is needed in topologies where MSDP peers
>            do not coexist with BGP peers. The reverse path
>            forwarding (RPF) check on SA messages can fail, and no
>            SA messages are accepted. In these cases, you can configure
>            the peer as a default peer and bypass RPF checks.";
> 
> nit: I think there could be a better connection between the sentences
> here.  Is the need for default peer (in such topologies) due solely to the
> potential for RPF failure?
> 
>         leaf peer-addr {
>           type leafref {
>             path "../../../peers/peer/address";
> 
> [Does this imply restrictions on where the grouping can be used in the
> tree?]
> 
>       leaf mesh-group {
>         type string;
>         description
>           "Configure this peer to be a member of a mesh group";
>         reference
>           "RFC 3618: Multicast Source Discovery Protocol (MSDP),
>                      section 10.2.";
>       }
> 
> This description leaves the reader rather unclear about what the contents
> of this string-type leaf are supposed to be.
> 
>       leaf peer-as {
>          [...]
>           "Peer's autonomous system number (ASN). Using peer-as to
>            do verification can provide more controlled ability.
> 
> nits: (1) more controlled than what?  (2) ability to do what?
> 
>            If the AS number is the same as the local AS, then the
>            peer is within the same domain; otherwise, this peer is
>            external to the domain. Like the definition and usage
>            in BGP protocol.";
> 
> nit: "BGP protocol" is redundant.
> 
> site note: Both holdtime-interval and keepalive-interval have "must"
> statements asserting that keepalive < holdtime when both are present.
> Is it well-defined which one will trigger if an attempt is made to violate
> the condition?  (The error message is the same for both, so this is
> basically just for my personal edification.)
> 
>       leaf elapsed-time {
>         type uint32;
>         units seconds;
>         config false;
>         description "Elapsed time for being in a state.";
>       }
> 
> Is this more properly a counter type than a uint32?
> 
>       leaf is-default-peer {
>         type boolean;
>         config false;
>         description "'true' if this peer is a default peer.";
> 
> nit(?): how can there be more than one ("a") default peer?
> 
>       leaf reset-count {
>         type uint32;
>         config false;
>         description "The reset count of this peer.";
>       }
> 
> This one also sounds like it might be a counter.
> 
>       container statistics {
> 
> Please double-check for whether counter and/or gauge types might be more
> appropriate than integer types.
> 
>             container state-attributes {
>               description "SA cache state attributes for MSDP.";
> 
>               leaf up-time {
>                 type uint32;
>                 units seconds;
>                 description
>                   "Indicates the time when this SA entry is created
>                    in the cache. MSDP is a periodic protocol, the
>                    up-time value can be used to check the state of
>                    SA cache.";
>               }
>               leaf expire {
>                 type uint32;
>                 units seconds;
>                 description
>                   "Indicates the time when this SA entry in the cache
>                    times out. MSDP is a periodic protocol, the expire
>                    value can be used to check the state of SA cache.";
>               }
> 
> If these are "time" entries, that sounds like an absolute time.  If it's
> measured in seconds, what is the reference point for that absolute time?
> 
>               leaf rpf-peer {
>                 type inet:ipv4-address;
>                 description
>                   "The address is used to find the SA's
>                    originating RP.";
> 
> "used to find" the originating RP or *is* the originating RP?  The name
> would suggest the latter.
> 
> Section 5
> 
>       This subtree specifies the configuration for the MSDP attributes
>       at the peer level.  The modification configuration will allow the
>       unexpected MSDP peer establishment and unexpected SA information
>       learning and advertisement.
> 
> nits: s/allow the unexpected/allow unexpected/; s/The modification
> cofiguration/Modifying the configuration/.
> 
>       The "key" field is also a sensitive readable configuration, the
>       unauthorized reading function may lead to the password leaking.
>       The modification will allow the unexpected peer reconstruction.
> 
> I think it would be appropriate to mention that the key-chain choice from
> RFC 8177 is designed to avoid this sort of vulnerabilities.
> Also, nits: comma splice in the first sentence, and s/The
> modification/Modification/.
> 
> Also^2, is this note better placed in the "readable data nodes" section of
> the template?
> 
>    /rt:routing/rt:control-plane-protocols/msdp,
> 
>    Unauthorized access to any data node of the above subtree can
>    disclose the operational state information of MSDP on this device.
> 
> It would be nice to go into a bit more detail about some of the
> particularly important leaves under the msdp tree, and how knowing their
> contents might aid an attacker.
> E.g., the ACL nodes seem of particular interest (whether reading or
> writing).
> 
>    Unauthorized access to any of the above action operations can
>    reconstruct the MSDP peers or delete SA records on this device.
> 
> Will the reader know what "reconstruct the peer" means here (and the
> operational/security impact of doing so)?
> 
> Section 9.1
> 
> It's not entirely clear to me that RFC 3688 is referenced in a normative
> (as opposed to informative) manner.
> 
> Appendix A
> 
> Where does the 173.104.116.8 addrss come from?  I don't see it in RFC
> 5737 and it's not in the multicast range.
> Likewise for 101/8.
> 
>