IETF Logo Mail Archive

Re: [pim] AD Review of draft-ietf-pim-explicit-rpf-vector-06

Stig Venaas <stig@venaas.com> Mon, 26 October 2015 22:31 UTC

Return-Path: <stig@venaas.com>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C7991A8835 for <pim@ietfa.amsl.com>; Mon, 26 Oct 2015 15:31:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9jbvFPBXsm68 for <pim@ietfa.amsl.com>; Mon, 26 Oct 2015 15:31:51 -0700 (PDT)
Received: from mail-lf0-x22c.google.com (mail-lf0-x22c.google.com [IPv6:2a00:1450:4010:c07::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F13D1A882F for <pim@ietf.org>; Mon, 26 Oct 2015 15:31:51 -0700 (PDT)
Received: by lfaz124 with SMTP id z124so164350298lfa.1 for <pim@ietf.org>; Mon, 26 Oct 2015 15:31:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=venaas_com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=gu8jZ1AP2Z4I3pUqz3oLSdodAAI5PSB+0erF8NKdWUM=; b=HjetL5SHmWTxYX/2h90cVCIxe+/5QZE9igoo7UgspGOzCXf83LLKg6GPjYeMRx1cG5 u809YZwheRrvmxcHCS9NpcrxkHq0H9L3tso2zeRkewB0tz8KHPMy9JBHX3fF4Ea9q56k i3A1gdH2grHA+ZA5VVZFmk7DLKjRFdQUDxXoE2bMMnPz7xrj6i33kUwFHzyrKzhiKI5K HQOvZnfIA6tP6Uekh9mtvzc/9fZA4ukVy4ckwvEp8t/CyVeNzlH+C/KDIq3fY87+zhGb a44Cptz9HL2jYqORdKeyBRtaSAxVb149fyA53nDN7KKhIL/YYNtWdmlSh0SS+ld8pbz8 8yyw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=gu8jZ1AP2Z4I3pUqz3oLSdodAAI5PSB+0erF8NKdWUM=; b=LUuFqsMegs382vagAP2tMRSVTEhRrYzfWhe1PAMFHFd3Vaym0ND0BZKZkvAwogDA8B uP0hfVQw7v32+EEZVtGAwym8y0asyiSYWpgdd2nfBkzc96nPf2Wk7EmreJENwjH2vM6c k8XS4njinOg2libnMZt3j6z0vjuLiZesv1ao72SN29xdqMJmX9MNpTtd+3MELtRC2d/X IiS/1GnChyTaJEw1/C5vM5S6FVUHaIGhNgMsqzuBzbtvwfyqVM9xm481E9IIP3JbdNrq Fs5HDhWRiU6GYSXjS8OzbgJ5vGLI7yh9yXzczmQYgAodvUURT7YU4sXnXXt5JI0hZorz cbdw==
X-Gm-Message-State: ALoCoQm4f9KmFKfCmJdSVvHv0uAzAh1ER4dJD321fsxOFUf8YeVCSQAvkxutbqMaphpCbrAoKs7L
MIME-Version: 1.0
X-Received: by 10.25.137.84 with SMTP id l81mr4181073lfd.69.1445898709215; Mon, 26 Oct 2015 15:31:49 -0700 (PDT)
Received: by 10.25.42.19 with HTTP; Mon, 26 Oct 2015 15:31:49 -0700 (PDT)
In-Reply-To: <1445897287704.60786@cisco.com>
References: <D239907B.D7D75%aretana@cisco.com> <1445897287704.60786@cisco.com>
Date: Mon, 26 Oct 2015 15:31:49 -0700
Message-ID: <CAHANBt+rtF7UcaMfKzmVDtHmJ1=3gz2B_VMqj8q+ZE+OB5rrGw@mail.gmail.com>
From: Stig Venaas <stig@venaas.com>
To: "Sowmya Krishnaswamy (sowkrish)" <sowkrish@cisco.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/pim/pe1W1W83z2CI4cQTltyd3k3g_Fc>
Cc: "draft-ietf-pim-explicit-rpf-vector@ietf.org" <draft-ietf-pim-explicit-rpf-vector@ietf.org>, "mmcbride7@gmail.com" <mmcbride7@gmail.com>, "pim-chairs@ietf.org" <pim-chairs@ietf.org>, "pim@ietf.org" <pim@ietf.org>
Subject: Re: [pim] AD Review of draft-ietf-pim-explicit-rpf-vector-06
X-BeenThere: pim@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Protocol Independent Multicast <pim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pim>, <mailto:pim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim/>
List-Post: <mailto:pim@ietf.org>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pim>, <mailto:pim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Oct 2015 22:31:53 -0000

Hi

I'm fairly sure we discussed that the draft should be standards track
in some meeting, and I wonder if it was one of the things Alia brought
up when reviewing it?

I haven't found anything in the written minutes though. Don't any of
you authors remember? Any old emails you can find?

In the worst case someone will have to go and listen to the audio to
find out. We should not just change it back to Informational. I'm
pretty sure we must have changed to PS because we agreed to make the
change.

Stig


On Mon, Oct 26, 2015 at 2:56 PM, Sowmya Krishnaswamy (sowkrish)
<sowkrish@cisco.com> wrote:
> Hi Alvaro,
>
>
> Thanks for the detailed review comments. We have made corrections to address
> the review comments.
>
>
> Crux of the changes are as follows:
>
>
> 1. Updated the Status of the draft to Informational.
> 2. Stressed the fact that it is upto the mechanism that produce the explicit
> RPF vector to ensure that they are correct in Section 3 (Motivation) and
> again in the Section 11 (Security considerations).
> 3. Your comments about section 10 are valid, but at this point without
> making additional protocol changes to include a feedback mechanism to the
> end-nodes that are injecting the explicit RPF vector there is no clean way
> to address the security concern. We would like to limit the scope of this
> draft by clearly stating that the the controllers / mechanisms that inject
> the explicit rpf vector needs to check that the tree is built along the
> intended path.
> 4. We have removed Section 5 and updated it with the contents of Section 11
> (Explicit RPF Vector TLV Format). We have indicated that we support IPv4 and
> IPv6 address family.
> 5. We have updated references to ietf-rtgwg-mofrr to rfc7431.
> 6. Updated reference to rfc4601 to I-D.ietf-pim-rfc4601bis.
> 7. Regarding logic to handle conflicting attributes we are using the logic
> from RFC5384. The RPF vector from the neighbor with the lowest IP address is
> accepted.
> 8. We are not able to upload version 7 of the draft, it might be because it
> was sent for AD review, hence I am sending the updated draft as an
> attachment.
>
> Please let us know if the changes look ok.
>
> Best Regards
> Sowmya
>
> ________________________________
> From: Alvaro Retana (aretana)
> Sent: Wednesday, October 7, 2015 8:32 AM
> To: draft-ietf-pim-explicit-rpf-vector@ietf.org
> Cc: mmcbride7@gmail.com; pim-chairs@ietf.org; pim@ietf.org
> Subject: AD Review of draft-ietf-pim-explicit-rpf-vector-06
>
> Hi!
>
> I just finished reading this document.  I have a couple of Mayor items that
> should be easy to resolve and a some Minor ones.
>
> My main concern with this document is around the validation of the
> correctness of the information.  While  there is no specified mechanism to
> validate the correctness of the vectors, the Security Considerations section
> says that "the Explicit RPF Vector list should be subject to a policy to
> validate the list consists of a valid path before its used by a receiver to
> build a multicast tree"..so there seems to be a contradiction between that
> is expected and what is being specified.
>
> Knowing that we're in a world where external agents
> (controllers/administrators/etc.) somehow "know everything", I am ok with
> the assumption that they came up with a valid path ("How the Explicit RPF
> Vector list is determined is outside the scope of this document.") as long
> as potential risks are explicitly outlined, and some of the basics are
> clarified.
>
> I expect at least some discussions and an update to the document.  When that
> is done I'll start the IETF Last Call and move this document forward.
>
> Thanks!
>
> Alvaro.
>
>
>
> Major:
>
> Indented Status.  The datatracker page and the Shepherd Writeup both mention
> that the document should be "Informational because its useful primarily in
> specific scenarios and it's what the WG agreed upon", but the header says
> "Standards Track".  It looks like the status on the document changed in –05,
> which came out after the current Shepherd Writeup, but it's not clear from
> the mailing list if that was discussed (and the datatracket/writeup are just
> outdated) or if the document needs to be updated.
> Correctness and Validation.  As identified in Section 3. (Motivation), there
> are no "new mechanism in PIM to validate the correctness of the RPF
> vectors".
>
> New?  Are there existing mechanisms?
> Section 10. (Unsupported Explicit Vector Handling)
>
> The document expects "that the administrator computes the path to include
> routers that support explcit (sp) vector and check that the state is created
> correctly on each router along the path."  That is a very nice expectation,
> but what happens if something changes?
> What about the case where a mixed set of vectors exists, and the Explicit
> Vectors are the unsupported ones?
> Do changing conditions in the network with the potential of nodes not
> supporting the vectors, create a (security or operational) vulnerability?
>
> Section 13. (Security Considerations) does say that "the Explicit RPF Vector
> list should be subject to a policy to validate the list consists of a valid
> path before its used by a receiver to build a multicast tree."  This is
> interesting specially because there's text that says that "how the Explicit
> RPF Vector list is determined is outside the scope of this document."  IOW,
> the document is not saying how to build the information, but it does say
> that it has to be validated.  I have several questions about this — it would
> go a long way if you could be more explicit.  I don't think we need to
> include all the answers or be too specific, but a little more clarity might
> help with any concerns from the SecDir or Security ADs.
>
> What do you mean by a "policy"?  Are you hinting at a gating function to
> either accept or not a vector list?  If so, how would/could that be
> coordinated across multiple nodes?
> What is a "valid path"?  I assume that means a path made of "valid
> addresses", but is the validity determined just by a reachable address?  Or
> should the validator be looking for the addresses to be reachable in a
> specific order (path)?  Or ??
> BTW, in 11. (Explicit RPF Vector Attribute TLV Format) the address is
> defined as "Value: … This could be a valid primary or secondary address."
> "Could be", meaning it can be just that, or that it could be anything?
> Maybe just don't be so specific (primary or secondary) and leave it at
> "valid address".
>
> Section 11. (Explicit RPF Vector Attribute TLV Format)
>
> "Length:  Length depending on the Address Family of the Encoded-Unicast
> address."  [I know this is the same text as in rfc5496.]  The description
> sounds like I need to know what type of address I have in the next field to
> determine if the length is correct..but there is no explicit indication of
> which AF is being used.  In fact, nowhere in the document is there a mention
> that the possible AFs are IPv4/IPv6 — it would be very nice if that was
> explicitly mentioned.  I don't think we need to change the encoding at thins
> point, but knowing that (today) there are only two expected lengths would
> help with determining validity.
>
>
> Minor:
>
> References:
>
> The reference to I-D.ietf-rtgwg-mofrr is outdated (now rfc7431).  I also
> think we could make it an Informational Reference.
> Change the reference to rfc4601 to I-D.ietf-pim-rfc4601bis.  Please take a
> look at the updated Security Considerations (in draft-ietf-pim-rfc4601bis
> wrt rfc4601) to make sure that the reference still works.
>
> It looks like Section 5. (Explicit RPF Vector Attribute) is superfluous as
> the details of the TLV are defined elsewhere.  In fact, I would move Section
> 11 to this position (just a nit).
> Section 7. (Conflicting RPF Vectors)
>
> "…the content of the RPF Vectors MUST be compared ([RFC5384])."  It seems
> like this reference is out of place as rfc5384 was already positioned as not
> addressing the specific problem of mixed RPF vectors.

v2.23.0 | Report a Bug | By Email