Re: [pim] pim-dr-improvement wglc

"Holland, Jake" <jholland@akamai.com> Fri, 18 January 2019 19:51 UTC

Return-Path: <jholland@akamai.com>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B1B613136C for <pim@ietfa.amsl.com>; Fri, 18 Jan 2019 11:51:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.252
X-Spam-Level:
X-Spam-Status: No, score=-5.252 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, KHOP_DYNAMIC=2, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GHYvDYUb73dJ for <pim@ietfa.amsl.com>; Fri, 18 Jan 2019 11:51:49 -0800 (PST)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67E50131366 for <pim@ietf.org>; Fri, 18 Jan 2019 11:51:49 -0800 (PST)
Received: from pps.filterd (m0122333.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x0IJm3GM006633; Fri, 18 Jan 2019 19:51:48 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : content-type : mime-version; s=jan2016.eng; bh=H3ONf38quAwTnpLLeHJK7pdeCLfwKFuGLCoA+vKYeac=; b=e+HT9lhgwFK888+B+c5UF0w8WLu6pGW2Y0haUCxe7/xDK/nsUjUAXss32DYhrSFQVPK1 afWn8m1YNuIrq1JpVM4jqo66iOXStSctz8FS5TBBHo0VZv7S1QmWGXBhgB1EQ1pCqaPU No/FYf82p27dHl6Cyu0oRlsLotOJnlfbfoe5OI8fObu5vhGmL+JOJXc9XpaH2OgWeQHM /lp9kV9u5g/lJAG33MEjbgAqRfyttDEv5cHxRCHbbMq/FN1nLU/sxbRMeVXTSRIeUF8r r40uShrKGuTmlwYYaVaQVJt6igzuALduyzb+RUoGfijiz8l4csp8+aa5L+aGyqIPMaLp kg==
Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18]) by mx0a-00190b01.pphosted.com with ESMTP id 2q2vu1m38e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Jan 2019 19:51:47 +0000
Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x0IJlESm023694; Fri, 18 Jan 2019 14:51:45 -0500
Received: from email.msg.corp.akamai.com ([172.27.25.33]) by prod-mail-ppoint1.akamai.com with ESMTP id 2pycf18865-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 18 Jan 2019 14:51:40 -0500
Received: from USTX2EX-DAG1MB4.msg.corp.akamai.com (172.27.27.104) by ustx2ex-dag1mb2.msg.corp.akamai.com (172.27.27.102) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Fri, 18 Jan 2019 13:50:59 -0600
Received: from USTX2EX-DAG1MB4.msg.corp.akamai.com ([172.27.6.134]) by ustx2ex-dag1mb4.msg.corp.akamai.com ([172.27.6.134]) with mapi id 15.00.1365.000; Fri, 18 Jan 2019 13:50:59 -0600
From: "Holland, Jake" <jholland@akamai.com>
To: "zhang.zheng@zte.com.cn" <zhang.zheng@zte.com.cn>, "gregimirsky@gmail.com" <gregimirsky@gmail.com>, "stig@venaas.com" <stig@venaas.com>
CC: "pim@ietf.org" <pim@ietf.org>
Thread-Topic: [pim] pim-dr-improvement wglc
Thread-Index: AQHUr2chz8/flP8xrkaNV8Pk64GZxA==
Date: Fri, 18 Jan 2019 19:50:58 +0000
Message-ID: <C4C0FEC9-28D2-4A2B-9EEF-1687560C04BE@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.14.0.181208
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.112.188]
Content-Type: multipart/alternative; boundary="_000_C4C0FEC928D24A2B9EEF1687560C04BEakamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-01-18_11:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1901180142
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-01-18_11:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1901180142
Archived-At: <https://mailarchive.ietf.org/arch/msg/pim/s__FkVuqoNuEWzi527KNw8rr7c4>
X-Mailman-Approved-At: Fri, 25 Jan 2019 15:30:50 -0800
Subject: Re: [pim] pim-dr-improvement wglc
X-BeenThere: pim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Protocol Independent Multicast <pim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pim>, <mailto:pim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim/>
List-Post: <mailto:pim@ietf.org>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pim>, <mailto:pim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jan 2019 19:51:54 -0000

Hi Sandy,

Thanks, I think this is much improved and easier to read.

Looking over this again, I noticed what might be another issue from this clause in section 4:

When the new router becomes the new BDR, the router will join the
   current multicast groups, and import multicast flows from upstream
   routers.  But the BDR must not forward the multicast flows to avoid
   the duplicate multicast packets in the shared-media LAN.

Does this mean there’s a change to the JoinDesired(S,G) and JoinDesired(*,G) macros from RFC 7761?
And if so, is it as simple as adding “OR (I am BDR and Assert Winner’s IP address == DR’s IP)”?

It seems like this also would update section 4.2, or possibly create another kind of list besides immediate_olist and inherited_olist—for example I think BDR would still restart the (S,G) Keepalive timer even though the outgoing interface list for the packet might be empty now. Are there any other updates to this logic?

I’m not sure whether there’s any other impact on the assert state machine, but I didn’t see it covered in the draft.

Should this draft perhaps provide new pseudocode for all the pseudocode that’s updated in RFC 7761?


I also noticed another nit:
section 4.1: “minium” -> “minimum”.

Thanks and regards,
Jake


From: "zhang.zheng@zte.com.cn" <zhang.zheng@zte.com.cn>
Date: 2019-01-17 at 01:10
To: "gregimirsky@gmail.com" <gregimirsky@gmail.com>om>, "Holland, Jake" <jholland@akamai.com>om>, "stig@venaas.com" <stig@venaas.com>
Cc: "pim@ietf.org" <pim@ietf.org>
Subject: Re:[pim] pim-dr-improvement wglc


Hi Greg, Jake, Stig,



Thank you very much for your careful review and suggestion!

A new version of this draft has been submitted.

The nits you mentioned are fixed. And I add more description in Compatibility section and Security Considerations section.

Appreciate for your more view!



PS. It seems like the previous email has been held for some reasons, so I resend this email. Sorry for the duplicate emails.



Best regards,

Sandy


原始邮件
发件人:StigVenaas <stig@venaas.com>
收件人:Holland, Jake <jholland@akamai.com>om>;
抄送人:pim@ietf.org <pim@ietf.org>rg>;
日 期 :2019年01月16日 01:11
主 题 :Re: [pim] pim-dr-improvement wglc
Hi

I overall agree with the other reviewers' comments. One high level
concern I think needs to be addressed in the draft is how to detect
that other neighbors support the mechanism, and how to behave if not
all routers support it.

One way of detecting support for the mechanism would be to check if
neighbors announce the new options. In that case, what should be the
content of the options if not all neighbors support it. Also, is it OK
to use the mechanism if the neighbors not supporting it have a low DR
priority, or is it better to require that all neighbors support it?
What should be the behavior once all neighbors support it (a
non-capable neighbor went away), or if a non-capable neighbor comes
up?

Section 4.2 should talk about primary address, not Router ID.

Regards,
Stig

On Mon, Jan 14, 2019 at 2:08 PM Holland, Jake <jholland@akamai.com> wrote:
>
> Hi,
>
>
>
> I think the extension is a good idea and that this doc gives a good
>
> explanation of how it works. However, I think there’s some issues that
>
> should be addressed before publication as a Standards Track RFC.
>
>
>
>
>
> Major issues:
>
> 1. The security considerations section seems too thin. (The complete
>
> contents of the section are “For general PIM Security Considerations.”)
>
>
>
> 1.a. I think there are some security implications because of
>
> the new stickiness in the DR election process. For instance, in
>
> https://tools.ietf.org/html/rfc5015#section-5.1.1 when describing what
>
> happens when a DR has been impersonated, it implies there’s a
>
> mitigation (“[The impersonated] node typically will be able to detect
>
> the anomaly and, possibly, restart a new election.”)
>
>
>
> But because the DR is more sticky with this new extension, I think the
>
> kind of temporary disruption would have a more permanent effect that
>
> the impersonated node could not mitigate. I might be wrong about that
>
> being actually more dangerous, but it worries me that there’s no
>
> mention of issues like these in the security considerations section.
>
>
>
> I think for this point, it might be enough to just say that the
>
> election process may be more vulnerable to temporary disruption because
>
> the DR election is more persistent, and that this increases the
>
> importance of using source authentication to avoid DoS from malicious
>
> activity.
>
>
>
> 1.b. I think this probably should mention that BFD security
>
> considerations are applicable also, or the considerations for whatever
>
> DR failure detection mechanism is used.
>
>
>
> 2. There should probably be a reference to BFD, and perhaps other
>
> fast failure detection mechanisms, if they’re recommended.
>
>
>
> More generally, it seems to me that the speed of DR failure detection
>
> is of critical importance in using this mechanism, so the one brief
>
> mention (which doesn't explain the pros and cons of faster detection or
>
> make any recommendations about technologies to use) seems like it
>
> skims past a key point without explaining it in depth.
>
>
>
>
>
> Minor/editorial issues:
>
>
>
> 1. In section 3.2, it probably should talk about the IP version in the
>
> PIM message, instead of IP version supported by the network. The way
>
> it’s written, it seems to make it impossible to run a dual-stacked
>
> network with 2 instances of PIM, but I don’t think that’s the intent.
>
>
>
> 2. Should the reference to 2328 be informative instead of normative? It
>
> seems like it’s only used as an example.
>
>
>
> 3. The IANA considerations section should follow the guidelines from
>
> RFC 8126 section 1.3 (exact name of the registry, for instance). It
>
> also seems useful to make 2 separate values, TBD1 and TBD2 instead of
>
> using TBD for both.
>
>
>
> 4. “SW” is not defined in the diagram in Figure 1. I think the 2 SW
>
> boxes are Layer 2 switches on the same LAN, but I’m not certain.
>
>
>
> 5. In section 4, I think "MUST not" in the last paragraph should have
>
> NOT capitalized?
>
>
>
> 6. I don't understand the meaning of "The treatment" as the title
>
> for section 4.5.
>
>
>
> 7. There are a lot of English language nits. I saw that Greg covered
>
> several of them, so I’ll just mention the ones I saw in sections he
>
> didn’t cover:
>
>
>
> section 1:
>
> “can be adjust to” -> “can be adjusted to”
>
> “Still, may multicast packets” – should this be “many” instead of “may”?
>
> “new comers” is one word (this appears several times in the doc)
>
> I’m not certain, but I think each time the word “Ethernet” is used, “LAN” was intended?
>
> “new comers which has a higher”: has->have
>
>
>
> ... (skipping sections Greg Mirsky covered) ...
>
>
>
> section 4.5:
>
> “are start to work on the same time”
>
> “when a new router start to work” -> starts to work
>
> “fails or manually adjustment” -> fails or is manually adjusted
>
>
>
> I had to stop early before finishing a catalogue of all the rest of the
>
> issues I could find, but because of the very high density of nits, I’ll
>
> suggest it might be a good idea to try using an English-language
>
> proofreading service that works with technical documents.
>
>
>
> This is not an endorsement, and I’ve never used their services, but as
>
> an example of the kind of service I mean, here’s one I found in a few
>
> moments with a search engine:
>
> https://www.proof-reading-service.com/
>
>
>
>
>
> Thanks for this work, it seems like a useful extension.
>
>
>
> Best,
>
> Jake
>
>
>
>
>
> From: Michael McBride <Michael.McBride@huawei.com>
> Date: 2019-01-08 at 10:29
> To: "pim@ietf.org" <pim@ietf.org>
> Subject: [pim] pim-dr-improvement wglc
>
>
>
> Happy New Year!
>
>
>
> Today begins a two week wglc for draft-ietf-pim-dr-improvement-06. In Bangkok, 4 people indicated that they had read the draft and each agreed it’s ready for wglc. Let’s please read the draft one more time and confirm, on this list, that it’s ready to be sent to iesg.
>
>
>
> https://tools.ietf.org/html/draft-ietf-pim-dr-improvement-06
>
>
>
> thanks,
>
> mike
>
> _______________________________________________
> pim mailing list
> pim@ietf.org
> https://www.ietf.org/mailman/listinfo/pim

_______________________________________________
pim mailing list
pim@ietf.org
https://www.ietf.org/mailman/listinfo/pim