Re: [radext] Ben Campbell's No Objection on draft-ietf-radext-ip-port-radius-ext-11: (with COMMENT)
<mohamed.boucadair@orange.com> Wed, 05 October 2016 13:56 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C09A1296EA; Wed, 5 Oct 2016 06:56:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.596
X-Spam-Level:
X-Spam-Status: No, score=-5.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-2.996, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T9wsnpaEuNhh; Wed, 5 Oct 2016 06:56:12 -0700 (PDT)
Received: from relais-inet.orange.com (relais-nor35.orange.com [80.12.70.35]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB70112970B; Wed, 5 Oct 2016 06:56:10 -0700 (PDT)
Received: from opfednr07.francetelecom.fr (unknown [xx.xx.xx.71]) by opfednr21.francetelecom.fr (ESMTP service) with ESMTP id B6B1EC15FD; Wed, 5 Oct 2016 15:56:09 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.13]) by opfednr07.francetelecom.fr (ESMTP service) with ESMTP id 7175C1C0066; Wed, 5 Oct 2016 15:56:09 +0200 (CEST)
Received: from OPEXCLILMA3.corporate.adroot.infra.ftgroup ([fe80::60a9:abc3:86e6:2541]) by OPEXCLILM6D.corporate.adroot.infra.ftgroup ([fe80::54f9:a6c3:c013:cbc7%19]) with mapi id 14.03.0319.002; Wed, 5 Oct 2016 15:56:08 +0200
From: mohamed.boucadair@orange.com
To: Ben Campbell <ben@nostrum.com>
Thread-Topic: Ben Campbell's No Objection on draft-ietf-radext-ip-port-radius-ext-11: (with COMMENT)
Thread-Index: AQHR+CL79RFoybOXyU604KVf75Xw46CaLGvg
Date: Wed, 05 Oct 2016 13:56:07 +0000
Message-ID: <044e0fbc-e426-4a02-8977-df7a6173c975@OPEXCLILM6D.corporate.adroot.infra.ftgroup>
References: <147139572703.19954.16899242977244663872.idtracker@ietfa.amsl.com>
In-Reply-To: <147139572703.19954.16899242977244663872.idtracker@ietfa.amsl.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.1]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/v9OtYm09qjnxlO8wuhQRLQTQR3Y>
Cc: The IESG <iesg@ietf.org>, "draft-ietf-radext-ip-port-radius-ext@ietf.org" <draft-ietf-radext-ip-port-radius-ext@ietf.org>, MORAND Lionel IMT/OLN <lionel.morand@orange.com>, "radext-chairs@ietf.org" <radext-chairs@ietf.org>, "radext@ietf.org" <radext@ietf.org>
Subject: Re: [radext] Ben Campbell's No Objection on draft-ietf-radext-ip-port-radius-ext-11: (with COMMENT)
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Oct 2016 13:56:17 -0000
Dear Ben, Thank you for the review. A new revision to integrate your comments is available online. FWIW, a diff to track the changes: https://www.ietf.org/rfcdiff?url1=draft-ietf-radext-ip-port-radius-ext-12&url2=draft-ietf-radext-ip-port-radius-ext-13 Please see inline for more details. Cheers, Med > -----Message d'origine----- > De : Ben Campbell [mailto:ben@nostrum.com] > Envoyé : mercredi 17 août 2016 03:02 > À : The IESG > Cc : draft-ietf-radext-ip-port-radius-ext@ietf.org; radext@ietf.org; > radext-chairs@ietf.org; MORAND Lionel IMT/OLN; radext@ietf.org > Objet : Ben Campbell's No Objection on draft-ietf-radext-ip-port-radius- > ext-11: (with COMMENT) > > Ben Campbell has entered the following ballot position for > draft-ietf-radext-ip-port-radius-ext-11: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-radext-ip-port-radius-ext/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I originally intended the two comments under "Major Issues" to be points > for a DISCUSS position. But I see Alissa has already captured the essence > of them in her DISCUSS. Therefore I will ballot NO OBJECTION for now, and > will watch that discussion. > > Major Issues: > > The guidance for IP-Port-Local-Id TLV contemplates using persistent > client identifiers, such as MAC addresses. Is that necessary? I suspect > the answer will be "yes". But if that is the case, the draft really > needs a privacy considerations section to discuss the implications and > tradeoffs. [Med] NEW text was added in -12. I will skip this point as it is discussed in other threads. > > - 3.1.1, paragraph 7: "However, the RADIUS server is not required to > honor such a > preference." > Please describe what it means to "not honor" such a preference? Does the > server report an error? Does the transaction succeed, but report a > different limit? Does the server just ignore the preference and do its > own thing? (I expect this applies to any number of failure conditions.) > [Med] Actually, that sentence is redundant with the previous one which explicitly says: "preferred maximum number". This means that the client may indicate a preference that may be, by definition, consider or ignored by the RADIUS server. The RADIUS server can return that value or another one in the response back to the client. The document does not include any text this as there is nothing to be done at the client side other than enforcing the limit that will be communicated by the RADIUS server. > Minor Issues: > > - Please clarify the applicability to IPv4 and IPv6. Specifically, I note > that you define TLVs for "internal" IPv4 and IPv6 addresses, but only for > "external" IPv4 address. I assume that to mean that this supports Nat44 > and Nat64 use cases, but not anything that uses IPv6 in the "external" > realm? (Whatever the answer, it would be helpful to have a paragraph or > two to make that explicit.) [Med] This NEW text was added: This document focuses on IPv4 address sharing. IPv6 prefix sharing mechanisms (e.g., NPTv6) are out of scope. > > -2, definition of "port-based device": > Wouldn’t that more properly be called a port-mapping device? (anything > using TCP or UDP would seem to be port-based) [Med] changed to "address sharing device" > > -3.1.1, last paragraph: > This language precludes new extension packet types from using the > attribute without updating this document. Is that really the intent? > Would it make sense to say something like "... MUST NOT appear in any > other RADIUS packet types defined at the time of this writing. If a > future packet type uses the attribute, the specification of that packet > type will need to define it's usage"? (Note that this issue repeats > several times in the document.) [Med] We are following the same language as usually done in RADIUS specifications. No change is needed, IMHO. > > Editorial Comments and Nits: > > - The use of the term "session" seems inconsistent. In some places it > seems like an IPFlow or a NAT mapping, but in other places it seems like > a network connection (i.e. NAS attachment.) > [Med] replaced "session" with "mapping" when appropriate. > - 1, list item 1: > Singular/plural mismatch for "packet". Either "packet" should be > "packets", or you need an article before RADIUS. (e.g. a > RADIUS...packet.) Note that this error repeats many times in similar > patterns throughout the document. > [Med] Fixed. > -1, list item 2, last sentence: > Convoluted sentence. Can it be simplified? [Med] Updated the text to: OLD: 2. IP-Port-Range: This attribute may be carried in RADIUS Accounting-Request packet. The purpose of this attribute is to report by an address sharing device (e.g., a CGN) to the RADIUS server the range of IP source transport ports that have been allocated or deallocated associated with a given IPv4/IPv6 address for a user. NEW: 2. IP-Port-Range: This attribute may be carried in a RADIUS Accounting-Request packet. The purpose of this attribute is for an address sharing device (e.g., a CGN) to report to the RADIUS server the range of IP source transport ports that have been allocated or deallocated for a user. The port range is bound to an external IPv4 address. > > -1, last paragraph: > It would be helpful to mention that this draft defines IPFIX elements > near the top of the section, and also in the abstract. > [Med] Added this NEW text in the abstract: This document defines a mapping between some RADIUS attributes and IPFIX Information Element Identifiers. > -2, definition of "Internal IP Address": "refers to the IP address that > is used as a > source IP address" > Used by what device? [Med] Yes, text updated accordingly. > > -2, definition of "mapping": > I cannot parse the text. (Note that while the last paragraph in the > section says this is taken from 6887 and 6888, neither of them seem to > use this specific language.) [Med] Changed to: o Mapping: denotes a relationship between an internal IP address, internal port and the protocol, and an external IP address, external port, and the protocol. > > -4.1, second paragraph: " A CGN function in a broadband network would > most likely co-located on a BNG." > There's a missing word in there somewhere. Maybe a "be" before > "co-located"? [Med] Fixed. > > -6, last paragraph: > The paragraph doesn't parse. Should "deployed" be "deployments"? > [Med] Fixed. Thank you.
- [radext] Ben Campbell's No Objection on draft-iet… Ben Campbell
- Re: [radext] Ben Campbell's No Objection on draft… mohamed.boucadair