Re: Benjamin Kaduk's Discuss on draft-ietf-bfd-multipoint-18: (with DISCUSS and COMMENT)
Benjamin Kaduk <kaduk@mit.edu> Tue, 03 July 2018 21:37 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D47BC130F5C; Tue, 3 Jul 2018 14:37:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3_g_E2jXVKZK; Tue, 3 Jul 2018 14:37:27 -0700 (PDT)
Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5761B130ED1; Tue, 3 Jul 2018 14:37:27 -0700 (PDT)
X-AuditID: 1209190e-ed1ff7000000633c-51-5b3bec953874
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id C7.B4.25404.59CEB3B5; Tue, 3 Jul 2018 17:37:26 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id w63LbOAR021011; Tue, 3 Jul 2018 17:37:24 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w63LbJT6013145 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 3 Jul 2018 17:37:22 -0400
Date: Tue, 03 Jul 2018 16:37:19 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Greg Mirsky <gregimirsky@gmail.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-bfd-multipoint@ietf.org, Reshad Rahman <rrahman@cisco.com>, bfd-chairs@ietf.org, rtg-bfd@ietf.org
Subject: Re: Benjamin Kaduk's Discuss on draft-ietf-bfd-multipoint-18: (with DISCUSS and COMMENT)
Message-ID: <20180703213719.GV22125@kduck.kaduk.org>
References: <153054590296.16179.16086467374642181875.idtracker@ietfa.amsl.com> <CA+RyBmXHeVMTOaYYybaYK1ckj0b0FcfQDFcdqWh2uh-tUTvKgw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CA+RyBmXHeVMTOaYYybaYK1ckj0b0FcfQDFcdqWh2uh-tUTvKgw@mail.gmail.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprOKsWRmVeSWpSXmKPExsUixCmqrDvtjXW0wbXznBaTb65mtPi+8hab xbdpT1ktZvyZyGxxbUUru8XnP9sYHdg8pvzeyOqxc9Zddo8lS34yBTBHcdmkpOZklqUW6dsl cGVc7PvEVnAhoOLN4162BsaN9l2MnBwSAiYSV34fZ+5i5OIQEljMJDFr3Xp2CGcDo8TaNTuZ QaqEBK4wSTzakwNiswioSBw6/psFxGYDshu6L4PViAioS3RuOw7WzCwwh1Fi65ajYAlhgWSJ c21fwBp4gdYd/NvBBLFhKqNEz9bFzBAJQYmTM5+AFTELaEnc+PcSqIgDyJaWWP6PAyTMKRAo sffPI1YQW1RAWWJv3yH2CYwCs5B0z0LSPQuhewEj8ypG2ZTcKt3cxMyc4tRk3eLkxLy81CJd Y73czBK91JTSTYzg0Jbk28E4qcH7EKMAB6MSDy9DhXW0EGtiWXFl7iFGSQ4mJVFe+Y1AIb6k /JTKjMTijPii0pzU4kOMEhzMSiK821StooV4UxIrq1KL8mFS0hwsSuK82YsYo4UE0hNLUrNT UwtSi2CyMhwcShK8V18DDRUsSk1PrUjLzClBSDNxcIIM5wEaLglMBUK8xQWJucWZ6RD5U4zG HPOOTp3EzPHnPZAUYsnLz0uVEuc9DTJOAKQ0ozQPbhooPUlk7695xSgO9JwwrwVIFQ8wtcHN ewW0igloVc82S5BVJYkIKakGxjl/XivUhv7PfrnoZN5Eh4UB0/ZoRtwOX+lsVRQ7Y9afC2Fy vVeNon/a2tut/lW7gYHnWSOTw0yJ82f//SqSyHZPaWN8dan0ZvM7P9PW9LM9Z33zOv5td92s uE43x5qhwq5TTm7vU80dZlPLRfkivy4oXV7G7Bwzb1fd67yty6Zc193M4hdvpcRSnJFoqMVc VJwIAIyKAXoqAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/6eJHxwC54LA6Sikuxn1Wz08u4q8>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2018 21:37:32 -0000
On Mon, Jul 02, 2018 at 04:51:58PM -0700, Greg Mirsky wrote: > Hi Benjamin, > thank you for the thorough review and the most detailed analysis of the > specification. Please find my answers in-line tagged GIM>>. > > Regards, > Greg > > On Mon, Jul 2, 2018 at 8:38 AM, Benjamin Kaduk <kaduk@mit.edu> wrote: > > > Benjamin Kaduk has entered the following ballot position for > > draft-ietf-bfd-multipoint-18: Discuss > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-bfd-multipoint/ > > > > > > > > ---------------------------------------------------------------------- > > DISCUSS: > > ---------------------------------------------------------------------- > > > > Section 5.13('s subsections) of this document replace sections 6.8.6 and > > 6.8.7 of RFC 5880. I extracted the relevant text and performed a diff, and > > think some discussion is needed of some portions present in RFC 5880 that > > are not present in these new texts. (The separation of the demultiplexing > > procedure to a separate subsection is fine, though it does make the diff a > > little nosier to read.) > > > > In particular, from RFC 5880 Section 6.8.6, the paragraph: > > > > % If the Poll (P) bit is set, send a BFD Control packet to the > > % remote system with the Poll (P) bit clear, and the Final (F) bit > > % set (see section 6.8.7). > > > > Does not appear to have any corresponding text in this document. > > > GIM>> Thank you for catching this one! Without getting into the history, > here's the new paragraph to be the next to the last para in section 5.13.1: > > If the Poll (P) bit is set, and bfd.SessionType is PointToPoint, > send a BFD Control packet to the remote system with the Poll (P) > bit clear, and the Final (F) bit set (see Section 5.13.3). A natural translation to the new world order. > > > > > >From RFC 5880 Section 6.8.7, the first four paragraphs (too long for me to > > include here) do not appear to have their substance covered in this > > document, either (largely discussion about the pacing of BFD Control > > packets and jitter in their scheduling). > > > > Section 5.13.3's text now only covers how to set Min Echo Rx Interval > > for MultipointHead and MultiplintTail sessions, which seems to remove > > guidance on how to set it for other session types. > > > > While it is permissible for a document that Updates another document to > > perform this sort of deprecation of behavior, it is potentially confusing > > for implementors to do so without mentioning the change in behavior. > > > > GIM>> Thank you for pointing to these absent paragraphs. Some of > information being provided in the section but some, I agree, is not part of > the section. That information helps to understand packet transmission > timing and how it affects defect detection interval. > > The forth paragraphs of section 6.8.7 RFC 5880: > > The transmit interval MUST be recalculated whenever > bfd.DesiredMinTxInterval changes, or whenever bfd.RemoteMinRxInterval > changes, and is equal to the greater of those two values. See > sections 6.8.2 and 6.8.3 for details on transmit timers. > > used in section 5.13.3 of mpBFD specification: > If bfd.SessionType is not MultipointHead, the transmit interval MUST > be recalculated whenever bfd.DesiredMinTxInterval changes, or > whenever bfd.RemoteMinRxInterval changes, and is equal to the greater > of those two values. See [RFC5880] sections 6.8.2 and 6.8.3 for > details on transmit timers. > > The first three paragraphs that are missing and I propose to use them as-is > in RFC 5880 to replace the second paragraph of mpBFD spec (new version and > diff attached). That works for me. > > > > > Separately, I wonder if it is appropriate to Update RFC 7880 as well as > > 5880, given (e.g.) Section 5.4.1. > > > GIM>> mpBFD specification adds new values to a variable defined in RFC 7880 > but does not change anything specified in RFC 7880. I'm not sure that this > relationship between the RFC 7880 and mpBFD can be characterized as the > latter updating the former. I'm not sure, either. The case for Updating would mostly just be that someone implementing 7880 would want to know if they see new/unexpected values on their peer (and I've forgotten if this one is even wire-visible). > > > > I also think that Section 6 should describe more clearly how asymmetric > > message authentication relates to this work (i.e., whether it is entirely > > incompatible with BFD or does it merely require additional specification). > > > GIM>> I believe it requires additional specification, i.e. outside the > scope and for future work. Okay. Do you want to add something like ", but integrating such authentication mechanisms with BFD is outside the scope of the present work"? [edit: I see you did add something; that works for me] > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > I am told that the normal usage of the bare term "BFD" has the connotation > > of refering only to usages in an IP/UDP/MPLS encapsulation (exclusing > > pseudowires and other more "exotic" encapsulations), so I am not including > > this in my DISCUSS section. However, it seems unusual to limit the scope > > of a document in some "random" subsection (here, Section 5.8) with no > > mention in the general Introduction or Abstract. Is there an improvement > > to make here? > > > GIM>> I see the scope of this specification similar to RFC 5880, in which > there's no discussion of how BFD Control packet must be encapsulated. For > "classic" BFD, encapsulation addressed in RFC 5881, RFC 5883, RFC 5884, and > RFC 5885. Non-IP encapsulation for MPLS-TP defined in RFC 6428. My question is entirely about the current connotations of a term in a community where I am not active, so I really have to leave this question to be answered by the authors/WG. > > > > Section 4 > > > > [...] If no > > BFD Control packets are received by a tail for a detection time, the > > tail declares the path to having failed. For some applications this > > is the only mechanism necessary; the head can remain ignorant of the > > tails. > > > > It sounds like this might be better said as "the head can remain ignorant > > of the status of connectivity to the tails"? (That is, the head needs to > > know at least something about the tails in order to send anything to them, > > so it is not fully ignorant.) > > > GIM>> Thank you for text, accepted. > > > > > The head of a multipoint BFD session may wish to be alerted to the > > tails' connectivity (or lack thereof). Details of how the head keeps > > track of tails and how tails alert their connectivity to the head are > > outside scope of this document and are discussed in > > [I-D.ietf-bfd-multipoint-active-tail]. > > > > nit: "outside the scope" > > > GIM>> Thanks, done. > > > > > Section 5.7 > > > > It's a little unclear to me why tails must demultiplex on the identity of > > the > > multipoint path; (that is, why My Discriminator isinsufficient). > > Presumably this is just a failing on my end, of course. > > > GIM>> The value of My Discriminator is locally assigned, i.e., assigned by > the head. Unless some system manages discriminator ranges amond heads, it > is probable that more than one use the same My Discriminator value. I was probably assuming that the discriminators were random values; thanks for clarifying. > > > > [...] Bootstrapping BFD session to multipoint MPLS LSP in > > case of penultimate hop popping may use control plane, e.g., as > > described in [I-D.ietf-bess-mvpn-fast-failover], and is outside the > > scope of this document. > > > > nit: some articles are missing here; maybe "a BFD session", "in the case > > of", and "the control plane". > > > GIM>> More thanks, all accepted. > > > > > Section 5.12.2 > > > > MultipointTail sessions MAY be destroyed immediately upon leaving Up > > state, since tail will transmit no packets. > > > > Otherwise, MultipointTail sessions SHOULD be maintained as long as > > BFD Control packets are being received by it (which by definition > > will indicate that the head is not Up). > > > > Would it be more clear to say "indicate that the head is not Up yet" to > > distinguish from the case in the first paragraph (where a non-Up state > > *transition* > > > GIM>> I think that the two paragraphs correctly describe behavior options > for a MultipointTail session when it receives BFD Control packet with > Down/AdminDown state. The tail MAY close the session upon recieving packet > with Down/AdminDown state. The second para is related to section 5.12.1 > that the MultipointHead SHOULD continue transmitting BFD control packets > with the new state, i.e., Down/AdminDown state. I also agree that the paragraphs are correct behavior descriptions -- the combination just made me do a double-take when I first read it. But this is basically editorial, so use your judgment. > Section 8 > > > > It may be appropriate to make stronger statements about the weakness of MD5 > > than were valid at the time of 5880's publication. (SHA1 is also not doing > > so great, but I won't block this work on updating the hash function > > options.) > > > > It would be good to either refer to the bit about shared keys in Section 6 > > or just move it to this section entirely. > > > GIM>> Merged sections 6 and 8 under Security Considerations. That combination seems to work pretty well. (Full draft text trimmed.) Thanks! -Benjamin
- Benjamin Kaduk's Discuss on draft-ietf-bfd-multip… Benjamin Kaduk
- Re: Benjamin Kaduk's Discuss on draft-ietf-bfd-mu… Greg Mirsky
- Re: Benjamin Kaduk's Discuss on draft-ietf-bfd-mu… Benjamin Kaduk