Re: Alvaro Retana's Discuss on draft-ietf-bfd-unsolicited-11: (with DISCUSS and COMMENT)
Reshad Rahman <reshad@yahoo.com> Mon, 27 March 2023 03:24 UTC
Return-Path: <reshad@yahoo.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C4ADC1522D3 for <rtg-bfd@ietfa.amsl.com>; Sun, 26 Mar 2023 20:24:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j0fHrTvNiqk7 for <rtg-bfd@ietfa.amsl.com>; Sun, 26 Mar 2023 20:24:04 -0700 (PDT)
Received: from sonic318-27.consmr.mail.bf2.yahoo.com (sonic318-27.consmr.mail.bf2.yahoo.com [74.6.135.82]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E69BC151B31 for <rtg-bfd@ietf.org>; Sun, 26 Mar 2023 20:24:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1679887443; bh=H4PBroGl+oRShwyLyLUEYGKoEYEwp54cqkDbofFBmaA=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject:Reply-To; b=fzu4urspxdWTEBbR3W/GcSYLQKAaL3jYisJXvl+VEnNJHAhG6DHY69FKeU6c47Peel5AzLN4rhAN/N9MnM4sF9dCJLURxZu6frQKXstT2Xq1sFRBQBggFBO4nq8JDBw9ETlOXaNL+yHFpTwMUVGsz5WesehRD9JUFzipLeLF82RHc25BR0acLw7JZsAKY7TRUqB46IM43SsXTYH1Z7QSCP9S6hSGlwYtd65BFlxqM6KfpSz+hu6sL0FbG5TX8jgeKh1FstlTHG5zqaDsqPDcAeThqolzxfaeitWmkpDhyMOEZBqbBEopDRdx8nZn+ZQCXQCrMakmCESCnPfnP/w9rg==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1679887443; bh=Q5J+kzZJepq2PqgktPUf5o+qhaWhmQcmDc62ThrIoC0=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=Z6mlKv8IfcMCITH08pva0E3tvBTf81LDgj774luJQ4Et73JMFW04aYgeQ9B8oXCoVRa2XfGAWWgYjViFRTnKYrEgxQcYP3c1xchbVvEi3p7jwYsM0gP7E22a+hgHYbKo+inQ6ieilMHoP1Ta6lvEZMzZRtw5SlM55M9ypwNc0415weTmzV/eEYvE5/A4fqzpcUuev+YNjlc2wANcHpLCl8YIP5DlTtbJnm3ycQZK5j5pu2eml8PdzbJdVTgN0Ii8UCUaPhhUMxnr58iiFFnqaRkrnkvs3wykvh7o4ygau4NsEnhp5bzPSrkgwvmAjKhgb1sQE+5fxs+JlfUdGDnB6g==
X-YMail-OSG: jkSomzEVM1mX5ELfUIaVeF_EJesWdLMA7v_etkO4HjsqmCnqrCKX6Uw_D.D0kiH PxOxlOQj4oXmXR1sRPUnvCrSSGc6CqTRgCyQt_CXZyP08E278jzcKnKYtAgrd5FioYxP7..83F_Q 0Ok2Q1WzIhvdUvO4oC0XE5qrzRd2v21hzOGLJHPwsv_F9eUtx9rNvwmIhxjUhlDifFqT8u7JaDMi 6.twNoay.VdcLTOKxzZx0wO3_G2WMJKE.Hhs5BSNqjE_2FmXUQJbV_Z47w09ahwUUf7U3hPmgGZa u5WY90tcMITiqMfrNtza9iitnjbW4kfE_qFPrwlQ2nzp.veNS_oIaAZYJCk53pox9GP7LI5nub7J psN22i9OryQTgrnl566gHJB2VlRz84tmVpw.0JNk9yYaode2inlDU9CxRn5qFEEb_TxXDvFNdLnt zgzM6dlrZkiqmvPRgIRCExKsFY7TFcjcBBK2lIHPmO2dhjH30Vk7CUgsfri1AW0HPfR8sHl1iyQV x_LU.OVYxPdUQnLW_4VslDaPFAuNzYw5VjWH8he.emHwfTtfZYYbQN17sD7vGj1YF2FqUZ6WnVtS vfbwB0L6BJA5ZEw2vYg19LvRHTyaPg24AaPjlVgh18cEFhnMePrlQrbe_jfeS8McxFZrlKJvNvna egoxxklqfBjjUh1blWwlIE4qEHyqBRW9hdNH48087bkywFFIcbevFIeqQeOBnxYyN4av2DZAARLk 2ky7ZXm5BMGQN8q5AxQi9ylu95Kcfqv0N_..BKFY7DYE1.ChDHk4.so9xh7Yvz_A.MK3XE9EuhjM JqWmkvlFdotGgaAkAw55YkQyOMwWd4Ij227WLeNVK9GT0Vpzb_5LEZm0UOybJwjDaqcnCMJD0qXw DjJUh9NE33IYwZnKW4C4ZyAre4PXFqP0UIl5znsk81ohG1vPqxwU4jpZv.BAvFmrTSY9FfM49p0h c9jcyKbJkz.iGXcTk29DGQ_YUunGa1m4F2ZvgjcVAUOJfWCIDtiQyCyhKgMOdrAfPiEBv.8CPXkt XzlPSErP2oEslb6jgQcJzO8qf2tBPp7UdPyZcQyno_5rrUtvkLDbLQwvWk2VnaZZMvlODEnVdV.H Yu3AeXGKe3jUU0Q7YkxOJtzIGp7aKk3Nx3TdsOYp_p.BB5gaRe.l7WH3kyH7pGts8NCxZsCG_yCb L.YydFRz0CrryWC1dyhTE_AVSmD7vC5qD32KtrdO4uuMX4Dg5WkQXZ4.Zkg8pzm.BGb2cqP8Dy12 .zdIdAHq7GG9j7kzY3Msd9zCMckh8yjpiNiDi9iFJahXukyY07fIufdO5k3O18G.BfHWQEbkt6Xe YFvCW_1ej7pa5Mnenmr14fJOzqXflJnSCGEAoQMblu.eZX5nVQnXj5.HK3W4JyXBrwIKSEzvwUQl _SU3KHsOFomSrxat2.ofGnYNVP_NRLytZwovcwHBuLUQxywdW7KKUA_muBxRWe_.G7OZ9fFwEagi bN8rF7BXcZiKwcc_0hYfrvXUHj_ypG6uj3C1Rh8EL.q0.NaUpnsoQRj9z.32wiVC1ymjGEsvtSsx Z_zIg51do4iKzLHe9k7QmHXpnkdKX0.BLc804IP1bwjmPHx0odCQ3GifPQBQmm9HdHGlTTm0iIA4 RKOAa_lkQL85pV4au.nbxirRwztdcpuz0g2c3r4DW5LPHa59XWxdcCwX8aBiU3vvvxB2wlTj_bg_ I8kdSlbHd.2Cm.a.v4Es.QbmXVDjYUJ4.RUsrLyXeD86Gr2qXMNiY5pYMnyYPtgmB0Jzy1ItEpCk PiFF.o8e6CUbJ1adXpV59RGS1Ufed2dwor2ALTdW2U98urKvAfPcvaW1v3wtt1qETeESFa2ryWfZ SRZlQpnj0m_I0Ql1uK5KF_dK1l7tGXE81e6POhiCSzO8Ijsyj8LvA9AqVkY2qgEE_cK6lYsjxXB5 Xk_C.7A33qpNWmxM6ELMFQ_GKSClSJnaO2wwLpRcBpBI1QnogmQUXYer45MDLQOKnFdHcDfUFcgz gr6W6ofi3DXuTGPP_WT.6RDj5SWCqQwfNz2RsjX._XDl_CVH5C0m_yAOP20AqL7q541BKTIWvJRI pS.LhCcVNzv_TXVboNpNaEOLTi8s3OgKRQjqh4wBS6UKKwT5e4HFsggubgmazCbzDFdqGhWE4Oaq c1n9Q4DZOhjcmeoVKE9x0pPO_JFLjtli9mKrpt0RWjDmAKp2q7poIhaG6c.gj9yI6R.RRZ75keNH batVs8E43gliKZ8HP92ov01RLNZUQ5UzLsyw3cTxguL1kBr3lAijfU46jSWbRneuSX1wKfirrG28 Xml6_Gd9ME_fx.fSkGJM5NQ--
X-Sonic-MF: <reshad@yahoo.com>
X-Sonic-ID: 89ff9625-9e73-4a06-8761-acc622ede6a8
Received: from sonic.gate.mail.ne1.yahoo.com by sonic318.consmr.mail.bf2.yahoo.com with HTTP; Mon, 27 Mar 2023 03:24:03 +0000
Date: Mon, 27 Mar 2023 03:13:59 +0000
From: Reshad Rahman <reshad@yahoo.com>
Reply-To: Reshad Rahman <reshad@yahoo.com>
To: The IESG <iesg@ietf.org>, Alvaro Retana <aretana.ietf@gmail.com>
Cc: "rtg-bfd@ietf.org" <rtg-bfd@ietf.org>, "bfd-chairs@ietf.org" <bfd-chairs@ietf.org>, "draft-ietf-bfd-unsolicited@ietf.org" <draft-ietf-bfd-unsolicited@ietf.org>
Message-ID: <646201221.584948.1679886839740@mail.yahoo.com>
In-Reply-To: <167103067462.48163.5620864981176514078@ietfa.amsl.com>
References: <167103067462.48163.5620864981176514078@ietfa.amsl.com>
Subject: Re: Alvaro Retana's Discuss on draft-ietf-bfd-unsolicited-11: (with DISCUSS and COMMENT)
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_584947_151459070.1679886839737"
X-Mailer: WebService/1.1.21284 YMailNorrin
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/NKHTuvvzhs1KeFVnqhFSuo-IWrw>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Mar 2023 03:24:06 -0000
Alvaro, thank you for the review. On Wednesday, December 14, 2022, 10:11:20 AM EST, Alvaro Retana via Datatracker <noreply@ietf.org> wrote: Alvaro Retana has entered the following ballot position for draft-ietf-bfd-unsolicited-11: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-bfd-unsolicited/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- This document attempts to do two things: specify "unsolicited BFD" and define a YANG model for its management. I am happy to include both in the same document, but the specification of the protocol mechanisms falls short and results in a document that lacks clarity. While YANG is the preferred management mechanism, it should be possible to implement and manage the feature without the model. Most of my concerns are from Section 2 (line numbers from idnits): 154 Passive unsolicited BFD support MUST be disabled by default, and MUST 155 require explicit configuration to be enabled. On the passive side, 156 the desired BFD parameters SHOULD be configurable. The passive side 157 MAY also choose to use the parameters that the active side uses in 158 its BFD Control packets. The "My Discriminator", however, MUST be 159 chosen to allow multiple unsolicited BFD sessions. (A) "the desired BFD parameters SHOULD be configurable" Which parameters are those? The YANG model uses bfd-types:base-cfg-parms, which only includes a basic set. The point here is that this document's specification part is incomplete because it doesn't specify which parameters "SHOULD be configurable". <RR> Listed in -13. (B) The YANG model offers global and per-interface configuration options. The specification doesn't discuss hierarchical configuration or whether one type should take precedence over the other. [Related to Rob's DISCUSS.] This point was discussed on the mailing list, where it was pointed out that per-interface configuration should override global configuration [1], but that discussion is not reflected in the document. <RR> Addressed (hopefully) in rev-12. [1] https://mailarchive.ietf.org/arch/msg/rtg-bfd/GI_eNtxcEeh2_vTl9zfq7K6V1X4 171 When the passive side receives an incoming BFD Control packet on a 172 numbered interfaces, the source address of that packet MUST belong to 173 the subnet of the interface on which the BFD packet is received. The 174 source address of the BFD Control packet SHOULD be validated against 175 expected routing protocol peer addresses on that interface. (C) "SHOULD be validated" What does validating the source address "against expected routing protocol peer addresses on that interface" entail? Is it just a comparison? Please be explicit on what the normative behavior should be. When is it ok to not validate? Why is this behavior recommended and not required? If the validation is performed, is there an expected action if the source address does not correspond to an "expected routing protocol peer addresses on that interface"? Where does this "expected" list come from? On a LAN, it seems like any address would be valid since a router doesn't know the list of IGP neighbors beforehand. <RR> I have removed that text from rev-13. 177 The passive side MUST then start sending BFD Control packets and 178 perform the necessary procedure for bringing up, maintaining and 179 tearing down the BFD session. If the BFD session fails to get 180 established within certain specified time, or if an established BFD 181 session goes down, the passive side SHOULD stop sending BFD Control 182 packets and MAY delete the BFD session created until BFD Control 183 packets are initiated by the active side again. (D) "If the BFD session fails to get established within certain specified time..." [nit] s/within certain specified time/within a certain specified time <RR> Fixed. Where does a "certain specified time" come from? Is it configurable? Does it correspond to any of the state variables in rfc5880? <RR> Added text which says that it has to be at least local failure detction time. (E) "SHOULD stop sending BFD Control packets" When is it ok not to stop sending BFD control packets? Why would the node continue sending packets if the session is not established (or goes down)? Why is this behavior recommended and not required? <RR> Changed to MUST. 185 When an Unsolicited BFD session goes down, an implementation MAY 186 retain the session state for a period of time. Retaining this state 187 can be useful for operational purposes. (F) Not exactly a contradiction, but confusing normative statements (between this paragraph and the one before): "MAY delete" vs "MAY retain" for the same event ("BFD session goes down"). <RR> Changed to "may retain" as per other feedback. And the "MAY delete" has been changed to "SHOULD delete". Regards,Reshad. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- (0) I support Rob's and Lars' DISCUSS positions. (1) The Introduction makes several claims that must be developed further or eliminated to avoid further confusion. (1a) 131 The procedure described in this document could be applied to BFD for 132 Multihop paths [RFC5883]. However, because of security risks, this 133 document applies only to BFD for single IP hops [RFC5881]. At first glance, I didn't see anything in rfc5883 that would prevent a node in the passive role from following this specification. What am I missing? Aren't the security risks already addressed in rfc5883? (1b) 135 Compared to the "Seamless BFD" [RFC7880], this proposal involves only 136 minor procedural enhancements to the widely deployed BFD itself. 137 Thus we believe that this proposal is inherently simpler in the 138 protocol itself and deployment. As an example, it does not require 139 the exchange of BFD discriminators over an out-of-band channel before 140 BFD session bring-up. Given that this proposal claims to be better (or at least simpler) than S-BFD, what should an operator consider when deciding which to use? Are they covering similar use cases? If this is so much better, why is rfc7880 not deprecated? (1c) 142 When BGP Add-Path [RFC7911] is deployed at an IXP using a Route 143 Server, multiple BGP paths (when they exist) can be made available to 144 the clients of the Route Server as described in [RFC7947]. The 145 "unsolicited BFD" can be used in BGP route selection by these clients 146 to eliminate paths with "inaccessible nexthops". I guess that this part ("inaccessible nexthops") refers to "unresolvable routes" (from §9.1.2.1/rfc4271). Is that the correct assumption? First, please be consistent with the terminology. The text above says that ""unsolicited BFD" can be used in BGP route selection". Where is the interaction of BFD (in general -- not just unsolicited BFD) and BGP specified? (2) I am confused by the indication that this document Updates rfc9314 because no change is proposed to that RFC. Instead, the YANG model augments the model in rfc9314 with optional (to the base BFD) functionality. In my opinion, this is different than a formal Update, which is why rfc5880/rfc5881 are not tagged as being Updated either. [Because the use of the Updates tag is not clearly defined, then I'm not making this comment part of my DISCUSS.] (3) The "BFD Protocol Security Considerations" (Section 7.1) also needs work: 458 The same security considerations and protection measures as those 459 described in [RFC5880] and [RFC5881] apply to this document. In 460 addition, with "unsolicited BFD" there is potential risk for 461 excessive resource usage by BFD from "unexpected" remote systems. To 462 mitigate such risks, the following measures are mandatory: [minor] For clarity, consider using rfc2119 language above: s/mandatory/REQUIRED Note that the last two bullets are conditional statements, which may not be aligned with the intent of making the measures mandatory. 464 * Limit the feature to specific interfaces, and to single-hop BFD 465 with "TTL=255" [RFC5082]. GTSM is already required in rfc5880/rfc5881. Does it need to be required again? 466 * Apply "policy" to allow BFD packets only from certain subnets or 467 hosts. [nit] s/allow BFD packets/process BFD packets Given the statement in the Introduction about this document applying only to single IP hops, it seems that "certain subnets" are unnecessary as all the addresses on connected interfaces should fall on the same subnet. 468 * Deploy the feature only in certain "trustworthy" environment, 469 e.g., at an IXP, or between a provider and its customers. If this measure is mandatory, please expand on what a ""trustworthy" environment" is. 470 * Use BFD authentication, see [RFC5880]. In some environments, e.g. 471 when using an IXP, BFD authentication can not be used because of 472 the lack of coordination into the operation of the two endpoints 473 of the BFD session. In other environments, e.g. when BFD is used 474 to track the next hop of static routes, it is possible to use BFD 475 authentication: this comes with the extra cost of configuring 476 matching key-chains at the two endpoints. If BFD authentication 477 is used, the Meticulous Keyed SHA1 mechanism SHOULD be used.
- Alvaro Retana's Discuss on draft-ietf-bfd-unsolic… Alvaro Retana via Datatracker
- Re: Alvaro Retana's Discuss on draft-ietf-bfd-uns… Jeffrey Haas
- Re: Alvaro Retana's Discuss on draft-ietf-bfd-uns… Alvaro Retana
- Re: Alvaro Retana's Discuss on draft-ietf-bfd-uns… Jeffrey Haas
- Re: Alvaro Retana's Discuss on draft-ietf-bfd-uns… Reshad Rahman
- Re: Alvaro Retana's Discuss on draft-ietf-bfd-uns… Alvaro Retana