[RTG-DIR]Re: RtgDir Last Call review: draft-ietf-pals-ple
"Andrew G. Malis" <agmalis@gmail.com> Fri, 28 June 2024 16:52 UTC
Return-Path: <agmalis@gmail.com>
X-Original-To: rtg-dir@ietfa.amsl.com
Delivered-To: rtg-dir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89F2FC15198C; Fri, 28 Jun 2024 09:52:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xltr2dwa9gcs; Fri, 28 Jun 2024 09:52:51 -0700 (PDT)
Received: from mail-pf1-x434.google.com (mail-pf1-x434.google.com [IPv6:2607:f8b0:4864:20::434]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DDC9C14F6B5; Fri, 28 Jun 2024 09:52:51 -0700 (PDT)
Received: by mail-pf1-x434.google.com with SMTP id d2e1a72fcca58-7066f68e22cso680270b3a.2; Fri, 28 Jun 2024 09:52:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1719593570; x=1720198370; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=k5yROP0Sysn+1wsTHcoJMe+m0kBY8H5oruWu/zlDmRE=; b=JKldzNcE5vYzGmZKzjn2msKYFOsriVtvmgGMWGipdMSspw/7sKjC2cklCluyQkSa65 EClWlghrnZ9diZdniUVeIbB7jASc0jB3Y7m+48oZ1Ygskh52tLfZ4u6hbx9IAocG9XBY 07bAe6AzTXjBA301kRQfOEgBsZN9AAjWKkmfawnJPzJAh3SC45mzhHiHUm9rK48rTSW+ Vmt0m6E3egVFH9JR9zV9dFw8RHhHm2GKzbuq9dGsc0Z7cxovhxYLca/5qZSE5Ow7YHjK fd/vQwl+ZsYCwJ+tzZ6zquCCRnB0SE5DUVhWKlhR2DnriB3FV/92p3tHsPZaWAZ3t7Lk dcCQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719593570; x=1720198370; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=k5yROP0Sysn+1wsTHcoJMe+m0kBY8H5oruWu/zlDmRE=; b=qK8A6BuAcWzGJ3ZR1XmK7uWrsrnQo3Dy51up4kz4EmeDI0fm8CdJnbYM7fMwTqT9J/ 1uZgja6b2rD/cgs5VRBu5Gi6/fPX6u3n+oE625t2wGloAgEIumbpHSHxAT2ZfywoC+74 hDtQLjwELyml7CEYCtSha/Zjm3jtWuzanIClHIRi4QEyFDLj6Ai/md4+kpkfe/xIwLJJ jkj5WYFjp7+yZH/UtCMRMBSqeHpGsKGV3DtM/lLxnfEVT47J+oR223wzUf5MQiuLKwTv ag12mpl+8D9yEPLZ9UAqH/UvwroBDoT+q1U0yYvbQJYMJJhhqTd+Onpu8uebg6xsMzHN z/Mg==
X-Forwarded-Encrypted: i=1; AJvYcCVEwxHbp5IM4VczTuSF5nBnWXT0mfElTyQMfquF7sO6EBJeAiunAzVq2sMVjrPM/xPVNdAEGC2wKCCPtgULKvhW3xueL+H+5d2oBhuorgOKvKbkYJ7/VyUItdZq8w9JKV1oTkmpBstZD4sa8FZraqlqneANKK0qMtoJZSbfc1L/LGluWVmiwYTOhQ28oodvghWKwW9ihw==
X-Gm-Message-State: AOJu0YyMnUKkhdrFfUkjbof8VCwoWDerg3iARPEcMuy5nllPQtqdHIlj uI52TE3D2VKacImcN8q2kjej2thloPg1DMyjf0fHGQeUwlGWhKi8oVhEVNFpmOa7qM6Mu043qzU 26DXCaUJDr9YxiEyhbB7WTBrLqjw=
X-Google-Smtp-Source: AGHT+IFvkXu0lvZxe84I5gpvNezEcFaXphGIC91DCs7ejUp7WvUuHcojVZ1//E+rFs15vgaz2oP1Yxac46Ww40Ej9FM=
X-Received: by 2002:a05:6a20:daa1:b0:1bd:2adb:8639 with SMTP id adf61e73a8af0-1bd2adb8b21mr12263177637.48.1719593570379; Fri, 28 Jun 2024 09:52:50 -0700 (PDT)
MIME-Version: 1.0
References: <CABUE3Xn7XyqQAUJpr9qGx-yG3Au=OX00sgX8uZ4vOBHLpLdhrw@mail.gmail.com> <8DB06D5B-E2E5-4BC9-ACA2-EBE552E51266@cisco.com> <CABUE3XkUYP6BE8soG2_i8EB1+CMLr81FWMTfbYbtJ8e8nndDEQ@mail.gmail.com> <CAA=duU2RRYTU4bZMjGKUq06a0RzAtxFzjWO=ZSUVsXWuQkpPoA@mail.gmail.com> <CABUE3XnP3qNnZYd+xFERp0O53=Nn4YPwLoOnk_yUMdpy04wfcw@mail.gmail.com> <CAA=duU2D4=xVz7yTevn5Qff-PuQ3E3NRe0ha8amnUax15CLNdQ@mail.gmail.com> <C19B7155-40CF-4654-B65E-5FEDA58174E3@cisco.com> <CAA=duU2Bpha6QuC3qL=rUtkjG4jDGy0xpC30R-MJCEijZRFAgg@mail.gmail.com> <3822E423-90AC-40CC-A2E6-1743515E07CE@cisco.com>
In-Reply-To: <3822E423-90AC-40CC-A2E6-1743515E07CE@cisco.com>
From: "Andrew G. Malis" <agmalis@gmail.com>
Date: Fri, 28 Jun 2024 12:52:32 -0400
Message-ID: <CAA=duU2ex1n6O=e1CxR=38sjx+vDAR4xY=zqt-ADK7Vgbcw=tw@mail.gmail.com>
To: "Christian Schmutzer (cschmutz)" <cschmutz@cisco.com>
Content-Type: multipart/alternative; boundary="000000000000ebac77061bf6130f"
Message-ID-Hash: MEEK2OOYEHV24S7Q76JITIA3DXGDIW5B
X-Message-ID-Hash: MEEK2OOYEHV24S7Q76JITIA3DXGDIW5B
X-MailFrom: agmalis@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rtg-dir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Tal Mizrahi <tal.mizrahi.phd@gmail.com>, "rtg-ads@ietf.org" <rtg-ads@ietf.org>, "pals-chairs@ietf.org" <pals-chairs@ietf.org>, "pals@ietf.org" <pals@ietf.org>, "draft-ietf-pals-ple@ietf.org" <draft-ietf-pals-ple@ietf.org>, "rtg-dir@ietf.org" <rtg-dir@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [RTG-DIR]Re: RtgDir Last Call review: draft-ietf-pals-ple
List-Id: Routing Area Directorate <rtg-dir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-dir/38vrBsaET74dTIplxvsgvchzxZQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-dir>
List-Help: <mailto:rtg-dir-request@ietf.org?subject=help>
List-Owner: <mailto:rtg-dir-owner@ietf.org>
List-Post: <mailto:rtg-dir@ietf.org>
List-Subscribe: <mailto:rtg-dir-join@ietf.org>
List-Unsubscribe: <mailto:rtg-dir-leave@ietf.org>
Christian, Thanks! We'll get the process going from here. Cheers, Andy On Fri, Jun 28, 2024 at 11:26 AM Christian Schmutzer (cschmutz) < cschmutz@cisco.com> wrote: > Hi Andy, > > Fyi I just uploaded a new version of the draft: > - addressing Tal’s RtgDir review comments > - checked all references against normative / informative > - added missing terminology definitions > - minor editorial changes as I saw fit > > regards > Christian > > On 17.06.2024, at 14:33, Andrew G. Malis <agmalis@gmail.com> wrote: > > Christian, > > Thanks. I look forward to the next revision, after which we can start > getting ready for IESG submission. > > Cheers, > Andy > > > On Mon, Jun 17, 2024 at 1:13 AM Christian Schmutzer (cschmutz) < > cschmutz@cisco.com> wrote: > >> Hi Andy and Tal, >> >> Works for me and agree on RFC8986 being normative. I will first describe >> the behaviours and only after that insert a note to the two informative >> references that don’t really define anything with respect to PLE but >> provide context which I thought may be useful. >> >> Christian >> >> On 16.06.2024, at 21:28, Andrew G. Malis <agmalis@gmail.com> wrote: >> >> Tal, >> >> That sounds good to me, thanks! >> >> Christian, how about you? >> >> Cheers, >> Andy >> >> >> On Sun, Jun 16, 2024 at 2:10 PM Tal Mizrahi <tal.mizrahi.phd@gmail.com> >> wrote: >> >>> Hi Andy, >>> >>> That is an interesting question. >>> The text that was suggested by Christian seemed to assume that the >>> reader is familiar with the previous endpoint behaviors (End.DX2, >>> End.DX2 with NEXT-CSID and End.DX2 with REPLACE-CSID). >>> Therefore, the text does not explain the meaning of the new endpoint >>> behaviors, because a reader who is familiar with the DX2 endpoint >>> behaviors would understand what the new DX1 behaviors do. >>> >>> A possible way around this is to add more detailed text to the current >>> document that explains for each of these new behaviors (End.DX1, >>> End.DX1 with NEXT-CSID and End.DX1 with REPLACE-CSID) what exactly it >>> means and the corresponding pseudo-code. The similarity to the DX2 >>> behaviors could be mentioned as a side note, and thus the two drafts >>> (srh-compression and srv6-usid) could be informative references. I >>> believe RFC 8986 should probably be normative anyway. >>> >>> Please let me know if that makes sense. >>> Cheers, >>> Tal. >>> >>> On Sun, Jun 16, 2024 at 4:26 PM Andrew G. Malis <agmalis@gmail.com> >>> wrote: >>> > >>> > Tal, >>> > >>> > Thanks again for your review and also reviewing Christian's reply. >>> > >>> > I'm concerned regarding your suggestion that >>> draft-filsfils-spring-net-pgm-extension-srv6-usid be made a normative >>> reference, as it is only an individual draft right now and there's no >>> guarantee that it'll even become a WG draft, never mind an RFC, and making >>> it a normative reference would hold up publishing this draft for quite a >>> while, unless we get special dispensation from the IESG. Do you see any way >>> we can get around making draft-filsfils normative? >>> > >>> > I'm much less concerned regarding >>> draft-ietf-spring-srv6-srh-compression, as that is currently in WG last >>> call. >>> > >>> > Thanks again, >>> > Andy >>> > >>> > >>> > On Sun, Jun 16, 2024 at 1:12 AM Tal Mizrahi <tal.mizrahi.phd@gmail.com> >>> wrote: >>> >> >>> >> Hi Christian and authors, >>> >> >>> >> Thanks for considering my comments. >>> >> The changes you suggested make sense to me. >>> >> >>> >> Regarding the new endpoint behaviors, please note: >>> >> - The IANA section will need to be updated accordingly. >>> >> - You may need to move the references to normative: {{?RFC8986}}, >>> >> {{?I-D.draft-ietf-spring-srv6-srh-compression}}, >>> >> {{?I-D.draft-filsfils-spring-net-pgm-extension-srv6-usid}}. >>> >> Specifically the last two, which may still be subject to changes. >>> >> >>> >> Cheers, >>> >> Tal. >>> >> >>> >> On Sat, Jun 8, 2024 at 12:16 PM Christian Schmutzer (cschmutz) >>> >> <cschmutz@cisco.com> wrote: >>> >> > >>> >> > Hi Tal, >>> >> > >>> >> > Sorry for taking so long. Below our comments and proposal for >>> addressing your issues. >>> >> > >>> >> > Can you please let us know your thoughts. Upon your feedback we >>> will work towards uploading a new version addressing the issues. >>> >> > >>> >> > regards >>> >> > Christian >>> >> > >>> >> > On 15.05.2024, at 01:20, Tal Mizrahi <tal.mizrahi.phd@gmail.com> >>> wrote: >>> >> > >>> >> > Hello, >>> >> > >>> >> > I have been selected as the Routing Directorate reviewer for this >>> >> > draft. The Routing Directorate seeks to review all routing or >>> >> > routing-related drafts as they pass through IETF last call and IESG >>> >> > review, and sometimes on special request. The purpose of the review >>> is >>> >> > to provide assistance to the Routing ADs. For more information about >>> >> > the Routing Directorate, please see >>> >> > https://wiki.ietf.org/en/group/rtg/RtgDir >>> >> > >>> >> > Document: draft-ietf-pals-ple-04 >>> >> > Reviewer: Tal Mizrahi >>> >> > Intended Status: Standards Track >>> >> > >>> >> > Summary: >>> >> > I have some concerns about this document that I think should be >>> >> > resolved before publication. >>> >> > >>> >> > The draft is well-written and clear from a grammatical and >>> structural >>> >> > perspective. However, there is a very long list of normative >>> >> > references that are cited in almost every paragraph of the document, >>> >> > making it very difficult to follow for a reader who is somewhat >>> >> > familiar with the area but is not an expert in the area. >>> >> > >>> >> > >>> >> > [cs] >>> >> > PLE has a lot of similarities with RFC 4553 and other referenced >>> specifications. We felt references are better as it avoids duplication of >>> text across documents, but I see your point. We will work through the >>> document and add a bit more text / context before calling out a RFC >>> reference. >>> >> > >>> >> > Here an example from the introduction section. Will do something >>> similar for other sections. >>> >> > >>> >> > before: >>> >> > >>> >> > The mechanisms described in this document follow principals similar >>> to [RFC4553] but expanding the applicability beyond the narrow set of PDH >>> interfaces (T1, E1, T3 and E3) and allow the transport of signals from many >>> different technologies such as Ethernet, Fibre Channel, SONET/SDH >>> [GR253]/[G.707] and OTN [G.709] at gigabit speeds by treating them as >>> bit-stream payload defined in sections 3.3.3 and 3.3.4 of [RFC3985]. >>> >> > >>> >> > >>> >> > after: >>> >> > >>> >> > The mechanisms described in this document follow principles similar >>> to Structure-Agnostic Time Division Multiplexing (TDM) over Packet (SAToP) >>> defined in [RFC4553]. The the applicability is expanded beyond the narrow >>> set of PDH interfaces (T1, E1, T3 and E3) to allow the transport of signals >>> from many different technologies such as Ethernet, Fibre Channel, SONET/SDH >>> [GR253]/[G.707] and OTN [G.709] at gigabit speeds. The signals are treated >>> as bit-stream payload which was defined in the Pseudo Wire Emulation >>> Edge-to-Edge (PWE3) architecture in [RFC3985] sections 3.3.3 and 3.3.4. >>> >> > >>> >> > >>> >> > Where applicable we will remove the reference and just have >>> appropriate text. Once example >>> >> > >>> >> > before: >>> >> > >>> >> > Similar to [RFC4553] and [RFC5086] the term Interworking Function >>> (IWF) is used to describe the functional block that encapsulates bit >>> streams into PLE packets and in the reverse direction decapsulates PLE >>> packets and reconstructs bit streams. >>> >> > >>> >> > >>> >> > after: >>> >> > >>> >> > The term Interworking Function (IWF) is used to describe the >>> functional block that encapsulates bit streams into PLE packets and in the >>> reverse direction decapsulates PLE packets and reconstructs bit streams. >>> >> > >>> >> > >>> >> > >>> >> > Issues: >>> >> > - The target audience of the document should be clarified, >>> preferably >>> >> > in the abstract. On a related note, throughout the document it is a >>> >> > bit difficult to distinguish between requirements defined for >>> >> > operators vs. requirements defined for implementers. Perhaps the >>> >> > authors could give some thought as to whether this issue can be >>> >> > mitigated. >>> >> > >>> >> > >>> >> > [cs] >>> >> > the target audience is implementers. We adjusted the abstract to >>> reflect that >>> >> > >>> >> > before: >>> >> > >>> >> > This document describes a method for encapsulating high-speed >>> bit-streams as virtual private wire services (VPWS) over packet switched >>> networks (PSN) providing complete signal transport transparency. >>> >> > >>> >> > >>> >> > after: >>> >> > >>> >> > This document describes methods and requirements for implementing >>> the encapsulation of high-speed bit-streams into virtual private wire >>> services (VPWS) over packet switched networks (PSN) providing complete >>> signal transport transparency. >>> >> > >>> >> > >>> >> > - The security considerations should be more detailed. The cited >>> >> > references are a good start, but the following issues should also be >>> >> > discussed: >>> >> > >>> >> > - The requirement for synchronization is potentially a >>> >> > vulnerability. An on-path attacker may compromise the >>> synchronization, >>> >> > and thus compromise the service. You may want to take a look at RFC >>> >> > 7384. >>> >> > >>> >> > - The requirements for low jitter, low loss and bandwidth >>> >> > reservation (section 8) are also potentially an attack vector. You >>> may >>> >> > take a look at RFC 9055 for example. >>> >> > >>> >> > >>> >> > [cs] >>> >> > We have added a couple of sentences to provide more details, plus >>> referred to respective RFCs for more information >>> >> > >>> >> > before: >>> >> > >>> >> > As PLE is leveraging VPWS as transport mechanism the security >>> considerations described in [RFC7432] and [RFC3985] are applicable. >>> >> > >>> >> > >>> >> > >>> >> > after: >>> >> > >>> >> > As PLE is leveraging VPWS as transport mechanism the security >>> considerations described in [RFC7432] and [RFC3985] are applicable. >>> >> > >>> >> > PLE does not enhance or detract from the security performance of >>> the underlying PSN. It relies upon the PSN mechanisms for encryption, >>> integrity, and authentication whenever required. >>> >> > >>> >> > A data plane attack may force PLE packets to be dropped, re-ordered >>> or delayed beyond the limit of the CE-bound IWF's dejitter buffer leading >>> to either degradation or service disruption. Considerations outlined in >>> [RFC9055] are a good reference. >>> >> > >>> >> > Clock synchronization leveraging PTP is sensitive to Packet Delay >>> Variation (PDV) and vulnerable to various threads and attacked vectors. >>> Considerations outlined in [RFC7384] should be taken into account. >>> >> > >>> >> > >>> >> > >>> >> > - The following two endpoint behaviors are defined in the IANA >>> >> > considerations section, but not defined anywhere in the document. >>> >> > These endpoint behaviors should either be removed or specified in >>> >> > detail: >>> >> > End.DX1 with NEXT-CSID >>> >> > End.DX1 with REPLACE-CSID >>> >> > >>> >> > >>> >> > [cs] >>> >> > Good point and I realised we have also forgotten to add the >>> required encaps description. We have reworded this section as follows (in >>> markdown syntax) >>> >> > >>> >> > When a SRv6 PSN layer is used, a SRv6 service SID does provide the >>> demultiplexing mechanism and the mechanisms defined in {{?RFC8402}} and >>> {{?RFC9252}} section 6 do apply. Both SRv6 service SIDs with the full IPv6 >>> address format defined in {{?RFC8986}} and compressed SIDs (C-SIDs) with >>> format defined in {{?I-D.draft-ietf-spring-srv6-srh-compression}} can be >>> used. >>> >> > >>> >> > Two new encapsulation behaviors H.Encaps.L1 and H.Encaps.L1.Red are >>> defined in this document. The behavior procedures are applicable to both >>> SIDs and C-SIDs. >>> >> > >>> >> > The H.Encaps.L1 behavior encapsulates a frame received from an IWF >>> in a IPv6 packet with an SRH. The received frame becomes the payload of the >>> new IPv6 packet. >>> >> > >>> >> > * The next header field of the SRH MUST be set to TBA1. >>> >> > >>> >> > * The push of the SRH MAY be omitted when the SRv6 policy only >>> contains one segment. >>> >> > >>> >> > The H.Encaps.L1.Red behavior is an optimization of the H.Encaps.L1 >>> behavior. >>> >> > >>> >> > * H.Encaps.L1.Red reduces the length of the SRH by excluding the >>> first SID in the SRH of the pushed IPv6 header. The first SID is only >>> placed in the destination address field of the pushed IPv6 header. >>> >> > >>> >> > * The push of the SRH MAY be omitted when the SRv6 policy only >>> contains one segment. >>> >> > >>> >> > Three new "Endpoint with decapsulation and bit-stream >>> cross-connect" behaviors called End.DX1, End.DX1 with NEXT-CSID and End.DX1 >>> with REPLACE-CSID are defined in this document. >>> >> > >>> >> > These new behaviors are variants of End.DX2 defined in >>> {{?RFC8986}}, End.DX2 with REPLACE-CSID defined in >>> {{?I-D.draft-ietf-spring-srv6-srh-compression}} and End.DX2 with NEXT-CSID >>> defined in {{?I-D.draft-filsfils-spring-net-pgm-extension-srv6-usid}} and >>> all have the following procedures in common >>> >> >> >
- [RTG-DIR]RtgDir Last Call review: draft-ietf-pals… Tal Mizrahi
- [RTG-DIR]Re: RtgDir Last Call review: draft-ietf-… Andrew G. Malis
- [RTG-DIR]Re: RtgDir Last Call review: draft-ietf-… Christian Schmutzer (cschmutz)
- [RTG-DIR]Re: RtgDir Last Call review: draft-ietf-… Christian Schmutzer (cschmutz)
- [RTG-DIR]Re: RtgDir Last Call review: draft-ietf-… Tal Mizrahi
- [RTG-DIR]Re: RtgDir Last Call review: draft-ietf-… Andrew G. Malis
- [RTG-DIR]Re: RtgDir Last Call review: draft-ietf-… Tal Mizrahi
- [RTG-DIR]Re: RtgDir Last Call review: draft-ietf-… Andrew G. Malis
- [RTG-DIR]Re: RtgDir Last Call review: draft-ietf-… Christian Schmutzer (cschmutz)
- [RTG-DIR]Re: RtgDir Last Call review: draft-ietf-… Andrew G. Malis
- [RTG-DIR]Re: RtgDir Last Call review: draft-ietf-… Christian Schmutzer (cschmutz)
- [RTG-DIR]Re: RtgDir Last Call review: draft-ietf-… Andrew G. Malis