Re: [RTG-DIR] Rtgdir early review of draft-ietf-mpls-bfd-directed-07
"BRUNGARD, DEBORAH A" <db3546@att.com> Tue, 11 July 2017 15:24 UTC
Return-Path: <db3546@att.com>
X-Original-To: rtg-dir@ietfa.amsl.com
Delivered-To: rtg-dir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3048413172A; Tue, 11 Jul 2017 08:24:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LE1MPXnJPDug; Tue, 11 Jul 2017 08:24:34 -0700 (PDT)
Received: from mx0a-00191d01.pphosted.com (mx0a-00191d01.pphosted.com [67.231.149.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E292312F3D6; Tue, 11 Jul 2017 08:24:30 -0700 (PDT)
Received: from pps.filterd (m0049295.ppops.net [127.0.0.1]) by m0049295.ppops.net-00191d01. (8.16.0.17/8.16.0.17) with SMTP id v6BFFSQ7042175; Tue, 11 Jul 2017 11:24:28 -0400
Received: from alpi155.enaf.aldc.att.com (sbcsmtp7.sbc.com [144.160.229.24]) by m0049295.ppops.net-00191d01. with ESMTP id 2bn0rc16w8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 11 Jul 2017 11:24:27 -0400
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id v6BFOQmA021244; Tue, 11 Jul 2017 11:24:26 -0400
Received: from mlpi407.sfdc.sbc.com (mlpi407.sfdc.sbc.com [130.9.128.239]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id v6BFOHvN021062 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 11 Jul 2017 11:24:23 -0400
Received: from MISOUT7MSGHUBAA.ITServices.sbc.com (MISOUT7MSGHUBAA.itservices.sbc.com [130.9.129.145]) by mlpi407.sfdc.sbc.com (RSA Interceptor); Tue, 11 Jul 2017 15:24:10 GMT
Received: from MISOUT7MSGUSRDE.ITServices.sbc.com ([169.254.5.17]) by MISOUT7MSGHUBAA.ITServices.sbc.com ([130.9.129.145]) with mapi id 14.03.0319.002; Tue, 11 Jul 2017 11:24:10 -0400
From: "BRUNGARD, DEBORAH A" <db3546@att.com>
To: Carlos Pignataro <cpignata@cisco.com>, "rtg-dir@ietf.org" <rtg-dir@ietf.org>
CC: "draft-ietf-mpls-bfd-directed.all@ietf.org" <draft-ietf-mpls-bfd-directed.all@ietf.org>
Thread-Topic: Rtgdir early review of draft-ietf-mpls-bfd-directed-07
Thread-Index: AQHS+k4AuV02Ni/9kEmZuk83Yx5xgaJOvq8w
Date: Tue, 11 Jul 2017 15:24:09 +0000
Message-ID: <F64C10EAA68C8044B33656FA214632C85DF4366A@MISOUT7MSGUSRDE.ITServices.sbc.com>
References: <149978159930.12344.18347332855391607627@ietfa.amsl.com>
In-Reply-To: <149978159930.12344.18347332855391607627@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.16.234.240]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-RSA-Inspected: yes
X-RSA-Classifications: public
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-07-11_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1706020000 definitions=main-1707110243
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-dir/ejwoEWTvND69SgyQECLyHQyI7pc>
Subject: Re: [RTG-DIR] Rtgdir early review of draft-ietf-mpls-bfd-directed-07
X-BeenThere: rtg-dir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Routing Area Directorate <rtg-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-dir/>
List-Post: <mailto:rtg-dir@ietf.org>
List-Help: <mailto:rtg-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jul 2017 15:24:36 -0000
Much thanks Carlos for your review! Deborah > -----Original Message----- > From: Carlos Pignataro [mailto:cpignata@cisco.com] > Sent: Tuesday, July 11, 2017 10:00 AM > To: rtg-dir@ietf.org > Cc: mpls@ietf.org; draft-ietf-mpls-bfd-directed.all@ietf.org; bfd- > chairs@ietf.org > Subject: Rtgdir early review of draft-ietf-mpls-bfd-directed-07 > > Reviewer: Carlos Pignataro > Review result: Has Issues > > Hello > > I have been selected to do a routing directorate “early” review of this draft. > https://urldefense.proofpoint.com/v2/url?u=https- > 3A__datatracker.ietf.org_doc_draft-2Dietf-2Dmpls-2Dbfd- > 2Ddirected_&d=DwIDaQ&c=LFYZ- > o9_HUMeMTSQicvjIg&r=6UhGpW9lwi9dM7jYlxXD8w&m=fNoppFpdpAL1k24Ox > IY2W0DZajMRBM8B72Nk3OtMjEA&s=wB6Y9Hhrd5tH8fcBJQDUj3Kt4gtLOGSxNq > VGmtCII1U&e= > > The routing directorate will, on request from the working group chair, perform > an “early” review of a draft before it is submitted for publication to the > IESG. The early review can be performed at any time during the draft’s lifetime > as a working group document. The purpose of the early review depends on the > stage that the document has reached. > > The MPLS chairs have requested an early review from the directorate with the > objective of improving document quality. This document has had three > unsuccessful WG LCs. > > For more information about the Routing Directorate, please see > https://urldefense.proofpoint.com/v2/url?u=http- > 3A__trac.tools.ietf.org_area_rtg_trac_wiki_RtgDir&d=DwIDaQ&c=LFYZ- > o9_HUMeMTSQicvjIg&r=6UhGpW9lwi9dM7jYlxXD8w&m=fNoppFpdpAL1k24Ox > IY2W0DZajMRBM8B72Nk3OtMjEA&s=UveGilLeWwbO4jbOxOfNYJH6hHaujJr9ul > Brq0dwCKU&e= > > Document: draft-ietf-mpls-bfd-directed-07.txt > Reviewer: Carlos Pignataro > Review Date: Early July, 2017 > Intended Status: Standards Track > > Summary: > I have significant concerns about this document. > I also recommend a BFD WG Chair or appointee to review this document. > > Comments: > > First, I have a general concern about the architectural approach in this > document. > > This document is modeled after RFC 7110. RFC 7110 describes the specification > of a return path for MPLS LSP Ping. MPLS LSP Ping uses a request/reply > command/response paradigm, in which receipt of an Echo Request elicits the > generation of an Echo Reply. > > BFD for MPLS, however, uses a different approach and paradigm (as per RFC > 5884). An MPLS LSP Ping packet is used as a bootstrap, signaling discriminator > value for a persistent BFD session. After the MPLS LSP Ping signals the > Discriminator (via MPLS LSP Ping TLV) to use, then BFD control messages are > sent back and forth. > > However, while the BFD session is UP and BFD control messages and being > sent > back and forth, and while no MPLS LSP Ping packets are sent after > bootstrapping > -- what happens if the return path changes (e.g., the return LSP goes down, > gets unconfigured, etc.)? > > In that case, not only this mechanism can actually make things worst, because > it results in a false negative, but also the document does not specify how the > system should recover. The I-D seems to assume complete topological > invariability for it to work long-term, since it does not specify any mechanism > to update or to deal with such a failure or change scenario. > > On the other hand, there is already a BFD mechanism without the > bootstrapping > setup and with a command/response like behavior, that is S-BFD, RFC 7881. > That > one is notably missing from this draft. > > Further, there seem to be a number of potentially erroneous assumptions > made, > see below. > > Additional Comments: > > Bidirectional Forwarding Detection (BFD) Directed Return Path > > The title should include that this is *only* for MPLS BFD. > > When a BFD session monitors an explicitly routed unidirectional path > there may be a need to direct egress BFD peer to use a specific path > for the reverse direction of the BFD session. > > Scope: is this solution targeted only for "explicitly routed unidirectional > path", and the solution to have the reply come back the exact reverse > direction? That does not seem to be the case and the solution. > > [RFC5880], [RFC5881], and [RFC5883] established the BFD protocol for > IP networks. [RFC5884] and [RFC7726] set rules of using BFD > asynchronous mode over IP/MPLS LSPs. These standards implicitly > assume that the egress BFD peer will use the shortest path route > regardless of route being used to send BFD control packets towards > it. > > Is "These standards" referring to the three former or the four latter? > > For the case where a LSP is explicitly routed it is likely that the > shortest return path to the ingress BFD peer would not follow the > same path as the LSP in the forward direction. The fact that BFD > control packets are not guaranteed to follow the same links and nodes > in both forward and reverse directions is a significant factor in > producing false positive defect notifications, i.e. false alarms, if > used by the ingress BFD peer to deduce the state of the forward > direction. > > There may be an implicit mis-assumption in this text and overall approach: the > fact that traffic flows on one direction does not imply that the reverse > direction using the same interfaces and nodes would actually be consequently > properly programmed and working. > > This document defines the BFD Reverse Path TLV as an extension to LSP > Ping [RFC8029] and proposes that it is to be used to instruct the > egress BFD peer to use an explicit path for its BFD control packets > associated with a particular BFD session. > > This text assumes that the BFD return path is MPLS. However, my > understanding > from RFC 5884 is that this is not necessarily the case, and the return can be > IP. > > When BFD is used to monitor unidirectional explicitly routed path, > e.g. MPLS-TE LSP, BFD control packets in forward direction would be > in-band using the mechanism defined in [RFC5884] and [RFC5586]. > > Which BFD uses RFC 5586? RFC5586 says that is not needed: > > "Some of these functions can be supported using existing > tools such as Virtual Circuit Connectivity Verification (VCCV) > [RFC5085], Bidirectional Forwarding Detection for MPLS LSPs (BFD- > MPLS) [BFD-MPLS], LSP-Ping [RFC4379], or BFD-VCCV [BFD-VCCV]." > > And then: > > o a failure detection by ingress node on the reverse path cannot be > interpreted as bi-directional failure unambiguously and thus > trigger, for example, protection switchover of the forward > direction without possibility of being a false positive. > > To address this scenario the egress BFD peer would be instructed to > use a specific path for BFD control packets. > > But using a specific path for return cannot either imply "interpreted as > bi-directional failure unambiguously", so the scenario is not *addressed*. > > The BFD Reverse Path TLV carries information about the path onto > which the egress BFD peer of the BFD session referenced by the BFD > Discriminator TLV MUST transmit BFD control packets. The format of > the BFD Reverse Path TLV is as presented in Figure 1. > > What does the remote endpoint do with that "MUST" if the return FEC goes > away? > > There also seem to be some self-contradiction. This document says: > > LSP ping, defined in [RFC8029], uses BFD Discriminator TLV [RFC5884] > to bootstrap a BFD session over an MPLS LSP. This document defines a > new TLV, BFD Reverse Path TLV, that MUST contain a single sub-TLV > that can be used to carry information about the reverse path for the > BFD session that is specified by value in BFD Discriminator TLV. > > And then says: > > Reverse Path field contains a sub-TLV. > > But then says: > > None, one or more sub-TLVs MAY be included in the BFD Reverse > Path TLV. If none sub-TLVs found in the BFD Reverse Path TLV, the > egress BFD peer MUST revert to using the default, i.e., over IP > network, reverse path. > > So is it only one, or none/one/multiple? > > I believe it needs to be multiple since then a Tunnel can be specified. But the > document as-is seems self-contradicting. > > Further, where has that "default" been defined as "over IP network"? > > There's another contradiction here: > > If the egress LSR cannot find the path specified in the Reverse Path > TLV it MUST send Echo Reply with the received Reverse Path TLV and > set the Return Code to "Failed to establish the BFD session. The > specified reverse path was not found" Section 3.3. The egress BFD > peer MAY establish the BFD session over IP network as defined in > [RFC5884]. > > So the response is "Failed to establish the BFD session." But then it MAY > establish the session? And, again, what if the path is found at bootstrap but > lost afterwards? > > 4. Use Case Scenario > > The fact that A-B-C-D-G-H works does not mean that the reverse, H-G-D-C-B-A, > will work. > > 6. Security Considerations > > Security considerations discussed in [RFC5880], [RFC5884], [RFC7726], > and [RFC8029], apply to this document. > > There seem to be additional security considerations with returns taking > explicit paths, and should be expanded in here. > > Net-net, I do have concerns about this document. I believe it is not ready to > advance, and could use more whiteboard time as well as a review by BFD > experts. > > Best, > > Carlos Pignataro.
- [RTG-DIR] Rtgdir early review of draft-ietf-mpls-… Carlos Pignataro
- Re: [RTG-DIR] Rtgdir early review of draft-ietf-m… BRUNGARD, DEBORAH A
- Re: [RTG-DIR] Rtgdir early review of draft-ietf-m… Greg Mirsky
- Re: [RTG-DIR] Rtgdir early review of draft-ietf-m… Jeffrey Haas
- Re: [RTG-DIR] Rtgdir early review of draft-ietf-m… Greg Mirsky
- Re: [RTG-DIR] Rtgdir early review of draft-ietf-m… Jeffrey Haas
- Re: [RTG-DIR] Rtgdir early review of draft-ietf-m… Greg Mirsky
- Re: [RTG-DIR] Rtgdir early review of draft-ietf-m… Carlos Pignataro (cpignata)
- [RTG-DIR] Fwd: Rtgdir early review of draft-ietf-… Greg Mirsky
- Re: [RTG-DIR] Rtgdir early review of draft-ietf-m… Carlos Pignataro (cpignata)
- Re: [RTG-DIR] Rtgdir early review of draft-ietf-m… Greg Mirsky
- Re: [RTG-DIR] Rtgdir early review of draft-ietf-m… Greg Mirsky