Fw: Routing Directorate comments on draft-ietf-ccamp-automesh-01
"Adrian Farrel" <adrian@olddog.co.uk> Fri, 22 September 2006 14:20 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GQlt4-0001eN-60; Fri, 22 Sep 2006 10:20:18 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GQlt0-0001cp-P5 for rtg-dir@ietf.org; Fri, 22 Sep 2006 10:20:14 -0400
Received: from mail2.noc.data.net.uk ([80.68.34.49]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GQlt0-0006kj-2O for rtg-dir@ietf.org; Fri, 22 Sep 2006 10:20:14 -0400
Received: from 57-99.dsl.data.net.uk ([80.68.57.99] helo=cortex.aria-networks.com) by mail2.noc.data.net.uk with esmtp (Exim 3.36 #1) id 1GQlsw-0004eL-00 for rtg-dir@ietf.org; Fri, 22 Sep 2006 15:20:10 +0100
Received: from your029b8cecfe ([217.158.132.175] RDNS failed) by cortex.aria-networks.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 22 Sep 2006 15:20:07 +0100
Message-ID: <110101c6de52$30f0a680$0a23fea9@your029b8cecfe>
From: Adrian Farrel <adrian@olddog.co.uk>
To: rtg-dir@ietf.org
Date: Fri, 22 Sep 2006 15:19:21 +0100
Organization: Old Dog Consulting
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="response"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-OriginalArrivalTime: 22 Sep 2006 14:20:08.0538 (UTC) FILETIME=[350D33A0:01C6DE52]
X-Spam-Score: 0.1 (/)
X-Scan-Signature: f0b5a4216bfa030ed8a6f68d1833f8ae
Subject: Fw: Routing Directorate comments on draft-ietf-ccamp-automesh-01
X-BeenThere: rtg-dir@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Adrian Farrel <adrian@olddog.co.uk>
List-Id: Routing Area Directorate <rtg-dir.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:rtg-dir@ietf.org>
List-Help: <mailto:rtg-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=subscribe>
Errors-To: rtg-dir-bounces@ietf.org
Also this one. ----- Original Message ----- From: "Adrian Farrel" <adrian@olddog.co.uk> To: "JP Vasseur" <jvasseur@cisco.com> Cc: <ccamp@ops.ietf.org>; "Ross Callon" <rcallon@juniper.net>; <rtg-dir@cisco.com> Sent: Thursday, September 21, 2006 5:48 PM Subject: Re: Routing Directorate comments on draft-ietf-ccamp-automesh-01 > Hi JP, > > Thanks for addressing the comments. I have forwarded these to the Routing > Directorate and copied them on this email to let them respond if they > want. But here are my comments: > >>> 1) The Tail-end name field facilitates LSP identification. Is this >>> a new form of LSP identification? >>> If it is not new, then there should be a reference to RFC3209 and a >>> statement of which RFC3209 fields are mapped to this IGP field. >>> If it is not new then there is a significant concern that a new >>> identification is being introduced when it is not needed. >> >> As indicated in the document the string refers to a "Tail-end" name, >> not an TE LSP name: thus it does not replace the session name of the >> SESSION-ATTRIBUTE object defined in RFC3209. > > Hmmm, yes it is not an LSP name, but recall that the LSP is identified by > a combination of Session and Sender Template, and that the Session > includes the destination IP address. In Section 3.2 I see: > - A Tail-end name: string used to ease the TE-LSP naming. > and in Section 4.1: > - A Tail-end name: a variable length field used to facilitate the TE > LSP identification. > > These definitions seem to imply that the tail-end name is used as an > identifier for the LSP. The question that will be asked is: How does this > identification of an LSP differ from the conventional identification of > the LSP? Given that you also have: > - A Tail-end address: an IPv4 or IPv6 IP address to be used as a > tail-end TE LSP address by other LSRs belonging to the same mesh- > group > it appears that the tail-name is superfluous information. > > So, perhaps the name is present for diagnostic purposes? Perhaps it is > there to ease OAM? But it does not seem to play any role in the protocol > procedures as it is not explicitly mentioned later in the I-D (e.g. > Section 5). > > How would a node behave if it received a mesh group advertisement that > indicated a tail-end address that did not appear to match its record of > the tail-end name? > >>> 2) The document mentions that the number of mesh groups is limited >>> but potentially (depending on encoding) provides for binary >>> encoding for 2^32-1 groups (although this might be constrained by >>> OSPF's limit of a TLV size to 2^16 bytes. >>> The document (and the authors) state that scaling of these >>> extensions is not an issue because only a small number of mesh >>> groups are likely to be in existence in a network, and any one >>> router is unlikely to participate in more than a very few. >>> There are two concerns: >>> a) Whenever we say that something in the Internet is limited, >>> history usually proves us wrong. >> >> And that's undoubtedly a good news :-) >> >>> Indeed, there is already a >>> proposal (draft-leroux-mpls-p2mp-te-autoleaf-01.txt) that uses a >>> similar mechanism for a problem that would have far more groups. >> >> Two comments: >>- Mesh groups are used to set up TE LSP meshes. If we consider let >> say 10 meshes comprising 100 routers each, that gives us 99,000 TE >> LSPs. One can easily see that the number of meshes is unlikely to >> explode in a foreseeable future. If it turns out to be the case, >> we'll have other scalability issues to fix before any potential with >> the IGP. > > What about 100 meshes comprising 10 routers each? > I make that only 9,000 TE LSPs. > > So clearly the scaling of MPLS-TE is not directly related to the scaling > of automesh. > > What this comes down to is your statement about how automesh will be used. > I think we can all accept that this is the problem space that you intend > to deploy in, and that is great. But the original point from the Routing > Directorate was that there is nothing in the I-D that imposes this > restriction. So how can we say that the protocol extensions will scale? > >> - More importantly, the dynamics of joining a TE mesh is such that >> IGP updates are used to advertise to TE mesh group membership change >> (join or prune), which are indeed expected to be very unfrequent. > > Again, the concern raised is that the problem space you intend to deploy > in is, indeed, limited in this way. All good. But how can we say whether > the protocol extensions will be used differently in the future? What > controls are there over constructing a mesh where joins and prunes are > frequent? > >>> b) The I-D does not itself impose any reasonable limits on the >>> number of groups with the potential for a single router (by >>> misconfiguration, design, or malice) advertising a very large >>> number of groups. >>> Thus, it appears that the scaling concerns are not properly >>> addressed in this I-D. >> >>Not sure to see the point here. If indeed, a large number of TE MESH >>GROUPs were advertised, this would not impact the other LSRs since >>they would not create any new TE LSPs trying to join the new TE-MESH- >>GROUP. In term of amount of flooded information, this should not be a >>concern either (handled by routing). We clarified this in the >>security section. > > The impact on the other LSRs is exactly flooding question. Covering that > in the security section is fine for the misconfiguration and malice cases. > >>> 3) The document mentions that "The TE-MESH-GROUP TLV is OPTIONAL >>> and must at most appear once in a OSPF Router Information LSA or >>> ISIS Router Capability TLV." but for addition/removal it mentions >>> "conversely, if the LSR leaves a mesh-group the corresponding entry >>> will be removed from the TE-MESH-GROUP TLV." >>> What are these "entries" referring to - that there is a top-level >>> TE-MESH-GROUP TLV with multiple sub-TLVs (but the document mentions >>> "No sub-TLV is currently defined for the TE-mesh-group TLV") ? >>> >>> AF>> My comment on this is that the definition of the TLVs seems >>> AF>> unclear. >>> AF>> From figure 2, it appears that some additional information can be >>> AF>> present in the TLV after the fields listed, and (reading >>> AF>> between the lines) it would appear that this additional >>> AF>> information is a series of repeats of the set of fields to >>> AF>> define multiple mesh groups. >>> AF>> This could usefully be clarified considerably. >> >> >> You're absolutely right. The figures have been modified: >> >> (example show below): > > [SNIP] > Looks good to me. > >>> AF>> But it is now unclear to me whether a single router can be a >>> AF>> member of IPv4 an IPv6 mesh groups. It would seem that >>> AF>> these cannot be mixed within a single TLV, and multiple >>> AF>> TLVs (one IPv4 and one IPv6) are prohibited. >> >> OK the text requires some clarification. What is prohibited is to >> have two IPv4 sub-TLV or two IPv6 sub-TLV but one of each is >> permitted. New proposed text to clarify: >> >> The TE-MESH-GROUP TLV is OPTIONAL and at most one IPv4 instance and >> one IPv6 instance MUST appear in a OSPF Router Information LSA or >> ISIS Router Capability TLV. If the OSPF TE-MESH-GROUP TLV (IPv4 or >> IPv6) occurs more than once within the OSPF Router Information LSA, >> only the first instance is processed, subsequent TLV(s) will be >> silently ignored. Similarly, If the ISIS TE-MESH-GROUP sub-TLV (IPv4 >> or IPv6) occurs more than once within the ISIS Router capability TLV, >> only the first instance is processed, subsequent TLV(s) will be >> silently ignored. > > OK. That's fine. > I think you want to make a couple of changes: > - "at most one instance MUST appear" is ambiguous since it will > be confused with "an instance MUST appear". I suggest you > reword as "MUST NOT include more than one of each of" > - "If the OSPF TE-MESH-GROUP TLV (IPv4 or IPv6) occurs > more than once" should really be phrased as "If the either the > IPv4 or IPv6 OSPF TE-MESH-GROUP TLV occurs more > than once". Ditto for the IS-IS sub-TLV. > - Two instances of "will be silently ignored" should read "SHOULD > be silently ignored" > >>> 4) Small terminology issue in section 5.1 it says: "Note that both >>> operations can be performed in the context of a single refresh." >>> This is not a refresh. It is a trigger/update. A better term for >>> OSPF would be "LSA origination". >> >>OK fixed (I used the term "Update"), thanks. > > OK > >>> 5) Please state the applicability to OSPF v2 and or v3. Note that >>> the Router_Cap document covers both v2 and v3 >> >>Indeed, Thanks for the comments. The OSPFv3 aspects have been >>incorporated. Here is the new text: > > [SNIP] > OK > >>> 6) The term "fairly static" at the end of section 5.1 is >>> meaningless without some relative context. >>> Presumably this relates to the number times an LSR joins or leaves >>> a mesh group over time. >>> Is it intended to be relative to the IGP refresh period? >>> Please clarify in an objective rather than a subjective way. >> >> >> Right, this requires clarification. Here is the new text: Moreover, >> TE mesh-group membership should not change frequently: each time an >> LSR joins or leaves a new TE mesh-group. > > I could live with this, personally. We'll see whether we get any more > comments. > I think the nub will be: > 1. whether your "should not" can be "SHOULD NOT" > 2. what does "frequently mean"? > 3. what is there in this I-D to say that an LSR does not join/leave a > TE mesh-group very often? > >> I guess that this is sufficiently explicit: it is a well-known fact >> that LSRs are infrequently added or removed to a TE mesh. > > :-) Very well known. In fact, my mother was commenting on it to me only > the other day ;-) > > Consider the case where PE membership of an automesh is dependent on > whether there are C-nodes subscribed to some service. > > Perhaps this well known fact could be noted in the Introduction to this > I-D which is AFAIK the only IETF document on the subject of automesh. > >>> 7) The security section (section 8) is inadequate and will >>> undoubtedly be rejected by the security ADs. At the very least, the >>> I-D needs a paragraph (i.e. more than one or two lines) explaining >>> why there are no new security considerations. But what would be the >>> impact of adding false mesh groups to a TLV? Is there anything >>> (dangerous) that can be learned about the network by inspecting >>> mesh group TLVs? >> >> The following section has been added: > > [SNIP] > OK. Let's run with that and see how much we get beaten up by the Security > experts. > > Cheers, > Adrian
- Fw: Routing Directorate comments on draft-ietf-cc… Adrian Farrel
- Fw: Routing Directorate comments on draft-ietf-cc… Adrian Farrel
- Fw: Routing Directorate comments on draft-ietf-cc… Adrian Farrel
- Re: Fw: Routing Directorate comments on draft-iet… Dimitri.Papadimitriou