Re: Benjamin Kaduk's No Objection on draft-ietf-rtgwg-policy-model-30: (with COMMENT)
Yingzhen Qu <yingzhen.ietf@gmail.com> Thu, 12 August 2021 21:58 UTC
Return-Path: <yingzhen.ietf@gmail.com>
X-Original-To: rtgwg@ietfa.amsl.com
Delivered-To: rtgwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA6183A07B1; Thu, 12 Aug 2021 14:58:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3QLHKTxytrtm; Thu, 12 Aug 2021 14:58:28 -0700 (PDT)
Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com [IPv6:2607:f8b0:4864:20::633]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC8A13A07AB; Thu, 12 Aug 2021 14:58:27 -0700 (PDT)
Received: by mail-pl1-x633.google.com with SMTP id d1so9227043pll.1; Thu, 12 Aug 2021 14:58:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=uFQtM+/R1opkISirTdSqVtgRXNIyNO7jzIYDUSMfZs8=; b=jLiujT6WUyng3yFWlhIQw8D+B5jAuvm1hdOXG0nyIP9zX1ctPU0wZ1Rl5dj8PSl0J3 FSbYcsZ9bZpsaKBspV+XZNdo8DtNnUPq5TFwiU79h8K8VObL8qmlwEZKQOGOpdkbRGaW Y0qZFFoNdZsOikIrm1wQeIOv/d+2WlJFQ+MKCWQ6Ob8rhG2BErVgx6saSYsuLYCq/7Qq 8zKarDKKWMfxqSJUKPVIiRbvQHpvhduTIuHPiM7peRwaDqG7aNS5IlIxN5DeuIayzMj7 tYBVkASCrYta2U9x32sugrV+7xUQcaeO4ZFjhVtHdjpnV3AdxAJqK3r0Eku8UIPKmeG6 X/iA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=uFQtM+/R1opkISirTdSqVtgRXNIyNO7jzIYDUSMfZs8=; b=eQ0ZUQSlg7zBO/MIrcOxt5/xO5Eu9H8UUiPpGaPCNR51RteYgSbc8i5MHLDONqybEh +s254gyJs2pHaceiMmCXvF8Qr8mUxqIi3or+GtevGuDsBp22J+JOrT7oZKFRcVz8y800 Brud13T8e8e8fvHG5a0YT7EOYRubTuKZbs9UTvFBCHjAiIlCdGY88kyUPu+KinMlyJxh 2mbVWxFp7fCSwm6eAOfgBqSKCkHpNHcJNcdnk/hM0PauX1EcVKQMjBWt2rPnLmZ2PaJT Q5/5+N7PXgfCwH7dhVmIR9KQ9M3sL919i0Ir5RUZCChLT153AQShfxHPr3p1ASqSvqYF GBKQ==
X-Gm-Message-State: AOAM531KE4xI/B4WRYRduqmlWqRks4NCJBhGwr0ImTW+wuKetqsg0S4Z /+DqTRVmYPSuuMYF4bqKqQ==
X-Google-Smtp-Source: ABdhPJx6oPfIDgFBEoDrHeXUDo2svgmeUGIhgInrOiTN2nFE0jetk1DkOOSX9f9VrYRfCdNhRZNeNw==
X-Received: by 2002:a63:f241:: with SMTP id d1mr5698690pgk.424.1628805506198; Thu, 12 Aug 2021 14:58:26 -0700 (PDT)
Received: from ?IPv6:2601:646:9702:c61:d1:fd8c:dec2:db26? ([2601:646:9702:c61:d1:fd8c:dec2:db26]) by smtp.gmail.com with ESMTPSA id dw4sm10892325pjb.57.2021.08.12.14.58.25 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 12 Aug 2021 14:58:25 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.40.0.2.32\))
Subject: Re: Benjamin Kaduk's No Objection on draft-ietf-rtgwg-policy-model-30: (with COMMENT)
From: Yingzhen Qu <yingzhen.ietf@gmail.com>
In-Reply-To: <162855264058.4188.9202453223918983954@ietfa.amsl.com>
Date: Thu, 12 Aug 2021 14:58:23 -0700
Cc: The IESG <iesg@ietf.org>, draft-ietf-rtgwg-policy-model@ietf.org, rtgwg-chairs <rtgwg-chairs@ietf.org>, routing WG <rtgwg@ietf.org>, Chris Bowers <chrisbowers.ietf@gmail.com>, aretana.ietf@gmail.com
Content-Transfer-Encoding: quoted-printable
Message-Id: <7468E53E-9DDC-4DFB-97F8-CEE0B0389825@gmail.com>
References: <162855264058.4188.9202453223918983954@ietfa.amsl.com>
To: Benjamin Kaduk <kaduk@mit.edu>
X-Mailer: Apple Mail (2.3654.40.0.2.32)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtgwg/GvpeXyN8pEsv9PXkpEREXznaCRw>
X-BeenThere: rtgwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Routing Area Working Group <rtgwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtgwg/>
List-Post: <mailto:rtgwg@ietf.org>
List-Help: <mailto:rtgwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Aug 2021 21:58:33 -0000
Hi Benjamin, Thank you for your review and comments. Please see my answers inline. Thanks, Yingzhen > On Aug 9, 2021, at 4:44 PM, Benjamin Kaduk via Datatracker <noreply@ietf.org> wrote: > > Benjamin Kaduk has entered the following ballot position for > draft-ietf-rtgwg-policy-model-30: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-rtgwg-policy-model/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Section 4.2 > > Comparison conditions may similarly use options to change how route > attributes should be tested, e.g., for equality or inequality, > against a given value. > > I'm not sure if this is stale text, or if still current, which > operations it refers to (e.g., where is an "inequality" option > offered?). Perhaps it is referring to the potential behavior of future > augmentations? > [Yingzhen]: You’re right, this is referring to the potential behavior of comparison, just like “match-set-options”. > Section 4.4 > > Note that the called policy may itself call other policies (subject > to implementation limitations). The model does not prescribe a > nesting depth because this varies among implementations. For > example, an implementation may only support a single level of > subroutine recursion. [...] > > Is there a useful way to programmatically determine the nesting limit of > a given implementation, or is this more of just a "read the > documentation" thing? [Yingzhen]: this is implementation specific. Usually it’s not a good idea to nest many levels anyway since it’s error prone. > > Section 5 > > Whether or not the route's pre-policy attributes are used for testing > policy statement conditions is dependent on the implementation > specific value of the match-modified-attributes leaf. If match- > modified-attributes is false and actions modify route attributes, > these modifications are not used for policy statement conditions. > Conversely, if match-modified-attributes is true and actions modify > the policy application-specific attributes, the attributes as > modified by the policy are used for policy condition statements. > > Are these "actions" in question only for the current policy statement, > all policy statements in the current policy definition, or all policy > definitions? (I see on second read that this is an "ro" node at > effectively global scope, and so likely to be at the broadest "all > policy statements" scope, but I would still welcome some clarification. [Yingzhen]: It is meant for all policy statements. > > Section 7.2 > > enum add-metric { > description > "Add the specified value to the existing metric. > If the result would overflow the maximum metric > (0xffffffff), set the metric to the maximum."; > } > > Is the parenthetical always fully generic? I seem to recall that, e.g., > the Babel YANG model uses a 16-bit field for the metric. > [Yingzhen]: Protocols have different metric lengths. Here the maximum length is used for simplicity, and the implementation should use the right length. > container apply-policy { > > It slightly surprised me that the import-policy and export-policy lists > both required an instance, but I am rather distanced from what is > actually done in practice, and it doesn't seem too hard to put in a > "reject everything" policy if needed. OTOH, there are *also* separate > default-{import,export} policy leaves, that do have a default reject, so > the need to explicitly set at least one policy in both direction may be > overkill. [Yingzhen]: “require-instance” here means the policy-definition being referred to needs to exist, but there is no “min-elements” required for the leaf-list, so it can be empty. Hope this clarifies. > > leaf-list tag-value { > type tag-type; > description > "Value of the tag set member."; > > The tag-type is a union of uint32 and hex-string; does the notion of > "equivalence" for matching tags do any type conversion between those? > If not, a warning that the value set here must be of the correct type to > match the received (or generated?) route might be in order. [Yingzhen]: This is a common practice in YANG. A union is chosen because there are cases one of the types in the union is used. Implementations are expected to figure out the right type. So I don’t think a warning is necessary. > > container match-interface { > leaf interface { > type leafref { > path "/if:interfaces/if:interface/if:name"; > > Is it always the case that the interface over which we receive a route > and the interface that traffic on that route is sent will be the same? > Or do we have to worry about potential skew between the two ways that > the interface comes into play? [Yingzhen]: It’s not always true that the interface received a route is the same as traffic received. Routing policy or policy based routing can be tricky and has to be designed carefully to avoid creating loops. > > container match-neighbor-set { > > I don't understand why there's no "match-set-options" analogue for > match-neighbor set. Does the neighbor set use "ANY" matching semantics, > then? > [Yingzhen]: This is actually debatable and was brought up before. The authors decided to not have an option, and the match “ALL” option obviously doesn’t make sense for neighbors. > leaf set-route-preference { > type uint16; > description > "Set the preference for the route. It is also > known as 'administrative distance', allows for > selecting the preferred route among routes with > the same destination prefix. A smaller value is > more preferred."; > > Thank you for including the last sentence! > > Section 8 > > We should probably mention the apply-policy grouping as being > security-relevant (and how). [Yingzhen]: We leave this to the model using the grouping. > > Section 11.1 > > Since RFCs 6241 and 8040 are only referenced from the security > considerations boilerplate (as examples of how YANG modules can be > used), they may not need to be classified as normative. > [Yingzhen]: we’re following other published IETF models. Unless you have a strong opinion, I’m going to leave as it is. > Appendix A,B > > I didn't do much of a review here, since I'd need to understand > draft-ietf-idr-bgp-model in order to have very much useful to say, and > any such comments would accordingly be better directed at that draft. > > NITS > > Section 4.4 > > As an editorial matter, I'd consider adding a statement along the lines > of "when call-policy elements are present, a given policy statement > matches if all called policies return accept-route and all the other > conditions in the policy statement also match". There don't seem to be > any other ways to read the current text that are reasonable, but it took > me a bit of thinking to work it out. [Yingzhen]: I’ll leave this to RFC editor. > > Section 7.2 > > identity isis-level-1-2 { > base route-level; > description > "Identity for IS-IS Level 1 and Level 2 area importation. It > is only applicable to routes imported into the IS-IS > protocol."; > > The "importation into both" phrasing from ospf-normal-nssa reads much > more clearly to me than what's here. [Yingzhen]: how about I change it to “Identity for ISIS importation into both Level 1 and Level 2 areas.”? Will change it in the next version. > > container prefixes { > description > "Container for the list of prefixes in a policy > prefix list. Since individual prefixes do not have > unique actions, the order in which the prefix in > prefix-list are matched has no impact on the outcome > and is left to the implementation. A given prefix-set > condition is satisfied if the input prefix matches > any of the prefixes in the prefix-set."; > > The last sentence seems like it could be removed, since the > match-set-options leaf is what actually specifies the matching behavior > (and is not always "any"). [Yingzhen]: I think this is fine. For prefix-set, "match-set-options-restricted-group” is used. > > leaf set-application-tag { > type tag-type; > description > "Set the application tag for the route. > The application-specific tag is an additional tag > that can be used by applications that require > semantics and/or policy different from that of the > tag. For example, the tag is usually automatically > advertised in OSPF AS-External Link State > Advertisements (LSAs) while this application-specific > tag is not advertised implicitly."; > > This seems to make more sense if I apply s/implicitly/explicitly/. [Yingzhen]: This is intentional. Application-tags don’t get advertised automatically/implicitly. > > Section 8 > > /routing-policy/defined-sets/prefix-sets -- Knowledge of these > data nodes can be used to ascertain which local prefixes are > susceptible to a Denial-of-Service (DoS) attack. > > /routing-policy/defined-sets/prefix-sets -- Knowledge of these > data nodes can be used to ascertain local neighbors against whom > to mount a Denial-of-Service (DoS) attack. > > The second one reads like it should be "neighbor-set" rather than > "prefix-sets". > > /routing-policy/policy-definitions/policy-definition /statements/ > > Spurious space. > [Yingzhen]: Thanks for catching these. I’ll fix them in the next version. > >
- Benjamin Kaduk's No Objection on draft-ietf-rtgwg… Benjamin Kaduk via Datatracker
- Re: Benjamin Kaduk's No Objection on draft-ietf-r… Yingzhen Qu