RE: [EXTERNAL] Re: Rtgdir Last Call review of draft-ietf-rtgwg-policy-model
Jon Hardwick <jonhardwick@microsoft.com> Mon, 19 July 2021 10:54 UTC
Return-Path: <jonhardwick@microsoft.com>
X-Original-To: rtgwg@ietfa.amsl.com
Delivered-To: rtgwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 899583A2F1E; Mon, 19 Jul 2021 03:54:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QBZVFVl6iSOn; Mon, 19 Jul 2021 03:54:06 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on070e.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0d::70e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88BE43A2F15; Mon, 19 Jul 2021 03:54:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ekEr0RpadAa76ebzA/v1ZcpNLn/CjC/21/uboJxX9S0juRzud8I7C1TrKp5OjF8eKLRhJpWmTwTpBv69pg4dZHHSDv5exkJun4U8roKSubi2vZAJjTGDoUZiAhvZX6JgQuu1ofSNjjjMKqryNvqei43rn5NQWPq54OI7hE7oDoAyPLMdNmumI6xGG+v9g0Nua1mfgm7es5cizsXolyU4x7jWgBa0hKkhDjCLII/YNXSSPmVXiG+YJ2kFxReeWNiq6S14lwYdr4cpgAdJ17chVw/VQS841kyKRsN5aR7k3JWSLoMjATM97+MW9g5gMsPOkxGYqOVsOPWRjW/Wsz1Hyg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0BSPejSFyuXGjU9xcLsCi+SuqWLuCfh5wiEB0wkSRBg=; b=J6pna8l6JK4PWBfkLFc2bFd+4UME2+gtERMJdPnAbmU9zpMxw7jZFyhkFoxNP8FvtoNzueGGtRUClrrGeEi7PKnFk8tfmWoSGZ/TA6c0NAc1iJhJWMySDcc5i69Am+eY9uuSTGB4thBEDoIrWLq9bN6ezaqDnhIxW4ZT7N/MUYaYiOHHK9Ptq+10wPPrPWTiVgO68avDYw7sIoBdod4gc5w843tOdx1cZP3w9pP8ceVBjiZs6xaS/3C9WL66qaMsVk/oN2xaivxdWF0Z/bytvyKB4JtAdNumQVM67aG2tyQsFiCZQ26o6f3p8thlYvfGbFoZjfhoRuDAe4bLJPXAXQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0BSPejSFyuXGjU9xcLsCi+SuqWLuCfh5wiEB0wkSRBg=; b=DRwKZ7rgvSVzN0ArmK/wzgIYtZAz+FlAMJwxPrksgR2t9hPURkvdEliiZ+s7nQi9p3ECsU9La8t7666IliaxkxWc8zMedPWJ9Bpxlrcbhtej9RgMFvfg93iTzUFc/Jne71s1Xz6xiZsqrShLGHBExIsrhHgMesbBtaxZGScR9gk=
Received: from AM7PR83MB0449.EURPRD83.prod.outlook.com (2603:10a6:20b:1b5::5) by AM5PR8303MB0068.EURPRD83.prod.outlook.com (2603:10a6:224:6::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.5; Mon, 19 Jul 2021 10:53:55 +0000
Received: from AM7PR83MB0449.EURPRD83.prod.outlook.com ([fe80::50db:87ce:253e:f127]) by AM7PR83MB0449.EURPRD83.prod.outlook.com ([fe80::50db:87ce:253e:f127%5]) with mapi id 15.20.4373.005; Mon, 19 Jul 2021 10:53:55 +0000
From: Jon Hardwick <jonhardwick@microsoft.com>
To: Yingzhen Qu <yingzhen.ietf@gmail.com>
CC: "rtg-ads@ietf.org" <rtg-ads@ietf.org>, "draft-ietf-rtgwg-policy-model.all@ietf.org" <draft-ietf-rtgwg-policy-model.all@ietf.org>, "rtg-dir@ietf.org" <rtg-dir@ietf.org>, "rtgwg@ietf.org" <rtgwg@ietf.org>
Subject: RE: [EXTERNAL] Re: Rtgdir Last Call review of draft-ietf-rtgwg-policy-model
Thread-Topic: [EXTERNAL] Re: Rtgdir Last Call review of draft-ietf-rtgwg-policy-model
Thread-Index: AddqdlcatIWqYTSdSLCxvFlaoKpylgCspxEAA9eQ1rA=
Date: Mon, 19 Jul 2021 10:53:55 +0000
Message-ID: <AM7PR83MB0449A29CF92619F0BE68A342A3E19@AM7PR83MB0449.EURPRD83.prod.outlook.com>
References: <DBAPR83MB045519A0508729F01EE43576A3059@DBAPR83MB0455.EURPRD83.prod.outlook.com> <88D465F6-19F6-48C3-AA16-C25B49F89C28@gmail.com>
In-Reply-To: <88D465F6-19F6-48C3-AA16-C25B49F89C28@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=1d8aefbb-6fef-45ed-a7bc-7fa35daf3512; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2021-07-19T10:17:01Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d2be2bb9-f930-4da8-39bf-08d94aa38100
x-ms-traffictypediagnostic: AM5PR8303MB0068:
x-microsoft-antispam-prvs: <AM5PR8303MB006834A9A7D8110F2CD5F689A3E19@AM5PR8303MB0068.EURPRD83.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: aHfQPB0gj1ynIpTRMN0NXOm4NuqJhPIVfbPCRTmzUYgqyiNAKZzxNwD8qCCg7nnxw1tpi6MRvm+kGNPNz1DC7q+pujFslTCeouMEXjNJ+5m4nbOCBajzr/gVVdVyKW4+pqa+/fudjorZCoUSNiapBymmpil6xO4YNBnno5Wx4raKIBXTRC0YKAaf9jaJqw025fNMxSwBpXe7Vb1PAC1lzRHShUp1InhxSDKm5kafcgLiKdmWzYeFXM7+vpYXYKhRRkcc62FPT6/9rAIopLiZvnFMxbjaWRkhemWl09gPypgpwCIO6yxPEYB2xKpmWt+1urTnU1HZTxtBp9oHPhB6d6TX/D/twBeyCcvzAbbiWJ+3gRTxzw2BfLNGERKcdMG7l7AfibRMlX+/3tSR0VRt3rc1AH1c5Ww7GtxFYG355H2VhjC4sbUyAECU4cfrbpdD/m8DlllOtvyzghqhNR3Iy4tUzcy4+XE3dk3a0STDz9VDC6RiyjcRElombdC1BvWLlHMFRvRTFdfNYIDV9zMRLpCWLfZY2C4Lny0TG62n3PfOru7xg+HTV6ZYKLwNzSSNbQE99pEp/4vb5/69BmTCA6T7EuCB/9+hcbY+XsfYnDfFbqxvISqlO9CVFvaoxz6p7+yqNj+STCEPNU7hNBfnL+GXlLOCd5Zh7TgpNmtfpt0cUMphcqBHs9hEDPHZWUCa5Nge7Puej09vwjI99NA3VHsUbYYEoL3wbT79+x+WsaT+RyDAV/vOiQFTJNgQAkevyov3U34gClGxtlqfovDU1gcpvGEf9C97FgWuLPwf9xw=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR83MB0449.EURPRD83.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(316002)(66446008)(66556008)(33656002)(64756008)(54906003)(66476007)(76116006)(66946007)(7696005)(10290500003)(508600001)(71200400001)(53546011)(5660300002)(6506007)(38100700002)(2906002)(122000001)(9686003)(55016002)(86362001)(6916009)(8990500004)(8936002)(166002)(26005)(52536014)(186003)(83380400001)(4326008)(82960400001)(8676002)(82950400001)(66574015)(38070700004); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: m4T32zu9ZEMq4Wa13uSDgoZjfqCTfFh8M7/dunC8B5N1Ez8SZpV5TjMIlrh1xnqehpt/pS6lNtcRF5n16/6NbYaLi9qU9+VdNayWdEx//diMGadzcE00ekMEbjAtrD/lVesdaP2ezWX2jDdela3EN+YEvqgXaPqhuF6mXqJPLb0GWMBXWAAGV18aMm/IzrgIzdZYW7ZpzIaN0KJvAnwxV3I20OYyhlhu84tZEjyhShZU9kcMh5Z0vgXYm72MWqymN5qkizR9tmdSpuKHWt47fPES6wsyBn4UH3afnPyvkzzzkF9GThArmeVFqfRZPO6ehnqCrNjKdJKj24PBrVn26Uihh/E8CS1CnReOatzHFguu2BM1hiUjeW9SDdOFzt5+az/64vceKpTDN6KbaIUyE5TDmg1mbF+7tdOsghCBx0RNrjzi1Kbr0ZU6NOO8K5ytbFQr6u5JPngigFEoXQBs1zbYVW/CsgkwL96P1/kE6y5V/UG5QieOWjyL3TvBn7++AJzY10EI2Y+UlhGNe4RHohDBxE/NXSz2J0cNo7dAVgBvoxSNwfn5IZQQCCnT3zifsN17qQ4Ze4L5omw1uOx5OtDrzrMdk7AjXSfxF+UUMNLpUMDtBeGkDqG8j4yTLGy+0aOxQWHQNwMLGckxYRYOHTVF9mOm4IjFr2/nfFuVYdfTKFev8OKTn8kLRCwlcL0ldxqGPl/nkxmAwhVXyRvHZDyyihuivIGuweXLdj3bmoYtWHMlYcVQy9zCUINigqb/ga801EG3nbKY71lcATaNmg5q+hTJT05BR5n5VXzwoDatmFbjDzdsozOvv0Jxp5wz41ECLT3WMTZexbKRxedMmcg528MYm8YLjE3flLOSXSsxU+Tkys8l7xVEkhHt0ZL/UlZxu5CahgGN+KSZDrEekReH5Z2Cn+ywI329vJhWYPQbzIEOFzoJXYFIBe9QbLBcWRq9WzdFZZ4/NUJlUSQh+xOR6xHK1pFVtrVcSPeYxZEj4gGr7+6WCox1V7ngUdQv/3umcc6aDhI06B+n+ZTFj2Lmw0VPjOgeQ8quNUquMdgjIbJRiFI7abhshAjjP0mP9Wwy9/Pgde7qAAQmoI7QNfzValPEsVeyHxNrC3OcY/VVptSkA1jKUpg1hByVGkdKS0iK6EZLKiIy9Q8aL79fQy0h0fGI7PV1SjBDtpi6JavMQ+xs2REIt4+HWpweepA5k2afbT/1tR5OkpRz1EJls0QPqC8Vz8vQPFJDcD1euhs=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM7PR83MB0449A29CF92619F0BE68A342A3E19AM7PR83MB0449EURP_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR83MB0449.EURPRD83.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d2be2bb9-f930-4da8-39bf-08d94aa38100
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jul 2021 10:53:55.2602 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Zth9I4eCJkDkEF084WlkPbcVCWvQ8g4Tv2d461obRJK7nincTH/x3ypy782rgZ6+eDmKYPcwNHKs2mkdzaIjdTh0a2MFNw1CNc2RD+edB/k=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5PR8303MB0068
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtgwg/jYOlELo03SST8E_z6zT481YD1nM>
X-BeenThere: rtgwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Routing Area Working Group <rtgwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtgwg/>
List-Post: <mailto:rtgwg@ietf.org>
List-Help: <mailto:rtgwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jul 2021 10:54:12 -0000
Hi Yingzhen Sorry for the delay in replying. I'd like to discuss a couple of points - please see [Jon] below... Cheers Jon From: Yingzhen Qu <yingzhen.ietf@gmail.com> Sent: 29 June 2021 21:54 To: Jon Hardwick <jonhardwick@microsoft.com> Cc: rtg-ads@ietf.org; draft-ietf-rtgwg-policy-model.all@ietf.org; rtgdir@ietf.org; rtgwg@ietf.org Subject: [EXTERNAL] Re: Rtgdir Last Call review of draft-ietf-rtgwg-policy-model Hi Jon, Thanks for the review. Please see my answers inline. Thanks, Yingzhen On Jun 26, 2021, at 3:32 AM, Jon Hardwick <jonhardwick@microsoft.com<mailto:jonhardwick@microsoft.com>> wrote: I have been selected as the Routing Directorate reviewer for this draft. The Routing Directorate seeks to review all routing or routing-related drafts as they pass through IETF last call and IESG review, and sometimes on special request. The purpose of the review is to provide assistance to the Routing ADs. For more information about the Routing Directorate, please seehttp://trac.tools.ietf.org/area/rtg/trac/wiki/RtgDir<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftrac.tools.ietf.org%2Farea%2Frtg%2Ftrac%2Fwiki%2FRtgDir&data=04%7C01%7Cjonhardwick%40microsoft.com%7Ca0bc7d462cb04c5b9b8c08d93b4017be%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637605969366145175%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=125uhU%2BTkuy9ob8mjpThRjDX48MaRmzxg%2B0Q%2FTaKgZ0%3D&reserved=0>. Although these comments are primarily for the use of the Routing ADs, it would be helpful if you could consider them along with any other IETF Last Call comments that you receive, and strive to resolve them through discussion or by updating the draft. Document: draft-ietf-rtgwg-policy-model-29 Reviewer: Jon Hardwick Review Date: Jun 26th, 2021 Intended Status: Standards Track Summary: This document provides a foundational framework for the definition of routing protocol policies regarding the filtering in / out of routes when they are imported / exported between routing protocol neighbors and/or routing protocols and the RIB. Its purpose is to provide a framework which can be augmented by routing protocols in their policy YANG modules. I think that the document meets its goal very well. The document is in good shape. It's clear, well-defined in its scope and easy to read. I have a few minor concerns that I would like to see addressed before publication. Minor Comments: Section 4.2 Why no match-set-options for neighbor-set? Is there no application for differentiating between "any of these neighbors" and "none of these neighbors"? You can only match on a single interface. Why is that? Was there no use case for any ANY / INVERT match on a set of interfaces? I am thinking of multihoming use cases. [Yingzhen]: Typically you can apply a route-policy or route-map to an interface or a neighbor, plus you can configure multiple route policies. I didn't get your multihoming example, would you please elaborate? And why the current module doesn't work? [Jon]: I Am Not An Operator so I don't have a real use case, but this is more of a question / thought experiment about how it will be used. It could be that I've misunderstood how this would be done in your model so please explain if I've got this wrong. Say I am configuring an L3VPN for a customer who will be multi-homed into my router over two interfaces (or more) and that I want to apply the same policy to all those interfaces. In a "traditional" CLI I might create a route map and then configure a reference to that route map on each interface. In this YANG model it looks like I must configure two identical policy statements, one matching on interface A and the other matching on interface B, because I have no ability to configure "match on either interface A or interface B". The difference with the route map seems to be that I've had to configure the same policy statement twice. Perhaps this example might be solved by matching on a neighbor-set or on a VRF instead. I was just surprised not to see an equivalent interface-set. "Comparison conditions may similarly use options..." - what do you mean by a "comparison condition"? The term is not used elsewhere in the document. [Yingzhen]: This is not really a term. It simply meant how to compare or the conditions to compare. I'd suggest we leave this to RFC editor. [Jon] It's just that it sounds like it means something specific. The text says "Match conditions may be further modified... Comparison conditions may further use..." and this makes me wonder what the difference is between a match condition and a comparison condition. If I had to take a guess, it sounds like "match condition" refers to comparing against a set of values whereas "comparison condition" refers to comparing against a single scalar value. The basic conditions defined in this base model appear to only use set comparisons, but you are saying that other models can augment this with single scalar value comparisons, in which case those models can also define "less than, greater than" etc. options to control the match, although those types of option are not defined here in the base model. Is that right? In which case, I wonder if it is even worth saying / explaining, or perhaps removing this sentence and leaving it to the augmenting models to define what they want? [Jon]: Actually I have spotted another comment I want to make. In "grouping neighbor-set-condition" the description says "Match a referenced neighbor set according to the logic defined in the match-set-options-leaf" but there is no such leaf in this grouping. Should there be, or is the description wrong? [Jon]: One more nit - the description for "grouping tag-set-condition" refers to the "match-options-set leaf" - it should be "match-set-options leaf". Section 5 "If the conditions are not satisfied, then evaluation proceeds to the next policy statement" I think that evaluation also proceeds to the next policy statement if the conditions were satisfied, but the actions did not include either accept-route or reject-route. Is that correct? I think it would be worth making that explicit. [Yingzhen]: This is included in the first paragraph of section 5. Please let us know if you think it's not clear. [Jon] Yes, on re-reading it, I think it's fine as written. Section 7.2 p21: description "Mask length range lower bound. It MUST NOT be less than the prefix length defined in ip-prefix."; Why must it not be? And is there a situation in which it makes sense to allow it to be greater than the prefix length defined in ip-prefix? Should there be a "must" clause to police this constraint? [Yingzhen]: Here are a couple of prefix-list config examples. The "MUST NOT" might be a bit strong in the description, but I suppose most implementations would reject it if you config it less than the prefix length. 1. Router(config)# ip prefix-list MYLIST 10.1.1.0/24 le 30 Router(config)# ip prefix-list MYLIST 10.1.1.0/24 ge 26 le 30 [Jon]: This is fine - I retract the comment (not sure what I was thinking now!). p29: description "Policy statements group conditions and actions within a policy definition. They are evaluated in the order specified (see the description of policy evaluation at the top of this module."; Missing close-parenthesis in this description. [Yingzhen]: thank you for catching this. I've noted it down, will fix it in the next version. Best regards Jon
- Rtgdir Last Call review of draft-ietf-rtgwg-polic… Jon Hardwick
- Re: Rtgdir Last Call review of draft-ietf-rtgwg-p… Yingzhen Qu
- RE: [EXTERNAL] Re: Rtgdir Last Call review of dra… Jon Hardwick
- Re: [EXTERNAL] Rtgdir Last Call review of draft-i… Yingzhen Qu