Re: RtgDir review: draft-ietf-rtgwg-policy-model-16
John Scudder <jgs@juniper.net> Mon, 06 July 2020 21:25 UTC
Return-Path: <jgs@juniper.net>
X-Original-To: rtgwg@ietfa.amsl.com
Delivered-To: rtgwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCF2A3A0AFE; Mon, 6 Jul 2020 14:25:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=lu91grcd; dkim=pass (1024-bit key) header.d=juniper.net header.b=jS9KYQGN
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j5NI9uaBwqFS; Mon, 6 Jul 2020 14:25:03 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD6223A0B3D; Mon, 6 Jul 2020 14:25:02 -0700 (PDT)
Received: from pps.filterd (m0108163.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 066LOdmc003199; Mon, 6 Jul 2020 14:25:00 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=saBGzPTFhOKMeOaRpJYturlbJf+tJ854LwvgJEbms5g=; b=lu91grcd+ms9tABPa/suhWOKOHgayOb6t3TwhYklA3QuMpMD2opekTYE3hQ4xq5CtdYb CIz2M8IOAazYvvMjfgzPfy6dgt06hT2c5VYMNTfEbEgj4fdkZSF9OeweU6Cwn3Jhoyv+ Fz87502YaznzLZqNcLYU0l7vsnMaeaDK/D4nP2seH4+781m5SqJ2hLLam4qkFG3SvaSD t/bHojiHeLDZFBv0G9zBvRchqbg2k/PGIFVpV8LORlF9bx+pdY7mni7udk1LqzKpyRu8 wU81cL22PyijBvo4WXNTlCBkK6nqgIpovj/6XCV9Heu7HwnrzInPojXfwhoovzFLc1WU bA==
Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2168.outbound.protection.outlook.com [104.47.56.168]) by mx0b-00273201.pphosted.com with ESMTP id 322n0r3bkk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 06 Jul 2020 14:24:59 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XMmhCTTBEGUxh3bAshFkIibyIlskhiLLQwr5VfgeqoAmET3noXyuYX+P2wxygn9gi/Onq9kLvZAUtEjmtaDbbri3NhSRnOlowmv5ko3+EAfMejQPQFUAM/+fFUldriZwwOpdrfCGkVEUxJ9G5eyFUBEOjApu4zw09VMCr78/lWesDu6bl/8yWDhP6XMR/JJpA7sgE/7G4fMPkbINcSpyhemg5lalL4GDYes6CXryPxKlb7DSXJb+vQgZNiMo44WU6PF9178Aba0fJhqA4zvnQUqqpSP6q20aZHpv42t5A0jigUnN0YxNxUESn7q3IMGAGly3dIvEgDusVnCTjTdaKA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=saBGzPTFhOKMeOaRpJYturlbJf+tJ854LwvgJEbms5g=; b=bOfTxxLqrdsdXjzRbG9R1Jnv3cbBLMjoifiA7niBYfaJ6t2zsjJjH//za2TMEVSVyq0zFVs4Kz7NaB9F+47ubaBacUrDtbldrMzNRq2OTVeEb/c4k6k8+7mM/IQ03JWPDnBuWVZ5ktDY0J1r+nYXAAk0YPEg+Fre/0TWDKkHq0/ACcuBbvcjfCLjvFFTuC0bvSeb3jMama2J/Yrs5z9b7cNViz8eegZVHBcYiwg42EYHSSY1UJvPZYcJVK5RoA/r7jtVgkxNJCYCTnKd8rKYeLKFA1g0LyXGHOHtPM+vmYALVhwFz2Y25tDrtnK9tVVwA0chNFE7tAqsasOq4wTPcw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=saBGzPTFhOKMeOaRpJYturlbJf+tJ854LwvgJEbms5g=; b=jS9KYQGNwf1whs58fx/6k9yXNmhHDfLvlasN0V0PuAsajsNnkJDGeVhRuV9WjbEYP+wd+QVvOiegZhLCv3IXopdz/c6+/K0fQME6q35wgVZON87xpFkK4VRONirG90tD1xN0NIfSfgDpTaBxtmpLL4n/KWiDrz6opL1/TzVpnd4=
Received: from BL0PR05MB5076.namprd05.prod.outlook.com (2603:10b6:208:83::12) by BL0PR05MB5489.namprd05.prod.outlook.com (2603:10b6:208:6a::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.8; Mon, 6 Jul 2020 21:24:54 +0000
Received: from BL0PR05MB5076.namprd05.prod.outlook.com ([fe80::499e:c613:2d2:b09f]) by BL0PR05MB5076.namprd05.prod.outlook.com ([fe80::499e:c613:2d2:b09f%7]) with mapi id 15.20.3174.019; Mon, 6 Jul 2020 21:24:54 +0000
From: John Scudder <jgs@juniper.net>
To: Yingzhen Qu <yingzhen.qu@futurewei.com>
CC: "rtg-ads@ietf.org" <rtg-ads@ietf.org>, "rtg-dir@ietf.org" <rtg-dir@ietf.org>, "draft-ietf-rtgwg-policy-model.all@ietf.org" <draft-ietf-rtgwg-policy-model.all@ietf.org>, RTGWG <rtgwg@ietf.org>
Subject: Re: RtgDir review: draft-ietf-rtgwg-policy-model-16
Thread-Topic: RtgDir review: draft-ietf-rtgwg-policy-model-16
Thread-Index: AQHWTwpBp8r9Kkf8qUuQHKokNZZt6Kj5uRcAgAFgm4A=
Date: Mon, 06 Jul 2020 21:24:54 +0000
Message-ID: <A4566112-21BB-4D28-ABE3-F1444443FE00@juniper.net>
References: <2888C2AD-EEB4-43C0-9686-B1E8D8A68174@juniper.net> <CE0AD1C9-7302-4D1D-80D6-E6B66281D18E@futurewei.com>
In-Reply-To: <CE0AD1C9-7302-4D1D-80D6-E6B66281D18E@futurewei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.80.23.2.2)
authentication-results: futurewei.com; dkim=none (message not signed) header.d=none;futurewei.com; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [2600:1700:37a0:3ca0:b87d:103c:eaf5:57f9]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 58eea896-6220-42f4-2ac5-08d821f306cc
x-ms-traffictypediagnostic: BL0PR05MB5489:
x-microsoft-antispam-prvs: <BL0PR05MB54893CBFFE3CE57B78FB0EA3AA690@BL0PR05MB5489.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: owA3vOM52buzMOsNQEF3Qozc6jJaKxRFm4k1DOSQntTpmHaRc2mBWRxkZLwbtQcth81BjMVjW1529UDl0lHyMRogcgINpx+kzIxAd/oi3dySE6mjC4qDPLJrNeLk4MndourL1Vf/2EnB7OSCMN/csv3c8ra56OBp8rFN3m/m7j8I75T4cFvPSUiEQk6c7o8eH1+uF/G07P0MPY4Gfi2BiimJSInsNimalevMIOCc2jwGSImnBmmw7sRKGY1fGHrRWe6nE32JiHEbLDM7tp54RK/sECoEU1FW13DXD4ebWnczRmlWJ0PBRaKqqMJtdfw4jE8nXgjK+FC2wnJdrnEStuFtsoVQLkb5yyeMFLJu510mI3nYKJ2nOVlJ/Dt6TGl+VSgHDRkMx9TwiwDcklONfQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR05MB5076.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(366004)(376002)(396003)(346002)(136003)(39860400002)(166002)(71200400001)(8676002)(33656002)(2906002)(4326008)(8936002)(76116006)(66556008)(91956017)(66446008)(66476007)(64756008)(66946007)(36756003)(30864003)(6506007)(54906003)(6916009)(53546011)(478600001)(316002)(186003)(6486002)(6512007)(2616005)(5660300002)(86362001)(83380400001)(579004)(559001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: HiOArPSbMZszONaNUal5Z3w1DBHv9XXLHXQFvbKRLeFkTHlrOvJg0qn+PfuKvbg8ZB7EEvefQhdC4CsCLercnQfO04SkdDJ07CtZbDIvebu9faCL6uX53apSUfoDEY6R7KgRqFIBy0oo6ZZooSnFWDI+TMbt/bIDkuG2IsFg1f4sRBoxhPAw3kWEWIr1jlJOccdeTfIByS0RjfpaF5EetB/kFsUX3kt90O5MWWiu92HD1ENIhaxlyZqRX5Y6j5MHFPK/mtIm2GNVBU/oDRTOKCeOOlTR6yqqRo0PJ945CMXta4yNk0WUWb3oiiHfd+4yC0XmFwzLDjJLtnjtyU6MsKQZxW2UaGO4/B4gg3OA5VSlybIN2E+RQq7yxW489V5Sf+AC88r9LafDqHuPAJ9plnJSX7rMCSU0fCKeAHJDfqfOYphIOeloRFLUQXI+D5e9j0SASCaf1ndCx9ovajLuctlkJsGBD9pzfz748jZ7fPy8Rz5XHHS9m6fVoIjOiqeBwo1fuH3fWMv/k4GfkEdrJBtwWp/7+tcdZELMQw/N3+alJV6okvZhYWaSxUbEv8OH
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_A456611221BB4D28ABE3F1444443FE00junipernet_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR05MB5076.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 58eea896-6220-42f4-2ac5-08d821f306cc
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jul 2020 21:24:54.6129 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vrCzvDAKQv5z/8TwlnmML2b5ll4bq1BwfwgnEXu1vek3p5BUVeVHU+aPOMpPK/l1
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR05MB5489
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-06_20:2020-07-06, 2020-07-06 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 phishscore=0 clxscore=1011 cotscore=-2147483648 lowpriorityscore=0 suspectscore=0 mlxscore=0 mlxlogscore=999 malwarescore=0 impostorscore=0 priorityscore=1501 adultscore=0 spamscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2007060146
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtgwg/ng1HQQjTY6xa41IqKaAOuseGb8I>
X-BeenThere: rtgwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Routing Area Working Group <rtgwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtgwg/>
List-Post: <mailto:rtgwg@ietf.org>
List-Help: <mailto:rtgwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jul 2020 21:25:08 -0000
Hi Yingzhen,
Other than the question of prefix definition (my #16) everything looks good, just one nit,
creating
policies nested beyond a small number of levels (e.g., 2-3) are
discouraged.
Should be “is discouraged”. Sorry, I know I suggested that wording but I didn’t think about it in context. I was thinking “nested policies… are discouraged” but in fact it’s “creating” that’s being discouraged, so “is”.
Regarding #16, you propose changing from your current, which looks like
198.51.100.0/24 mask-length-lower 24 mask-length-upper 28
to be like this:
198.51.100/0/24 mask-length-max 28
The first form is more expressive and matches what’s in the field more closely, so I’d suggest retaining it or something like it. I just think the definition needs to be tightened. One thing to mention is the constraint that mask-length <= mask-length-lower <= mask-length-upper. You’ve made a start at that in your update to the description of mask-length-lower, but shouldn’t that be a “must” clause and not just a description? I guess maybe that would require you to change your prefix encoding so that you can break the mask length out as an atom, but it seems worth it. I also notice that -lower and -upper aren’t mandatory: should you specify what their defaults are if not specified? I presume -lower defaults to be equal to mask-length, and -upper defaults to be equal to -lower.
And finally, I think you should say a little more about the semantics of what a prefix match is. I suppose you can argue that this is common knowledge by now, but it seems to me it’s worth laying out. Given the way your document is structured, I’m not sure where I’d suggest putting the procedure, but for what it’s worth here’s what we did in RFC 6811 to define a similar matching procedure:
o Covered: A Route Prefix is said to be Covered by a VRP when the
VRP prefix length is less than or equal to the Route prefix
length, and the VRP prefix address and the Route prefix address
are identical for all bits specified by the VRP prefix length.
(That is, the Route prefix is either identical to the VRP prefix
or more specific than the VRP prefix.)
o Matched: A Route Prefix is said to be Matched by a VRP when the
Route Prefix is Covered by that VRP, the Route prefix length is
less than or equal to the VRP maximum length, and the Route Origin
ASN is equal to the VRP ASN.
Obviously this text doesn’t work verbatim for your document, but it probably isn’t that hard to adapt, e.g. something like:
o Covered: A Route Prefix is said to be Covered by a prefix filter
when the mask-length is less than or equal to the Route prefix
length, and the ip-prefix address and the Route prefix address
are identical for all bits specified by the mask-length.
(That is, the Route prefix is either identical to the prefix filter
or more specific than the prefix filter.)
o Matched: A Route Prefix is said to be Matched by a prefix filter when the
Route Prefix is Covered by that prefix filter, the Route prefix length is
less than or equal to the max-length-upper, and the Route prefix
length is greater than or equal to the max-length-lower.
I’m sure that needs some work, or of course you may not choose to adopt it at all, but you get the idea. Now that I think about it, this text doesn’t capture the idea of a best match, because we didn’t need that for RFC 6811. I’m not sure you need it either since a prefix-list either matches a route, or doesn’t, and it doesn’t have the potential for different dispositions depending on which leaf matched. If it did have that potential, you’d need to capture the idea of best-match.
$0.02,
—John
On Jul 5, 2020, at 8:22 PM, Yingzhen Qu <yingzhen.qu@futurewei.com<mailto:yingzhen.qu@futurewei.com>> wrote:
Hi John,
Thank you so much for your thorough review, really appreciate. I’ve uploaded version -17 to address your comments and please see detailed response below starting with [YQ].
Question 16 still remains open, and please let me know your comments.
Thanks,
Yingzhen
From: John Scudder <jgs@juniper.net<mailto:jgs@juniper.net>>
Date: Tuesday, June 30, 2020 at 11:14 AM
To: "rtg-ads@ietf.org<mailto:rtg-ads@ietf.org>" <rtg-ads@ietf.org<mailto:rtg-ads@ietf.org>>
Cc: "rtg-dir@ietf.org<mailto:rtg-dir@ietf.org>" <rtg-dir@ietf.org<mailto:rtg-dir@ietf.org>>, "draft-ietf-rtgwg-policy-model.all@ietf.org<mailto:draft-ietf-rtgwg-policy-model.all@ietf.org>" <draft-ietf-rtgwg-policy-model.all@ietf.org<mailto:draft-ietf-rtgwg-policy-model.all@ietf.org>>, RTGWG <rtgwg@ietf.org<mailto:rtgwg@ietf.org>>
Subject: RtgDir review: draft-ietf-rtgwg-policy-model-16
Resent-From: <alias-bounces@ietf.org<mailto:alias-bounces@ietf.org>>
Resent-To: <yingzhen.qu@futurewei.com<mailto:yingzhen.qu@futurewei.com>>, <jefftant.ietf@gmail.com<mailto:jefftant.ietf@gmail.com>>, <acee@cisco.com<mailto:acee@cisco.com>>, <xufeng.liu.ietf@gmail.com<mailto:xufeng.liu.ietf@gmail.com>>, <chrisbowers.ietf@gmail.com<mailto:chrisbowers.ietf@gmail.com>>, <yingzhen.ietf@gmail.com<mailto:yingzhen.ietf@gmail.com>>, <martin.vigoureux@nokia.com<mailto:martin.vigoureux@nokia.com>>, <db3546@att.com<mailto:db3546@att.com>>, <aretana.ietf@gmail.com<mailto:aretana.ietf@gmail.com>>
Resent-Date: Tuesday, June 30, 2020 at 11:14 AM
Hello,
I have been selected as the Routing Directorate reviewer for this draft. The Routing Directorate seeks to review all routing or routing-related drafts as they pass through IETF last call and IESG review, and sometimes on special request. The purpose of the review is to provide assistance to the Routing ADs. For more information about the Routing Directorate, please see http://trac.tools.ietf.org/area/rtg/trac/wiki/RtgDir<https://urldefense.com/v3/__https://nam11.safelinks.protection.outlook.com/?url=http*3A*2F*2Ftrac.tools.ietf.org*2Farea*2Frtg*2Ftrac*2Fwiki*2FRtgDir&data=02*7C01*7Cyingzhen.qu*40futurewei.com*7Cc87e948839554e7786e308d81d216ffc*7C0fee8ff2a3b240189c753a1d5591fedc*7C1*7C1*7C637291376752227134&sdata=zixUU1xImjqWnN8jg7F2Qg4DaQkGNyn89M3TGl25Rg8*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSU!!NEt6yMaO-gk!XZuh9ykx2jpIDjT5R-BWU-N9PMpRCh_gjjLWQ-JGr5mSxXCIoz7BCHcCRqXLpQ$>
Although these comments are primarily for the use of the Routing ADs, it would be helpful if you could consider them along with any other IETF Last Call comments that you receive, and strive to resolve them through discussion or by updating the draft.
Document: draft-ietf-rtgwg-policy-model-16
Reviewer: John Scudder
Review Date: June 30, 2020
IETF LC End Date: ?
Intended Status: Standards Track
Summary: I have one significant concern about this document and recommend that the Routing ADs discuss this issue further with the authors.
Comments:
The draft is clear and readable, thank you for putting in the effort to produce a high-quality document.
Major Issues:
1. On page 17 you say:
Policy 'subroutines' (or nested policies) are supported by
allowing policy statement conditions to reference another
policy definition which applies conditions and actions from
the referenced policy before returning to the calling policy
statement and resuming evaluation. If the called policy
results in an accept-route (either explicit or by default),
then the subroutine returns an effective true value to the
calling policy. Similarly, a reject-route action returns
false. If the subroutine returns true, the calling policy
continues to evaluate the remaining conditions (using a
modified route if the subroutine performed any changes to the
route).
I read this as saying further evaluations should consider the modified route, not the original route. But on page 10 you say:
Note that the route's pre-policy attributes are always used for
testing policy statement conditions. In other words, if actions
modify the policy application specific attributes, those
modifications are not used for policy statement conditions.
Which is it? I think this has to be resolved one way or the other before progressing the document.
[YQ] Thanks for catching this. For nested policies, original data should always be used. I’ve changed the description in the model (the page 17 one) to match page 10.
Minor Issues:
2. For an outsider reading the document, the precise meanings of “import” and “export”, as well as “routing context” (and similar) are not clear. The first place I noticed this was in section 6:
Policy chains are sequences of policy
definitions (described in Section 4) that have an associated
direction (import or export) with respect to the routing context in
which they are defined.
Possibly all this would be obvious to someone with the necessary YANG expertise, I guess. I can pretty much intuit it because I’m familiar with routing policy, however I think it’s worth putting in the effort to make it clearer to the reader and not require them to use their intuition. Would it be accurate to rewrite the quoted sentence something like this?
“Policy chains are sequences of policy definitions (described in Section 4). They can be referenced from different contexts. For example, a policy chain could be associated with a routing protocol and used to control its interaction with its protocol peers. Or, it could be used to control the interaction between a routing protocol and the local routing information base. A policy chain has an associated direction (import or export), with respect to the context in which it is referenced."
[YQ]: thanks for suggesting the text. It’s modified as what you suggested.
3. This sentence rubbed me wrong:
Nested policies are a
convenience in many routing policy constructions but creating
policies nested beyond a small number of levels (e.g., 2-3) should be
discouraged.
By whom should they be discouraged? Maybe you mean “are discouraged”? By the way, *why* are they discouraged?
[YQ]: changed to “are discouraged”. The reason is also explained in the same paragraph, please let us know if you think this is not clear or enough.
4. A question about the next sentence:
Also, implementations should have validation to assure
that there is no recursion amongst nested routing policies.
I guess the concern about recursion is that given the route data is treated as immutable by policy and there’s no way to pass results or parameters, there’s no way to have a termination condition? This makes sense, or doesn’t, depend on how you resolve my question #1. (Also I think you mean “ensure”.)
[YQ]: A recursion might happen if you have policy A calling policy B, then policy B is calling policy A without proper termination condition. Bottom line is when a policy gets more complicated, it’s easier to make mistakes, and the operators need to be more careful.
5. Mostly in this document it’s clear that you’re using “operator” in the sense of “network operator” and not in its algebraic sense, but I found it a little ambiguous in this sentence:
Match conditions may be further modified using the match-set-options
configuration which allows operators to change the behavior of a
match. Three options are supported:
It would remove ambiguity if you changed this to say “network operators”.
[YQ]: Done.
6. Some of the types you describe are suffixed with “-type”, for example “ospf-external-type”. Others aren’t suffixed, for example “ospf-external-t1”. Is there any reason for this lack of consistency? It hurts my eyes but is otherwise harmless I suppose.
[YQ]: added “-type” to a few identities to make them consistent.
7. It’s unclear to me why the draft defines “bgp-local” and “bgp-external”, since it otherwise doesn’t deal with BGP in any way, leaving that for a separate document. Furthermore, I don’t even understand what the semantics of these are. I suppose “bgp-external” is likely to be a route received from an EBGP peer. As for “bgp-local”, I don’t care to guess.
[YQ]: I changed “bgp-local” to “bgp-internal”, also changed descriptions.
8. The description of ip-prefix says “The IP prefix represented as an IPv6 or IPv4 network number followed prefix length with an intervening slash character a delimiter”. I think maybe you are missing a “by a” and a “as”? As in, "The IP prefix represented as an IPv6 or IPv4 network number followed by a prefix length with an intervening slash character as a delimiter.”
[YQ]: fixed.
9. Speaking of IP addresses and prefixes, you use net 10 in one of your examples. It’s my understanding that this is poor form, that you should be using the “documentation” addresses given in RFC 6890. (Thanks for doing that with the rest of the document, BTW.)
[YQ]: Changed net 10 to 198.51.100.0/24, one of the documentation addresses.
10. Also speaking of prefixes, all your examples are nicely-formed. Here’s a less-nicely formed one: 192.0.2.0/8 mask-length-lower=24 mask-length-upper=24. Does this match 192.0.2/24? Does it match 192.0.0/24? How about 192.255.1/24? Does it match something else, if so what? Is it a syntax error? I think this relates to my later question #16.
[YQ]: Please see answer to question #16.
11. You describe export-policy as:
"List of policy names in sequence to be applied on
sending a routing update in the current context, e.g.,
for the current peer group, neighbor, address family,
etc.";
Is export-policy really restricted only to the formation of routing updates? This makes perfect sense for BGP, but I don’t think the link-state IGPs really work this way, for example.
[YQ]: you’re right, the descriptions regarding peer group etc. are more BGP-centric. I’ve changed the description for both import-policy and export-policy. Please let me know if you have more comments. Cop&paste below for your convenience.
Import-policy:
description
"List of policy names in sequence to be applied on
receiving redistributed routes from another routing protocol
or receiving a routing update in the current context, e.g.,
for the current peer group, neighbor, address family,
etc.";
Export-policy:
description
"List of policy names in sequence to be applied on
redistributing routes from one routing protocol to another
or sending a routing update in the current context, e.g.,
for the current peer group, neighbor, address family,
etc.";
12. You describe apply-policy as:
"Anchor point for routing policies in the model.
Import and export policies are with respect to the local
routing table, i.e., export (send) and import (receive),
depending on the context.";
This is not clear to me (sorry). If I expand “i.e.” as “in other words” it doesn’t help I’m afraid. Since I don’t understand it I can’t suggest a fix. :-(
[YQ]: this grouping is meant to be used by other models. There is also the following description at the grouping level:
description
"Top level container for routing policy applications. This
grouping is intended to be used in routing models where
needed.";
This model supports both import and export mode, so it’s up to an implementation to choose the right one.
13. Where you say “ambiguous and implementation dependent” I suggest dropping “and implementation dependent”, it seems redundant.
[YQ]: done.
14. I feel sad that all the examples are IPv4, poor IPv6 remains the red-headed stepchild. ¯\_(ツ)_/¯
[YQ]: ¯\_(ツ)_/¯
15. In the final example on p. 37, I scratched my head a little that the operation being done is set-import-level. I guess the policy is going to be applied in the IS-IS context, and therefore it’s not OSPF exporting the route, but rather IS-IS importing the route into its LSPDB? This is what led to my comment #2.
[YQ]: yes, it’s IS-IS to import OSPF routes. Vendors have different implementations when redistributing routes, and the model support both import and export.
16. I don’t think you ever define the semantics of a prefix set. Of course “everyone knows” that this should be a best match, and not (say) sequential match or something else — but please say so. See also my comment #10, you also seem to be underspecified with respect with what to do if mask-length-lower is greater than the given mask length.
[YQ]: Thanks for bringing up the prefix length issue. How about we change it to only ip-prefix and “mask-length-max”? similar to “ipAddrBlocks” defined in RFC 6482. The “mask-length-max” should not be less than the prefix length.
Open to suggestions on this.
Nits:
[YQ]: all fixed.
17. I’ve attached an edited version of the draft with a few small typo and grammar corrections. Here’s a diff as well, vs. the base -16:
jgs-mbp:Downloads jgs$ diff draft-ietf-rtgwg-policy-model-16.txt draft-ietf-rtgwg-policy-model-16-jgs-edits.txt
155c155
< exported, modified, and advertised between routing protocols
---
> exported, modified, and advertised between routing protocol
302c302
< The models provides a set of generic sets that can be used for
---
> The models provide a set of generic sets that can be used for
777c777
< elsewhere in the draft.
---
> elsewhere in this document.
876c876
< or comparison operations, and similarly actions may be
---
> or comparison operations, and similarly actions may be a
996c996
< "RFC 5302 - Domain-Wide Prefix Distributino with
---
> "RFC 5302 - Domain-Wide Prefix Distribution with
1014c1014
< "RFC 5302 - Domain-Wide Prefix Distributino with
---
> "RFC 5302 - Domain-Wide Prefix Distribution with
1059c1059
< "RFC 5302 - Domain-Wide Prefix Distributino with
---
> "RFC 5302 - Domain-Wide Prefix Distribution with
1077c1077
< "RFC 5302 - Domain-Wide Prefix Distributino with
---
> "RFC 5302 - Domain-Wide Prefix Distribution with
1088c1088
< "RFC 5302 - Domain-Wide Prefix Distributino with
---
> "RFC 5302 - Domain-Wide Prefix Distribution with
1103c1103
< "RFC 5302 - Domain-Wide Prefix Distributino with
---
> "RFC 5302 - Domain-Wide Prefix Distribution with
1113c1113
< "RFC 5302 - Domain-Wide Prefix Distributino with
---
> "RFC 5302 - Domain-Wide Prefix Distribution with
1483c1483
< "Condition to check the protocol specific type
---
> "Condition to check the protocol-specific type
2208c2208
< The routing policy module defined in this draft is based on the
---
> The routing policy module defined in this document is based on the
- RtgDir review: draft-ietf-rtgwg-policy-model-16 John Scudder
- Re: RtgDir review: draft-ietf-rtgwg-policy-model-… Yingzhen Qu
- Re: RtgDir review: draft-ietf-rtgwg-policy-model-… John Scudder
- Re: [RTG-DIR] RtgDir review: draft-ietf-rtgwg-pol… Acee Lindem (acee)
- Re: [RTG-DIR] RtgDir review: draft-ietf-rtgwg-pol… Yingzhen Qu
- Re: [RTG-DIR] RtgDir review: draft-ietf-rtgwg-pol… tom petch
- Re: [RTG-DIR] RtgDir review: draft-ietf-rtgwg-pol… John Scudder
- Re: [RTG-DIR] RtgDir review: draft-ietf-rtgwg-pol… Acee Lindem (acee)
- Re: [RTG-DIR] RtgDir review: draft-ietf-rtgwg-pol… John G. Scudder
- Re: [RTG-DIR] RtgDir review: draft-ietf-rtgwg-pol… John Scudder
- Re: [RTG-DIR] RtgDir review: draft-ietf-rtgwg-pol… Yingzhen Qu
- Re: [RTG-DIR] RtgDir review: draft-ietf-rtgwg-pol… John Scudder
- Re: [RTG-DIR] RtgDir review: draft-ietf-rtgwg-pol… tom petch
- Re: [RTG-DIR] RtgDir review: draft-ietf-rtgwg-pol… Acee Lindem (acee)