Benjamin Kaduk's No Objection on draft-ietf-rtgwg-policy-model-30: (with COMMENT)
Benjamin Kaduk via Datatracker <noreply@ietf.org> Mon, 09 August 2021 23:44 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: rtgwg@ietf.org
Delivered-To: rtgwg@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 961F83A1DCC; Mon, 9 Aug 2021 16:44:00 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benjamin Kaduk via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-rtgwg-policy-model@ietf.org, rtgwg-chairs@ietf.org, rtgwg@ietf.org, Chris Bowers <chrisbowers.ietf@gmail.com>, aretana.ietf@gmail.com, chrisbowers.ietf@gmail.com
Subject: Benjamin Kaduk's No Objection on draft-ietf-rtgwg-policy-model-30: (with COMMENT)
X-Test-IDTracker: no
X-IETF-IDTracker: 7.36.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Benjamin Kaduk <kaduk@mit.edu>
Message-ID: <162855264058.4188.9202453223918983954@ietfa.amsl.com>
Date: Mon, 09 Aug 2021 16:44:00 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtgwg/xThn4PPxN8VUJvYnE5YaX3uddGU>
X-BeenThere: rtgwg@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Routing Area Working Group <rtgwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtgwg/>
List-Post: <mailto:rtgwg@ietf.org>
List-Help: <mailto:rtgwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Aug 2021 23:44:01 -0000
Benjamin Kaduk has entered the following ballot position for draft-ietf-rtgwg-policy-model-30: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-rtgwg-policy-model/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Section 4.2 Comparison conditions may similarly use options to change how route attributes should be tested, e.g., for equality or inequality, against a given value. I'm not sure if this is stale text, or if still current, which operations it refers to (e.g., where is an "inequality" option offered?). Perhaps it is referring to the potential behavior of future augmentations? Section 4.4 Note that the called policy may itself call other policies (subject to implementation limitations). The model does not prescribe a nesting depth because this varies among implementations. For example, an implementation may only support a single level of subroutine recursion. [...] Is there a useful way to programmatically determine the nesting limit of a given implementation, or is this more of just a "read the documentation" thing? Section 5 Whether or not the route's pre-policy attributes are used for testing policy statement conditions is dependent on the implementation specific value of the match-modified-attributes leaf. If match- modified-attributes is false and actions modify route attributes, these modifications are not used for policy statement conditions. Conversely, if match-modified-attributes is true and actions modify the policy application-specific attributes, the attributes as modified by the policy are used for policy condition statements. Are these "actions" in question only for the current policy statement, all policy statements in the current policy definition, or all policy definitions? (I see on second read that this is an "ro" node at effectively global scope, and so likely to be at the broadest "all policy statements" scope, but I would still welcome some clarification. Section 7.2 enum add-metric { description "Add the specified value to the existing metric. If the result would overflow the maximum metric (0xffffffff), set the metric to the maximum."; } Is the parenthetical always fully generic? I seem to recall that, e.g., the Babel YANG model uses a 16-bit field for the metric. container apply-policy { It slightly surprised me that the import-policy and export-policy lists both required an instance, but I am rather distanced from what is actually done in practice, and it doesn't seem too hard to put in a "reject everything" policy if needed. OTOH, there are *also* separate default-{import,export} policy leaves, that do have a default reject, so the need to explicitly set at least one policy in both direction may be overkill. leaf-list tag-value { type tag-type; description "Value of the tag set member."; The tag-type is a union of uint32 and hex-string; does the notion of "equivalence" for matching tags do any type conversion between those? If not, a warning that the value set here must be of the correct type to match the received (or generated?) route might be in order. container match-interface { leaf interface { type leafref { path "/if:interfaces/if:interface/if:name"; Is it always the case that the interface over which we receive a route and the interface that traffic on that route is sent will be the same? Or do we have to worry about potential skew between the two ways that the interface comes into play? container match-neighbor-set { I don't understand why there's no "match-set-options" analogue for match-neighbor set. Does the neighbor set use "ANY" matching semantics, then? leaf set-route-preference { type uint16; description "Set the preference for the route. It is also known as 'administrative distance', allows for selecting the preferred route among routes with the same destination prefix. A smaller value is more preferred."; Thank you for including the last sentence! Section 8 We should probably mention the apply-policy grouping as being security-relevant (and how). Section 11.1 Since RFCs 6241 and 8040 are only referenced from the security considerations boilerplate (as examples of how YANG modules can be used), they may not need to be classified as normative. Appendix A,B I didn't do much of a review here, since I'd need to understand draft-ietf-idr-bgp-model in order to have very much useful to say, and any such comments would accordingly be better directed at that draft. NITS Section 4.4 As an editorial matter, I'd consider adding a statement along the lines of "when call-policy elements are present, a given policy statement matches if all called policies return accept-route and all the other conditions in the policy statement also match". There don't seem to be any other ways to read the current text that are reasonable, but it took me a bit of thinking to work it out. Section 7.2 identity isis-level-1-2 { base route-level; description "Identity for IS-IS Level 1 and Level 2 area importation. It is only applicable to routes imported into the IS-IS protocol."; The "importation into both" phrasing from ospf-normal-nssa reads much more clearly to me than what's here. container prefixes { description "Container for the list of prefixes in a policy prefix list. Since individual prefixes do not have unique actions, the order in which the prefix in prefix-list are matched has no impact on the outcome and is left to the implementation. A given prefix-set condition is satisfied if the input prefix matches any of the prefixes in the prefix-set."; The last sentence seems like it could be removed, since the match-set-options leaf is what actually specifies the matching behavior (and is not always "any"). leaf set-application-tag { type tag-type; description "Set the application tag for the route. The application-specific tag is an additional tag that can be used by applications that require semantics and/or policy different from that of the tag. For example, the tag is usually automatically advertised in OSPF AS-External Link State Advertisements (LSAs) while this application-specific tag is not advertised implicitly."; This seems to make more sense if I apply s/implicitly/explicitly/. Section 8 /routing-policy/defined-sets/prefix-sets -- Knowledge of these data nodes can be used to ascertain which local prefixes are susceptible to a Denial-of-Service (DoS) attack. /routing-policy/defined-sets/prefix-sets -- Knowledge of these data nodes can be used to ascertain local neighbors against whom to mount a Denial-of-Service (DoS) attack. The second one reads like it should be "neighbor-set" rather than "prefix-sets". /routing-policy/policy-definitions/policy-definition /statements/ Spurious space.
- Benjamin Kaduk's No Objection on draft-ietf-rtgwg… Benjamin Kaduk via Datatracker
- Re: Benjamin Kaduk's No Objection on draft-ietf-r… Yingzhen Qu