Re: [secdir] draft-ietf-trill-pseudonode-nickname-06
Mingui Zhang <zhangmingui@huawei.com> Tue, 15 September 2015 01:15 UTC
Return-Path: <zhangmingui@huawei.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0FE01ACE04; Mon, 14 Sep 2015 18:15:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.611
X-Spam-Level:
X-Spam-Status: No, score=-3.611 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_54=0.6, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id effumwVwip3G; Mon, 14 Sep 2015 18:15:31 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22AEE1A86F6; Mon, 14 Sep 2015 18:15:29 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml401-hub.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CBG92308; Tue, 15 Sep 2015 01:15:27 +0000 (GMT)
Received: from nkgeml409-hub.china.huawei.com (10.98.56.40) by lhreml401-hub.china.huawei.com (10.201.5.240) with Microsoft SMTP Server (TLS) id 14.3.235.1; Tue, 15 Sep 2015 02:15:24 +0100
Received: from NKGEML512-MBX.china.huawei.com ([169.254.7.166]) by nkgeml409-hub.china.huawei.com ([10.98.56.40]) with mapi id 14.03.0235.001; Tue, 15 Sep 2015 09:15:20 +0800
From: Mingui Zhang <zhangmingui@huawei.com>
To: Carl Wallace <carl@redhoundsoftware.com>, "draft-ietf-trill-pseudonode-nickname.all@tools.ietf.org" <draft-ietf-trill-pseudonode-nickname.all@tools.ietf.org>
Thread-Topic: draft-ietf-trill-pseudonode-nickname-06
Thread-Index: AQHQ7ZWmwM2br1fzd0eZlb8TxXO1+547X/TQ///sYACAAX0hQA==
Date: Tue, 15 Sep 2015 01:15:19 +0000
Message-ID: <4552F0907735844E9204A62BBDD325E7871CA6AF@nkgeml512-mbx.china.huawei.com>
References: <D219FC74.3E6A6%carl@redhoundsoftware.com> <4552F0907735844E9204A62BBDD325E7871BB1E4@nkgeml512-mbx.china.huawei.com> <D21C1465.3E7A3%carl@redhoundsoftware.com>
In-Reply-To: <D21C1465.3E7A3%carl@redhoundsoftware.com>
Accept-Language: en-US, zh-CN
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.111.146.93]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/6MUpeYthw5RtbM3RqpAhxDOIcHM>
Cc: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] draft-ietf-trill-pseudonode-nickname-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Sep 2015 01:15:35 -0000
Hi Carl, I agree that it is more clear if the transient condition is explicitly state in the text of paragraph 2. That will be done before it is published. Thanks, Mingui > -----Original Message----- > From: Carl Wallace [mailto:carl@redhoundsoftware.com] > Sent: Monday, September 14, 2015 6:19 PM > To: Mingui Zhang; draft-ietf-trill-pseudonode-nickname.all@tools.ietf.org > Cc: iesg@ietf.org; secdir@ietf.org > Subject: Re: draft-ietf-trill-pseudonode-nickname-06 > > > > On 9/13/15, 11:51 PM, "Mingui Zhang" <zhangmingui@huawei.com> wrote: > > >Hi Carl, > > > >Thanks for the comment. > > > >If the DF fails, the failure will be noted by other member RBridge > >through LSDB sync. Then the DF election algorithm defined in Section > >5.2 will be locally used to determine who is the new DF. > >In the transient condition when LSDB has not been sync-ed, there might > >be packet lost but there is no racing > > Sorry, ‘race condition’ may not have been the best term to use here. > > >: suppose, RB1 is the old DF before the failure while RB2 is the new DF > >after RB1 fails according to the election algorithm. If RB2 has been > >sync-ed while RB3 is not, then RB2 will begin to do forwarding; If RB3 > >is sync-ed while RB2 is not, then no member RBridge will do the forwarding. > > That there could be a lost packet (or traffic disruption as mentioned > elsewhere) was what I was getting at. The language in the first paragraph of > section 8 indicated unicast could have trouble but as I read it the second > paragraph intimated that multicast could not. It wasn’t clear to me that was > true and it sounds like it isn’t true for all cases (but is true after a new DF has > been elected). > > Re-reading it now it is clear the point is that no ‘special actions’ are required > not that there can be no lost packet. It might be more clear if it stated > acknowledged the hang time between failure and full establishment of the new > RBv following the failure. > > > > > > > > >Thanks, > >Mingui > > > >> -----Original Message----- > >> From: Carl Wallace [mailto:carl@redhoundsoftware.com] > >> Sent: Sunday, September 13, 2015 4:00 AM > >> To: draft-ietf-trill-pseudonode-nickname.all@tools.ietf.org > >> Cc: iesg@ietf.org; secdir@ietf.org > >> Subject: draft-ietf-trill-pseudonode-nickname-06 > >> > >> I have reviewed this document as part of the security directorate’s > >>ongoing effort to review all IETF documents being processed by the > >>IESG. > >> These comments were written primarily for the benefit of the security > >>area directors. Document editors and WG chairs should treat these > >>comments just like any other last call comments. > >> > >> This document describes use of pseudo-nicknames for RBridges in an > >>Active-Active Edge RBridge group. I am not familiar with TRILL but > >>found the document to be well written and easy to follow. I did have > >>one question, which may just be due to my lack of familiarity with > >>relevant normative specs. The second paragraph of section 8 states > >>the following: > >> > >> "However, for multi-destination TRILL Data packets, since they can > >>reach all member RBridges of the new RBv and be egressed to CE1 by > >>either RB2 or > >> RB3 (i.e., the new DF for the traffic's Inner.VLAN or the VLAN the > >>packet's Inner.Label maps to in the new RBv), special actions to > >>protect against downlink failure for such multi-destination packets > >>is not needed." > >> > >> Why is there no race condition between the arrival of > >>multi—destination traffic and the creation of a new RBv following the > >>failure of RB1 that enables the traffic to be forwarded? Generally, > >>mentioning failure of the DF for the virtual RBridge seemed like it > >>might warrant mention in the security considerations section, since > >>that is new relative to the specs noted in the current security > >>considerations. > >> > > >
- [secdir] draft-ietf-trill-pseudonode-nickname-06 Carl Wallace
- Re: [secdir] draft-ietf-trill-pseudonode-nickname… Carl Wallace
- Re: [secdir] draft-ietf-trill-pseudonode-nickname… Mingui Zhang
- Re: [secdir] draft-ietf-trill-pseudonode-nickname… Mingui Zhang