Re: [sfc] Shepherd's review of draft-ietf-sfc-multi-layer-oam-21
Greg Mirsky <gregimirsky@gmail.com> Mon, 18 July 2022 23:45 UTC
Return-Path: <gregimirsky@gmail.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D697C13C502; Mon, 18 Jul 2022 16:45:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.107
X-Spam-Level:
X-Spam-Status: No, score=-1.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0AdhayKO_l8M; Mon, 18 Jul 2022 16:45:52 -0700 (PDT)
Received: from mail-lf1-x136.google.com (mail-lf1-x136.google.com [IPv6:2a00:1450:4864:20::136]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DFBBC14CF0C; Mon, 18 Jul 2022 16:45:52 -0700 (PDT)
Received: by mail-lf1-x136.google.com with SMTP id r9so22035681lfp.10; Mon, 18 Jul 2022 16:45:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=KA40tEmu+9r/thTNyTgyqJPIg1xFwnbCgpd+lykr5iw=; b=gYnNhnZlHls3hRiDB+TSri9G0h3kLLXICxo79N02VDfxdpG7oiqUXoJ/hpH62jFnHh sDsawwtKsBy7fED6BpHZqWD92VQP74AE6FYD7LNdU7MAL4EOtT4e3cKdPoA0nggb8L5J 43u695e/6xNWNkcKS6KS9hPRz2IXUL5IZ0bUACmlvqmGqOz5BhaNzsv4+Bg/c3l2edRN jl5x4dqW7v+BreToAvXS8imVtl3bFZJTDjdiCQS/xpUO9++pwJHSAR3oLXKFc3Js9PYv avSZ82tAWnPaKfHsqT9YkI8L+H5/P35XWMpGfcqdgf9/WXKFb3srdHF8L8EvsODx1mer ZksA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=KA40tEmu+9r/thTNyTgyqJPIg1xFwnbCgpd+lykr5iw=; b=73PceYMOL9E/xz4RiKN25hCM0ujY6ogAfpBx8eFbhkFEInCnpw7a/D8C8rAtx8lvBE QTVJXEm36sLUpWu594jiLNPxA9BIVkwu+mq8aE6xOc447h8KYPaKhfE8jyZqs+npMAfc Kf3zIfLgHxDIJOlIpDyD8RmhDoqyXaTKW2x8l2yi0RyB8m+0dpm2FLe8NJLuwUXkOMnR 9Y/M3gGnqHuE/sBUlwU4KkYXPl783XswDvn2yIKnivlk0iKuv96VMGdZrQz67prhnE2i uoKcnIym8IF9Ur2kY47SBnxsF3YQXxFTwuICZ4b+q4rD4bx3a5WYy5BwOJ0t96kj40D5 ZFnQ==
X-Gm-Message-State: AJIora8PuF4G8lZoWtCnCjr71/kHU80hzquCoruC5//6sq3DlOv39RUB CseJAlGPI83qmQmMbo1A3I/53R4ibsCHzlsLzoqE1Xuf
X-Google-Smtp-Source: AGRyM1spHd3dYAL4v5rCHY3VlbmdEY9vKz0ESlmtE4yknPLPDqoZbjTwOtioood4T69banaU6zTLgriLTzU526HoVLo=
X-Received: by 2002:a05:6512:31c7:b0:48a:3aeb:dce8 with SMTP id j7-20020a05651231c700b0048a3aebdce8mr4893426lfe.382.1658187950040; Mon, 18 Jul 2022 16:45:50 -0700 (PDT)
MIME-Version: 1.0
References: <CAF4+nEGAJQ1Ea9J-Q_ikc7sizKrbBBeGUJtxSRvzQU0KykdQ3g@mail.gmail.com> <CA+RyBmXVFDewehnB_tHym4RwKs9HHnT6M3SH9Q7QRg=vAsPWRg@mail.gmail.com> <CAF4+nEHZWg6G1jNJWnY_DcxNa31B800b7PaSMFyxhYXH54qDjA@mail.gmail.com>
In-Reply-To: <CAF4+nEHZWg6G1jNJWnY_DcxNa31B800b7PaSMFyxhYXH54qDjA@mail.gmail.com>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Mon, 18 Jul 2022 16:45:38 -0700
Message-ID: <CA+RyBmX89rTpieTrN5eVkOwJ0vjipBMOwB=39TBccqSFvogQQg@mail.gmail.com>
To: Donald Eastlake <d3e3e3@gmail.com>
Cc: draft-ietf-sfc-multi-layer-oam@ietf.org, Service Function Chaining IETF list <sfc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000bbaa7f05e41cf7f3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/Be2BIMfN_L5RnTKgQMWLyJgx_ts>
Subject: Re: [sfc] Shepherd's review of draft-ietf-sfc-multi-layer-oam-21
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jul 2022 23:45:55 -0000
Hi Donald, apologies for my sloppiness. Will take care of these glitches and be ready for the gate to open. Best regards, Greg On Mon, Jul 18, 2022 at 4:43 PM Donald Eastlake <d3e3e3@gmail.com> wrote: > Hi Greg: > > I'm OK with the candidate version -22 you sent out except for the > following trivial glitches. Suggest you fix these and upload next week > when auto-submissions are re-enabled. > > "fieldand" -> "field and" > > Delete period in line below: > TTL expired (as per [RFC8300]) may be sending the Echo Reply. is > > "Figure 11Figure 10" -> "Figure 10" > > "ofSFC" -> "of SFC" > > Thanks, > Donald > =============================== > Donald E. Eastlake 3rd +1-508-333-2270 (cell) > 2386 Panoramic Circle, Apopka, FL 32703 USA > d3e3e3@gmail.com > > On Sun, Jul 17, 2022 at 3:07 PM Greg Mirsky <gregimirsky@gmail.com> wrote: > > > > Hi Donald, > > thank you for your thorough and extremely helpful feedback. We accepted > all the updates you've suggested. Attached, please find the diff > highlighting the applied changes and the copy of the working version. I > hope that I captured all proposed changes and applied updates correctly. > > > > Regards, > > Greg > > > > On Sat, Jul 16, 2022 at 1:11 PM Donald Eastlake <d3e3e3@gmail.com> > wrote: > >> > >> Hi, > >> > >> See below: > >> > >> This document defines how active Operation, Administration and > >> Maintenance (OAM), per [RFC7799] definition of active OAM, is > >> identified when Network Service Header (NSH) is used as the SFC > >> > >> (NSH) -> (NSH [RFC8300]) > >> > >> encapsulation. Following the analysis of SFC OAM in [RFC8924], > this > >> document applies and, when necessary, extends requirements listed > in > >> Section 4 of [RFC8924] for the use of active OAM in an SFP > supporting > >> fault management and performance monitoring. Active OAM tools, > >> > >> > >> conformant to the requirements listed in Section 3, improve, for > >> example, troubleshooting efficiency and defect localization in SFP > >> because they specifically address the architectural principles of > >> NSH. For that purpose, SFC Echo Request and Echo Reply are > specified > >> in Section 6. This mechanism enables on-demand Continuity Check, > >> > >> "Check," -> "Check and" > >> > >> Connectivity Verification, among other operations over SFC in > >> > >> "Verification," -> "Verification" > >> > >> networks, addresses functionalities discussed in Sections 4.1, > 4.2, > >> > >> ", addresses" -> " and addresses" > >> > >> and 4.3 of [RFC8924]. SFC Echo Request and Echo Reply, defined in > >> this document, can be used with encapsulations other than NSH, for > >> example, using MPLS encapsulation, as described in [RFC8595]. The > >> applicability of the SFC Echo Request/Reply mechanism in SFC > >> encapsulations other than NSH is outside the scope of this > document. > >> > >> > >> REQ#8: SFC OAM MUST be able to trigger on-demand FM with > responses > >> being directed towards the initiator of such proxy request. > >> > >> Why is this a "proxy" request? Why not just "such a request."? > >> > >> > >> 6. Echo Request/Echo Reply for SFC > >> > >> Echo Request/Reply is a well-known active OAM mechanism > extensively > >> used to verify a path's continuity, detect inconsistencies > between a > >> state in control and the data planes, and localize defects in the > >> data plane. ICMP ([RFC0792] for IPv4 and [RFC4443] for IPv6 > >> networks, respectively) and [RFC8029] are examples of broadly > >> used > >> > >> Delete ", respectively". > >> > >> > >> The Echo Request Flags is a two-octet bit vector field. Note > that > >> a flag defined in the Flags field of the SFC Active OAM header > in > >> Figure 2 has no implication of those defined in the Echo > Request > >> Flags field of an Echo Request/Reply message. > >> > >> Editorial: suggest replacement paragraph: > >> > >> The Echo Request Flags is a two-octet bit vector field. A > >> flag defined in the Flags field of the SFC Active OAM header > >> in Figure 2 has no implication for those defined in the Echo > >> Request Flags field of an Echo Request/Reply message. > >> > >> > >> > >> Return Codes and Subcodes are one-octet fields each. These > can be > >> used to inform the sender about the result of processing its > >> request. Initial Return Code values are provided in Table 1. > >> For > >> > >> Delete "Initial". > >> > >> all Return Code values defined in this document, the value of > the > >> Return Subcode field MUST be set to zero. > >> > >> The Sender's Handle is a four-octet field. It MUST be filled > in > >> by the sender of the Echo Request and returned unchanged by the > >> Echo Reply sender (if a reply mandated). The sender of the > Echo > >> > >> "reply mandated" -> "replay is mandated" > >> > >> Request SHOULD use a pseudo-random number generator to set the > >> value of the Sender's Handle field. > >> > >> "generator to" -> "generator [RFC4086] to" > >> > >> > >> The Sequence Number is a four-octet field, and it is assigned > by > >> the sender and can be, for example, used to detect missed > replies. > >> Initial Sequence Number MUST be randomly generated and then > SHOULD > >> > >> Replace beginning of above line with > >> The initial Sequence Number MUST be pseudo-randomly generated > [RFC4086] > >> > >> be monotonically increasing in the course of the test session. > >> > >> > >> TLV is a variable-length construct. Multiple TLVs MAY be placed > in > >> an SFC Echo Request/Reply packet. None, one or more sub-TLVs may > be > >> enclosed in a TLV, subject to the semantics of the (outer) TLV. > >> > >> "in a TLV" -> "in the value part of a TLV" > >> > >> Figure 4 presents the format of an SFC Echo Request/Reply TLV, > where > >> fields are defined as follows: > >> > >> > >> Type - a one-octet field that characterizes the interpretation > of > >> the Value field. The value of the Type field determines its > >> interpretation and encoding. Type values allocated according > to > >> Section 10.4. > >> > >> In the above paragraph, the 2nd sentence seems redundant and could be > >> deleted. Also "values allocated" -> "values are allocated" > >> > >> > >> Length - a two-octet field equal to the Value field's length in > >> octets. > >> > >> Suggest "octets." -> "octets as an unsigned integer." > >> > >> > >> 6.1. Return Codes > >> > >> The value of the Return Code field is set to zero by the sender > of an > >> > >> How about"is set" -> "MUST be set" > >> > >> Echo Request. The receiver of said Echo Request can set it to > one of > >> the values listed in Table 1 in the corresponding Echo Reply that > it > >> generates (in cases when the reply is requested). > >> > >> > >> 6.2. Authentication in Echo Request/Reply > >> > >> Authentication can be used to protect the integrity of the > >> information in SFC Echo Request and/or Echo Reply. In the > [RFC9145] > >> a variable-length Context Header has been defined to protect the > >> integrity of the NSH and the payload. The header can also be used > >> for the optional encryption of sensitive metadata. MAC#1 (Message > >> Authentication Code) Context Header is more suitable for the > >> integrity protection of active SFC OAM, particularly of the > defined > >> in this document SFC Echo Request and Echo Reply. On the other > hand, > >> > >> I think the lines above read better if "defined in this document" is > >> moved to the end of the sentence. > >> > >> using MAC#2 Context Header allows the detection of mishandling of > the > >> O-bit by a transient SFC element. > >> > >> > >> Value of the Reply Mode field MAY be set to: > >> > >> -> "Value of the Reply Mode field MUST be set to one of the following:" > >> > >> * Do Not Reply (1) if one-way monitoring is desired. If the Echo > >> Request is used to measure synthetic packet loss, the receiver > may > >> report loss measurement results to a remote node. Note that > ways > >> > >> "Note that ways" -> "Ways" > >> > >> of learning the identity of that node are outside the scope of > >> this specification. > >> > >> * Reply via an IPv4/IPv6 UDP Packet (2) value likely will be the > >> most used. > >> > >> -> "Reply via an IPv4/IPv6 UDP packet (2). This will likely be the > >> most common value." > >> > >> * Reply via Application-Level Control Channel (3) value if the > SFP > >> may have bi-directional paths. > >> > >> -> "Reply via Application-Level Control Channel (3). Useful if the SFP > >> has bi-directional paths." > >> > >> * Reply via Specified Path (4) value to enforce the use of the > >> > >> "(4) value to enforce the" -> "(4). This value requests the" > >> > >> particular return path specified in the included TLV to verify > bi- > >> directional continuity and also increase the robustness of > >> the > >> > >> "and also" -> "and may also" > >> > >> monitoring by selecting a more stable path. Section 6.5.1 > >> provides an example of communicating an explicit path for the > Echo > >> Reply. > >> > >> * Reply via an IPv4/IPv6 UDP Packet with the data integrity > >> protection (5) value to enforce use of the MAC Context Header > >> > >> "(5) value to enforce use" -> "(5). This value requests the use" > >> > >> [RFC9145]. > >> > >> * Reply via Application-Level Control Channel with the data > >> integrity protection (6) value to enforce use of the MAC > Context > >> > >> "(6) value to enforce use" -> "(6). This value requests the use" > >> > >> Header [RFC9145]. > >> > >> * Reply via Specified Path with the the data integrity protection > >> (7) value to enforce use of the MAC Context Header [RFC9145]. > >> > >> "(7) value to enforce use" -> "(7). This value requests the use" > >> > >> 6.3.1. Source TLV > >> > >> Responder to the SFC Echo Request encapsulates the SFC Echo Reply > >> > >> "Responder" -> "The responder" > >> > >> message in IP/UDP packet if the Reply mode is "Reply via an > IPv4/IPv6 > >> UDP Packet". Because the NSH does not identify the ingress node > that > >> generated the Echo Request, the source ID MUST be included in the > >> message and used as the IP destination address and destination UDP > >> port number of the SFC Echo Reply. The sender of the SFC Echo > >> Request MUST include an SFC Source TLV (Figure 5). > >> > >> > >> A single Source ID TLV for each address family, i.e., IPv4 and > IPv6, > >> MAY be present in an SFC Echo Request message. If the Source TLVs > >> for both address families are present in an SFC Echo Request > message, > >> the SFF MUST NOT replicate an SFC Echo Reply but choose the > >> destination IP address for the SFC Echo Reply based on the local > >> > >> "the SFC Echo Reply based" -> "the one SFC Echo Reply it sends based" > >> > >> policy. If more than one Source ID TLV per the address family is > >> present, the receiver MUST use the first TLV and ignore the rest. > >> > >> > >> 6.4. SFC Echo Request Reception > >> > >> Punting received SFC Echo Request to the control plane is > triggered > >> > >> "Punting received" -> "Punting a received" > >> > >> by one of the following packet processing exceptions: NSH TTL > >> expiration, NSH Service Index (SI) expiration, or the receiver is > the > >> terminal SFF for an SFP. > >> > >> Firstly, if the SFC Echo Request is integrity-protected, the > >> receiving SFF first MUST verify the authentication. Then the > >> receiver SFF MUST validate the Source TLV, as defined in > >> Section 6.3.1. Suppose the authentication validation has failed > and > >> the Source TLV is considered properly formatted. In that case, > the > >> SFF MUST send to the system identified in the Source TLV (see > >> Section 6.5), according to a rate-limit control mechanism, an SFC > >> Echo Reply with the Return Code set to "Authentication failed" and > >> the Subcode set to zero. If the Source TLV is determined > malformed, > >> the received SFC Echo Request processing is stopped, the message > is > >> dropped, and the event SHOULD be logged, according to a > rate-limiting > >> control for logging. Then, the SFF that has received an SFC Echo > >> Request verifies the rest of the received packet's general sanity. > >> If the packet is not well-formed, the receiver SFF SHOULD send an > SFC > >> Echo Reply with the Return Code set to "Malformed Echo Request > >> received" and the Subcode set to zero under the control of the > rate- > >> limiting mechanism to the system identified in the Source TLV (see > >> Section 6.5). If there are any TLVs that the SFF does not > >> understand, the SFF MUST send an SFC Echo Reply with the Return > Code > >> set to 2 ("One or more TLVs was not understood") and set the > Subcode > >> to zero. In the latter case, the SFF MAY include an Errored TLVs > TLV > >> (Section 6.4.1) that, as sub-TLVs, contains only the misunderstood > >> TLVs. Sender's Handle and Sequence Number fields are not examined > >> but are included in the SFC Echo Reply message. If the sanity > check > >> of the received Echo Request succeeded, then the SFF at the end of > >> the SFP MUST set the Return Code value to 5 ("End of the SFP") and > >> the Subcode set to zero. If the SFF is not at the end of the SFP > and > >> the TTL value is 1, the value of the Return Code MUST be set to 4 > >> ("TTL Exceeded") and the Subcode set to zero. In all other cases, > >> SFF MUST set the Return Code value to 0 ("No Return Code") and the > >> Subcode set to zero. > >> > >> The above paragraph is very long and, I think, would be better > >> reformatted as a numbered list or the like. > >> > >> > >> The Sub-TLV's Type the copy of the first octet of the not > >> understood or failed to be parced TLV. > >> > >> "Type the copy" -> "Type - a copy" > >> "parced" -> "parsed" > >> > >> > >> The Sub-TLV Value field contains data that follow the Legth > field > >> in the errored TLV. > >> > >> "Legth" -> "Length" > >> > >> 6.5. SFC Echo Reply Transmission > >> > >> The "Reply Mode" field directs whether and how the Echo Reply > message > >> should be sent. The Echo Request sender MAY use TLVs to request > that > >> the corresponding Echo Reply be transmitted over the specified > path. > >> Section 6.5.1 provides an example of a TLV that specifies the > return > >> path of the Echo Reply. Value 1 is the "Do not reply" mode and > >> suppresses the Echo Reply packet transmission. The default value > (2) > >> for the Reply mode field requests the responder to send the Echo > >> Reply packet out-of-band as IPv4 or IPv6 UDP packet. > >> > >> "requests the responder to send the" -> "requests sending the" > >> "as IPv4" -> "as an IPv4" > >> > >> > >> The SFC Reply Path TLV carries the information that sufficiently > >> identifies the return SFP that the SFC Echo Reply message is > expected > >> to follow. The format of SFC Reply Path TLV is shown in Figure 8. > >> > >> Above and in this document below, there are many occurrences of > >> "SFC Reply Path TLV" that I think should be globally changed to > >> "Reply Service Function Path TLV". > >> > >> > >> * SFC Reply Path Type: is a one-octet field, indicates the TLV > that > >> contains information about the SFC Reply path. IANA is > requested > >> to assign value 3, > >> > >> Replacement point for the above: > >> > >> * Reply Service Function Path Type (3): This is is a one-octet > >> fieldand indicates the TLV that contains information about > >> the SFC Reply path. > >> > >> * Reserved - one-octet field. The field MUST be zeroed on > >> transmission and ignored on receipt. > >> > >> " -" -> ": " > >> > >> * Length: is a two-octet field, MUST be equal to 4 > >> > >> * Reply Service Function Path is used to describe the return path > >> that an SFC Echo Reply is requested to follow. > >> > >> The format of the Reply Service Function Path field displayed in > >> Figure 9. > >> > >> > >> 0 1 2 3 > >> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 > 0 1 > >> > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > >> | Reply Service Function Path Identifier | Service > Index | > >> > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > >> > >> Figure 9: Reply Service Function Path Field Format > >> > >> I don't see any reason for Figure 9 to be separate from Figure 8. They > >> could be integrated. > >> > >> > >> The destination SFF of the SFP being tested or the SFF at which > SFC > >> TTL expired (as per [RFC8300]) may be sending the Echo Reply. The > >> processing described below equally applies to both cases and is > >> referred to as responding SFF. > >> > >> I think things got slightly scrambled above. How about: > >> > >> The destination SFF of the SFP being tested or the SFF at which > >> SFC TTL expired (as per [RFC8300]) may be sending the Echo Reply > >> is referred to as responding SFF. The processing described > >> below equally applies to both cases. > >> > >> > >> * if the matching to the Echo Request found, the value of the > >> > >> Replace above line with: > >> > >> * the matching SFC Echo Request is found, that is, the value of > the > >> > >> Sender's Handle in the Echo Request sent is equal to the value > of > >> Sender's Handle in the Echo Reply received; > >> > >> * if all checks passed, the SFF checks if the Sequence Number > >> in the > >> > >> Replace above with: > >> > >> * all other checks and and the Sequence Number > >> > >> Echo Request sent matches to the Sequence Number in the Echo > Reply > >> received. > >> > >> > >> Suppose a specialized information element (e.g., IPv6 Flow Label > >> [RFC6437] or Flow ID [I-D.ietf-sfc-nsh-tlv]) is used for > distributing > >> the load across Equal Cost Multi-Path or Link Aggregation Group > >> paths. In that case, such an element MAY also be used for the SFC > >> > >> How about "MAY" -> "SHOULD"? > >> > >> OAM traffic. Doing so is meant to induce the SFC Echo Request to > >> follow the same RSP as the monitored flow. > >> > >> 6.6. Verification of the SFP Consistency > >> > >> The consistency of an SFP can be verified by comparing the view of > >> the SFP from the control or management plane with information > >> collected from traversed by an SFC NSH Echo Request message. > Every > >> > >> "traversed" -> "traversing" > >> > >> SFF that receives the Consistency Verification Request (CVReq) > >> > >> "the Consistency" -> "a Consistency" > >> > >> (specified in Section 6.6.1) MUST perform the following actions: > >> > >> * Collect information of the traversed by the CVReq packet SFs > and > >> > >> Replace above line with: > >> > >> * Collect information about the SFs traversed by the CVReq > packet and > >> > >> send it to the ingress SFF as CVRep packet over IP network; > >> > >> * Forward the CVReq to the next downstream SFF if the one exists. > >> > >> As a result, the ingress SFF collects information about all > traversed > >> SFFs and SFs, information on the actual path the CVReq packet has > >> traveled. That information is used to verify the SFC's path > >> > >> "is used" -> "can be used" > >> > >> consistency. The mechanism for the SFP consistency verification > is > >> outside the scope of this document. > >> > >> > >> 6.6.1. SFP Consistency Verification packet > >> > >> For the verification of an SFP consistency, two new types of > messages > >> to the SFC Echo Request/Reply operation defined in Section 6 with > the > >> following values detailed in Section 10.3.2: > >> > >> Replace above paragraph with the following: > >> > >> For the verification of an SFP consistency, two types of SFC > Active OAM > >> messages are defined in addition to the SFC Echo Request/Reply > messages. > >> Their SFC Echo Request/Echo Response Message Types are as follows: > >> > >> * 3 - SFP Consistency Verification Request > >> > >> * 4 - SFP Consistency Verification Reply > >> > >> > >> 6.6.2. SFF Information Record TLV > >> > >> For the received CVReq, an SFF is expected to include in the CVRep > >> message the information about SFs that are mapped to that SFF. > The > >> > >> "mapped to" -> "available from"? > >> > >> SFF MUST include SFF Information Record TLV (Figure 10) in CVRep > >> message. Every SFF sends back a single CVRep message, including > >> information on all the SFs attached to the SFF on the SFP, as > >> > >> "the SFF" -> "that SFF" > >> > >> requested in the received CVReq message using the SF Information > sub- > >> TLV (Section 6.6.3). > >> > >> > >> The SFF Information Record TLV is a variable-length TLV that > includes > >> the information of all SFs mapped to the particular SFF instance > for > >> > >> "mapped to" -> "available from" > >> > >> the specified SFP. Figure 10 presents the format of an SFF > >> Information Record TLV, where fields are defined as the following: > >> > >> > >> If the NSH of the received SFC Echo Reply includes the MAC Context > >> Header [RFC9145], the authentication of the packet MUST be > verified > >> before using any data. If the verification fails, the receiver > MUST > >> stop processing the SFF Information Record TLV and notify an > >> operator. The notification mechanism SHOULD include control of > rate- > >> limiting messages. Specification of the notification mechanism is > >> > >> "limiting messages" -> "limited messages" > >> > >> outside the scope of this document. > >> > >> 6.6.3. SF Information Sub-TLV > >> > >> Every SFF receiving CVReq packet MUST include the SF > characteristic > >> > >> "receiving CVReq" -> "receiving a CVReq" > >> > >> data into the CVRep packet. The format of an SF Information > sub-TLV, > >> included in a CVRep packet, is shown in Figure 11. > >> > >> > >> SF sub-TLV Type: Two-octets long field. The value is (5) > >> > >> "Two" -> "one" > >> since the first word after the colon is not capitalized in any of the > cases > >> below it should not be capitalized here or they should all be > capitalized. > >> > >> (Section 10.4). > >> > >> > >> 6.6.4.1. Multiple SFs as Hops of an SFP > >> > >> Multiple SFs attached to the same SFF can be the hops of the SFP. > >> The service indexes of these SFs on thatSFP will be different. > >> Service function types of these SFs could be different or be the > >> same. Information about all SFs MAY be included in the CVRep > >> message. Information about each SF MUST be listed as separate SF > >> Information sub-TLVs in the CVRep message. > >> > >> Suggest adding to the end of the above paragraph: "The same SF can even > >> appear more than once in an SFP with a different service index." > >> > >> > >> 6.6.4.2. Multiple SFs for load balance > >> > >> Multiple SFs may be attached to the same SFF to spread the load; > in > >> other words, that means that the particular traffic flow will > >> traverse only one of these SFs. These SFs have the same Service > >> Function Type and Service Index. For this case, the SF > identifiers > >> and SF ID Type of all these SFs will be listed in the SF > Identifiers > >> field and SF ID Type in a single SF information sub-TLV of the > CVRep > >> message. The number of these SFs can be calculated using the SF > ID > >> Type and the value of the Length field of the sub-TLV. > >> > >> I found the second half of the above paragraph somewhat confusing. > >> Sounds like the SF ID Type would be included for each of the SFs but > >> their ID Types will all be the same. I suggest replacing the 2nd part > >> of this paragraph after the first two sentences with something like > >> the following: > >> > >> For this case, the SF ID Type, which must be the same for all of > >> these SFs, appears once but all of their SF Identifiers will > >> appear concatenated in the SF Identifier area of the Sub-TLV > >> (see Figure 11). The number of these SFs can be calculated from > >> the SF ID Type and the value of the Length field of the sub-TLV. > >> > >> > >> It is RECOMMENDED that implementations throttle the SFC ping > traffic > >> going to the control plane to mitigate potential Denial-of-Service > >> attacks. > >> > >> I found the occurrence of "ping" here to be startling. There are two > >> other occurrences of "ping" in this document, both earlier in this > >> Security Considerations section, but in a different context. > >> Otherwise, ping does not occur anywhere else. My guess is that you > >> means SFC Echo Request/Echo Reply. I suggest you use that here instead > >> of "ping". Alternatively, you could make the major change of carefully > >> and prominently defining ping and using it throughout the document. > >> > >> > >> SFC NSH Echo Request/Reply provides essential OAM functions for > >> network operators. SFC NSH Echo Request/Reply is intended to > detect > >> and localize defects in an SFC. For example, by comparing > results of > >> the trace function in operational and failed states, an operator > can > >> locate the defect, e.g., the connection between SFF1 and SFF2 > >> (Figure 1). Note that a more specific failure location can be > >> > >> "Note that" -> "After narrowing down a failure to an overlay link," > >> > >> determined using OAM tools in the underlay network. The mechanism > >> defined in this document can be used on-demand or for periodic > >> validation of an SFP or RSP. Because the protocol uses > information > >> in the SFC control plane, an operator must have the ability to > >> control the frequency of transmitted Echo Request and Reply > messages. > >> > >> Assuming I understand the above sentence, how about replacing it with > >> the following: > >> > >> Because the protocol makes use of the control plane which may > >> have limited capacity, an operator must be able to rate limit > >> Echo Request and Echo Reply messages. > >> > >> > >> 10. IANA Considerations > >> > >> Suggest inserting here: > >> > >> "The terms used in the IANA Considerations below are intended to > >> be consistent with [RFC8126]." > >> > >> > >> [RFC Editor, please update all occurrences of TBA1 with the value > >> assigned by IANA Action.] > >> > >> The above RFC Editor note is unnecessary and could be deleted. > >> > >> > >> 10.2. SFC Active OAM > >> > >> IANA is requested to create a new SFC Active OAM registry. > >> > >> If you are asking IANA to "create" something, the word "new" is > >> redundant. If it wasn't "new", then you would be asking IANA to > >> "change" something, not "create" it. Suggest the following replacement > >> for the above sentence: > >> > >> IANA is requested to create an SFC Active OAM registry > >> containing the sub-registries listed below. > >> > >> Do you actually mean "web page" rather than registry? There doesn't > >> seem to be anything in this "registry" other than "sub-registries". Of > >> course, the RFC/IANA terminology for all this is highly inconsistent... > >> > >> > >> 10.2.1. SFC Active OAM Message Type > >> > >> IANA is requested to create in the SFC Active OAM registry a new > sub- > >> registry as follows: > >> > >> "new" -> "" > >> > >> So, the problem with the sub-registry below is that the SFC Active OAM > >> Message Type file looks to me like it has only six bits, not 16 bits, > >> so there are only 64 values. Given that, I suggest making it all "IETF > >> Review". You could do something like changing the 2nd half from "First > >> Come First Served" to "Specification Required" but that would require > >> the appointment of experts. I generally favor liberal IANA assignment > >> criterion but, as I say, in this case I think IETF Review might be > >> best. > >> > >> > >> Sub-registry Name: SFC Active OAM Message Type. > >> > >> Assignment Policy: > >> > >> 2-32767 IETF Review > >> > >> "23767" -> "31" > >> > >> 32768-65530 First Come First Served > >> > >> -> "32-62" > >> > >> Similar changes in table below with final Reserved value being 63. > >> > >> Reference: [this document] > >> > >> +===============+=============================+===============+ > >> | Value | Description | Reference | > >> +===============+=============================+===============+ > >> | 0 | Reserved | This document | > >> +---------------+-----------------------------+---------------+ > >> | 1 | SFC Echo Request/Echo Reply | This document | > >> +---------------+-----------------------------+---------------+ > >> | 2 - 32767 | Unassigned | This document | > >> +---------------+-----------------------------+---------------+ > >> | 32768 - 65530 | Unassigned | This document | > >> +---------------+-----------------------------+---------------+ > >> | 65531 - 65534 | Unassigned | This document | > >> +---------------+-----------------------------+---------------+ > >> | 65535 | Reserved | This document | > >> +---------------+-----------------------------+---------------+ > >> > >> Table 3: SFC Active OAM Message Type > >> > >> > >> 10.2.2. SFC Active OAM Header Flags > >> > >> IANA is requested to create in the SFC Active OAM registry the new > >> > >> "registry the new" -> "Registry the" > >> > >> sub-registry SFC Active OAM Flags. > >> > >> > >> 10.3. SFC Echo Request/Echo Reply Parameters > >> > >> IANA is requested to create a new SFC Echo Request/Echo Reply > >> Parameters registry. > >> > >> I would put this 10.3 stuff and the 10.4 stuff under the SFC Action > >> OAM registry rather than trying to nest deeper. Depending on how IANA > >> interprets this, it may result in multiple short IANA web pages, which > >> is kind of a pain in my mind. Better to have fewer web pages with more > >> registries per page. > >> > >> > >> 10.3.1. SFC Echo Request Flags > >> > >> IANA is requested to create in the SFC Echo Request/Echo Reply > >> Parameters registry the new sub-registry SFC Echo Request Flags. > >> > >> "new" -> "" > >> > >> I'm not sure what will happen or what you think will happen with IANA > >> web pages / Registries / Sub-Registries"... > >> > >> This sub-registry tracks the assignment of 16 flags in the SFC > Echo > >> Request Flags field of the SFC Echo Request message. The flags > are > >> numbered from 0 (most significant bit, transmitted first) to 15. > >> > >> New entries are assigned by Standards Action. > >> > >> +============+=============+===============+ > >> | Bit Number | Description | Reference | > >> +============+=============+===============+ > >> | 15-0 | Unassigned | This document | > >> +------------+-------------+---------------+ > >> > >> Table 5: SFC Echo Request Flags > >> > >> 10.3.2. SFC Echo Request/Echo Reply Message Types > >> > >> IANA is requested to create in the SFC Echo Request/Echo Reply > >> Parameters registry the new sub-registry as follows: > >> > >> "new" -> "" > >> > >> Sub-registry Name: Message Types > >> > >> Assignment Policy: > >> > >> 5 - 175 IETF Review > >> > >> 176 - 239 First Come First Served > >> > >> 240 - 251 Experimental > >> > >> 252 - 254 Private Use > >> > >> Delete above two lines. > >> > >> I think "Assignment Policy" normally only lists those ranges for which > >> assignment is possible so doesn't list Private Use or Reserved or > >> Experimental. > >> > >> Reference: [this document] > >> > >> > +===========+======================================+===============+ > >> | Value | Description | Reference > | > >> > +===========+======================================+===============+ > >> | 0 | Reserved | This > document | > >> > +-----------+--------------------------------------+---------------+ > >> | 1 | SFC Echo Request | This > document | > >> > +-----------+--------------------------------------+---------------+ > >> | 2 | SFC Echo Reply | This > document | > >> > +-----------+--------------------------------------+---------------+ > >> | 3 | SFP Consistency Verification Request | This > document | > >> > +-----------+--------------------------------------+---------------+ > >> | 4 | SFP Consistency Verification Reply | This > document | > >> > +-----------+--------------------------------------+---------------+ > >> | 5 - 175 | Unassigned | This > document | > >> > +-----------+--------------------------------------+---------------+ > >> | 176 - 239 | Unassigned | This > document | > >> > +-----------+--------------------------------------+---------------+ > >> | 240 - 251 | Unassigned | This > document | > >> > >> "Unassigned" - "Experimental" > >> > >> > +-----------+--------------------------------------+---------------+ > >> | 252 - 254 | Unassigned | This > document | > >> > >> "Unassigned" -> "Private Use" > >> > >> > +-----------+--------------------------------------+---------------+ > >> | 255 | Reserved | This > document | > >> > +-----------+--------------------------------------+---------------+ > >> > >> Table 6: SFC Echo Request/Echo Reply Message Types > >> > >> 10.3.3. SFC Echo Reply Modes > >> > >> IANA is requested to create in the SFC Echo Request/Echo Reply > >> Parameters registry the new sub-registry as follows: > >> > >> Sub-registry Name: Reply Mode > >> > >> Assignment Policy: > >> > >> > >> > >> Mirsky, et al. Expires 10 January 2023 [Page > 28] > >> > >> Internet-Draft Active OAM for SFC July > 2022 > >> > >> > >> 8 - 175 IETF Review > >> > >> 176 - 239 First Come First Served > >> > >> 240 - 251 Experimental > >> > >> 252 - 254 Private Use > >> > >> Delete above two lines. > >> > >> I think "Assignment Policy" normally only lists those ranges for which > >> assignment is possible so doesn't list Private Use or Reserved or > >> Experimental. > >> > >> Reference: [this document] > >> > >> > >> +=======+====================================+===============+ > >> | Value | Description | Reference | > >> +=======+====================================+===============+ > >> | 0 | Reserved | This document | > >> +-------+------------------------------------+---------------+ > >> | 1 | Do Not Reply | This document | > >> +-------+------------------------------------+---------------+ > >> | 2 | Reply via an IPv4/IPv6 UDP Packet | This document | > >> +-------+------------------------------------+---------------+ > >> | 3 | Reply via Application-Level | This document | > >> | | Control Channel | | > >> +-------+------------------------------------+---------------+ > >> | 4 | Reply via Specified Path | This document | > >> +-------+------------------------------------+---------------+ > >> | 5 | Reply via an IPv4/IPv6 UDP Packet | This document | > >> | | with the data integrity protection | | > >> +-------+------------------------------------+---------------+ > >> | 6 | Reply via Application-Level | This document | > >> | | Control Channel with the data | | > >> | | integrity protection | | > >> +-------+------------------------------------+---------------+ > >> | 7 | Reply via Specified Path with the | This document | > >> | | data integrity protection | | > >> +-------+------------------------------------+---------------+ > >> | 8 - | Unassigned | IETF Review | > >> > >> "IETF Review" -> "This document" > >> > >> | 175 | | | > >> +-------+------------------------------------+---------------+ > >> | 176 - | Unassigned | First Come | > >> | 239 | | First Served | > >> > >> "First Come First Served" -> "This document" > >> > >> +-------+------------------------------------+---------------+ > >> > >> In both entries below, "Description" column should have value > >> currently in the "Reference" column and the "Reference" column should > >> say "This document". > >> > >> | 240 - | Unassigned | Experimental | > >> | 251 | | | > >> +-------+------------------------------------+---------------+ > >> | 252 - | Unassigned | Private Use | > >> | 254 | | | > >> +-------+------------------------------------+---------------+ > >> | 255 | Reserved | This document | > >> +-------+------------------------------------+---------------+ > >> > >> Table 7: SFC Echo Reply Mode > >> > >> 10.3.4. SFC Echo Return Codes > >> > >> IANA is requested to create in the SFC Echo Request/Echo Reply > >> Parameters registry the new sub-registry as follows: > >> > >> "new" -> "" > >> > >> Sub-registry Name: Return Codes > >> > >> Assignment Policy: > >> > >> 9 - 191 IETF Review > >> > >> 192 - 251 First Come First Served > >> > >> 252 - 254 Private Use > >> > >> Delete above line. > >> > >> I think "Assignment Policy" normally only lists those ranges for which > >> assignment is possible so doesn't list Private Use or Reserved or > >> Experimental. > >> > >> Reference: [this document] > >> > >> +=========+=================================+===============+ > >> | Value | Description | Reference | > >> +=========+=================================+===============+ > >> | 0 | No Return Code | This document | > >> +---------+---------------------------------+---------------+ > >> | 1 | Malformed Echo Request received | This document | > >> +---------+---------------------------------+---------------+ > >> | 2 | One or more of the TLVs was not | This document | > >> | | understood | | > >> +---------+---------------------------------+---------------+ > >> | 3 | Authentication failed | This document | > >> +---------+---------------------------------+---------------+ > >> | 4 | TTL Exceeded | This document | > >> +---------+---------------------------------+---------------+ > >> | 5 | End of the SFP | This document | > >> +---------+---------------------------------+---------------+ > >> | 6 | Reply Path TLV is missing | This document | > >> +---------+---------------------------------+---------------+ > >> | 7 | Reply SFP was not found | This document | > >> +---------+---------------------------------+---------------+ > >> | 8 | Unverifiable Reply Path | This document | > >> +---------+---------------------------------+---------------+ > >> | 9 -191 | Unassigned | This document | > >> +---------+---------------------------------+---------------+ > >> | 192-251 | Unassigned | This document | > >> +---------+---------------------------------+---------------+ > >> | 252-254 | Unassigned | This document | > >> > >> "Unassigned" -> "Private Use" > >> > >> +---------+---------------------------------+---------------+ > >> | 255 | Reserved | This document | > >> +---------+---------------------------------+---------------+ > >> > >> Table 8: SFC Echo Return Codes > >> > >> 10.4. SFC Active OAM TLV Type > >> > >> IANA is requested to create the new registry as follows: > >> > >> Registry Name: SFC Active OAM TLV Type > >> Assignment Policy: > >> > >> 6 -175 IETF Review > >> > >> 176 - 239 First Come First Served > >> > >> 240 - 251 Experimental > >> > >> 252 - 254 Private Use > >> > >> Delete above two lines. > >> > >> I think "Assignment Policy" normally only lists those ranges for which > >> assignment is possible so doesn't list Private Use or Reserved or > >> Experimental. > >> > >> Reference: [this document] > >> > >> +===========+=============================+===============+ > >> | Value | Description | Reference | > >> +===========+=============================+===============+ > >> | 0 | Reserved | This document | > >> +-----------+-----------------------------+---------------+ > >> | 1 | Source ID TLV | This document | > >> +-----------+-----------------------------+---------------+ > >> | 2 | Errored TLVs | This document | > >> +-----------+-----------------------------+---------------+ > >> | 3 | SFC Reply Path Type | This document | > >> +-----------+-----------------------------+---------------+ > >> | 4 | SFF Information Record Type | This document | > >> +-----------+-----------------------------+---------------+ > >> | 5 | SF Information | This document | > >> +-----------+-----------------------------+---------------+ > >> | 6 - 175 | Unassigned | This document | > >> +-----------+-----------------------------+---------------+ > >> | 176 - 239 | Unassigned | This document | > >> +-----------+-----------------------------+---------------+ > >> | 240 - 251 | Unassigned | This document | > >> > >> "Unassigned" -> "Experimental" > >> > >> +-----------+-----------------------------+---------------+ > >> | 252 - 254 | Unassigned | This document | > >> > >> "Unassigned" -> "Private Use" > >> > >> +-----------+-----------------------------+---------------+ > >> | 255 | Reserved | This document | > >> +-----------+-----------------------------+---------------+ > >> > >> Table 9: SFC Active OAM TLV Type Registry > >> > >> 10.5. SF Identifier Types > >> > >> IANA is requested to create in the SF Types registry the new sub- > >> registry as follows: > >> > >> "new" -> "" > >> > >> Registry Name: SF Identifier Types > >> > >> Assignment Policy: > >> > >> > >> > >> Mirsky, et al. Expires 10 January 2023 [Page > 32] > >> > >> Internet-Draft Active OAM for SFC July > 2022 > >> > >> > >> 4 -191 IETF Review > >> > >> 192 - 251 First Come First Served > >> > >> 252 - 254 Private Use > >> > >> delete above line. > >> > >> I think "Assignment Policy" nomrally only lists those ranges for which > >> assignment is possible so doesn't list Private Use or Reserved or > >> Experimenal. > >> > >> Reference: [this document] > >> > >> +=========+=============+===============+ > >> | Value | Description | Reference | > >> +=========+=============+===============+ > >> | 0 | Reserved | This document | > >> +---------+-------------+---------------+ > >> | 1 | IPv4 | This document | > >> +---------+-------------+---------------+ > >> | 2 | IPv6 | This document | > >> +---------+-------------+---------------+ > >> | 3 | MAC | This document | > >> +---------+-------------+---------------+ > >> | 4 -191 | Unassigned | This document | > >> +---------+-------------+---------------+ > >> | 192-251 | Unassigned | This document | > >> +---------+-------------+---------------+ > >> | 252-254 | Unassigned | This document | > >> > >> "Unassigned" -> "Private Use" > >> > >> +---------+-------------+---------------+ > >> | 255 | Reserved | This document | > >> +---------+-------------+---------------+ > >> > >> Table 10: SF Identifier Type > >> > >> > >> 11.2. Informative References > >> > >> Add Informative References [RFC4086] and [RFC8126]. > >> > >> Thanks, > >> Donald > >> =============================== > >> Donald E. Eastlake 3rd +1-508-333-2270 (cell) > >> 2386 Panoramic Circle, Apopka, FL 32703 USA > >> d3e3e3@gmail.com >
- [sfc] Shepherd's review of draft-ietf-sfc-multi-l… Donald Eastlake
- Re: [sfc] Shepherd's review of draft-ietf-sfc-mul… Greg Mirsky
- Re: [sfc] Shepherd's review of draft-ietf-sfc-mul… Donald Eastlake
- Re: [sfc] Shepherd's review of draft-ietf-sfc-mul… Greg Mirsky