IETF Logo Mail Archive

Re: [sfc] Additional AD review comments on draft-ietf-sfc-nsh-20

"Carlos Pignataro (cpignata)" <cpignata@cisco.com> Mon, 18 September 2017 18:14 UTC

Return-Path: <cpignata@cisco.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B0711321DE; Mon, 18 Sep 2017 11:14:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.521
X-Spam-Level:
X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U_sUuhGO_nea; Mon, 18 Sep 2017 11:14:21 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21100133055; Mon, 18 Sep 2017 11:14:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4456; q=dns/txt; s=iport; t=1505758454; x=1506968054; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=v/eqz9Ta2L0Hp3HsAY6KoGo3b5RRbwIdB5/evHrXieA=; b=EvrEDQwFGjh8TJI1fIdoWdG6PGVp59eJHcqtsC7a5bb+ucYU6dyXy6If Usn2C/KRW4mkpQEWMOesqqMSVfinz2Rk7r/e/KITQdQvLWzOJBCFeIM68 Hgrd1uh7JH4HzOlNrxNXIJl8WAb/TAw9r4bk3PGHCuCf6WLna9CouvRuy w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CjAACVDMBZ/4YNJK1dGQEBAQEBAQEBAQEBBwEBAQEBg1qBUicHg26KII92gXSIO41rDoIECoU7AhqELT8YAQIBAQEBAQEBayiFGAEBAQECASMRNw4FCwIBCA4KAgImAgICHxEVEAIEDgWKGwMNCKowgieHOA2DagEBAQEBAQEBAQEBAQEBAQEBAQEBAR2BDoIdgWEBIIFQgWMrgn2CWIFtARIBgzIvgjEFigQBiRSNMzwCj1yEd4IThWqKe4xaiC4CERkBgTgBHziBAgt3FUkSAYcJdoVtgSOBDwEBAQ
X-IronPort-AV: E=Sophos;i="5.42,414,1500940800"; d="scan'208";a="296959127"
Received: from alln-core-12.cisco.com ([173.36.13.134]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 18 Sep 2017 18:14:13 +0000
Received: from XCH-RTP-018.cisco.com (xch-rtp-018.cisco.com [64.101.220.158]) by alln-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id v8IIEC7f021620 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 18 Sep 2017 18:14:13 GMT
Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-018.cisco.com (64.101.220.158) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 18 Sep 2017 14:14:12 -0400
Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1263.000; Mon, 18 Sep 2017 14:14:12 -0400
From: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
To: Alia Atlas <akatlas@gmail.com>
CC: "sfc@ietf.org" <sfc@ietf.org>, "draft-ietf-sfc-nsh@ietf.org" <draft-ietf-sfc-nsh@ietf.org>
Thread-Topic: Additional AD review comments on draft-ietf-sfc-nsh-20
Thread-Index: AQHTKBEJ6j37PwZL1EeImcQxKOWXRaK7RsUA
Date: Mon, 18 Sep 2017 18:14:12 +0000
Message-ID: <29A6B17C-F815-4A03-A63C-CB265F0175A2@cisco.com>
References: <CAG4d1rdTfPAD38u++W+OysGz7W76iaZQnzea0U7EFOLE9oHh5A@mail.gmail.com>
In-Reply-To: <CAG4d1rdTfPAD38u++W+OysGz7W76iaZQnzea0U7EFOLE9oHh5A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.118.116.133]
Content-Type: text/plain; charset="utf-8"
Content-ID: <02C153FAAD9453479B3D38B2ED5E7647@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/UBiA6lGm6ZM5J2taxk4zeSJEFTk>
Subject: Re: [sfc] Additional AD review comments on draft-ietf-sfc-nsh-20
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Sep 2017 18:14:23 -0000

Hi, Alia,

You addressed this email to me, but I just noticed I failed to respond — apologies!

> On Sep 7, 2017, at 3:39 PM, Alia Atlas <akatlas@gmail.com> wrote:
> 
> Carlos,
> 
> The draft is much improved.  Thank you for your hard work.  I still see the following three issues.
> 

Thanks, let’s see those three, inline.

> 
> 1) Sec 2.2: "The O bit MUST be set for OAM packets and MUST NOT be set for non-OAM
>    packets.  The O bit MUST NOT be modified along the SFP."
> What happens if the packet is reclassified - potentially to a different SFP?  
> 
> Sec 3 doesn't clarify this."When the logical classifier performs re-
>        classification that results in a change of service path, it MUST
>        replace the existing NSH with a new NSH with the Base Header and
>        Service Path Header reflecting the new service path information
>        and MUST set the initial SI.  Metadata MAY be preserved in the
>        new NSH."
> 

I do not think Sec 3 needs to clarify it. Section 2.2 already says:

“O bit: […] The actual format and processing of SFC
   OAM packets is outside the scope of this specification”

So we should not attempt to specify the processing here. 

If you believe it helps, we can add “The value of the O bit MUST be preserved in the new NSH”, but that would go against S2.2’s scope.

> It would be good to specify the behavior for the unassigned flags as well; that way there will be consistent assumptions for future extensions, if needed.
> 

Since they are Unassigned, the have no behavior specified, other than what’s already there:

“Unassigned bits MUST
   be set to zero upon origination, and MUST be ignored and preserved
   unmodified by other NSH supporting elements.  At reception, all
   elements MUST NOT modify their actions based on these unknown bits.”

What else is missing?

> 2) Sec 7.1: "For example, if the metadata conveys tenant information, that information may need to be authenticated and/or encrypted between the originator and the
>    intended recipients (which may include intended SFs only)."
> A reference to draft-reddy-sfc-nsh-encrypt, which defines how to encrypt the meta-data would be most helpful in making this sound less aspirational;

Sure. It’s already cited in the Security Considerations section, but we can add another citation. Done in the working copy.

> so would having that draft not be 2 years expired and ignored by the WG. 
> 
> 3) Sec 11.2.5: Guidance for the expert review is needed.

Good point. Thanks.

Here’s an attempt, please complete. I am hesitant to request discussion on the SFC list, do you think we should (and request in that document that the list is kept open)?

<t>
Expert Review requests MUST include a single code point per request.
   Designated Experts evaluating new allocation requests from this registry
   should consider the potential scarcity of code points for an 8-bit value,
   and check both for duplications as well as availability of documentation.
</t>



> 
> Regards,
> Alia

—
Carlos Pignataro, carlos@cisco.com

“Sometimes I use big words that I do not fully understand, to make myself sound more photosynthesis."

v2.23.0 | Report a Bug | By Email