Re: [sfc] PoT review/comments

["Frank Brockners (fbrockne)" <fbrockne@cisco.com>]

One general note on draft-ietf-sfc-proof-of-transit-03: The document seems pretty stable – and could soon progress to WGLC.

That said, I like to note one topic which still needs attention IMHO (it is also mentioned as a comment in the xml of the draft):
The YANG model needs to be extended to cover OPOT as well – which isn’t currently the case. I hope that we can add this in the next rev.

Thanks, Frank

From: sfc <sfc-bounces@ietf.org> On Behalf Of Frank Brockners (fbrockne)
Sent: Mittwoch, 11. September 2019 11:04
To: ALEJANDRO AGUADO MARTIN <alejandro.aguadomartin.ext@telefonica.com>; Diego R. Lopez <diego.r.lopez@telefonica.com>; Carlos Pignataro (cpignata) <cpignata@cisco.com>; Shwetha Bhandari (shwethab) <shwethab@cisco.com>; Tal Mizrahi <tal.mizrahi.phd@gmail.com>
Cc: a.aguadom@fi.upm.es; sfc@ietf.org
Subject: Re: [sfc] PoT review/comments

Hi Alejandro,

Thanks again for the review. Your comments have been integrated into draft-ietf-sfc-proof-of-transit-03 which just got posted.

Cheers, Frank

From: Frank Brockners (fbrockne)
Sent: Montag, 27. Mai 2019 18:18
To: ALEJANDRO AGUADO MARTIN <alejandro.aguadomartin.ext@telefonica.com<mailto:alejandro.aguadomartin.ext@telefonica.com>>; Diego R. Lopez <diego.r.lopez@telefonica.com<mailto:diego.r.lopez@telefonica.com>>; Carlos Pignataro (cpignata) <cpignata@cisco.com<mailto:cpignata@cisco.com>>; Shwetha Bhandari (shwethab) <shwethab@cisco.com<mailto:shwethab@cisco.com>>; Tal Mizrahi <tal.mizrahi.phd@gmail.com<mailto:tal.mizrahi.phd@gmail.com>>
Cc: a.aguadom@fi.upm.es<mailto:a.aguadom@fi.upm.es>; sfc@ietf.org<mailto:sfc@ietf.org>
Subject: RE: PoT review/comments

Hi Alejandro,

Many thanks for the comments – and sorry for the delay – unfortunately your email somehow got dropped from my todo list. Please see inline…

(cc’ing the list as well).

From: ALEJANDRO AGUADO MARTIN <alejandro.aguadomartin.ext@telefonica.com<mailto:alejandro.aguadomartin.ext@telefonica.com>>
Sent: Montag, 15. April 2019 17:27
To: Diego R. Lopez <diego.r.lopez@telefonica.com<mailto:diego.r.lopez@telefonica.com>>; Carlos Pignataro (cpignata) <cpignata@cisco.com<mailto:cpignata@cisco.com>>; Frank Brockners (fbrockne) <fbrockne@cisco.com<mailto:fbrockne@cisco.com>>; Shwetha Bhandari (shwethab) <shwethab@cisco.com<mailto:shwethab@cisco.com>>; Tal Mizrahi <tal.mizrahi.phd@gmail.com<mailto:tal.mizrahi.phd@gmail.com>>
Cc: a.aguadom@fi.upm.es<mailto:a.aguadom@fi.upm.es>
Subject: PoT review/comments

Dear all,

I gave a quick review to the PoT document. Some comments:

- I read “The non-constant coefficients are used to generate the Lagrange Polynomial Constants (LPC).” As far as I understood, the points assigned to each node (Xi) are the ones used for generating the LPCi, aren’t they?
…FB: Good catch. The LPCs are of course computed using (x_i, y_i).
- If we go for including the YANG in the current document (which I agree), parameters should be described before the yang definition, and maybe it would be helpful to have the yang tree (see the current version attached).
…FB: Thanks. IMHO it makes sense to keep the YANG model in the current doc, given that the model and the description go hand in hand. We can of course also include the yang tree to make reading easier. This is consistent with other documents which specify YANG models.
- I include in the attached file few questions about naming of some parameters.

…FB:
- naming F_i(x_i, y_i) – I agree that a better name could be used. The only potential concern would be that the open source implementation in OpenDaylight uses this naming – changing it might lead to confusion. We can start with adding a comment to make things clearer.

- secret key – this is the constant part of the first polynomial which serves as the secret – and which is re-retrieved. Again, we can update the description to make things clearer.

- size of the random number: This is unrelated to OPOT. The random number is to uniquely identify a packet. There is a trade-off between the size of the random number and how often you need to re-key your system. At high speeds, the random number – which identifies a particular packet – is used up quite quickly if it is only 32-bit wide. See section 4  https://tools.ietf.org/html/draft-ietf-sfc-proof-of-transit-02#section-4

- number of profiles: For a deployment which is expected to renew keys every now and then (e.g. you run with 32-bit random numbers at reasonably high speeds), you need at least 2 profiles – an active one and one that you can activate once you run out of random numbers (which is what the encapsulating node would decide).
- I have checked some of the existing YANG files within the IETF to see in which it would be helpful to include. From the (not so) old OpenFlow, I assume that one match is necessary (for identify the iOAM/PoT header) whilst the source node can use any existing match field to identify packets where to apply the PoT scheme. In terms of actions, I would say that two may be required: for any node, an update-pot is necessary, while the verifier would need a verify-pot type of action, that would ideally either remove the header or drop the packet if fails (I do not know if you are thinking in more complex scenarios).

…FB: From an OF perspective, that sounds feasible. That said, we probably want to avoid making the spec specific to a technology like OF, hence would suggest that we don’t specify such a behavior as part of this document.

- For this last point, I have seen the definitions within draft-asechoud-rtgwg-qos-model-08, where matched could map (if I am not wrong) to classifiers/filters, and actions to actions. I send you the models in a zip file. In this sense the model to be defined in the PoT shall be an augment of the models defined in that document. I have not done a very deep revision on the model, but I think it could fit there. If you have check this or other models, let me know so I could also help.

…FB: Per my note above: In order to keep POT generic and not link it to a particular classification mechanism, I’d prefer to keep the classification question as out of scope for the current document. That way it can also apply to technologies which come with their own way to classify – and which might fully decouple the tunneling aspects from the classification aspects.

Thanks a lot and sorry for such long email.

..FB: Thanks again for all your comments. We’ll get them included in the next revision.

Cheers, Frank



Best,
Alejandro




________________________________

Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição