Re: [Softwires] early MIB Doctor review for draft-ietf-softwire-map-mib-07
"Yu Fu" <fuyu@cnnic.cn> Tue, 16 May 2017 07:13 UTC
Return-Path: <fuyu@cnnic.cn>
X-Original-To: softwires@ietfa.amsl.com
Delivered-To: softwires@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3E96129B7D; Tue, 16 May 2017 00:13:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zjKIES9qEQFK; Tue, 16 May 2017 00:13:11 -0700 (PDT)
Received: from cnnic.cn (smtp13.cnnic.cn [218.241.118.13]) by ietfa.amsl.com (Postfix) with ESMTP id A33EC12E041; Tue, 16 May 2017 00:10:12 -0700 (PDT)
Received: from LIUXD (unknown [218.241.103.213]) by ocmail02.zx.nicx.cn (Coremail) with SMTP id AQAAf0B5hubDpRpZQJixKg--.40173S4; Tue, 16 May 2017 15:09:55 +0800 (CST)
From: Yu Fu <fuyu@cnnic.cn>
To: bertietf@bwijnen.net
Cc: draft-ietf-softwire-map-mib.all@ietf.org, 'MIB Doctors' <mib-doctors@ietf.org>, softwires@ietf.org
References: <d7384d87-7a25-408d-86e7-9073a6c38278@bwijnen.net> <003201d2cad9$c83bec50$58b3c4f0$@cn> <6874911d-0535-8206-d96d-99a956c5bf85@bwijnen.net>
In-Reply-To: <6874911d-0535-8206-d96d-99a956c5bf85@bwijnen.net>
Date: Tue, 16 May 2017 15:10:08 +0800
Message-ID: <002201d2ce13$73ccd570$5b668050$@cn>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AdLLMf+kXJXxUjaxQv+CCRcaXI+9NgB8BaKQ
Content-Language: zh-cn
X-CM-TRANSID: AQAAf0B5hubDpRpZQJixKg--.40173S4
X-Coremail-Antispam: 1UD129KBjvJXoW3XFy7Jw4DGFW8Kw4fAF4UXFb_yoW3Xw1xp3 93ta15trWqqa17CrWv9w1vq34FyFZ3ZFy5Gr98try3C390yr97JF47KF1j9ayDJr10qa1j vrWUX3s8C3s8ZaDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUU9Cb7Iv0xC_Kw4lb4IE77IF4wAFF20E14v26r4j6ryUM7CY07I2 0VC2zVCF04k26cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28IrcIa0xkI8VA2jI 8067AKxVWUGwA2048vs2IY020Ec7CjxVAFwI0_Jr4l8cAvFVAK0II2c7xJM28CjxkF64kE wVA0rcxSw2x7M28EF7xvwVC0I7IYx2IY67AKxVW5JVW7JwA2z4x0Y4vE2Ix0cI8IcVCY1x 0267AKxVWxJVW8Jr1l84ACjcxK6I8E87Iv67AKxVW0oVCq3wA2z4x0Y4vEx4A2jsIEc7Cj xVAFwI0_GcCE3s1le2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG64xvF2IEw4CE5I8CrV C2j2WlYx0E2Ix0cI8IcVAFwI0_Jr0_Jr4lYx0Ex4A2jsIE14v26r1j6r4UMcvjeVCFs4IE 7xkEbVWUJVW8JwACjcxG0xvY0x0EwIxGrwCY02Avz4vE14v_GF4l42xK82IYc2Ij64vIr4 1l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x8GjcxK 67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r126r1DMIIYrxkI7VAKI48JMIIF0xvE2Ix0cI 8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I0E14v26r1j6r4UMIIF0xvE42xK8VAv wI8IcIk0rVWUJVWUCwCI42IY6I8E87Iv67AKxVWUJVW8JwCI42IY6I8E87Iv6xkF7I0E14 v26r1j6r4UYxBIdaVFxhVjvjDU0xZFpf9x07bYD7-UUUUU=
X-CM-SenderInfo: pix13q5fqqxugofq/
Archived-At: <https://mailarchive.ietf.org/arch/msg/softwires/-umuiZMEhmOx-ARRGqFLuIhfSZQ>
Subject: Re: [Softwires] early MIB Doctor review for draft-ietf-softwire-map-mib-07
X-BeenThere: softwires@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: softwires wg discussion list <softwires.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/softwires>, <mailto:softwires-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/softwires/>
List-Post: <mailto:softwires@ietf.org>
List-Help: <mailto:softwires-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/softwires>, <mailto:softwires-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 May 2017 07:13:13 -0000
Hi Bert, Please see my reply inline. I have cc the email to the softwire WG so that the WG could see the MIB Doctor's comments. >> In the MIB module itself: >> >> mapRuleID OBJECT-TYPE >> SYNTAX Integer32 (1..2147483647) >> MAX-ACCESS not-accessible >> STATUS current >> DESCRIPTION >> "An identifier used to distinguish the multiple >>mapping >> rule which is unique with each CE in the same BR." >> ::= { mapRuleEntry 1 } >> >> Since this is an index object, it be better defined as unsigned 32. >> See RFC4181, section 4.6.1.1. Specifically page 15, which states >> - Unsigned32 with a range that excludes zero is >>RECOMMENDED for >> most index objects. It is acceptable to include zero in the >> range when it is semantically significant or when it is used as >> the index value for a unique row with special properties. >>Such >> usage SHOULD be clearly documented in the DESCRIPTION >>clause. >> >> [fuyu]: I will change it into unsigned 32. >> >Pls also think about the question if the value can ever be zero for a good >reason. >Normally INDEX object do not have a value of zero. [fuyu] Yes, since it is an index object and the value range is not include zero. I think unsigned 32 is better. >> >> >> mapRuleIPv6PrefixType OBJECT-TYPE >> SYNTAX InetAddressType >> MAX-ACCESS read-only >> STATUS current >> DESCRIPTION >> "This object MUST be set to the value of ipv6(2) to >> present the IPv6 address.It describes the >> address type of the mapRuleIPv6Prefix and >> mapRuleBRIPv6Address." >> >> Such MUST language is not recommended. The way to specify >>such >> mandatory >> value you best use the MODULE COMPLIANCE statement. Such is >> RECOMMENDED >> as per RFC4181, page 26 >> >> [fuyu]: I will delete the MUST in the updated version. >> >But if you change to InetAddressIPv6 and InetAddressIPv4 (as you state >below), then there is no need for an InetAddressType. [fuyu] :Yes, I will delete the object of mapRuleIPv6PrefixType and mapRuleIPv4PrefixType too. Thank you for your remind. >> >> >> mapRuleIPv6Prefix OBJECT-TYPE >> SYNTAX InetAddress(SIZE (0..16)) >> MAX-ACCESS read-only >> STATUS current >> DESCRIPTION >> "The IPv6 prefix defined in mapping rule which will be >> assigned to CE. The address type is given by >> mapRuleIPv6PrefixType." >> ::= { mapRuleEntry 3 } >> >> mmmmm, when the InetAddressType is ipv6(2), then my >>understanding >> of RFC4001 >> is that the SIZE for the InetAddress MUST be 16. Maybe Juergen >> can chime in here? >> >> And if it is ALWAYS an IPv6 address, then maybe it is even better >> to use >> InetAddressIPv6 as the OBJECT-TYPE. >> >> I see the same set of 2 objects for IPv4. >> >> In my view, the idea of InetAddressType and InetAddress >>were/are >> to allow yopu to specify >> one or a single pair that can hold each of the 2 (or even more if >> needed) AddressTypes. >> >> So why are there separate objects for IPv4 and IPv6 ??? >> >> [fuyu]:OK, I will change it into >> >> mapRuleIPv6Prefix OBJECT-TYPE >> SYNTAX InetAddressIPv6 >> MAX-ACCESS read-only >> STATUS current >> DESCRIPTION >> "The IPv6 prefix defined in mapping rule which will be >> assigned to CE. The address type is given by >> mapRuleIPv6PrefixType." >> ::= { mapRuleEntry 3 } >> >> mapRuleIPv4Prefix OBJECT-TYPE >> SYNTAX InetAddressIPv4 >> MAX-ACCESS read-only >> STATUS current >> DESCRIPTION >> " The IPv4 prefix defined in mapping rule which will be >> assigned to CE. The address type is given by >> mapRuleIPv4PrefixType." >> ::= { mapRuleEntry 6 } >> >> Do you think it OK? >> >Yes. And you then do not need the InetAddressType object. [fuyu] : Yes, I will delete the objects of mapRuleIPv6PrefixType and mapRuleIPv4PrefixType too. Thank you for your remind. >> >> >> mapRulePSID OBJECT-TYPE >> SYNTAX Integer32 >> MAX-ACCESS read-only >> STATUS current >> DESCRIPTION >> "The PSID value algorithmically identifies a set of >> ports assigned to a CE." >> REFERENCE >> "PSID: section 3 of RFC 7597." >> ::= { mapRuleEntry 9 } >> >> Mmmm... section 3 of RFC7597 only defines the term. The >> algorithm is in section 5.1 >> Maybe that is a better place to point to. >> Reading that section 5.1 in RFC7597, I wonder if "Integer32" is >> the best representation. >> In section 5.1, I see a PSID that is 6 bits (figure 2 on page >> 10). But there is also >> text about a PSID of 0x00 and 0xFF, which does not fit in 6 bits. >> I am not an expert (basically have no knowledge about) on >>RFC7597. >> But sofar I cannot >> determine what the value range might be and how Integer32 is a >> good representation for >> the PSID. Please explain (not just to me, but adding text to the >> internet drafts >> and the DESCRIPTION clause of this object) >> >> [fuyu]:Different PSID values guarantee non-overlapping port sets. >> The length of PSID is k bits, and the default value of PSID offset is 6 >>bits. >> So the bit length of PSID is variable. Thank you for your question. >> I have reconsidered the SYNTAS of the PSID. It can never be a >>negative value. >> I think Unsigned32 will be better. >> >So do you just map the 4 octets of the PSID into this object? >Is it not better to then use OCTET-STRING with a SIZE(4) ?? >Maybe with a DISPLY-HINT added as well > >Do you normally display the value as an (unsigned) integer? >Or do you normally display it as 0Xxxxxxxxx ?? >Or maybe as bits? [fuyu] We always describe a Basic mapping rule as below: A MAP node (CE or BR) can, via the BMR or equivalent FMR, determine the IPv4 address and port set as shown below: EA bits offset: 40 IPv4 suffix bits (p) Length of IPv4 address (32) - IPv4 prefix length (24) = 8 IPv4 address: 192.0.2.18 (0xc0000212) PSID start: 40 + p = 40 + 8 = 48 PSID length: o - p = (56 - 40) - 8 = 8 PSID: 0x34 (1232) So I think display the values as (unsigned) integer or display it as 0Xxxxxxxxx both will be OK. Do you have the surggstions? >> >> >> mapRulePSIDLen OBJECT-TYPE >> SYNTAX Integer32 >> >> My understanding sofar is that this object can never take a >> negative value, >> so Unsigned32 would be better I think. >> >> [fuyu]: I will change it into Unsigned32 in the updated version. >> >Does it also make sense to add a range? (what are the possible values?) ?? [fuyu] The value range of mapRulePSIDLen is greater than or equal to 0 and no more than 16, so do you think define as below mapRulePSIDLen OBJECT-TYPE SYNTAX Unsigned32(0..16) Will it make sense? >> - Section 7. Security considerations: >> >> These are the objects and their sensitivity/vulnerability: >> >> mapRuleIPv6PrefixType >> >> mapRuleIPv6Prefix >> >> ... etc (quite a list of objects). >> >> But nowhere do I see text about "their >>sensitivity/vulnerability". ?? >> Still to be added? >> >> [fuyu]: Some of the readable objects in this MIB module may be >>considered sensitive or >> vulnerable in some network environments. These objects are >>readable, >> so maybe they are considered sensitive or vulnerable in some use >>case. >> We have a description why they are sensitive or vulnerable above the >>list of objects. >> >Mmmm... can you point me to that text? I do not see that you describe the >vulnerability at any place. You do describe what the objects are for, but >that does not clearly explain what the security risks are if some >unauthorize person would see them. > >If you describe that at some other place in the document, then at least I >would suggest to add a pointer to that text in the Security COnsiderations >Secion. [fuyu]: Sorry. I should point it more clearly. It is in the paragraph 2 of the section 7. From the first sentence that "Some of the readable objects in this MIB module may be considered sensitive or vulnerable..." > >Bert Thanks a lot Yu
- [Softwires] FW: early MIB Doctor review for draft… Yu Fu
- Re: [Softwires] early MIB Doctor review for draft… Yu Fu
- [Softwires] FW: early MIB Doctor review for draft… Yu Fu
- [Softwires] FW: early MIB Doctor review for draft… Yu Fu
- Re: [Softwires] early MIB Doctor review for draft… Bert Wijnen (IETF)
- Re: [Softwires] early MIB Doctor review for draft… Yu Fu
- Re: [Softwires] early MIB Doctor review for draft… Bert Wijnen (IETF)
- Re: [Softwires] early MIB Doctor review for draft… Terry Manderson
- Re: [Softwires] early MIB Doctor review for draft… Yu Fu