Re: [Softwires] early MIB Doctor review for draft-ietf-softwire-map-mib-07
"Yu Fu" <fuyu@cnnic.cn> Tue, 16 May 2017 07:13 UTC
Return-Path: <fuyu@cnnic.cn>
X-Original-To: softwires@ietfa.amsl.com
Delivered-To: softwires@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3E96129B7D; Tue, 16 May 2017 00:13:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zjKIES9qEQFK; Tue, 16 May 2017 00:13:11 -0700 (PDT)
Received: from cnnic.cn (smtp13.cnnic.cn [218.241.118.13]) by ietfa.amsl.com (Postfix) with ESMTP id A33EC12E041; Tue, 16 May 2017 00:10:12 -0700 (PDT)
Received: from LIUXD (unknown [218.241.103.213]) by ocmail02.zx.nicx.cn (Coremail) with SMTP id AQAAf0B5hubDpRpZQJixKg--.40173S4; Tue, 16 May 2017 15:09:55 +0800 (CST)
From: Yu Fu <fuyu@cnnic.cn>
To: bertietf@bwijnen.net
Cc: draft-ietf-softwire-map-mib.all@ietf.org, 'MIB Doctors' <mib-doctors@ietf.org>, softwires@ietf.org
References: <d7384d87-7a25-408d-86e7-9073a6c38278@bwijnen.net> <003201d2cad9$c83bec50$58b3c4f0$@cn> <6874911d-0535-8206-d96d-99a956c5bf85@bwijnen.net>
In-Reply-To: <6874911d-0535-8206-d96d-99a956c5bf85@bwijnen.net>
Date: Tue, 16 May 2017 15:10:08 +0800
Message-ID: <002201d2ce13$73ccd570$5b668050$@cn>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AdLLMf+kXJXxUjaxQv+CCRcaXI+9NgB8BaKQ
Content-Language: zh-cn
X-CM-TRANSID: AQAAf0B5hubDpRpZQJixKg--.40173S4
X-Coremail-Antispam: 1UD129KBjvJXoW3XFy7Jw4DGFW8Kw4fAF4UXFb_yoW3Xw1xp3 93ta15trWqqa17CrWv9w1vq34FyFZ3ZFy5Gr98try3C390yr97JF47KF1j9ayDJr10qa1j vrWUX3s8C3s8ZaDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUU9Cb7Iv0xC_Kw4lb4IE77IF4wAFF20E14v26r4j6ryUM7CY07I2 0VC2zVCF04k26cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28IrcIa0xkI8VA2jI 8067AKxVWUGwA2048vs2IY020Ec7CjxVAFwI0_Jr4l8cAvFVAK0II2c7xJM28CjxkF64kE wVA0rcxSw2x7M28EF7xvwVC0I7IYx2IY67AKxVW5JVW7JwA2z4x0Y4vE2Ix0cI8IcVCY1x 0267AKxVWxJVW8Jr1l84ACjcxK6I8E87Iv67AKxVW0oVCq3wA2z4x0Y4vEx4A2jsIEc7Cj xVAFwI0_GcCE3s1le2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG64xvF2IEw4CE5I8CrV C2j2WlYx0E2Ix0cI8IcVAFwI0_Jr0_Jr4lYx0Ex4A2jsIE14v26r1j6r4UMcvjeVCFs4IE 7xkEbVWUJVW8JwACjcxG0xvY0x0EwIxGrwCY02Avz4vE14v_GF4l42xK82IYc2Ij64vIr4 1l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x8GjcxK 67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r126r1DMIIYrxkI7VAKI48JMIIF0xvE2Ix0cI 8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I0E14v26r1j6r4UMIIF0xvE42xK8VAv wI8IcIk0rVWUJVWUCwCI42IY6I8E87Iv67AKxVWUJVW8JwCI42IY6I8E87Iv6xkF7I0E14 v26r1j6r4UYxBIdaVFxhVjvjDU0xZFpf9x07bYD7-UUUUU=
X-CM-SenderInfo: pix13q5fqqxugofq/
Archived-At: <https://mailarchive.ietf.org/arch/msg/softwires/-umuiZMEhmOx-ARRGqFLuIhfSZQ>
Subject: Re: [Softwires] early MIB Doctor review for draft-ietf-softwire-map-mib-07
X-BeenThere: softwires@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: softwires wg discussion list <softwires.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/softwires>, <mailto:softwires-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/softwires/>
List-Post: <mailto:softwires@ietf.org>
List-Help: <mailto:softwires-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/softwires>, <mailto:softwires-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 May 2017 07:13:13 -0000
Hi Bert,
Please see my reply inline.
I have cc the email to the softwire WG so that the WG could see the MIB Doctor's comments.
>> In the MIB module itself:
>>
>> mapRuleID OBJECT-TYPE
>> SYNTAX Integer32 (1..2147483647)
>> MAX-ACCESS not-accessible
>> STATUS current
>> DESCRIPTION
>> "An identifier used to distinguish the multiple
>>mapping
>> rule which is unique with each CE in the same BR."
>> ::= { mapRuleEntry 1 }
>>
>> Since this is an index object, it be better defined as unsigned 32.
>> See RFC4181, section 4.6.1.1. Specifically page 15, which states
>> - Unsigned32 with a range that excludes zero is
>>RECOMMENDED for
>> most index objects. It is acceptable to include zero in the
>> range when it is semantically significant or when it is used as
>> the index value for a unique row with special properties.
>>Such
>> usage SHOULD be clearly documented in the DESCRIPTION
>>clause.
>>
>> [fuyu]: I will change it into unsigned 32.
>>
>Pls also think about the question if the value can ever be zero for a good
>reason.
>Normally INDEX object do not have a value of zero.
[fuyu] Yes, since it is an index object and the value range is not include zero. I think unsigned 32 is better.
>>
>>
>> mapRuleIPv6PrefixType OBJECT-TYPE
>> SYNTAX InetAddressType
>> MAX-ACCESS read-only
>> STATUS current
>> DESCRIPTION
>> "This object MUST be set to the value of ipv6(2) to
>> present the IPv6 address.It describes the
>> address type of the mapRuleIPv6Prefix and
>> mapRuleBRIPv6Address."
>>
>> Such MUST language is not recommended. The way to specify
>>such
>> mandatory
>> value you best use the MODULE COMPLIANCE statement. Such is
>> RECOMMENDED
>> as per RFC4181, page 26
>>
>> [fuyu]: I will delete the MUST in the updated version.
>>
>But if you change to InetAddressIPv6 and InetAddressIPv4 (as you state
>below), then there is no need for an InetAddressType.
[fuyu] :Yes, I will delete the object of mapRuleIPv6PrefixType and mapRuleIPv4PrefixType too. Thank you for your remind.
>>
>>
>> mapRuleIPv6Prefix OBJECT-TYPE
>> SYNTAX InetAddress(SIZE (0..16))
>> MAX-ACCESS read-only
>> STATUS current
>> DESCRIPTION
>> "The IPv6 prefix defined in mapping rule which will be
>> assigned to CE. The address type is given by
>> mapRuleIPv6PrefixType."
>> ::= { mapRuleEntry 3 }
>>
>> mmmmm, when the InetAddressType is ipv6(2), then my
>>understanding
>> of RFC4001
>> is that the SIZE for the InetAddress MUST be 16. Maybe Juergen
>> can chime in here?
>>
>> And if it is ALWAYS an IPv6 address, then maybe it is even better
>> to use
>> InetAddressIPv6 as the OBJECT-TYPE.
>>
>> I see the same set of 2 objects for IPv4.
>>
>> In my view, the idea of InetAddressType and InetAddress
>>were/are
>> to allow yopu to specify
>> one or a single pair that can hold each of the 2 (or even more if
>> needed) AddressTypes.
>>
>> So why are there separate objects for IPv4 and IPv6 ???
>>
>> [fuyu]:OK, I will change it into
>>
>> mapRuleIPv6Prefix OBJECT-TYPE
>> SYNTAX InetAddressIPv6
>> MAX-ACCESS read-only
>> STATUS current
>> DESCRIPTION
>> "The IPv6 prefix defined in mapping rule which will be
>> assigned to CE. The address type is given by
>> mapRuleIPv6PrefixType."
>> ::= { mapRuleEntry 3 }
>>
>> mapRuleIPv4Prefix OBJECT-TYPE
>> SYNTAX InetAddressIPv4
>> MAX-ACCESS read-only
>> STATUS current
>> DESCRIPTION
>> " The IPv4 prefix defined in mapping rule which will be
>> assigned to CE. The address type is given by
>> mapRuleIPv4PrefixType."
>> ::= { mapRuleEntry 6 }
>>
>> Do you think it OK?
>>
>Yes. And you then do not need the InetAddressType object.
[fuyu] : Yes, I will delete the objects of mapRuleIPv6PrefixType and mapRuleIPv4PrefixType too. Thank you for your remind.
>>
>>
>> mapRulePSID OBJECT-TYPE
>> SYNTAX Integer32
>> MAX-ACCESS read-only
>> STATUS current
>> DESCRIPTION
>> "The PSID value algorithmically identifies a set of
>> ports assigned to a CE."
>> REFERENCE
>> "PSID: section 3 of RFC 7597."
>> ::= { mapRuleEntry 9 }
>>
>> Mmmm... section 3 of RFC7597 only defines the term. The
>> algorithm is in section 5.1
>> Maybe that is a better place to point to.
>> Reading that section 5.1 in RFC7597, I wonder if "Integer32" is
>> the best representation.
>> In section 5.1, I see a PSID that is 6 bits (figure 2 on page
>> 10). But there is also
>> text about a PSID of 0x00 and 0xFF, which does not fit in 6 bits.
>> I am not an expert (basically have no knowledge about) on
>>RFC7597.
>> But sofar I cannot
>> determine what the value range might be and how Integer32 is a
>> good representation for
>> the PSID. Please explain (not just to me, but adding text to the
>> internet drafts
>> and the DESCRIPTION clause of this object)
>>
>> [fuyu]:Different PSID values guarantee non-overlapping port sets.
>> The length of PSID is k bits, and the default value of PSID offset is 6
>>bits.
>> So the bit length of PSID is variable. Thank you for your question.
>> I have reconsidered the SYNTAS of the PSID. It can never be a
>>negative value.
>> I think Unsigned32 will be better.
>>
>So do you just map the 4 octets of the PSID into this object?
>Is it not better to then use OCTET-STRING with a SIZE(4) ??
>Maybe with a DISPLY-HINT added as well
>
>Do you normally display the value as an (unsigned) integer?
>Or do you normally display it as 0Xxxxxxxxx ??
>Or maybe as bits?
[fuyu] We always describe a Basic mapping rule as below:
A MAP node (CE or BR) can, via the BMR or equivalent FMR,
determine the IPv4 address and port set as shown below:
EA bits offset: 40
IPv4 suffix bits (p) Length of IPv4 address (32) -
IPv4 prefix length (24) = 8
IPv4 address: 192.0.2.18 (0xc0000212)
PSID start: 40 + p = 40 + 8 = 48
PSID length: o - p = (56 - 40) - 8 = 8
PSID: 0x34 (1232)
So I think display the values as (unsigned) integer or display it as 0Xxxxxxxxx both will be OK.
Do you have the surggstions?
>>
>>
>> mapRulePSIDLen OBJECT-TYPE
>> SYNTAX Integer32
>>
>> My understanding sofar is that this object can never take a
>> negative value,
>> so Unsigned32 would be better I think.
>>
>> [fuyu]: I will change it into Unsigned32 in the updated version.
>>
>Does it also make sense to add a range? (what are the possible values?) ??
[fuyu] The value range of mapRulePSIDLen is greater than or equal to 0 and no more than 16, so do you think define as below
mapRulePSIDLen OBJECT-TYPE
SYNTAX Unsigned32(0..16)
Will it make sense?
>> - Section 7. Security considerations:
>>
>> These are the objects and their sensitivity/vulnerability:
>>
>> mapRuleIPv6PrefixType
>>
>> mapRuleIPv6Prefix
>>
>> ... etc (quite a list of objects).
>>
>> But nowhere do I see text about "their
>>sensitivity/vulnerability". ??
>> Still to be added?
>>
>> [fuyu]: Some of the readable objects in this MIB module may be
>>considered sensitive or
>> vulnerable in some network environments. These objects are
>>readable,
>> so maybe they are considered sensitive or vulnerable in some use
>>case.
>> We have a description why they are sensitive or vulnerable above the
>>list of objects.
>>
>Mmmm... can you point me to that text? I do not see that you describe the
>vulnerability at any place. You do describe what the objects are for, but
>that does not clearly explain what the security risks are if some
>unauthorize person would see them.
>
>If you describe that at some other place in the document, then at least I
>would suggest to add a pointer to that text in the Security COnsiderations
>Secion.
[fuyu]: Sorry. I should point it more clearly. It is in the paragraph 2 of the section 7.
From the first sentence that "Some of the readable objects in this MIB module may be
considered sensitive or vulnerable..."
>
>Bert
Thanks a lot
Yu
- [Softwires] FW: early MIB Doctor review for draft… Yu Fu
- Re: [Softwires] early MIB Doctor review for draft… Yu Fu
- [Softwires] FW: early MIB Doctor review for draft… Yu Fu
- [Softwires] FW: early MIB Doctor review for draft… Yu Fu
- Re: [Softwires] early MIB Doctor review for draft… Bert Wijnen (IETF)
- Re: [Softwires] early MIB Doctor review for draft… Yu Fu
- Re: [Softwires] early MIB Doctor review for draft… Bert Wijnen (IETF)
- Re: [Softwires] early MIB Doctor review for draft… Terry Manderson
- Re: [Softwires] early MIB Doctor review for draft… Yu Fu