Re: [Softwires] Benjamin Kaduk's No Objection on draft-ietf-softwire-mesh-multicast-23: (with COMMENT)

" 杨术 " <yangshu@oudmon.com> Sun, 02 June 2019 15:30 UTC

Return-Path: <yangshu@oudmon.com>
X-Original-To: softwires@ietfa.amsl.com
Delivered-To: softwires@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AB9D120127 for <softwires@ietfa.amsl.com>; Sun, 2 Jun 2019 08:30:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.918
X-Spam-Level:
X-Spam-Status: No, score=-0.918 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FROM_EXCESS_BASE64=0.979, HTML_MESSAGE=0.001, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EFb3YvVJhkfC for <softwires@ietfa.amsl.com>; Sun, 2 Jun 2019 08:30:33 -0700 (PDT)
Received: from smtpbgsg2.qq.com (smtpbgsg2.qq.com [54.254.200.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D855112011C for <softwires@ietf.org>; Sun, 2 Jun 2019 08:30:31 -0700 (PDT)
X-QQ-GoodBg: 2
X-QQ-SSF: 00400000000000F0
X-QQ-FEAT: 6/UcbRTcplQwHUPN5cpEe48Ncu0eoKJYVMYYYT0e2IhzB0Z3umG5moGklspr2 TeRe2FDFhNkhLysoJcoQju9dXxnO7dnL9ZyHhElL5nLWAV+wLTefmS864km+zE3BMNDt1cS hqxYG9zk1P8IgW7xRPXEryfSE/i012Fyirlt0/ntnleyVOUijGuLMEFwnWCxyFjcqsJ4l// ayEqn60kgTPuedbUsSPZFqTXWjv/ELuI8RuqqT4080HGEdcsUOTXSbS+59VqkFd8NC8fzPZ BI5L2kUAL4i2Hhjcv/D8xLacujkJtOc0p927sMi8fKs4u/E4FJxE1GlQZI43MCH/suPw==
X-QQ-BUSINESS-ORIGIN: 2
X-Originating-IP: 61.51.59.75
X-QQ-STYLE:
X-QQ-mid: bizmailvip4t1559489424t561225
From: 杨术 <yangshu@oudmon.com>
To: Benjamin Kaduk <kaduk@mit.edu>, The IESG <iesg@ietf.org>
Cc: softwires <softwires@ietf.org>, draft-ietf-softwire-mesh-multicast <draft-ietf-softwire-mesh-multicast@ietf.org>, softwire-chairs <softwire-chairs@ietf.org>
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_5CF3EB90_092BB8C0_404D1DEB"
Content-Transfer-Encoding: 8bit
Date: Sun, 02 Jun 2019 23:30:24 +0800
X-Priority: 3
Message-ID: <tencent_33FA451C7C820A3C04AF33B8@qq.com>
X-QQ-MIME: TCMime 1.0 by Tencent
X-Mailer: QQMail 2.x
X-QQ-Mailer: QQMail 2.x
References: <153800942916.21537.881189317455678353.idtracker@ietfa.amsl.com>
In-Reply-To: <153800942916.21537.881189317455678353.idtracker@ietfa.amsl.com>
X-QQ-ReplyHash: 2677119043
X-QQ-SENDSIZE: 520
Received: from qq.com (unknown [127.0.0.1]) by smtp.qq.com (ESMTP) with SMTP id ; Sun, 02 Jun 2019 23:30:25 +0800 (CST)
Feedback-ID: bizmailvip:oudmon.com:qybgforeign:qybgforeign4
X-QQ-Bgrelay: 1
Archived-At: <https://mailarchive.ietf.org/arch/msg/softwires/ckcRmSRisMNP9dNz22vGSF7YHrg>
Subject: Re: [Softwires] Benjamin Kaduk's No Objection on draft-ietf-softwire-mesh-multicast-23: (with COMMENT)
X-BeenThere: softwires@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: softwires wg discussion list <softwires.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/softwires>, <mailto:softwires-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/softwires/>
List-Post: <mailto:softwires@ietf.org>
List-Help: <mailto:softwires-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/softwires>, <mailto:softwires-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Jun 2019 15:30:40 -0000

Dear Benjamin,


Thank you for your helpful and detailed comments, we reply as following, 


 
> Section 1
 


 
> I think you should provide a brief summary of what "(S,G) states" are in
 
> this document, as well as the reference.
 


 
We added the text “(S,G) states, which is source specific states related with 
 
a specified multicast group [RFC7761][RFC7899].”
 


 
> Section 3
 


 
>    o Address Family Border Router (AFBR) - A router interconnecting two
 
>    or more networks using different IP address families.  Besides, in
 
>    the context of softwire mesh multicast, the AFBR runs E-IP and I-IP
 


 
> nit: maybe s/Besides/Additionally/?
 


 
We have replaced it.
 


 
> nit: using "upper reaches" and "lower reaches" is still basically the same
 
> metaphor as upstream/downstream.  I guess "closer to the source" and
 
> "closer to a receiver" might be different, but offer no opinion on whether
 
> it would be better.
 


 
We have changed them to “closer to”.
 


 
> Section 5.2/5.3
 


 
> Please expand SSM and ASM on first usage.
 


 
We have expanded them.
 


 
> Section 5.4
 


 
>    To achieve this, every AFBR MUST announce the address of one of its
 
>    E-IPv4 interfaces in the "v4" field alongside the corresponding
 
>    uPreifx64.  The announcement MUST be sent to the other AFBRs through
 
>    MBGP [RFC4760].  Every uPrefix46 that an AFBR announces MUST be
 
>    unique.  "uPrefix46" is an IPv6 prefix, and the distribution
 
>    mechanism is the same as the traditional mesh unicast scenario.
 


 
> I am not very familiar with this space, and just wanted to check that both
 
> "uPrefix46" and "uPrefix64" are defined things (as opposed to "uPrefix64"
 
> being a typo).
 


 
We have modified the typo.
 


 
>    When a downstream AFBR receives an E-IP PIM (*,G) message, S' can be
 
>    generated according to the format specified in Figure 3, with the
 
>    "source address" field set to * (wildcard value).  The translated
 


 
> There is no "source address" field in Figure 3.
 


 
We deleted the “according to the format specified in Figure 3”.
 


 
>    message will be forwarded to the corresponding upstream AFBR.  Since
 
>    every PIM router within a PIM domain MUST be able to map a particular
 
>    multicast group address to the same RP (see Section 4.7 of
 
>    [RFC7761]), when the upstream AFBR checks the "source address" field
 
>    of the message, it finds the IPv4 address of the RP, and ascertains
 
>    that this is originally a (*,G) message.  This is then translated
 
>    back to the (*,G) message and processed.
 


 
> I'm failing to find where the downstream AFBR is setting the source address
 
> to that of the RP; presumably this just means I'm confused about how this
 
> part works.
 


 
We modified this part as following, 
 


 
Since every PIM router within a PIM domain MUST be
 
   able to map a particular multicast group address to the same RP when
 
   the source address is set to wildcard value (see Section 4.7 of
 
   [RFC7761]), when the upstream AFBR checks the "source address" field
 
   of the message, it finds the IPv4 address of the RP, and ascertains
 
   that this is originally a (*,G) message.  This is then translated
 
   back to the (*,G) message and processed.
 


 
> Section 6.4
 


 
>    Assume that one downstream AFBR has joined an RPT of (*,G) and an SPT
 
>    of (S,G), and decided to perform an SPT switchover.  According to
 


 
> Is it the AFBR that has joined the (E-IP) group and decided to switchover,
 
> or some system in the client network?
 


 
Some client will initiate the switchover, and cause AFBR to switch over. We added
 
a reference as following:
 


 
“Assume that one downstream AFBR has joined an RPT of (*,G) and an SPT of (S,G), 
 
and decided to perform an SPT switchover (see Section 4.2.1 of [RFC7761]).”
 


 
> Section 8
 


 
>    In Figure 5, the semantics of fields "PIM Ver", "Type", "Reserved",
 
>    and "Checksum" can be referred in Section 4.9 of [RFC7761].
 
>    IPv4 Group Address (Encoded-Group format): The encoded-group format
 
>    of the IPv4 group address described in Section 4.2.
 


 
>    IPv4 Source Address (Encoded-Group format): The encoded-unicast
 
>    format of the IPv4 source address described in Section 4.3.
 


 
>    IPv6 Group Address (Encoded-Group format): The encoded-group format
 
>    of the IPv6 group address described in Section 4.2.
 


 
>    IPv6 Source Address (Encoded-Group format): The encoded-unicast
 
>    format of the IPv6 source address described in Section 4.3.
 


 
> This document has no Section 4.2 or 4.3 (and those sections of RFC 7761 do
 
> not seem appropriate here, either).
 


 
We have modified the pointer.
 


 
> Section 9
 


 
> "MUST [...] follow the requirements mentioned in
 
> [I-D.ietf-intarea-tunnels]" seems like it needs a normative reference.
 
> "MUST [...] allow the use of encapsulation mechanisms mentioned in
 
> [RFC4925]" would seem to do the same.
 


 
We change these references to be normative. 
 


 
> Section 10
 


 
> It may be worth calling out the "interface agent" as being an additional
 
> workload susceptible to DDoS.
 


 
> It is true that the trusted nature of the BGP peer is what is relevant for
 
> deciding to accept Well-Known prefix advertisements, but perhaps there is
 
> room to mention the potential use of cryptographic methods for
 
> authenticating the peer so as to have increased confidence that such trust
 
> is properly placed.
 


 
We took these into considerations in this section.




Best Regards,




Shu Yang







------------------



杨术



欧德蒙科技有限公司






This message may contain privileged and confidential information only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, distribution or reproduction of this message is prohibited. If you have received this message in error please notify the sender immediately. 



 
 
 
------------------ Original ------------------
From:  "Benjamin Kaduk"<kaduk@mit.edu>;
Date:  Thu, Sep 27, 2018 08:50 AM
To:  "The IESG"<iesg@ietf.org>; 
Cc:  "softwires"<softwires@ietf.org>; "draft-ietf-softwire-mesh-multicast"<draft-ietf-softwire-mesh-multicast@ietf.org>; "softwire-chairs"<softwire-chairs@ietf.org>; 
Subject:  [Softwires] Benjamin Kaduk's No Objection on draft-ietf-softwire-mesh-multicast-23: (with COMMENT)

 

Benjamin Kaduk has entered the following ballot position for
draft-ietf-softwire-mesh-multicast-23: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-softwire-mesh-multicast/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I'm balloting No Objection instead of Discuss, but I think this document
has a few things that need to be resolved before publication.  In
particular:

I'm concerned that the informative references may actually need to be
normative references, but not quite enough to cross my Discuss threshold.
See my comments on Section 9 for details.

There are several things that look like internal references but are not
resolvable (see per-section comments).

Section 1

I think you should provide a brief summary of what "(S,G) states" are in
this document, as well as the reference.

Section 3

   o Address Family Border Router (AFBR) - A router interconnecting two
   or more networks using different IP address families.  Besides, in
   the context of softwire mesh multicast, the AFBR runs E-IP and I-IP

nit: maybe s/Besides/Additionally/?

nit: using "upper reaches" and "lower reaches" is still basically the same
metaphor as upstream/downstream.  I guess "closer to the source" and
"closer to a receiver" might be different, but offer no opinion on whether
it would be better.

Section 5.2/5.3

Please expand SSM and ASM on first usage.

Section 5.4

   To achieve this, every AFBR MUST announce the address of one of its
   E-IPv4 interfaces in the "v4" field alongside the corresponding
   uPreifx64.  The announcement MUST be sent to the other AFBRs through
   MBGP [RFC4760].  Every uPrefix46 that an AFBR announces MUST be
   unique.  "uPrefix46" is an IPv6 prefix, and the distribution
   mechanism is the same as the traditional mesh unicast scenario.

I am not very familiar with this space, and just wanted to check that both
"uPrefix46" and "uPrefix64" are defined things (as opposed to "uPrefix64"
being a typo).

   When a downstream AFBR receives an E-IP PIM (*,G) message, S' can be
   generated according to the format specified in Figure 3, with the
   "source address" field set to * (wildcard value).  The translated

There is no "source address" field in Figure 3.

   message will be forwarded to the corresponding upstream AFBR.  Since
   every PIM router within a PIM domain MUST be able to map a particular
   multicast group address to the same RP (see Section 4.7 of
   [RFC7761]), when the upstream AFBR checks the "source address" field
   of the message, it finds the IPv4 address of the RP, and ascertains
   that this is originally a (*,G) message.  This is then translated
   back to the (*,G) message and processed.

I'm failing to find where the downstream AFBR is setting the source address
to that of the RP; presumably this just means I'm confused about how this
part works.

Section 6.4

   Assume that one downstream AFBR has joined an RPT of (*,G) and an SPT
   of (S,G), and decided to perform an SPT switchover.  According to

Is it the AFBR that has joined the (E-IP) group and decided to switchover,
or some system in the client network?

Section 8

   In Figure 5, the semantics of fields "PIM Ver", "Type", "Reserved",
   and "Checksum" can be referred in Section 4.9 of [RFC7761].
   IPv4 Group Address (Encoded-Group format): The encoded-group format
   of the IPv4 group address described in Section 4.2.

   IPv4 Source Address (Encoded-Group format): The encoded-unicast
   format of the IPv4 source address described in Section 4.3.

   IPv6 Group Address (Encoded-Group format): The encoded-group format
   of the IPv6 group address described in Section 4.2.

   IPv6 Source Address (Encoded-Group format): The encoded-unicast
   format of the IPv6 source address described in Section 4.3.

This document has no Section 4.2 or 4.3 (and those sections of RFC 7761 do
not seem appropriate here, either).

Section 9

"MUST [...] follow the requirements mentioned in
[I-D.ietf-intarea-tunnels]" seems like it needs a normative reference.
"MUST [...] allow the use of encapsulation mechanisms mentioned in
[RFC4925]" would seem to do the same.

Section 10

It may be worth calling out the "interface agent" as being an additional
workload susceptible to DDoS.

It is true that the trusted nature of the BGP peer is what is relevant for
deciding to accept Well-Known prefix advertisements, but perhaps there is
room to mention the potential use of cryptographic methods for
authenticating the peer so as to have increased confidence that such trust
is properly placed.


_______________________________________________
Softwires mailing list
Softwires@ietf.org
https://www.ietf.org/mailman/listinfo/softwires