Re: [Teas] Benjamin Kaduk's No Objection on draft-ietf-teas-assoc-corouted-bidir-frr-06: (with COMMENT)

Benjamin Kaduk <> Fri, 26 October 2018 22:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AE1E3130E26; Fri, 26 Oct 2018 15:04:16 -0700 (PDT)
X-Quarantine-ID: <zB3WMGolNpbs>
X-Virus-Scanned: amavisd-new at
X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char 9C hex): Received: ...s kaduk@ATHENA.MIT.EDU)\n\t\234by[...]
X-Spam-Flag: NO
X-Spam-Score: -4.198
X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zB3WMGolNpbs; Fri, 26 Oct 2018 15:04:14 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 333A6127148; Fri, 26 Oct 2018 15:04:14 -0700 (PDT)
X-AuditID: 1209190e-297ff70000005dce-b5-5bd38f5b91f0
Received: from ( []) (using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id 2F.AD.24014.C5F83DB5; Fri, 26 Oct 2018 18:04:12 -0400 (EDT)
Received: from (OUTGOING-AUTH-1.MIT.EDU []) by (8.14.7/8.9.2) with ESMTP id w9QM46XQ016808; Fri, 26 Oct 2018 18:04:08 -0400
Received: from ( []) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) œby (8.14.7/8.12.4) with ESMTP id w9QM42FR019107 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 26 Oct 2018 18:04:04 -0400
Date: Fri, 26 Oct 2018 17:04:02 -0500
From: Benjamin Kaduk <>
To: "Rakesh Gandhi (rgandhi)" <>
Cc: The IESG <>, "" <>, Vishnu Beeram <>, "" <>, "" <>
Message-ID: <>
References: <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprLKsWRmVeSWpSXmKPExsUixG6nrhvTfzna4N8ta4u+azNZLGb8mchs MbWpg82iae4uJovWHztYLOa0PWF2YPOY8nsjq8fOWXfZPZYs+ckUwBzFZZOSmpNZllqkb5fA lbFz0wLGgg36FTMXf2FqYHym1MXIwSEhYCLxYBpnFyMXh5DAGiaJWXunMkI4GxklXh78yQTh 3GWSOHpzHZDDycEioCqxseUXmM0moCLR0H2ZGcQWETCUONy9mhWkgVlgAZPEwSf3wBLCAtkS W2ddAbN5gdZ96b8GtaKBUaK/6TgrREJQ4uTMJywgNrOAusSfeZeYQe5jFpCWWP6PAyIsL9G8 dTbYHE4BW4nv3y+BHSEqoCyxt+8Q+wRGwVlIJs1CMmkWwqRZSCYtYGRZxSibklulm5uYmVOc mqxbnJyYl5dapGusl5tZopeaUrqJERQLnJJ8OxgnNXgfYhTgYFTi4f1hdDlaiDWxrLgy9xCj JAeTkijvr16gEF9SfkplRmJxRnxRaU5q8SFGCQ5mJRHeawVAOd6UxMqq1KJ8mJQ0B4uSOO+E lsXRQgLpiSWp2ampBalFMFkZDg4lCd6oPqBGwaLU9NSKtMycEoQ0EwcnyHAeoOFNIDW8xQWJ ucWZ6RD5U4yKUuK810AuEgBJZJTmwfWCUpVE9v6aV4ziQK8I8xqCtPMA0xxc9yugwUxAg2co XAAZXJKIkJJqYPTfLRlvHjM18aR7nXJ7rZ9aqkftef86Wyc2pwenBQutBFz/Swif+Vr8xWK7 SNhVBXdHYY4HbA11Ne7zLmluebrm4k2nhZ78UX+2t5/+eTzDS/7ZV+973YI17nZOKeszl1xl qDC8UhJ7fq+3g1pR561ZD3zagze+m7L16/K3R05ciz65RTH7gBJLcUaioRZzUXEiADafGN4w AwAA
Archived-At: <>
Subject: Re: [Teas] Benjamin Kaduk's No Objection on draft-ietf-teas-assoc-corouted-bidir-frr-06: (with COMMENT)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 26 Oct 2018 22:04:17 -0000

On Fri, Oct 26, 2018 at 05:29:34PM +0000, Rakesh Gandhi (rgandhi) wrote:
> Hi Benjamin,
> Thank you for the detailed review. Please see inline replies with <RG>…
> On 2018-10-24, 11:12 PM, "Benjamin Kaduk" <>; wrote:
>     Benjamin Kaduk has entered the following ballot position for
>     draft-ietf-teas-assoc-corouted-bidir-frr-06: No Objection
>     When responding, please keep the subject line intact and reply to all
>     email addresses included in the To and CC lines. (Feel free to cut this
>     introductory paragraph, however.)
>     Please refer to
>     for more information about IESG DISCUSS and COMMENT positions.
>     The document, along with other ballot positions, can be found here:
>     ----------------------------------------------------------------------
>     COMMENT:
>     ----------------------------------------------------------------------
>     How does the unidirectional link failure logic and the revertive logic
>     interact?  That is, in the unidirectional failure case a node should be
>     detecting that there is a failure case and rerouting reverse traffic onto
>     the protection path to match the forward path.  But a node in the process
>     of reverting back on to the primary path (before its counterpart in the
>     other direction) would seem to observe the same packet/path behavior as in
>     the case of a unidirectional link failure.  Do we need to rely on the
>     flooding of link status information to differentiate between these cases?
> <RG> The basic idea is as following: After FRR, RSVP messages are sent with modified “IPV4 tunnel sender address" in the SENDER_TEMPLATE Object of the protected LSP, this is how the receiving node knows if FRR has been triggered and it can use it to trigger co-route. After revertive back when the failure is repaired, the RSVP Path message SENDER_TEMPLATE is restored as before [RFC4090, Section 6.5.2], which can be then used by the receiving node to trigger revertive behavior.
> <RG> Yes, flooding link status / topology database can be used for Global revertive behavior.

Okay, thanks for confirming.

>     Are the state-keeping and resource consumption burdens large for the
>     midpoint nodes that now must correlate whether they see traffic on
>     original/protection paths for associated flows?  (E.g., Section 4.1.3's
>     "when it receives the un-modified RSVP path messages and traffic".)
>     It seems like it should just be a linear scaling factor at worst, with no
>     real path to an attack, but perhaps there are security considerations
>     relating to router capacity.
>     Section 2
>        In packet transport networks, there are requirements where the
>        reverse LSP of a bidirectional LSP needs to follow the same path as
>        its forward LSP [RFC6373].  [...]
>     Does this need a qualifier (e.g., "some packet transport networks" or
>     "there are sometimes requirements")?
> <RG> Updated to “some packet transport networks”.
>     Section 3.2
>        tunnel S (on path B-F-G-D) to reach downstream MP node D whereas the
>        upstream PLR node C reroute the protected reverse LSP2 traffic over
>        the bypass tunnel N (on path C-I-H-A) to reach the upstream MP node
>        A.  [...]
>     nit: "reroutes"
> <RG> Fixed.
>     Section 4.1.1
>        As shown in Figure 2, when using a node protection bypass tunnel with
>        protected co-routed LSPs, asymmetry of paths can occur in the forward
>        and reverse directions after a link failure [RFC8271].  In order to
>        restore co-routing, the downstream MP node D (acting as an upstream
>        PLR) SHOULD trigger the procedure to restore co-routing and reroute
>        the protected reverse LSP2 RSVP Path messages and traffic over the
>        bypass tunnel S (on path D-G-F-B) to the upstream MP node B upon
>     Why is this only a SHOULD?
> <RG> It is MUST to restore co-route. Updated.
>     Section 4.2
>                                                             An endpoint node
>        MAY set the Extended Association ID to the value shown in Appendix A.
>     The contents of Appendix A do not include a distinguished single value, but
>     rather a data structure, so I think that a phrase other than "to the
>     value" should be used.
> <RG> Updated using suggestion from Adam Roach as: "... set the Extended Association ID to a value formatted according to the
> structure shown in Appendix A."

Excellent; thanks!

>        o  For double-sided provisioned bidirectional LSPs [RFC7551], both
>           endpoints need to ensure that the bidirectional LSP has a unique
>           Extended ASSOCIATION Object for each forward and reverse LSP pair
>           by selecting appropriate unique Extended Association IDs signaled
>           by them.
>     How does this signalling/selection process get the two endpoints to agree
>     on the same value?
> <RG> Added text: A controller can be used to provision unique Extended Association ID on both endpoints.  The procedure for selecting unique Extended Association ID is outside the scope of this document.  

Okay, thanks for adding the clarification.


>     Appendix A
>     (Again, "to the value" is not appropriate to describe the general format.
>     Perhaps, "to a value using the format".)
> <RG> Updated as above.
>     Please also explicitly describe the semantics of the "Reserved" field(s)
>     (i.e., set to zero on transmission and ignored on receipt).
> <RG> Added.
> Thanks,
> Rakesh