[Teas] Benjamin Kaduk's practice ballot (No Objection) on draft-ietf-teas-rsvp-egress-protection-13 (with COMMENT)
Benjamin Kaduk <kaduk@mit.edu> Fri, 02 March 2018 19:26 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: teas@ietfa.amsl.com
Delivered-To: teas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC1A8126C25; Fri, 2 Mar 2018 11:26:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mjkTCmKYY0fy; Fri, 2 Mar 2018 11:26:07 -0800 (PST)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24672124217; Fri, 2 Mar 2018 11:26:07 -0800 (PST)
X-AuditID: 1209190c-325ff70000000942-7e-5a99a54deb82
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id 4F.70.02370.D45A99A5; Fri, 2 Mar 2018 14:26:06 -0500 (EST)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id w22JQ1np024956; Fri, 2 Mar 2018 14:26:02 -0500
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w22JPvZl012885 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 2 Mar 2018 14:25:59 -0500
Date: Fri, 02 Mar 2018 13:25:57 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: The IESG <iesg@ietf.org>
Cc: teas-chairs@ietf.org, draft-ietf-teas-rsvp-egress-protection.all@ietf.org, Vishnu Beeram <vishnupavan@gmail.com>, teas@ietf.org
Message-ID: <20180302192556.GD50954@kduck.kaduk.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrEIsWRmVeSWpSXmKPExsUixG6nouu3dGaUwftnHBZL1rcxW8z4M5HZ omnuLiaL1h87WCzmtD1hdmD12DnrLrvHkiU/mQKYorhsUlJzMstSi/TtErgyWjc+YSq4bVZx ru80YwPjae0uRg4OCQETiY/tvF2MnBxCAouZJH5t4+9i5AKyNzBKHD1+kBUicYVJ4vKLeBCb RUBFYv2ng+wgNhuQ3dB9mRnEFhGQkfjSPoUZpJlZoIdR4vHsU0wgCWGBMolJ85tZQGxeoGXn pmxig7AFJU7OfAIWZxbQkrjx7yUTyEHMAtISy/9xgIRFBZQl9vYdYp/AyDcLSccsJB2zEDoW MDKvYpRNya3SzU3MzClOTdYtTk7My0st0jXUy80s0UtNKd3ECApITkmeHYxn3ngdYhTgYFTi 4Z2RMjNKiDWxrLgy9xCjJAeTkihvQj5QiC8pP6UyI7E4I76oNCe1+BCjBAezkghvy4cZUUK8 KYmVValF+TApaQ4WJXFedxPtKCGB9MSS1OzU1ILUIpisDAeHkgQv5xKgoYJFqempFWmZOSUI aSYOTpDhPEDDgxYD1fAWFyTmFmemQ+RPMRpz3Hjxuo2Z49emvZ3MQix5+XmpUuK8DSClAiCl GaV5cNNASUUie3/NK0ZxoOeEee1BlvIAExLcvFdAq5iAVrG/BfmjuCQRISXVwHg9PfPOLn3/ t6IiLE841Nw/eASZv09smvnsyft4mUdtk/tO+2js9H7GW/JFecHjhJIprXOCf2RVhjid2PZ5 Z8Nl3rmtZrcOVby/Ifwk96/yIz9zX47t59guqvPYrhb/vjbWX0tK49z574+4Q3Y7Prm4cNX/ c8sMtJY0XWn8obmSwU/i2Ua/k2pKLMUZiYZazEXFiQB+fUsIBQMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas/PtcbV3r0o8Hr7U4jiVSYxkMrWT8>
Subject: [Teas] Benjamin Kaduk's practice ballot (No Objection) on draft-ietf-teas-rsvp-egress-protection-13 (with COMMENT)
X-BeenThere: teas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teas>, <mailto:teas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas/>
List-Post: <mailto:teas@ietf.org>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teas>, <mailto:teas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Mar 2018 19:26:11 -0000
[incoming AD ramping up on document reviews; please consider this as if it was a ballot of No Objection with COMMENT] In general it's hard for me to get excited about publishing this document as-is, though most of this is not in areas that qualify for a DISCUSS ballot. Perhaps the suggested security considerations changes could qualify for a DISCUSS, though. Mostly I feel that the overall document organization is a little jumbled and potentially under-specified. I'd like to see in the Introduction some overview of the different ways this technology could be deployed -- it seems like there are options for both the ingress and the primary egress to initiate its use, and it could be helpful to get some advance indication of which subsections correspond to which of those. I also would like to see a little discussion about why this new protocol is useful -- I can understand what it *does*, but why is putting the PLR closer to egress beneficial, and why is the egress considered more likely to fail than an arbitrary node on the LSP? There are also some areas where the organization seems surprising, such as Section 4.1 where we learn that the SERO to be used for this new protection scheme will have three subobjects, but we only get told what the first and third subobjects will do, not what type(s) they might be. The second subobject does get a diagram for its structure, since it's new in this document, but the discussion of the third subobject in the SERO is interspersed between that description and the structure of the optional subobjects that it could contain (which could confuse the reader into thinking that these optional subobjects being defined are candidates for the third subobject in the SERO and not sub-subobjects within the C-Type 3 subobject. (The mathematician in me gets unhappy about seeing a thing called a "subobject" that itself has "subobjects" that are a different semantic type, but I expect this is common in the field and I should just get used to it.) There are also several places where we are told of a need to construct new SERO (or other) (sub)objects but only told about (presumably) the "new" parts of them, with no description or reference for how the remaining parts should be constructed. Some more specific comments follow: Section 4.1 says "Reserved parts MUST set to zero" (missing a "be"), but these should also be ignored by the recipient, presumably? Why do the optional subobjects get a 17-bit length when the outer subobject only has an 8-bit length? (Also, if the length is intentionally 17 bits instead of 16, that should probably be called out as not an error in the figure.) I would prefer to see a table of the type values for the optional subobjects instead of spreading them throughout the subsections, but concede that it is an editorial point. For the "new SERO based on the SERO received" (in the second-to-last paragraph of section 4.1), what is the first subobject of the three? Section 5.1: The ingress MUST send a Path message for the LSP with the objects above and the SEROs for protecting egresses of the LSP. Presumably this is only if protection of the egress is desired? Section 5.2 If the LSP carries the service traffic with a service label, the primary egress sends its corresponding backup egress the information about the service label as a UA label and the related forwarding. Do you want to say anything about what protocol messages are used for this or give a reference? Or is this the same sort of thing labelled as out-of-band or out-of-scope later in the document? Section 5.4 I assume "upstream node" means the PLR, i.e., directly upstream (as opposed to just on the LSP) -- is this a term of art or should it be clarified? Section 5.4.2 It indicates that the primary egress MUST send the backup egress the service label as UA label and the information about forwarding the traffic to its destination using the label if there is a service carried by the LSP and the primary LSP label as UA label if the label is not implicit null. How UA label is sent is out of scope for this document. It's hard to be happy about MUST-level requirements that require the implementor to do their own protocol design. Or could this be done by BGP, as implied later in the document? Section 5.4.4 Moreover, the PLR MUST let the upstream part of the primary LSP stay after the primary egress fails through sending Resv message to its upstream node along the primary LSP. What does "stay" mean here? Section 6.1, Figure 3, item 4 makes me think that the use or a virtual node and binding the same local address on both L1 and La is mandatory, but the earlier text in section 5.4 made me think that the use of a virtual node was optional, only needed in the case when the backup egress is not configured explicitly for protecting a primary address. Is the use of a virtual node mandatory or not? The security considerations refers to RFC 4090, which itself claims to add no new security considerations other than those of RFC 2205 (and then says a little bit more anyway). Probably this document should reference RFC 2205 directly. RFC 4875's security considerations also have this "In principle this document does not introduce any new security issues above those defined in [...]", followed by two additional paragraphs of additional security considerations. It seems simpler to just say something like "The security considerations of RFCs 4090, 2205, and 4875 all apply here. Additionally, [...]". The cross-protocol identity management mentioned in this document is indeed a key issue, and could probably be worded more clearly. Perhaps: This document builds upon existing work, so in particular the security considerations of RFCs 4080, 2205, and 4875 continue to apply. Additionally, this protocol introduces a requirement for out-of-band communication between primary egress and secondary egress, in order to convey UA label and LFIB information. It is important to confirm that the identifiers used to identify the primary and backup egress nodes in the LSP are verified to match with the identifiers used in the out-of-band protocol (such as BGP). I would also encourage adding some text about providing integrity protection for the out-of-band channel between primary and backup egress (it's less clear to me whether confidentiality protection is desired), including the obligatory disclaimer about the sad state of affairs for BGP. The IANA considersations are a bit sparse, in particular a descriptive name could probably be used instead of just "Type 3" (the precedent notwithstanding), and IANA likes to get more information when creating new (sub)registries. It's also useful to cite RFC 8126 for the "IETF Review" policy. -Benjamin
- [Teas] Benjamin Kaduk's practice ballot (No Objec… Benjamin Kaduk
- Re: [Teas] Benjamin Kaduk's practice ballot (No O… Huaimo Chen
- Re: [Teas] Benjamin Kaduk's practice ballot (No O… Benjamin Kaduk
- Re: [Teas] Benjamin Kaduk's practice ballot (No O… Huaimo Chen