Re: [Teas] AD review of draft-ietf-teas-lsp-attribute-ro
Cyril Margaria <cmargaria@juniper.net> Wed, 21 January 2015 07:30 UTC
Return-Path: <cmargaria@juniper.net>
X-Original-To: teas@ietfa.amsl.com
Delivered-To: teas@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB0FE1A0385 for <teas@ietfa.amsl.com>; Tue, 20 Jan 2015 23:30:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R748SikoJ_Sn for <teas@ietfa.amsl.com>; Tue, 20 Jan 2015 23:30:15 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0109.outbound.protection.outlook.com [65.55.169.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B30BB1A038C for <teas@ietf.org>; Tue, 20 Jan 2015 23:30:14 -0800 (PST)
Received: from BN3PR0501MB1634.namprd05.prod.outlook.com (25.161.217.153) by BN3PR0501MB1506.namprd05.prod.outlook.com (25.160.117.26) with Microsoft SMTP Server (TLS) id 15.1.59.20; Wed, 21 Jan 2015 07:30:13 +0000
Received: from BN3PR0501MB1635.namprd05.prod.outlook.com (25.161.217.154) by BN3PR0501MB1634.namprd05.prod.outlook.com (25.161.217.153) with Microsoft SMTP Server (TLS) id 15.1.59.20; Wed, 21 Jan 2015 07:30:11 +0000
Received: from BN3PR0501MB1635.namprd05.prod.outlook.com ([25.161.217.154]) by BN3PR0501MB1635.namprd05.prod.outlook.com ([25.161.217.154]) with mapi id 15.01.0059.007; Wed, 21 Jan 2015 07:30:11 +0000
From: Cyril Margaria <cmargaria@juniper.net>
To: Adrian Farrel <adrian@olddog.co.uk>, "teas@ietf.org" <teas@ietf.org>
Thread-Topic: AD review of draft-ietf-teas-lsp-attribute-ro
Thread-Index: AdAnS4NDd8E3HP9wRBipfqBkWR+FAAN1qaEA
Date: Wed, 21 Jan 2015 07:30:10 +0000
Message-ID: <D0E49700.1CA67%cmargaria@juniper.net>
References: <012001d0274b$d25f3630$771da290$@olddog.co.uk>
In-Reply-To: <012001d0274b$d25f3630$771da290$@olddog.co.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.2.140509
x-originating-ip: [66.129.241.11]
authentication-results: spf=none (sender IP is ) smtp.mailfrom=cmargaria@juniper.net;
x-dmarcaction-test: None
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(3005004); SRVR:BN3PR0501MB1634; UriScan:;
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:; SRVR:BN3PR0501MB1634;
x-forefront-prvs: 04631F8F77
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(51444003)(51704005)(199003)(37854004)(24454002)(189002)(92566002)(86362001)(97736003)(83506001)(66066001)(122556002)(40100003)(64706001)(46102003)(2501002)(101416001)(230783001)(36756003)(87936001)(2656002)(2900100001)(2950100001)(19580395003)(19580405001)(99286002)(76176999)(54356999)(68736005)(105586002)(50986999)(102836002)(106356001)(62966003)(77156002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0501MB1634; H:BN3PR0501MB1635.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <E725ABCAE9BCF641AB0A7C51B52700BC@namprd05.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Jan 2015 07:30:10.7095 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0501MB1634
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BN3PR0501MB1506;
X-OriginatorOrg: juniper.net
Archived-At: <http://mailarchive.ietf.org/arch/msg/teas/cDnosFh658k4QOvZbiIpbPmDBfE>
X-Mailman-Approved-At: Wed, 21 Jan 2015 02:39:04 -0800
Cc: "draft-ietf-teas-rsvp-te-li-lb@tools.ietf.org" <draft-ietf-teas-rsvp-te-li-lb@tools.ietf.org>, "draft-ietf-teas-lsp-attribute-ro.all@tools.ietf.org" <draft-ietf-teas-lsp-attribute-ro.all@tools.ietf.org>, "draft-ietf-ccamp-wson-signaling@tools.ietf.org" <draft-ietf-ccamp-wson-signaling@tools.ietf.org>
Subject: Re: [Teas] AD review of draft-ietf-teas-lsp-attribute-ro
X-BeenThere: teas@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teas>, <mailto:teas-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/teas/>
List-Post: <mailto:teas@ietf.org>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teas>, <mailto:teas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jan 2015 07:30:18 -0000
Hi, Thanks for your careful review, Please see inline. WG feedback is welcomed. On 03.01.15 06:52, "Adrian Farrel" <adrian@olddog.co.uk> wrote: >Hi authors, > >Thanks for this document, the first from TEAS to reach me for >publication. I found it to be a simple and clear read. The IANA section >is clear and well-written. > >I have done my usual AD review with the intent to catch any remaining >issues before issuing IETF last call. > >I think my first three points need discussion with the working group. >The remaining points are relatively small. > >While I wait for your discussion or a new revision, I'll put the draft >into "Revised I-D Needed" state. > >Thanks for your work, >Adrian > >--- > >Section 2.3 needs to describe the processing when an ERO Hop Attributes >subobject is encountered after a loose hop subobject or a strict hop >that is an abstract node? > >- Is it valid? >- Is it assumed to apply to all hops in that loose hop or abstract node? >- Or in the case of a loose hop, does it just apply to the named hop > itself? >- What about if the preceding subobject is an interface identifier or a > label? > >I wonder whether reference to 4990 would help at all. Following RFC4990, it depends. In the context of draft-ietf-teas-rsvp-te-li-lb, a loopback after a loose hop, could be rejected. This should not apply to a label or interface In the context of draft-ietf-ccamp-wson-signaling-09, a ResourceBlockInfo should target an explicit Hop, but the WavelengthSelection could appear after an abstract node or loose hop. Future Attributes TLV may apply to interfaces or labels. I think its up to the document defining the TLV to scope it. For instance the following text could address that: Depending on the scope of thea specific Hop attribute TLV, the defining document SHOULD describe after which kind of hop they are valid, for instance by describing rules similar to [RFC4990] section 6.1. For draft-ietf-teas-rsvp-te-li-lb this could be (restricting the TLV to explicit nodes, precluding link ids): The Attribute Flags TLV with Loopback Attribute Flag set MUST be present after an explicit Hop addressing an TE Router ID identifying a specific node or a Link ID identifying an incoming TE link. it MUST NOT be present after a loose, abstract node, Link ID identifying an outgoing TE link, Component Interface ID or Label. For draft-ietf-ccamp-wson-signaling-09, this could be (restricting the ResourceBlockInfo to explicit nodes): The WSON Processing HOP Attribute TLV with ResourceBlockInfo MUST be present after an explicit Hop addressing an TE Router ID identifying a specific node or a Link ID identifying an incoming TE link. it MUST NOT be present after a loose, abstract node, Link ID identifying an outgoing TE link, Component Interface ID or Label. The WSON Processing HOP Attribute TLV with WavelengthSelection only MUST be present after an explicit Hop addressing an TE Router ID identifying a specific node, a Link ID identifying an incoming TE link, loose hop, abstract node, Link ID identifying an outgoing TE lin or Component Interface ID. it MUST NOT be present after a Label. The WavelengthSelection may apply starting at an abstract node, but not after a label (as no selection is possible) > >Note that 3.2 seems to handle all the options for use in the RRO. > >--- > >3.2.1 has > > All such > subobjects MUST be forwarded unmodified by transit LSRs. > >That is, of course, the general rule, but I assume that there are >exceptions. > >For example, an ASBR may choose to prune the information that is >forwarded in an RRO. Similarly, the UNI-N may strip information. > >I think the point would be that "If a node forwards an RRO subobject >for a specific hop, it MUST forward any associated HOP Attributes >subobjects." > >But even this may be too restrictive for a border node that wants to >report the chosen path but not expose how the internals of its network >are operated. In this case it may want to strip HOP Attributes >subobjects from the RRO or even modify them to mask information. > >Can you add some clarification about all of this? Absolutely, for instance changing the MUST in SHOULD, and adding the following text: "It is noted that a node (e.g. a domain edge node) may edit the RRO to prune/modify the RRO, including the RRO Hop Attribute subobject before forwarding due to confidentiality policy or other reasons (for instance RRO size reduction)." > >--- > >I think section 5 is a little optimistic. You are introducing a new >mechanism for the control of the behavior on certain nodes on the path >of the LSP. Since the control of those nodes may impact the behavior of >other LSPs passing the node, some care is needed. For example, setting >optical power levels for one lambda can interfere with the signals on >other lambdas. Thus, and in general, you have a mechanism that takes >control away from the node itself and puts it in the hand of the node >that signaled the LSP. This opens up three security possibilities: >1. Simple errors in the attributes of an LSP may inadvertently impact > existing LSPs while still allowing this LSP to be set up. >2. A malign ingress may signal an LSP down a path and with attributes > chosen to damage other LSPs from other ingresses. >3. An attacked Path message may result in damage to other LSPs. > >The third of these is mitigated somewhat by existing RSVP-TE security >mechanisms. The first two (and the third in the case of a subverted >node) can only be mitigated by allowing policy to be applied at a node >that implements the HOP Attributes it receives in an ERO. A node must be >allowed to determine that satisfy the attributes would be inadvisable or >against local policy even if practically possible. In these cases the >node has a choice to either reject the Path message (but a new error >code might be helpful) or to modify the requested attribute (but in this >case it might be required to report exactly what it has done, presumably >in the RRO). I agree in general, the existing text refer to the hop attributes as ³functional preferences², as any other RSVP object, this is to be considered as ³external input², so subject to policy and sanity check. The document does not define how the TLV have to be applied (Just that the content must be processed). The aspect of targetting other LSP is, I think, especially valid for WSON, but less applicable for MPLS-TP. The same consideration also apply for explicit label control. OLD: "As any RSVP-TE signaling request, the procedures defined in this document permit the transfer and reporting of functional preferences on specific node.² NEW: "As any RSVP-TE signaling request, the procedures defined in this document permit the transfer and reporting of functional preferences on specific node. The mechanism added in this document does allow more control of LSP attributes at a given node. As other inputs, a node should check the Hop Attributes against his policies and admission procedures. A node may reject the message using existing RSVP error code like "Policy Control Failure" or "Admission Control Failure". The node may also, depending on the specific TLV procedures, modify the requested attribute. " I think that Attribute modification is TLV-dependant and should be specified in the defining documents. > >=== > >Please don't "propose". You intend this document to be published as an >RFC, so you should "define". Agree, >--- > >3.1 has > > Attributes TLVs The processed or addition HOP Attributes, using the > format defined in Section 2.2 . > >Trying to parse this, I think you mean s/addition/additional/ Agree, > >--- > >3.2.3 has some SHOULDs and SHOULD NOTs. This always makes me wonder what >the exception cases are: under what circumstances MAY an implementation >vary from these rules? If a specific attribute/document allows it. Wouldn¹t a MUST in that case be too restrictive for those documents? Would the following text clarify in which case this may be allowed? A node MAY use the RRO Hop Attribute to report a LSP Attribute signaled in LSP_ATTRIBUTES or LSP_REQUIRED_ATTRIBUTES only if the following conditions are met : Rhe Attribute and its corresponding flag is allowed on both the LSP_ATTRIBUTES or LSP_REQUIRED_ATTRIBUTES and LSP Hop Attributes subobject. The document defining this Attribute specify this specific behavior. > >--- > >In section 4.2, do you want to add a request to IANA to use the same >value as assigned in 4.1? Agree.
- [Teas] AD review of draft-ietf-teas-lsp-attribute… Adrian Farrel
- Re: [Teas] AD review of draft-ietf-teas-lsp-attri… Cyril Margaria
- Re: [Teas] AD review of draft-ietf-teas-lsp-attri… Adrian Farrel
- Re: [Teas] AD review of draft-ietf-teas-lsp-attri… Lou Berger
- Re: [Teas] AD review of draft-ietf-teas-lsp-attri… Dongjie (Jimmy)
- Re: [Teas] AD review of draft-ietf-teas-lsp-attri… Adrian Farrel