Re: [Teas] WG adoption poll: draft-bestbar-teas-ns-packet-08

[Tarek Saad <tsaad.net@gmail.com>]

Hi Adrian,

Thanks for the great feedback! Your biggest concern with current version of the draft seems to be with regards to the “references” (normative vs informative). Med had a similar concern and as stated in our response to him earlier in the thread – we acknowledge the inconsistency in the references and will fix it.

Please see inline for more responses prefixed by [TS-VPB].

Regards,
Tarek and Pavan

**


From: Teas <teas-bounces@ietf.org> on behalf of Adrian Farrel <adrian@olddog.co.uk>
Date: Monday, February 28, 2022 at 8:11 AM
To: 'Lou Berger' <lberger@labn.net>, 'TEAS WG' <teas@ietf.org>
Cc: 'TEAS WG Chairs' <teas-chairs@ietf.org>, draft-bestbar-teas-ns-packet@ietf.org <draft-bestbar-teas-ns-packet@ietf.org>
Subject: Re: [Teas] WG adoption poll: draft-bestbar-teas-ns-packet-08
Hi Lou, all,

I agree that the working group should have a document on this topic.

While I see very many confusions, errors, and open questions, I believe
that the authors could be persuaded to work on and fix these problems
after adoption. However, given how much work is needed and how much the
document will change, it may be pragmatic to produce a new version first
and then see whether that has stabilised.

There is one thing I think must be fixed as part of adoption: the
references to draft-bestbar-teas-yang-slice-policy and draft-kompella-
mpls-mspl4fa. These are presented as normative references and there is
an implication that adopting this document would somehow give credence
to those two documents. Fortunately, the references to draft-bestbar-
teas-yang-slice-policy are clearly not normative, and are also not
particularly relevant so they could be removed completely. Further,
since the document purports to be technology-agnostic it would make
sense not to make reference to the still-contentious draft-kompella-
mpls-mspl4fa: if the authors want to, they could write a separate
document called "Applicability of MSPL4FA for carrying the GIS".
[See later note for why it is called the GIS.]


[TS-VPB]: As noted, we’ll make the references to related ongoing work be informative.


The comments below are a mixture of concerns and editorial. They give a
flavour of what is wrong with the draft. They do not comprise a full
and detailed review.

One other top level point: what a lot of IPR. Thanks to everyone for
ensuring a timely disclosure, but ouch! With so much IPR, it makes me
wonder whether the WG should look for a different approach that is not
encumbered.

Best,
Adrian

===

It is quite worrying that this document attempts by design or accident
to modify the architecture described in draft-ietf-teas-ietf-network-
slices. In particular, compare draft-ietf-teas-ietf-network-slices
figure 5 with figure 1 in this document. But there are plenty of other
examples.


[TS-VPB]: The intention is for this document to be aligned with the concepts/architecture defined in the framework document draft-ietf-teas-ietf-network-slices. Figure 1 in this document (and the whole of Section 3) is an attempt to describe how this solution fits into the architecture outlined in Figure 5 of draft-ietf-teas-ietf-network-slices.
---

I am puzzled that this document makes no reference to draft-ietf-teas-
enhanced-vpn. That, too, is work that explains how to deliver a network
slice over an IP/MPLS network. And since it is already a working group
draft, one might expect this document to show how it fits in alongside
VPN+. (I fully accept that there may be space for both approaches, but
it is peculiar to make no attempt, and I expect the newcomer - this
document - to be the one that shows the coexistence.)

[TS-VPB]: This is a stand-alone solution document. We believe discussion of the co-existence with other approaches can be tackled in a separate document.

---


Please throw out the Abstract and replace it with something coherent.
I have read and re-read the current text and can find nothing else
useful to say about it!


[TS-VPB]: Ouch! How about the following revised text:

NEW:
Realizing Network slices requires the Service Provider to have the ability to partition a physical network into multiple logical networks of varying sizes, structures, and functions so that each slice can be dedicated to specific services or customers. Multiple network slices can be realized on the same network while ensuring slice elasticity in terms of network resource allocation. The Differentiated Service (Diffserv) model allows for carrying multiple services on top of a single physical network by relying on compliant domains and nodes to provide forwarding treatment (scheduling and drop policy) on to packets that carry the respective Diffserv code point.  This document adopts a similar approach to Diffserv and proposes a scalable solution to realize network slicing in IP/MPLS networks.  This solution does not mandate Diffserv to be enabled in the network to provide a specific forwarding treatment but can co-exist with and complement it when enabled.

---

The document appears confused about the difference between a network
slice service and a logical network. This is important. What is offered
to the customer is a service and not a network or logical network. The
service is a connectivity matrix with a set of commitments. The logical
network is how the service provider may decide to organise their
resources to deliver the service: that is, the logical network is part
of the solution model and not something that "network slicing provides."

[TS-VPB]: Please see revised text in the abstract above.

---

The Introduction says that the document provides a path control
technology agnostic solution. Why then do we find Section 6 describing
the different path control technologies and how they can be used?

[TS-VPB]: Med raised a similar point. We intend to make the following change to address it:

OLD:
This document provides a path control technology (e.g., RSVP, SR, or
other) agnostic solution that a Service Provider can deploy to realize network slicing in IP/MPLS networks.

NEW:
The solution discussed in this document works with any path control technology (such as RSVP, or SR) that can be used by a Service Provider to realize network slicing in IP/MPLS networks.

---

The definition of the Slice-Flow Aggregate is very lacking in clarity.
It takes several readings of the document to discover that the only
purpose of this construct is to allow path provisioning aggregation
within the NRP. This might be a useful scaling aspect depending on the
number of slices that it is expected that a network will need to
support between any two edge nodes. That means that it could be a
good idea. Or it could be a waste of time. It's hard to know from this
document. In particular, a modest number of slices and a careful
number of NRPs is likely to give rise to no need for the aggregate.

[TS-VPB]: As noted earlier on this thread, slice flow aggregation does not preclude having a single network slice flow in the aggregate.


Otherwise, you are just introducing an intermediary step such that:
- slices can be grouped into slice aggregates
- groups of slice aggregates can be grouped/mapped onto NRPs?

[TS-VPB]: The document currently states that an NRP is used to support a Slice-Flow Aggregate to meet the requested SLOs/SLEs and does not advocate that groups of slice flow aggregates can be mapped on to NRPs.

I feel there is also something missing in defining which slices can
be grouped into aggregates.

[TS-VPB]: The document currently states that policies to aggregate network slice flows are outside the scope, but we can add a statement saying that a policy for slice flow aggregation can be based on common requirements for SLO/SLEs.

---

The Introduction concludes by saying...
   This document covers different modes of NRPs and discusses how each
   mode can ensure proper placement of Slice-Flow Aggregate paths and
   respective treatment of Slice-Flow Aggregate traffic.
...What is an NRP mode? What is a Slice-Flow Aggregate path? (Yes, I
can look ahead into the document to find out, but then what is the
point of an Introduction?)


[TS-VPB]: We can make the following change to address this narrative nit:
OLD:
This document covers different modes of NRPs and discusses how each
mode can ensure proper placement of Slice-Flow Aggregate paths and
respective treatment of Slice-Flow Aggregate traffic.
NEW:
This document introduces three modes for realizing NRPs in a network, namely data plane NRP mode, control plane NRP mode, and control and data plane NRP mode. The realization of the NRP mode in the network ensures the proper placement of paths associated with a Slice-Flow Aggregate and for the enforcement of the respective forwarding treatment.


---

Why does this document feel the need to redefine the Network Resource
Partition?


[TS-VPB]: The intention is to remove the definition from this document as soon as it gets added to section 2 of draft-ietf-teas-ietf-network-slices.


---

While it is fine to observe that DiffServ can be used alongside slice
(flow aggregate) identification, there are a couple of chunks of text
that describe how DiffServ works and that, while they are very
informative, are entirely irrelevant to the document and somewhat
confusing for the reader.


[TS-VPB]: We believe the text related to Diffserv is relevant, because we are drawing a parallel to the architecture specified in RFC2475.

---

a Slice-Flow
Aggregate comprises of one or more IETF network slice traffic
streams;

This is ambiguous as a network slice may comprise multiple traffic
streams, and we are talking about multiple slices.


[TS-VPB]: we will make the following change to address this:
NEW:
a Slice-Flow
Aggregate comprises of traffic streams from one or more IETF network slices.


---

What are "NRP Policy selection criteria"?

[TS-VPB]:  The phrase “selection criteria” doesn’t seem to be adding much. We’ll make the following change:

OLD:
a collection of packets that match an NRP Policy selection
criteria and are given the same forwarding treatment;

NEW:
a collection of packets that match an NRP Policy and are given the same forwarding treatment;
---

What's an "NRP domain"?

[TS-VPB]: The NRP domain is the administrative zone associated with an NRP topology. We’ll add a definition for this in the document.


---

1.2

      FASL: Flow Aggregate Selector Label as described in Section 5.1.1

I don't find any mention of the FASL until 5.2.3


[TS-VPB]: Good catch! We’ll fix this forward reference.

--

Is NRP a Network Resource Partition, or a Network Resource Partition
Policy? Section 1.1 seems unsure.



[TS-VPB]: NRP is Network Resource Partition. We will make the following correction:

OLD:
Network Resource Partition:
Network Resource Partition Policy (NRP):

NEW:
Network Resource Partition (NRP):
  Network Resource Partition Policy:

---

It is no surprise to me that Figure 1 (which, incidentally, I drew for
the authors as part of converging on figure 5 of draft-ietf-teas-ietf-
network-slices) doesn't include the NRP. Perhaps a document that is
claiming to be aligned with draft-ietf-teas-ietf-network-slices should
make some attempt? Further, 3.4 is titled "Path Placement over NRP
Topology" but doesn't actually mention the NRP topology preferring to
talk about placement of paths over the Policy Filtered Topology (that
draft-ietf-teas-ietf-network-slices calls the Filter Topology).

[TS-VPB]: Given that figure 1 (thanks for working with us on this and producing the ASCII cut) is attempting to illustrate how the solution fits into the architecture outlined in draft-ietf-teas-network-slices, we agree that it should include the NRP (we’ll update the illustration). We’ll also fix Section 3.4 to use the term NRP topology instead of the old terminology.

---

3.1 In what way do "resources ... meet specific SLOs"? Perhaps "can be
used such that specific SLOs have a good chance of being met?"

[TS-VPB]: Point taken. We’ll make the change.

---

3.2
   The customer requests an IETF Network Slice Service specifying the
   CE-AC-PE points of attachment, the connectivity matrix, and the SLOs/
   SLEs as described in [I-D.ietf-teas-ietf-network-slices].  These
   capabilities are always provided based on a Service Level Agreement
   (SLA) between the network slice costumer and the provider.
These are not "capabilities".
The SLOs/SLEs *are* the SLA.

[TS-VPB]: Okay. We’ll remove the second line.

---

Why is 3.5 supposedly about NRP Policies when the text describes
policies for handling slice aggregates? Is it because there is no
difference between a slice aggregate and an NRP?

[TS-VPB]: As noted earlier, the NRP policy is used in this solution to support the slice-aggregate.

---

Reading 3.7, and to be clear, you don't intend your mechanism to be
available for CE-terminated slice services?


[TS-VPB]: We’ll remove “(PEs)” in the first sentence to remove confusion regarding service endpoints. However, irrespective of where the IETF network slice service endpoints are located, the service mapping will continue to be done at PEs.

---

The use of "MAY" in 3.7 implies that you don't expect it to be normal
that the node at the edge of the slice (in your case, the PE) will mark
traffic to allow the network to determine to which slice, aggregate, or
NRP the packet belongs. That seems to be in contradiction with most of
the rest of the document.


[TS-VPB]: The use of “may” was to indicate that “marking” at the edge is not mandatory. We’ll replace “MAY” with “may” in this sentence. There are couple of scenarios where the edge would not require to add a FAS:
1.     The FAS marking already exists in the arriving packet (e.g, specific destination address – see section 5.1.1.), or
2.       NRP resources are only partitioned in the control plane, I.e. no dataplane NRP PHB is required (see section 4.2).

---
3.8 seems to have forgotten about the NRP.

[TS-VPB]: This section talks about mapping of IETF NS flows onto SFAs. SFAs are placed onto paths that established over NRP resources (described in other sections).

---

4.1 has another paragraph describing DiffServ. Very interesting, but not
relevant to this document.

[TS-VPB]: As stated earlier, the intent is to draw the parallel with the DIffServ architecture and point out the similarities where applicable.

---

4.1 has

   In this case, a Flow Aggregate
   Selector (FAS) MUST be carried in each packet to identify the Slice-
   Flow Aggregate that it belongs to.

   The ingress node of an NRP domain MAY also add an FAS to each Slice-
   Flow Aggregate packet.

If the ingress node of the (undefined) NRP domain does not add the FAS,
how does it get into the packet? Presumably the nodes outside the domain
have no idea what an FAS is (by definition of the NRP domain). So I
think you'll find that the ingress to the domain must add the FAS.

[TS-VPB]: The intent here is to say that without the FAS being present in the packet, we would not be able provide the necessary treatment as dictated by the NRP policy.
And yes, as mentioned earlier, there are some cases where the ingress of the NRP domain may not need to add an FAS to the packet for this to work.

We can make this following change:

OLD:
The ingress node of an NRP domain MAY also add an FAS to each Slice-
Flow Aggregate packet. The transit nodes within an NRP domain MAY
use the FAS to associate packets with a Slice-Flow Aggregate...

NEW:
The ingress node of an NRP domain ensures that an FAS field is present (an FAS
may be added when necessary) in each Slice-Flow Aggregate packet. The transit nodes within an NRP domain use the FAS to associate packets with a Slice-Flow Aggregate

In any case, why "also"? What else are they adding?

[TS-VPB]: We’ll remove the “also”. The ingress may possibly mark the CS field as well.


---

4.1

   The transit nodes within an NRP domain MAY
   use the FAS to associate packets with a Slice-Flow Aggregate and to
   determine the Network Resource Partition Per Hop Behavior (NRP-PHB)
   that is applied to the packet (refer to Section 5.1.3 for further
   details). 

So you're saying that normally the transit nodes will not use the FAS
for this purpose or at all?

[TS-VPB]: As stated earlier, there are cases where the NRP is realized in the control plane only, and in that case packets will not carry a FAS and transit nodes will not enforce a per NRP PHB.

---

4.1
  
   The CS MAY be used to apply a Diffserv PHB on to the
   packet to allow differentiation of traffic treatment within the same
   Slice-Flow Aggregate.

I think you're saying "DiffServ may be used to further qualify the PHB
within the traffic flows belonging to a slice flow aggregate."

[TS-VPB]: Yes.

---

4.1

   When data plane only NRP mode is used, routers may rely on a network
   state independent view of the topology to determine the best paths.

You have switched to lower case "may". In either case, what would the
router do in other cases?

[TS-VPB]: We’ll remove the “may” in this sentence.
---

4.1

   The FAS field carried in each packet
   determines the specific NRP-PHB treatment along the selected path.

You have already said this.


[TS-VPB]: We’ll remove this sentence.

---

4.1

   For example, the Segment-Routing Flexible Algorithm
   [I-D.ietf-lsr-flex-algo] may be deployed in a network to steer
   packets on the IGP computed lowest cumulative delay path.  An NRP
   Policy may be used to allow links along the least latency path to
   share its data plane resources amongst multiple Slice-Flow
   Aggregates.  In this case, the packets that are steered on a specific
   NRP carry the FAS that enables routers (along with the Diffserv CS)
   to determine the NRP-PHB to enforce on the Slice-Flow Aggregate
   traffic streams.

1. "This document provides a path control technology agnostic solution"
   So why the need to reference draft-ietf-lsr-flex-algo?

[TS_VPB] The changes in the introduction (earlier in this email) should answer this.

2. I feel fairly sure that this paragraph is intended to carry some
   useful meaning, but it eludes me.

[TS-VPB]: The intent was to explain how the Data plane NRP mode can be realized in a deployment when SR Flex-Algo is used as the path control technology.
---

4.2

   To perform NRP state aware Traffic Engineering (NRP-TE), the resource
   reservation on each link needs to be NRP aware.

Do you mean "on" or "for"? There's a substantial difference in how that
is implemented.

[TS-VPB]: reservation state may be managed on or off the box depending on the path control technology used. In this case, can change it to say “for” if it makes it clearer.

---

4.2

   The same physical link may be member of multiple slice policies that
   instantiate different NRPs.

What is a slice policy?

[TS-VPB]: Thanks for catching this! This will be replaced with “NRP policy”.

---

4.3

So you believe that, in the case of oversubscription, you are actually
achieving isolation? Or is it possible that there will be an out-queue
of oversubscription traffic that will impede the flow of traffic from
another slice?

[TS-VPB]: NRP(s) may be assigned dedicated queues. Dataplane policy can be defined to optionally allow leveraging unused resources in other queues.
---

5.

The word "intent" is very cool, but it is wrong in this context. The
slice customer does not express an intent, but a set of requirements.

[TS-VPB]: We don’t quite get why it is wrong in this context. But we’ll go ahead and remove the usage of “intent”.
---

5.1.1

Why "Global Identifier FAS (GIS)"?

[TS-VPB]: If this is about the abbreviation, we are open to better suggestions (GI-FAS, maybe).

---

5.1.1

   A router MUST be able to identify a packet belonging to a Slice-Flow
   Aggregate before it can apply the associated dataplane forwarding
   treatment or NRP-PHB.  One or more fields within the packet MAY be
   used as an FAS to do this.

So you are saying that the FAS provides the NRP-ID? Or that the NRP
policy includes a list of applicable FAS values?


[TS-VPB]: The NRP policy will specify (in the modes where the FAS is required) the selector details. If a range of FAS values map to the same NRP, then this range is specified in the NRP policy. An implementation may choose to use the NRP-ID as a FAS (if there is only one selector option), but architecturally we would like to keep these fields separate.

---

The text on the Global Identified Based Selector in 5.1.1 crosses the
line between general explanatory text and a detailed solution. Careful
that you technology agnostic document doesn't end up trying to persuade
us all to adopt one specific solution.

In particular, the reference to draft-kompella-mpls-mspl4fa is highly
premature

[TS-VPB]: As noted earlier, the intent was to leave pointers to relevant ongoing work; we’ll fix these references.

---

5.1.1

   A detailed review of NRP scale considerations is presented in
   [I-D.dong-teas-nrp-scalability].

What you say is true. However, I am far from convinced that that
document means the same thing as you do when it says "NRP". That
document does not talk about "slice aggregates". I think you are still
lacking a lot of clarity about the difference between a slice aggregate
and an NRP.

[TS-VPB]: We have a common sub-set of authors in the two documents and are working towards making sure that both the drafts are aligned.

---

5.1.2

Here (and in the other places where you have similar text about resource
sharing) you only talk about sharing resources between NRPs (or slice
aggregates, as it may be). You don't talk about sharing those resources
with non-slice traffic, but presumably you can.

[TS-VPB]: the assumption is non slice traffic will be carried over the default queues – which may be configured to share unused NRP resources.

In fact, this section highlights the confusion between slice aggregate
and NRP. You essentially have a set of slice aggregates within an NRP
that share the resources of the NRP allowing for oversubscription etc.
And you also have NRPs sharing resources or the network. It's all
perfectly functional, but seems to have one too many layers of
abstraction.

[TS-VPB]: you seem to be hinting that a name for the aggregate of network slice traffic streams is not necessarily needed. However, we believe it is useful to distinguish the chunk of traffic that will use the set of resources identified by the NRP.

---

I think 5.1.2 is predicated on resource reservation on the nodes. That
is, oversubscription under the control of central accounting management
(such as might be performed for SR-TE) cannot be achieved without
risking the SLOs. Thus, you are advocating for putting the state in the
network (which is fine by me), and this appears to be per slice
aggregate flow state.

[TS-VPB]: the reservation state may be maintained on the devices or off-devices (e.g. on a resource reservation manager). In either case, path computation/placement will need to take the NRP link reservation state into account when selecting a feasible path.

---

5.1.3 is off into DiffServ description again.
You can probably cut this section down to two paragraphs (2 and 3) and
one line saying "you can also use DiffServ as a subcategory of the
NRP-PHB.

[TS-VPB]: Okay.

---

5.1.3 has

   The Slice-Flow Aggregate traffic may be identified at NRP ingress
   boundary nodes by carrying a FAS to allow routers to apply a specific
   forwarding treatment that guarantee the SLA(s).

There is some passive voice here that makes it unclear whether you
expect the packets to already include the FAS when they arrive at the
domain. Additionally, the use of "may" is vague.


[TS-VPB]: as noted earlier, it may be possible that the packet may arrive at the NRP boundary node carrying a field that maps to a FAS (e.g. destination address or MPLS LSP label).

---

5.1.4 reads like the NRP Topology is the same as the Policy Filter
Topology (or Filter Topology as it is called in draft-ietf-teas-ietf-
network-slices.

[TS-VPB]: Yes, it is the Filter Topology.

--

5.2

   A network slice originates at the edge nodes of a network slice
   provider.

It is not helpful to contradict draft-ietf-teas-ietf-network-slices.

[TS-VPB]: Agree. We will correct this to align to endpoint boundary of an IETF network slice service.

---

5.2

   The
   network provider is responsible for ensuring that adequate network
   resources are provisioned and/or reserved to support the SLAs offered
   by the network end-to-end.

"end-to-end" is a big ask especially given that the previous text is
clear that the slice is edge-to-edge.

[TS-VPB]: Okay. We’ll remove end-to-end.
---

5.2.1 is either contradicting draft-ietf-teas-ietf-network-slices or
specifically limiting the whole document to a subset of the possible
deployment models. It's OK for the document to constrain itself to a
subset (although I recall it was the network operators who were keen
to extend slices to include the ACs), but it needs to make this very
clear in the Abstract, Introduction, and probably title.

[TS-VPB]: we distinguish between the NRP boundary (provider domain) and the IETF network slice service endpoint boundaries (which may extend to CE). We highlight that Figure 5 in also makes such possible boundary demarcations. We think that the NRP boundary can continue to be residing within the provider network, but we are open to the discussion (e.g. to allow CE-PE links to be part of the NRP too).

---

5.2.2

   and MAY be able to

That's a lower case "may"

[TS-VPB]: Okay.

---

5.2.2

   be able to
   identify the packets belonging to a specific Slice-Flow Aggregate by
   inspecting the FAS field carried inside each packet, or by inspecting
   other fields within the packet that may identify the traffic streams
   that belong to a specific Slice-Flow Aggregate.  For example, when
   data plane NRP mode is applied, interior nodes can use the FAS
   carried within the packet to apply the corresponding NRP-PHB
   forwarding behavior.

I expected the example to be an example of using other fields to
identify the traffic streams (because, obviously, the FAS is an example
of using the FAS). What other fields have you in mind that can identify
the slice flow aggregate (and how does that work if the traffic is
encrypted)?

[TS-VPB]: thanks, we will update this statement to clarify the intention. Depending on the choice of dataplane, the FAS may take different forms. For example, in MPLS we reference options, including the use of FAI, and ELI for extending MPLS header to carry the FAS. In IPv6, it may be possible to carry the FAS in a hop-by-hop option IPv6 EH. We expect to address impact of encryption of the transport headers in another revision of this document.

---

5.2.3 has a lot of words to say "Tunnel across areas of the network that
are not NRP capable."

On the other hand, nothing is said about how an NRP-capable node knows
that its neighbour is not NRP capable, and where the next on-path NRP-
capable node is.

[TS-VPB]: the expectation is a node may discover an incapable neighbor NRP node through (e.g.) lack of a node NRP capability advertisement. Such extensions are outside the scope of this draft, but a proposal exists in an individual LSR WG draft.
---

6.1

   The path selection in the network can be network state dependent, or
   network state independent as described in Section 5.1 of
   [I-D.ietf-teas-rfc3272bis].

You probably mean section 4.1, but you have possibly misunderstood that
section which is describing how TE can adapt according to network state.
You appear to be mixing TE with non-TE in your text and it is, perhaps,
surprising that you think that "normal" SPF routing is not state
dependent. I think you are actually describing the difference between
TE and non-TE.

[TS-VPB]: the term ‘state-dependent routing’ was originally inspired from text in Appendix A of I-D.ietf-teas-rfc3272bis (see below).

“In state-dependent routing, routing tables are updated
online according to the current state of the network (e.g., traffic
demand, utilization, etc.).”

More accurately, we are distinguishing between path selection that is network utilization aware vs. network utilization non aware. We will update the reference.

---

6.1

   To enable TE path placement, the link state is advertised with
   current reservations

Really? Like a list of which reservations have been made on each link?

[TS-VPB]: To be able to do NRP state aware TE, the per link per NRP reservation state needs to be available.

---

6.1
   When the network resource reservations are maintained for NRPs, the
   link state can carry per NRP state (e.g., reservable bandwidth).
   This allows path computation to take into account the specific
   network resources available for an NRP.  In this case, we refer to
   the process of path placement and path provisioning as NRP aware TE
   (NRP-TE).

I think you are proposing that the IGP distributes information of per-NRP
resource reservation and availability per link. Do you think this
scales?

[TS-VPB]: Yes, scaling with traditional means would be a challenge. This would require some innovation – an initial proposal is available in draft form.

---

6.2.2 is missing a statement about how resource reservation works in
this type of network.

[TS-VPB]: Okay, we can add this.

---

7.
   Routing protocols may need to be extended to carry additional per NRP
   link state.

Well, do they or don't they? Per my comment on 6.1, it looks like you
are saying that this extension is needed.

---

7.

Need a reference for gRPC.

[TS-VPB]: Will add it.

---

7.

   The NRP Policy YANG data model is outside the
   scope of this document, and is defined in
   [I-D.bestbar-teas-yang-slice-policy].

:-) It's out of scope, but let's talk about it anyway.

[TS-VPB]: It is out of scope as stated. In our opinion it is always useful to call out /reference relevant ongoing work during the early stages of a draft. But as noted earlier, we’ll fix the list of references.

---

Section 9 is a long way short of covering all of the bases. Three
immediate things jump out:

- Security is an SLE. A Filter Topology may be constructed using only
  secure links (e.g., links that use MACsec) resulting in the ability
  to provide a secure slice.
- An attacker that modifies the FAS may be able to achieve far more
  subtle attacks than one that modifies the forwarding label or
  destination address. How is this protected against?
- The visibility of the FAS within the network is an identifier of the
  traffic, and to some extent the customer. This allows someone doing
  surveillance to learn about customer traffic use (privacy) and to
  attack specific customer traffic (security). What are the mitigations?

[TS-VPB]: Points noted. We agree that that Security Section needs more details on mitigation actions.
---

10.

Interesting that you thank one of the authors for reviewing the
document 😊

[TS-VPB]: Thanks for spotting this! We’ll fix it.

---

10.

Thanks to the authors for acknowledging me for the "detailed discussions
that led to Section 3" of this document. On the other hand, no thanks for
failing to acknowledge the material I wrote and that has been included
in this document. This is poor behaviour that should be an embarrassment
to all with their names on the front page. It really makes one think
about who to have conversations with and who to try to help.

[TS-VPB]: We are sorry that you feel this way and we will respond to this allegation on the list using a separate cover (the allegation should be directed to just the pair of us who have had detailed discussions with you and not to all those whose names are on the front page). Let’s keep this thread just for the technical aspects of the document.

---

On the subject of the front page: why is a document being put forward
for adoption with 12 names on the front page.

[TS-VPB]: We understand and acknowledge that this needs to be sorted at some point before we reach the publication stage.
---

Is draft-ietf-teas-ietf-network-slices really not a normative reference?

[TS-VPB]: As noted earlier, we’ll fix the references.


-----Original Message-----
From: Teas <teas-bounces@ietf.org> On Behalf Of Lou Berger
Sent: 18 February 2022 13:28
To: TEAS WG <teas@ietf.org>
Cc: TEAS WG Chairs <teas-chairs@ietf.org>;
draft-bestbar-teas-ns-packet@ietf.org
Subject: [Teas] WG adoption poll: draft-bestbar-teas-ns-packet-08

Hello,

This email begins a 2-week adoption poll for:
https://datatracker.ietf.org/doc/draft-bestbar-teas-ns-packet/

<https://datatracker.ietf.org/doc/draft-bestbar-teas-ns-packet/>Please note that IPR has been disclosed on this document:
https://datatracker.ietf.org/ipr/search/?submit=draft&id=draft-bestbar-teas-
<https://datatracker.ietf.org/ipr/search/?submit=draft&id=draft-bestbar-teas->ns-packet

Please voice your support or objections to adoption on the list by the end
of the day (any time zone) March 4.

Thank you,
Lou (as Co-chair)

_______________________________________________
Teas mailing list
Teas@ietf.org
https://www.ietf.org/mailman/listinfo/teas

<https://www.ietf.org/mailman/listinfo/teas>_______________________________________________
Teas mailing list
Teas@ietf.org
https://www.ietf.org/mailman/listinfo/teas