Re: [Teas] Benjamin Kaduk's No Objection on draft-ietf-teas-sr-rsvp-coexistence-rec-03: (with COMMENT)
Harish Sitaraman <hsitaraman@juniper.net> Wed, 16 May 2018 18:03 UTC
Return-Path: <hsitaraman@juniper.net>
X-Original-To: teas@ietfa.amsl.com
Delivered-To: teas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3589312025C; Wed, 16 May 2018 11:03:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jj2KWVLEopl1; Wed, 16 May 2018 11:03:51 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6D911270B4; Wed, 16 May 2018 11:03:51 -0700 (PDT)
Received: from pps.filterd (m0108159.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w4GI3p5W017595; Wed, 16 May 2018 11:03:51 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=HR/6QrKj0/wgVZHmqt6wNX+tA6OhykDaO+qdOpsuaR8=; b=vAf5k+JlY02gZrMbY7FYzfZUrlZu19Z/2Ds8qqKI72M5SL1+oEf3D1MtTCh4RDbfN2w4 /1VdR0r/AEvY2QyLwo6qr2Pbzg4yWAAGYOfuY4cezeAFBJajxvS+GFMlW55g565LB97E hg/I978UnvOXORroZia1mB96JX6r7UNo37guXBUTZPFJ7C+SznGDHTuwX5aXJKpiq5se i8sSLrkisR10tMK9Epj41IKLdO3CE0429KsLBwHnObvBoVizrCVlWyhwwFzlhFt5Xo+L SOQs6l/+9xRSfkVVu925Y5M81NW1hDKmnzBxUrOUyvHmTh802KSWsz736gdys66VaNCd Xg==
Received: from nam02-sn1-obe.outbound.protection.outlook.com (mail-sn1nam02lp0019.outbound.protection.outlook.com [216.32.180.19]) by mx0a-00273201.pphosted.com with ESMTP id 2j0qk7r95c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 16 May 2018 11:03:51 -0700
Received: from BN7PR05MB3923.namprd05.prod.outlook.com (52.132.216.10) by BN7PR05MB3970.namprd05.prod.outlook.com (52.132.216.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.776.4; Wed, 16 May 2018 18:03:45 +0000
Received: from BN7PR05MB3923.namprd05.prod.outlook.com ([fe80::848e:6bf5:2f5a:acfd]) by BN7PR05MB3923.namprd05.prod.outlook.com ([fe80::848e:6bf5:2f5a:acfd%13]) with mapi id 15.20.0776.010; Wed, 16 May 2018 18:03:45 +0000
From: Harish Sitaraman <hsitaraman@juniper.net>
To: Benjamin Kaduk <kaduk@mit.edu>, The IESG <iesg@ietf.org>
CC: "draft-ietf-teas-sr-rsvp-coexistence-rec@ietf.org" <draft-ietf-teas-sr-rsvp-coexistence-rec@ietf.org>, Lou Berger <lberger@labn.net>, "teas-chairs@ietf.org" <teas-chairs@ietf.org>, "teas@ietf.org" <teas@ietf.org>
Thread-Topic: Benjamin Kaduk's No Objection on draft-ietf-teas-sr-rsvp-coexistence-rec-03: (with COMMENT)
Thread-Index: AQHT58OwdHeZ7QbVWEuLyDfuYM1UKKQyO5QA
Date: Wed, 16 May 2018 18:03:45 +0000
Message-ID: <12E657E7-A6F2-4644-A2F1-73C5C86FD96C@juniper.net>
References: <152589057519.3994.8881406815830033404.idtracker@ietfa.amsl.com>
In-Reply-To: <152589057519.3994.8881406815830033404.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.b.0.180311
x-originating-ip: [66.129.239.12]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN7PR05MB3970; 7:kullngsjOKCZZhq3avr/Y56Rhat865vt7azBblhEhb9AT/sH0VsDWCk5cVODGLSkUHqMYGp0CG205uNRPz30p7XujrSZGDdTq/dORuq68jHOJV8bQ8ZnWpx2Sz+/kT9TdhiJij4o9xjRRHxEK1qiue493URGTpuF9nToEumrwOtAMeBQsgQFcNj2UAZlz6MSqIEsc7MvCyGJNRAyXIR7rUfR0nko83p0jr2dxfahm3SNxx0Natu/uJW3T4s/RmfW
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BN7PR05MB3970;
x-ms-traffictypediagnostic: BN7PR05MB3970:
x-microsoft-antispam-prvs: <BN7PR05MB3970C46F1487869433D11989C2920@BN7PR05MB3970.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(10436049006162)(192374486261705)(240460790083961);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231254)(944501410)(52105095)(10201501046)(93006095)(93001095)(3002001)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123564045)(20161123558120)(20161123560045)(6072148)(201708071742011); SRVR:BN7PR05MB3970; BCL:0; PCL:0; RULEID:; SRVR:BN7PR05MB3970;
x-forefront-prvs: 0674DC6DD3
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(376002)(39860400002)(39380400002)(366004)(396003)(37854004)(51914003)(189003)(199004)(97736004)(58126008)(2906002)(478600001)(36756003)(4326008)(3280700002)(966005)(575784001)(86362001)(110136005)(25786009)(8676002)(316002)(6436002)(229853002)(81156014)(8936002)(5660300001)(54906003)(83716003)(6486002)(81166006)(5250100002)(59450400001)(68736007)(66066001)(186003)(26005)(6506007)(102836004)(76176011)(99286004)(446003)(476003)(14454004)(11346002)(106356001)(82746002)(2900100001)(105586002)(3660700001)(6246003)(6512007)(305945005)(2616005)(2171002)(3846002)(6306002)(486006)(33656002)(53936002)(6116002)(7736002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN7PR05MB3970; H:BN7PR05MB3923.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: /VaLgOXZP0GgU+hNkh8aaF9Pvz7fjFrD4xpPQyQRiyCecJyaO+q7huDELiDOwuEUlNapybjamebSA61Ta6tJB1GZlDGKyMJof4s7iBnNhLDpDxi8w9jyqp+ZCqv1M1bmBXbi1beHWN4g6zWs927TDXLK5CCAnEqaSlOWojS4WJgHJZAzjOsac4siHBNAiTEV
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <29B2BF6AB1EBF54FA4D9DE0AD139F69B@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 9225cf7d-b12e-4459-3faa-08d5bb575dd2
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 9225cf7d-b12e-4459-3faa-08d5bb575dd2
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 May 2018 18:03:45.2620 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR05MB3970
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-05-16_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1805160178
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas/gXfjNHTueQKCUWtxM7Ajaavu1gY>
Subject: Re: [Teas] Benjamin Kaduk's No Objection on draft-ietf-teas-sr-rsvp-coexistence-rec-03: (with COMMENT)
X-BeenThere: teas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teas>, <mailto:teas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas/>
List-Post: <mailto:teas@ietf.org>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teas>, <mailto:teas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2018 18:03:55 -0000
Hi Benjamin, Thanks for your comments. See inline [HS]... On 5/9/18, 11:29 AM, "Benjamin Kaduk" <kaduk@mit.edu> wrote: Benjamin Kaduk has entered the following ballot position for draft-ietf-teas-sr-rsvp-coexistence-rec-03: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_iesg_statement_discuss-2Dcriteria.html&d=DwICaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=CXKOXD_3UIPrRhmyXS8lTOnJ2ZY8S-bng806Yu9IBa0&m=_tLKZKFvpi0prUcbEb71howrp22CMZWd7Z90brs1b30&s=ax9fC-mTvSYj0Z7VznTX_3stX3oy242dhwVDWyL9blk&e= for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf-2Dteas-2Dsr-2Drsvp-2Dcoexistence-2Drec_&d=DwICaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=CXKOXD_3UIPrRhmyXS8lTOnJ2ZY8S-bng806Yu9IBa0&m=_tLKZKFvpi0prUcbEb71howrp22CMZWd7Z90brs1b30&s=TzqnOj98uGBD0O8eSxeHBvB-OhwazjQBmex5fSuN0Ew&e= ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- TED/its expansion should be introduced in the Introduction, not the Abstract, since the Abstract and the rest of the document must be able to be read in a standalone manner. [HS] Ok - we can retain " traffic engineering database" and remove "(TED)" in the abstract and move it to the Introduction. In line with Alvaro's comment, I would suggest moving Sections 3.1 through 3.4 into a new parent section "Discarded Options" or similarly-named. [HS] The solutions are not discarded and it is left to the operator's choice even though a solution may not satisfy all the requirements. I had responded to Alvaro's comment and proposed adding some text in section 3 (before 3.1) to clarify this. Section 3.5 [...] It is RECOMMENDED that the IGP-TE update threshold SHOULD be lower in order to flood unreserved bandwidth updates often. Lower than what? [HS] Vendors may offer the ability for the operator to decide how often (as a %/value of change) to flood changes to available bandwidth and unreserved bandwidth for a TE link. As part of Alvaro's comments, we are removing RECOMMENDED. We could further change the above to "The IGP-TE update threshold SHOULD allow for more frequent flooding of unreserved bandwidth". Section 7 It feels odd to say that these "do not require any new security considerations" and then go and list some new security considerations. I would suggest something like "The security considerations of each protocol are unaffected by the presence of the other, so only the interactions of the TED consistency solution with the individual protocols needs to be considered." I would probably also want to expand the text a bit, noting that: A hijacked SR traffic stream could potentially cause disruption to RSVP-TE LSPs in two ways: directly, but consuming sufficient bandwidth to cause traffic loss, and indirectly, by consuming sufficient traffic to result in the TED consistency solution proposed in this document reducing the bandwidth available to RSVP-TE paths. The former is possible whenever RSVP-TE and SR traffic share links, independently of whether this specification is in use; the latter is new behavior with this specifciation but is seen as preferrable to the alternative, since the impact to RSVP-TE traffic can be controlled and paths re-routed. However, some latent risk of disruption remains because this specification is a reactive protcol, relying on taking measurements and only adopting to new traffic flows after the measurement period. The finite duration of the measurement window leaves open a period of potential disruption before remediation can be applied. [HS] Thanks for the suggestion. We can update the security section to the following: [HS] This document describes solution options for the co-existence of RSVP-TE and SR LSPs in the same administrative domain. The security considerations for SR are described in [I-D.ietf-spring-segment-routing]. The security considerations pertaining to RSVP-TE are described in [RFC5920]. The security considerations of each architecture are typically unaffected by the presence of the other. However, when RSVP-TE and SR LSPs co-exist, it is possible for a hijacked SR traffic stream to maliciously consume sufficient bandwidth and cause disruption to RSVP-TE LSPs. With the solution option specified in Section 3.5, the impact to RSVP-TE traffic can be controlled and paths re-routed. Some latent risk of disruption still remains because this solution option relies on taking statistics samples and adopting to new traffic flows only after the adjustment period. The defensive mechanisms described in the base SR security framework should be employed to guard against situations that result in SR traffic hijacking or denial of service. [HS] This guidance seems like it could be (very) roughly characterized as "these are the ranges of values that are not insane to use". Is it possible to give more precise/active guidance, such as (taking a wild guess) "Values between 0.9 and 1.1 allow for taking accunt of estimated future traffic growth during the current measurement period while reducing the risk of leaving large amounts of bandwidth underutilized. The measurement period should be smaller than a minute in order for this tight of a growth window to make sense." [HS] M is used to multiply SR traffic average at the adjustment period (N) and to update the maximum-reservable-bandwidth to over-state/under-state the actual availability. I'm not sure we can offer better guidance than to explain the effects of M < 1 and M > 1 and that choice is up to the operator, where the default of 1 is to not under/over-state. -- Harish
- [Teas] Benjamin Kaduk's No Objection on draft-iet… Benjamin Kaduk
- Re: [Teas] Benjamin Kaduk's No Objection on draft… Harish Sitaraman
- Re: [Teas] Benjamin Kaduk's No Objection on draft… Benjamin Kaduk