IETF Logo Mail Archive

Re: [trill] [RTG-DIR] RtgDir review: draft-ietf-trill-directory-assisted-encap-02

Donald Eastlake <d3e3e3@gmail.com> Thu, 18 January 2018 20:14 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: trill@ietfa.amsl.com
Delivered-To: trill@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE13012D84C; Thu, 18 Jan 2018 12:14:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iHM4TtRgTIDN; Thu, 18 Jan 2018 12:14:07 -0800 (PST)
Received: from mail-ot0-x234.google.com (mail-ot0-x234.google.com [IPv6:2607:f8b0:4003:c0f::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C15A12D831; Thu, 18 Jan 2018 12:14:07 -0800 (PST)
Received: by mail-ot0-x234.google.com with SMTP id d9so1899687oth.6; Thu, 18 Jan 2018 12:14:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=1oaExo7j+WQCy6aHMDASWJIHyC9QF7FbFCMspI6hT2g=; b=h7cVDyeAlqHVcZCLlGFt22Z2aeNAz1vUUiMpJ1Jqfbc1mpD0dnnazk2jb9TKNo7F7O cdT338wzfR6jLf7LKhEIMJwSvtN/UT7jrBYs0uf5NaQBQXIlummmMb3kqg16s/eJ0P43 7CMg65pc5cpl8wTqqbZSQS5qD7bHBPGAtXY9GgaOMyvVEM7SSf576OhvB7i42aHlu+LM jmGSSyVOhhl0qod2RNkrG6yKmMn4q9LzeQEexL70UQrzW/M7eHvdl8+V1/RbWEcptTpp ctL4ZR1p3Xc9n03Gysk8bCBlN+L7jbZp7bmU2IGd6Oi77jvtJrMVQC6IEUt8rTBg0pd6 zpyA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=1oaExo7j+WQCy6aHMDASWJIHyC9QF7FbFCMspI6hT2g=; b=TBNbMzdxe3RXRcXc2WBc4DU9BYzpmMMiXVfoQ8vy66o//KJofq50JWKDMY4RzaCnky jMAJFiF7oE7f1JhtZdvj7u+zPhg9cA/8gVLoNVHqHsj/4blVE4/brOozt/FCWu52EBJ3 RWaCyUcJWU9mrkZU2R7eki2eQoicZB/a4a/pjYEZ1p18KoC+nYghw2WJ2u0BPsk8qZ6m VyU/pcMiz6byIMAtWnlpjEEz+soqh1Pm4X+OMFanznP2l21aqOlvxUB8LmJXXQINbi8b 23RiQeYjzNJtPgczMMD4fw7VFvZUZuBcmo3sYKyWx+jiSPVtMPxRZQ0wNiQ986Dp79Hv iyXw==
X-Gm-Message-State: AKwxytcH6S7RHGo/tP3LZJhOPchDh8hcGSkpm3ZmBIzUhBdwvyAgvQPH ChX9LZ8QhurPq9TpL9j6ZD8mMPS5xK7V/FEUmIm7xg==
X-Google-Smtp-Source: ACJfBoumtmIM835FlymiAizNLiW2pzPtWcI0b0jxUzWpSSG6ecQViK39G3wZ9aADD5k82bPAwfgqanO1SUxmPfJNqgM=
X-Received: by 10.157.19.46 with SMTP id f43mr4055157ote.139.1516306446411; Thu, 18 Jan 2018 12:14:06 -0800 (PST)
MIME-Version: 1.0
Received: by 10.168.5.15 with HTTP; Thu, 18 Jan 2018 12:13:50 -0800 (PST)
In-Reply-To: <5C1D3245-5EBA-43CD-9FAF-A48820152FE7@niven-jenkins.co.uk>
References: <719932B6-AA05-47A4-99BA-EBB842D3AFF0@niven-jenkins.co.uk> <CAF4+nEEwV_UXRy+d5z4yHRDe9daH1cH7reENxOevQTeBmSvaVw@mail.gmail.com> <CAF4+nEGL+EvO7EPoDoe53S_Sbt5LSM7TWtj0Hk6MFLgfyLDDTQ@mail.gmail.com> <B4F1B07E-9C66-4393-A970-F3F80AC0D02A@niven-jenkins.co.uk> <CAF4+nEHqtXUzy5Le4Aa7Vv8b_H+U4RtUAgix+q8fs0Ozorbu7g@mail.gmail.com> <5C1D3245-5EBA-43CD-9FAF-A48820152FE7@niven-jenkins.co.uk>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Thu, 18 Jan 2018 15:13:50 -0500
Message-ID: <CAF4+nEEy+OmNtCKT4Cn1SVOQKcq83YDp=O0jznV2MJ2VEPGyYA@mail.gmail.com>
To: Ben Niven-Jenkins <ben@niven-jenkins.co.uk>
Cc: "<rtg-ads@ietf.org> (rtg-ads@ietf.org)" <rtg-ads@ietf.org>, "rtg-dir@ietf.org" <rtg-dir@ietf.org>, draft-ietf-trill-directory-assisted-encap.all@ietf.org, trill@ietf.org
Content-Type: multipart/alternative; boundary="001a113de8b81bebed0563129bab"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trill/BntvDbAYxO74edQtb5pW-lMTi0Y>
Subject: Re: [trill] [RTG-DIR] RtgDir review: draft-ietf-trill-directory-assisted-encap-02
X-BeenThere: trill@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Developing a hybrid router/bridge." <trill.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trill>, <mailto:trill-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trill/>
List-Post: <mailto:trill@ietf.org>
List-Help: <mailto:trill-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trill>, <mailto:trill-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jan 2018 20:14:11 -0000

Hi Ben,

On Thu, Jan 18, 2018 at 2:40 PM, Ben Niven-Jenkins <ben@niven-jenkins.co.uk>
wrote:

> Hi Donald,
>
> -08 addresses all my comments, thanks. BTW 1 more editorial nit introduced
> in -08, in the new paragraph in the security considerations you have
> misspelt encapsulation.
>

Thanks. The nit you found encouraged me to actually do a spell check :-)
and I found
   snown -> shown
   ecapsulation -> encapsulation

So these are fixed in -09.

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 <(508)%20333-2270> (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e3e3@gmail.com


> Regards
> Ben
>
> On 17 Jan 2018, at 23:23, Donald Eastlake <d3e3e3@gmail.com> wrote:
>
> Hi Ben,
>
> Thanks for the further review and comments. See below.
>
> Version -08 has been uploaded with the goal of resolving these comments.
>
> On Wed, Jan 17, 2018 at 8:48 AM, Ben Niven-Jenkins
> <ben@niven-jenkins.co.uk> wrote:
>
>
> Hi Donald,
>
> Apologies for not responding sooner, I have reviewed the latest version
> (-07) and still have a couple of comments, see inline below. I have also
> included at the bottom of this email some additional editorial nits I found
> when reading -07. I have trimmed previous comment and responses from you
> that are now covered in the document.
>
> On 10 Jan 2018, at 20:05, Donald Eastlake <d3e3e3@gmail.com> wrote:
>
> ...
>
> On Thu, Oct 26, 2017 at 10:29 PM, Donald Eastlake <d3e3e3@gmail.com>
> wrote:
>
>
> Hi Ben,
>
> Thanks for your review. It appears that is was not responded to in a
> timely fashion. Apologies on behalf of the authors.
>
> (Your review was of the -02 version. The current version is -05.)
>
> On Sun, Apr 24, 2016 at 4:28 AM, Ben Niven-Jenkins
> <ben@niven-jenkins.co.uk> wrote:
>
> Hello,
>
> I have been selected as the Routing Directorate reviewer for this
> draft. The Routing Directorate seeks to review all routing or
> routing-related drafts as they pass through IETF last call and IESG
> review. The purpose of the review is to provide assistance to the
> Routing ADs. For more information about the Routing Directorate,
> please see http://trac.tools.ietf.org/area/rtg/trac/wiki/RtgDir
>
> Although these comments are primarily for the use of the Routing
> ADs, it would be helpful if you could consider them along with any
> other IETF Last Call comments that you receive, and strive to
> resolve them through discussion or by updating the draft.
>
>
> Document: draft-ietf-trill-directory-assisted-encap-02.txt
> Reviewer: Ben Niven-Jenkins
> Review Date: 21 April 2016
> Intended Status: Proposed Standard
>
> Summary:
> I have significant concerns about this document and recommend that
> the Routing ADs discuss these issues further with the authors.
>
>
> Hopefully the changes made between the version -02 you reviewed and
> the current -05 have made some improvements and, based on your
> comments and WG LC comments, further improvements can be made.
>
>
>
> I think the -07 is almost good to go, the only outstanding concern I have
> is with regards to the security considerations section, see below.
>
>
> Thanks.
>
> Comments:
> Overall this is not the easiest document to read although some of
> that might be due to my lack of background in TRILL and its
> terminology.
>
> Major Issues:
>
> 1) The document has an Intended Status of Proposed Standard, however
> it does not contain any RFC2119 keywords and does not seem to make
> any normative statements about required behaviour which I would have
> expected in a Proposed Standard.
>
>
> Well, in version -05 there is at least one keyword instance.
> Furthermore, I don't know that such keywords need to always be used
> when an implementation requirement level is being specified. That
> said, we could see if additional RFC 2119 keywords are warranted.
>
>
> I noted this as a flag to the ADs because the lack of RFC2119 key words
> seemed unusual to me. If the ADs are happy for this to be proposed standard
> then I am happy with it being a proposed standard.
>
>
> OK.
>
> 2) Section 4: If I understand correctly the TRILL-EN spoofs the
> Ingress RBridge edge node's nickname in the source address field of
> the TRILL header. Is this likely to introduce problems? E.g. if
> RBridges will accept & forward frames that have their own source
> address in, does it perpetuate routing loops or present security
> considerations that the document should discuss?
>
>
> TRILL goes to great lengths to avoid loops and has a hop count in the
> TRILL header so that, should there be a transient loop, a TRILL packet
> in that loop (i.e., an encapsulated frame) will be discarded. In the
> potentially more dangerous case of multi-destination packets, as
> compared with known unicast, where copies could multiply due to forks
> in the distribution tree, a Reverse Path Forwarding Check is used to
> discard packets that appear to be on the wrong link or when there is
> disagreement about the distribution tree.
>
> Security Considerations should probably say more on this.
>
> Section 8 on Security Considerations also looks very light on
> text. If you are allowing TRILL-ENs to spoof RBridge source
> addresses (which I think you are, see comment above) I think you
> should have a discussion about that somewhere in the document.
>
>
> I agree that some further discussion is needed in the Security
> Considerations section.
>
>
> I don’t see any discussion on TRILL-ENs spoofing ingress bridge nicknames
> in section 7 on security considerations. I see the security consideration
> section of the referenced RFC6325 states "RBridges do not prevent nodes
> from impersonating other nodes” although RFC6325 doesn’t appear to discuss
> the security considerations related to allowing such impersonation.
>
> I think it would be valuable for the security considerations section of
> draft-ietf-trill-directory-assisted-encap to explicitly call out that
> TRILL-ENs spoof ingress bridge nicknames and explain why that is not an
> issue (the text you use above is sufficient for that purpose IMO).
>
> I leave it up to you & the chairs/ADs to decide if my suggestion is
> overkill and that the existing reference to RFC6325 is sufficient for a
> reader skilled in the art of TRILL.
>
>
> A paragraph has been added to the Security Considerations to cover this.
>
> Minor Issues:
>
> 1) Section 3. I am not sure what Figure 2 is trying to convey and it
> is not referred to by the main text. Is it required?
>
>
> Figure 2 is intended to show the header of a pre-encapsulated frame
> going from a TRILL-EN to an edge TRILL switch. If it is retained in
> the draft, there should be clarifying text that references it.
>
>
> I still don’t see any reference to figure 2 in the text (or to figure 1
> for that matter).
>
>
> References have been added.
>
> However, Section 4 says
>
>   The TRILL-EN learns this nickname by listening
>   to the TRILL IS-IS Hellos from the Ingress RBridge.
>
> which makes me think if the TRILL-EN is running IS-IS for hellos, is
> pushing the directory such an obstacle?
>
>
> That text refers to snooping on IS-IS messages, not running IS-IS.
>
>
> Ah, I see. IMO explicitly using the term “snooping" rather than
> “listening” here (and in section 1) would make this unambiguous. I leave it
> up to you whether to make that change or not.
>
>
> "listening" has been changed to "snooping".
>
> 4) Section 7 on Manageability Considerations only states that in
> order for the solution to work requires the availability of a
> directory service, which seems a bit redundant when the entire
> document is about "Directory Assisted TRILL Encapsulation”. Is this
> section required?
>
>
> I agree that the Manageability Considerations section should have
> some material added concerning configuration or be dropped.
>
>
> I see this section now includes "TRILL-EN have the same configuration
> options as any pull directory client.” Is there a suitable document you
> could informatively reference here that describes/discusses the
> configuration options for a pull directory client?
>
>
> A reference to the appropriate section of RFC 8171 has been added.
>
> Minor nit: should the sentence start “TRILL-ENs”?
>
>
> OK.
>
> Other editorial nits I found reading -07:
>
> Section 3, para 2 says "If a destination is not known to be attached to
> one or more RBridge edge nodes”. I struggled to parse this without reading
> it multiple times, I think what you mean to say is "If it is not known
> whether a destination is attached to one or more RBridge edge nodes”?
>
>
> That seems to be better wording.
>
> Section 3, para 4: s/don’t/doesn’t/
>
> Section 3, para 8: s/and perform/and performs/
>
> Section 5.1, para 2: s/data frames with TRILL header/data frames with
> TRILL headers/
>
> Section 7, para 1: s/TRIL-ENs/TRILL-ENs/
>
>
> The above editorial fixes have been made.
>
> Thanks,
> Donald
> ===============================
> Donald E. Eastlake 3rd   +1-508-333-2270 <(508)%20333-2270> (cell)
> 155 Beaver Street, Milford, MA 01757 USA
> <https://maps.google.com/?q=155+Beaver+Street,+Milford,+MA+01757+USA&entry=gmail&source=g>
> d3e3e3@gmail.com
>
> Regards
> Ben
>
>
>

v2.23.0 | Report a Bug | By Email