Re: [trill] Mirja Kühlewind's Discuss on draft-ietf-trill-over-ip-16: (with DISCUSS and COMMENT)

Donald Eastlake <> Thu, 05 April 2018 03:10 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AE890120725; Wed, 4 Apr 2018 20:10:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Qb7bIMpBGx3j; Wed, 4 Apr 2018 20:10:37 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4001:c0b::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 394A61243FE; Wed, 4 Apr 2018 20:10:37 -0700 (PDT)
Received: by with SMTP id 15-v6so1486490itl.1; Wed, 04 Apr 2018 20:10:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=tsIOB9mmXr/H4DbV2ZqvkUJ0x9jKT3b/S6NEXm4I4/0=; b=tdWcQOcCKIYQsZPy5KALMvDq+2Jt3IkxNgEtlz1vLgMnCmK1JQgb2SCtx7evUF3pAb ovZfjiHpFyF6L8/jyoIRrb6HhghE7vkA9zJwnGCWkvNfqDYXUtF4vVEb00NzXzSIxto5 W/twRC9E8trrIjhe2yOCl35JGgqke7RdjvPMSkQ6/oksqqMVkd/Epw5LF06MTriznyke Qsz4MBBNBfDBWzjYAIkbLUoknjbWiGlgt67YsfKTGih4q/wmZLz6/brH5DbGIkvkXjB3 IQRd80Nc8b1n+wrDtZLaWfyAJFkMy2C3FbEtaIX+8nlaHZ1tjWlwY4LzdXkdn7GzZo08 Jw9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=tsIOB9mmXr/H4DbV2ZqvkUJ0x9jKT3b/S6NEXm4I4/0=; b=rqx94Nm3IINYY6VS1Li4L8Ku160rBwSz0u3kaTU/RAuPuwHdrwEEj1aHphAGxwcBn2 FmF3QEPQnkMoZ8huoU6W/l4IFPC9Hg/HnQ+D15Ki4Xd0h2N8PaI+DfiZZO8BDanSWHef TJNsq+vCIyIn9sJTrhplfODgzViLPYPGrr5fWH8i/YoamtXUt2dRSnROUUsajjERfEru s9Yg6L6DGyJX0pcTW8/jTbxJwvqtwUIDhEQWOJY7bmRtNfbzNCHvxAsGbVtczdw8YH1W HCclTpFz/YcH2/eSvYVWqqc/y+kAPz8JNDXoNSlZDngCUVCJdAxS/hpuZieskpVF6ahE d2xQ==
X-Gm-Message-State: AElRT7F4E9JN3RAJ+z0V9FXhqfLjOcBmOO3Hw1VH0ReQXJnh8MUuNOR8 clCw8xy1C04I63p6Ea1wq6yyscTCvmXVdodPyWRNzA==
X-Google-Smtp-Source: AIpwx48lp96KpSrhmoXpg7sPxNvCfWwQxlpIHF7a4HP36frpEE64gaDD5NTKyeKJQP+Vmiz8PUPVhW/pCtasVOfgeSw=
X-Received: by 2002:a24:df04:: with SMTP id r4-v6mr11884520itg.105.1522897836290; Wed, 04 Apr 2018 20:10:36 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Wed, 4 Apr 2018 20:10:20 -0700 (PDT)
In-Reply-To: <>
References: <>
From: Donald Eastlake <>
Date: Wed, 4 Apr 2018 23:10:20 -0400
Message-ID: <>
To: =?UTF-8?Q?Mirja_K=C3=BChlewind?= <>
Cc: The IESG <>,, Susan Hares <>, trill IETF mailing list <>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [trill] =?utf-8?q?Mirja_K=C3=BChlewind=27s_Discuss_on_draft-ietf?= =?utf-8?q?-trill-over-ip-16=3A_=28with_DISCUSS_and_COMMENT=29?=
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Developing a hybrid router/bridge." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 05 Apr 2018 03:10:40 -0000

Hi Mirja,

On Thu, Mar 29, 2018 at 10:58 AM, Mirja Kühlewind <> wrote:
> Mirja Kühlewind has entered the following ballot position for
> draft-ietf-trill-over-ip-16: Discuss
> ...
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> Usage of encapsulation schemes
> ----
> The document does not clearly explain and justify why different encapsulations
> are needed. The document should more extensively discuss the different
> properties and trade-offs for each encapsulation and give clear recommendations
> when you to use which encapsulation. E.g. the document does not clearly specify
> when to use IPSec (besides saying „if security in needed“), however, the
> document needs to explain more clearly what is meant by this: given the
> over-the-Internet path is always not trusted, does that mean that IPSec should
> always be used in that scenario? Why is IPSec specified instead of using TLS or
> DTLS with the TCP or UDP encapsulations respectively?

More information can be added about properties of different encapsulations.

In the latest revision (-16), Appendix A was added (page 48) briefly
discussing the IP security decision: (1) Is the information presented
in Appendix A sufficient? (2) Would you like that material moved into
the body of the document.

> Why is both UDP and TCP
> encapsulation needed, given that UDP is the default that is mandatory to
> implement anyway? Why are the short-comings of UDP and when is it
> recommended/beneficial to switch to TCP?

I would say that the primary problem with UDP is fragmentation.

> -----
> 1) Section 4.3 should also talk about decapsulation as DCSP is often
> overwritten on the path and therefore the DCSP of the inner and other IP
> headers can differ on decapsulation. Please see RFC2983 for further guidance.
> You probably should specify to discard the outer DSCP at tunnel egress in your
> use case.


> 2) Further it is not clear to me if the use of CS7 in appropriate for this use
> case as RFC 4594 says "   o  CS7 marked packets SHOULD NOT be sent across
> peering points.
>       Exchange of control information across peering points SHOULD be
>       done using CS6 DSCP and the Network Control service class."

Although providing generally similar guidance, I note that RFC 8100 is
a more recent Informational RFC on this topic than RFC 4594.

We can add some guidance that CS6 and CS7 should not be used for
traffic being sent through provider facilities. I believe that
essentially all providers that would be adversely affected by such
traffic provide their own DSCP mapping at their permitter. In any
case, a TRILL campus operator might want to map DSCP themselves before
giving traffic to a provider to reduce the probability of provider

> 3) Moreover, if my understanding is correct, the high priority classes in TRILL
> are not exclusively reserved for control data. However, CS6 and CS7 is only
> meant for control and rounting traffic. If those classes are used it must be
> ensure that the traffic send with these DSCP is not overloading the network. I
> think further (security) considerations are needed here.

Current TRILL documents recommend use of the highest available
priority for messages affecting the establishment and maintenance of
adjacency and the next highest priority for other important control
messages (see Section 8.2 of RFC 7780). In case where CS6 and CS7 are
not available, this advice would still apply, it is just that a lower
priority might the be highest available.

We can also add something to the Security Considerations.

> Broadcast Link Encapsulation Considerations
> ------
> Not every transport encapsulation can be used for Broadcast/Multicast. TCP
> cannot be used. This is mention later but also be consider in the text in
> section 5.3


> TCP Encapsulation
> -----
> If my understanding is correct than TRILL does not know that the connect of a
> TRILL data packet is. That means the data could can also contain traffic that
> is running over TCP, right? Encapsulating TCP in TCP should generally avoided
> if possible and need further considerations as loss in the outer control loop
> that is used on the TRILL IP link appears as strongly varying delays to the
> inner control loop and therefore can have very negative effects.

We can add further considerations on this topic.

> TCP Connection Establishment (section 5.6.1)
> -----
> This section seem to assume for all configured or discovered tunnel endpoints
> should  immediately (at node start up time) and permanently open one/multiple
> TCP connections. I'm in general uncertain if this is the right approach.
> However, even if the connection is not closed, it might not be usable after an
> idle time, as middlebox on the path may have removed their state. Therefore, to
> keep a connection permanently open, the endpoint need probably to send
> keep-alives, or alternative a mechanism to detect such a failure (quickly) and
> re-establish the connection such be used. Alternative, a connection could be
> open and closed when needed. In this case also more recommendation is needed
> when to open and close the connection(s).

BFD is the mechanism provided in TRILL [RFC7175] to detect failures
more rapidly than would be detected by IS-IS Hellos. We can add some
recommendations on this issue.

> Fragmentation
> ----
> The fragmentation problem for Internet links is not sufficiently addressed.
> trill requires a minimum size of 1,470 bytes while most Internet paths only
> support an MTU of 1,470 bytes which will automatically lead to fragmentation
> when encapsulation is added. It can not be assumed that all Internet path
> support IPv6, therefore the recommendation "if fragmentation is anticipated
> with the encapsulations specified in this document, the use of IPv6 is
> RECOMMENDED" is often hard to realize. I assume that many trill IS-IS packets
> are smaller than 1,470 bytes thus fragmentation might not occur, however, for
> larger packets I would rather recommend to implement an additional mechanism to
> enable segmentation above UDP (+ PMTU discovery) or the use of TCP. In any case
> more clear recommendation is needed.

We can add further material on MTU and look into a protocol for
fragmentation and re-assembly over a TRILL hop.

> Port assignment
> ----
> Only one port per service can be assigned (see principles in rfc6335 and
> guidelines in rfc7605). Therefore the spec should be changed to the use of one
> ports and describe how different kinds of packets can be distinguished by other
> means (which should be easily possible to my understanding). Further, it is
> expected that the document confirms that any new security added later on will
> also use the port assigned (i.e., future versions will not be eligible for new
> ports e.g. for a “TLS” variant).

We will respond separately to the port request review comments we have

> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> Editorial coments:
> 1) It is really confusing that the whole document is talking about ports as
> tunnel endpoints while it also often talks about transport (TCP/UDP) ports. It
> makes it really hard to read this document. Maybe these things can be better
> distighlished somehow.

I'm sorry but I don't understand what is confusing. Most of the
occurrences of "transport" were added recently. As far as TRILL is
concerned, the (possibly multi-point to multi-point) TRILL over IP is
just a type of link between TRILL switch ports.

> 2) This document should not re-specify the UDP header (5.4). At minimum the
> text should be changed the following way. OLD "Where he UDP Header is as
> follows:" NEW "Where he UDP Header is as follows as specified in [RFC0768] :"


 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA