Re: [alto] Chair review of path-vector-13 (Part 2 of 2)
Hi Vijay and the ALTO WG, Thanks for the review and please find the responses inline. We will fix the missing items as soon as possible. Best, Kai -Original Messages- From:"Vijay Gurbani" Sent Time:2021-02-11 00:23:13 (Thursday) To: draft-ietf-alto-path-vec...@ietf.org Cc: "IETF ALTO" Subject: [alto] Chair review of path-vector-13 (Part 2 of 2) Dear Authors: This part concludes my chair review of path-vector, an important ALTO extension. Thank you for your work on this document. I hope the comments in this part and the first part help position the document better. Chair review from Section 7 to the end of the document. Part 2 of 2. Global comment: Please turn all "Content-Length: [TBD]" into "Content-Length: XXX", where "XXX" is the computed content length. [PV] This comment has not been addressed yet but is being processed. Major: - S7.1.3: When you first get into JSON object declarations, you should point the reader to S8.2 of RFC7285, where the semantics related to the syntax used to declare ALTO JSON objects is defined. This will help new implementers who pick up this manuscript and need to understand where the declaration syntax, and previously declared JSON ALTO objects, like ReqFilteredCostMap, reside. [PV] Thanks for the comment. We add a subsection "Notations" in Section 7 and point to S8.2 of RFC 7285. References to the previous defined JSON objects are also added to the text where the previously defined objects are referenced. - S8.3: I think the ALTO response deserves a longer explanation here. Let me see if I understand correctly: the cost map returns two properties: NET1 and AGGR. On NET1, the max reservable bandwidth is 50 Gb (or GB?), i.e., inside the NET1 abstraction of Figure 5, the max reservable bandwidth is much higher than the link bandwidth. For the AGGR (BTW, what does AGGR stand for? Minimum aggregate bandwidth?), the max reservable bandwidth is 10 Gbps, which is the bandwidth of L1. Yes? Please expand the explanation in the document to be as explicit as you can. Further, my suggestion would be to show the NET1 and AGGR from source 2.3.4.5 to destination 4.5.6.1, because that will necessarily include traversing two links, L1 and L2. What would be the AGGR there? [PV] The previous example in 8.3 is actually the result after obfuscation where the AGGR encapsulates the subnetwork NET1 and the connectivity between NET1 and NET3. We now give two response examples in 8.3. The first example gives the "raw" response and the second example is an obfuscated response. - S9.2: I am not sure what the prescription here is. Whatever it is, it needs to be (a) explicit, and (b) stronger. Current text says that this document does not "specify" the use of path vector cost type with RFC 8189. Why does it not specify this? Is it because such integration is not possible? In which case, the document should say so. Or is it because the authors have not studied whether such integration makes sense and can be supported in a backward compatible manner? If so, well, say so. Or is it because such integration is not possible at all? If so, say so. This is a protocol document, we need to be as unambiguous as possible. (S9.3 is a good example of drawing a line in the sand.) [PV] We have rewritten the subsection to clarify the compatibility issue with the multi-cost extension. In particular, we explain why these two extensions cannot be used together. NEW: The extension defined in this document is NOT compatible with the multi-cost extension [RFC8189]. The reason is that if a resource supports both the extension defined in this document and the multi- cost extension, the media type of this resource depends on the selection of cost types: if the path vector cost type is selected, the media type of the response is either "multipart/related; type=application/alto-costmap+json" or "multipart/related; type=application/alto-endpointcost+json"; if the path vector cost type is not selected, the media type of the response is either "application/alto-costmap+json" or "application/alto- endpointcost+json". Note that this problem may happen when an ALTO information resource supports multiple cost types, even if it does not enable the multi- cost extension. Thus, Section 7.2.4 has specified that if an ALTO information resource enables the extension defined in this document, the path vector cost type MUST be the only cost type in the "cost- type-names" capability of this resource. - S10.2: Not sure why the MAY is normative here. This paragraph should be re-written in its entirety; it reads more like a draft set of notes than something well thought out. [PV] Thanks for the comment. We revise the subsection to
Re: [alto] Chair review of path-vector-13 (Part 2 of 2)
Hi Vijay, Thanks a lot for your Part 1 and 2 thorough reviews and wise guidance. We will get back with our proposed responses and updates. Best regards, Sabine From: Vijay Gurbani Sent: Wednesday, February 10, 2021 5:23 PM To: draft-ietf-alto-path-vec...@ietf.org Cc: IETF ALTO Subject: Chair review of path-vector-13 (Part 2 of 2) Dear Authors: This part concludes my chair review of path-vector, an important ALTO extension. Thank you for your work on this document. I hope the comments in this part and the first part help position the document better. Chair review from Section 7 to the end of the document. Part 2 of 2. Global comment: Please turn all "Content-Length: [TBD]" into "Content-Length: XXX", where "XXX" is the computed content length. Major: - S7.1.3: When you first get into JSON object declarations, you should point the reader to S8.2 of RFC7285, where the semantics related to the syntax used to declare ALTO JSON objects is defined. This will help new implementers who pick up this manuscript and need to understand where the declaration syntax, and previously declared JSON ALTO objects, like ReqFilteredCostMap, reside. - S8.3: I think the ALTO response deserves a longer explanation here. Let me see if I understand correctly: the cost map returns two properties: NET1 and AGGR. On NET1, the max reservable bandwidth is 50 Gb (or GB?), i.e., inside the NET1 abstraction of Figure 5, the max reservable bandwidth is much higher than the link bandwidth. For the AGGR (BTW, what does AGGR stand for? Minimum aggregate bandwidth?), the max reservable bandwidth is 10 Gbps, which is the bandwidth of L1. Yes? Please expand the explanation in the document to be as explicit as you can. Further, my suggestion would be to show the NET1 and AGGR from source 2.3.4.5 to destination 4.5.6.1, because that will necessarily include traversing two links, L1 and L2. What would be the AGGR there? - S9.2: I am not sure what the prescription here is. Whatever it is, it needs to be (a) explicit, and (b) stronger. Current text says that this document does not "specify" the use of path vector cost type with RFC 8189. Why does it not specify this? Is it because such integration is not possible? In which case, the document should say so. Or is it because the authors have not studied whether such integration makes sense and can be supported in a backward compatible manner? If so, well, say so. Or is it because such integration is not possible at all? If so, say so. This is a protocol document, we need to be as unambiguous as possible. (S9.3 is a good example of drawing a line in the sand.) - S10.2: Not sure why the MAY is normative here. This paragraph should be re-written in its entirety; it reads more like a draft set of notes than something well thought out. - S11, last paragraph: I am not sure what "intolerable increment of the server-side storage" means here. Isn't the issue more along the lines of spending CPU cycles doing path computation rather than storage requirements? Conflating "storage" here does not seem to be warranted, but perhaps I am mistaken. Please advise. Further, the text says, "To avoid this risk, authenticity and authorization of this ALTO service may need to be better protected." ==> I am unsure how this helps. The ALTO server has no means to authenticate the client, nor does it have any means to know whether the client is authorized to send it a request. Consequently, the best it can do to protect itself is to monitor client behaviour and stop accepting requests if the client misbehaves (sends same requests frequently, sends requests with small deltas frequently, or it can ask the client to solve some puzzle before submitting a request, etc.). But generally, this class of resource exhaustion attacks are hard to defend against, and I am not sure that we will come up with something that is definitely prescriptive here. But we should structure the discussion such that it appears that we have thought of the issues here. Minor: - S7.1.6, bullet item "The Unified Property Map part MUST also include "Resource-Id" and "Content-Type" in its header." ==> Doesn't the unified-props I-D already mandate this? If so, why repeat it here? - S9: I would suggest changing the title to "Compatibility with other ALTO extensions" - S10.1, paragraph 3: I would suggest the following re-write for this paragraph: "In practice, developing a bespoke language for general-purpose boolean tests can be a complex undertaking, and it is conceivable that there are some existing implementations already (the authors have not done an exhaustive search to determine whether there are such implementations). One avenue to develop such a language may be to explore extending current query languages like XQuery or JSONiq and integrating
[alto] Chair review of path-vector-13 (Part 2 of 2)
Dear Authors: This part concludes my chair review of path-vector, an important ALTO extension. Thank you for your work on this document. I hope the comments in this part and the first part help position the document better. Chair review from Section 7 to the end of the document. Part 2 of 2. Global comment: Please turn all "Content-Length: [TBD]" into "Content-Length: XXX", where "XXX" is the computed content length. Major: - S7.1.3: When you first get into JSON object declarations, you should point the reader to S8.2 of RFC7285, where the semantics related to the syntax used to declare ALTO JSON objects is defined. This will help new implementers who pick up this manuscript and need to understand where the declaration syntax, and previously declared JSON ALTO objects, like ReqFilteredCostMap, reside. - S8.3: I think the ALTO response deserves a longer explanation here. Let me see if I understand correctly: the cost map returns two properties: NET1 and AGGR. On NET1, the max reservable bandwidth is 50 Gb (or GB?), i.e., inside the NET1 abstraction of Figure 5, the max reservable bandwidth is much higher than the link bandwidth. For the AGGR (BTW, what does AGGR stand for? Minimum aggregate bandwidth?), the max reservable bandwidth is 10 Gbps, which is the bandwidth of L1. Yes? Please expand the explanation in the document to be as explicit as you can. Further, my suggestion would be to show the NET1 and AGGR from source 2.3.4.5 to destination 4.5.6.1, because that will necessarily include traversing two links, L1 and L2. What would be the AGGR there? - S9.2: I am not sure what the prescription here is. Whatever it is, it needs to be (a) explicit, and (b) stronger. Current text says that this document does not "specify" the use of path vector cost type with RFC 8189. Why does it not specify this? Is it because such integration is not possible? In which case, the document should say so. Or is it because the authors have not studied whether such integration makes sense and can be supported in a backward compatible manner? If so, well, say so. Or is it because such integration is not possible at all? If so, say so. This is a protocol document, we need to be as unambiguous as possible. (S9.3 is a good example of drawing a line in the sand.) - S10.2: Not sure why the MAY is normative here. This paragraph should be re-written in its entirety; it reads more like a draft set of notes than something well thought out. - S11, last paragraph: I am not sure what "intolerable increment of the server-side storage" means here. Isn't the issue more along the lines of spending CPU cycles doing path computation rather than storage requirements? Conflating "storage" here does not seem to be warranted, but perhaps I am mistaken. Please advise. Further, the text says, "To avoid this risk, authenticity and authorization of this ALTO service may need to be better protected." ==> I am unsure how this helps. The ALTO server has no means to authenticate the client, nor does it have any means to know whether the client is authorized to send it a request. Consequently, the best it can do to protect itself is to monitor client behaviour and stop accepting requests if the client misbehaves (sends same requests frequently, sends requests with small deltas frequently, or it can ask the client to solve some puzzle before submitting a request, etc.). But generally, this class of resource exhaustion attacks are hard to defend against, and I am not sure that we will come up with something that is definitely prescriptive here. But we should structure the discussion such that it appears that we have thought of the issues here. Minor: - S7.1.6, bullet item "The Unified Property Map part MUST also include "Resource-Id" and "Content-Type" in its header." ==> Doesn't the unified-props I-D already mandate this? If so, why repeat it here? - S9: I would suggest changing the title to "Compatibility with other ALTO extensions" - S10.1, paragraph 3: I would suggest the following re-write for this paragraph: "In practice, developing a bespoke language for general-purpose boolean tests can be a complex undertaking, and it is conceivable that there are some existing implementations already (the authors have not done an exhaustive search to determine whether there are such implementations). One avenue to develop such a language may be to explore extending current query languages like XQuery or JSONiq and integrating these with ALTO." (Please provide references for XQuery and JSONiq.) Nits: - S8.1: s/The example ALTO server provides/Assume that an ALTO server provides/ - S9.1: s/conducting any incompatibility./incurring any incompatibility problems./ - S11: s/requires additional considerations/requires additional scrutiny/ -S11: s/authenticity and authorization/authentication and authorization/ Thank you! ___ alto mailing list alto@ietf.org
