Mahesh Jethanandani has entered the following ballot position for draft-ietf-spring-resource-aware-segments-18: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-spring-resource-aware-segments/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Note, in addition to my own DISCUSS, I support the two DISCUSS points that Ketan has on the control plane completeness question and SRv6 non-routable SID gap; this review does not duplicate those. Section 3.1, paragraph 7 > In SR-MPLS packet forwarding, each resource-aware Adj-SID identifies > both the next-hop of the node and the set of resources used for > packet processing on the outgoing interface. Each resource-aware > Prefix-SID identifies the path to the node which the prefix is > attached to, and the resource group which consists of a set of > network resources to be used for packet forwarding on the transit > nodes along the path. The transit nodes use the resource-aware > Prefix-SIDs to determine the next-hop of the packet and the set of > local resources in the identified resource group, then forward the > packet to the next-hop using the set of local resources. This section and Section 3.2 make an equivalent statement when it comes to "use the resource-aware Prefix SID to determine the next-hop of the packet and the set of local resources in the identified group". Both require that the transit node have prior knowledge of the resource group associated with a given SID or Locator. The document does not specify what a transit node MUST do when it encounters a resource-aware SID for which no resource group association has been configured locally. Section 7 addresses the case of detected inconsistency across nodes, but does not cover a transit node that was simply never provisioned with the resource group binding. If a transit node silently forwards a packet using best-effort resources upon encountering an unrecognized resource-aware SID, the resource isolation guarantee is violated with no indication of failure — the exact outcome the mechanism is designed to prevent. Without a required fallback behavior (e.g., MUST drop; or MUST forward but MUST log/report), implementations will diverge and silent SLA violations will be undetectable. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Section 3.1, paragraph 2 > For one IGP link, multiple resource-aware Adj-SIDs can be assigned, > each of which is associated with a subset of the link resources > allocated on the link. For one inter-domain link, multiple BGP > PeerAdj SIDs may be assigned, each of which is associated with a > subset of the link resources allocated on the inter-domain link. The > inter-domain link is between network domains managed by the same > administrative entity and aligns with the trust model described in > [RFC8402]. The resource-aware Adj-SIDs may be associated with a > specific network topology and/or algorithm, so that it is used only > for resource-aware SR paths computed within the topology and/or > algorithm. The sentence "The inter-domain link is between network domains managed by the same administrative entity." restricts resource-aware BGP PeerAdj SIDs to single-operator deployments. If this restriction is intentional, it should be stated as a normative constraint (MUST) rather than a descriptive statement. If cross-domain scenarios with different administrative entities are also intended to be in scope, the security and trust requirements for those scenarios are not addressed. Section 3.1, paragraph 7 > When the set of network resources allocated on the egress node also > needs to be determined, it is RECOMMENDED that Penultimate Hop > Popping (PHP) [RFC3031] be disabled, otherwise the inner service > label needs to be used to infer the set of resources to be used for > packet processing on the egress node of the SR path, which would > over-complicate the assignment of the service label and potentially > require multiple service labels to be assigned for the same service > to identify the different resource groups. This section recommends disabling PHP when egress resource assignment is required. This recommendation lacks the operational context needed for operators to safely act on it: - It is unclear whether this applies per-SID (via explicit-null in prefix-SID advertisement) or per-node globally. - The impact on non-resource-aware traffic transiting the same path is not discussed. - No guidance is given for environments where PHP cannot be disabled due to interoperability constraints with legacy equipment. The RECOMMENDED behavior should be accompanied by guidance sufficient to evaluate its deployment implications. Section 4, paragraph 4 > When a network node is instructed to associate a SID with specific > resources, its actions will depend on the operational mechanisms of > the network. In some cases the association between SIDs and > resources is configured on the individual network nodes, and the > control plane (e.g. IGP) is used to distribute the SID information > and the allocated resource information to the controller and the > ingress nodes for TE constraint-based path computation. In network > cases with SR and other TE mechanisms (such as RSVP-TE) co-existing > in the network, the IGP advertisements of available resources may > need to be updated to indicate that there has been a change to the > available resources resulting from the instantiation of a new > resource-aware SID, it is suggested such updates would be rate- > limited to avoid overloading the IGP system using suppression > mechanisms as described in [RFC8570] [RFC7471]. In still other cases > the association between SIDs and network resources is provisioned by > the central controller which is responsible for all TE management, > then the distributed control plane does not need to take any > additional action. The sentence "it is suggested such updates would be rate-limited to avoid overloading the IGP system using suppression mechanisms as described in [RFC8570] [RFC7471]." This is a normative recommendation but uses informal language. Given the explicit citations to standards-track suppression specifications, this should use RECOMMENDED (BCP 14 language). Section 6.1, paragraph 0 > Huawei Technologies reported the following implementations of the > resource-aware segments (Section 2). The resource-aware segments are > used to build SR based Network Resource Partitions (NRPs) and > resource guaranteed SR Policies. The document does not cite RFC 9732 at all. The draft introduces "resource group" as its foundational concept; RFC 9732's NRP maps directly to the same construct. The authors should either explain the distinction between "resource group" (this document) and "NRP" (RFC 9732), or use the term already established in RFC 9732 and cite it accordingly. I also support Ketan's DISCUSS on this point. Section 11.2, paragraph 0 > 11.2. Informative References The following entries appear in the informative reference list but are not cited in the document body: [RFC3209], [RFC5440], [RFC9086], [RFC9087], [RFC9552]. The shepherd write-up acknowledges this. These should be removed before publication. Found terminology that should be reviewed for inclusivity; see https://www.rfc-editor.org/part2/#inclusive_language for background and more guidance: * Term "traditionally"; alternatives might be "classic", "classical", "common", "conventional", "customary", "fixed", "habitual", "historic", "long-established", "popular", "prescribed", "regular", "rooted", "time-honored", "universal", "widely used", "widespread" ------------------------------------------------------------------------------- NIT ------------------------------------------------------------------------------- All comments below are about very minor potential issues that you may choose to address in some way - or ignore - as you see fit. Some were flagged by automated tools (via https://github.com/larseggert/ietf-reviewtool), so there will likely be some false positives. There is no need to let me know what you did with these suggestions. Section 2, paragraph 2 > * Resouce group: A group of network resources allocated on a set of > network nodes and links, which can be used for forwarding and > processing packets with one or multiple resource-aware SIDs. s/Resouce/Resource/ Section 7, paragraph 2 > The consistency in the binding between resource-aware segments and > resource groups across all participating nodes in the network is > crucial for correct and consistent treatment to packets so as to meet > the resource guarantee and SLA requirements. If this is not the > case, it may cause problems including service quality degradation or > packet drop. Such issues could be detected and diagonosed using > performance measurement or packet trace mechanisms with the same > resource-aware segments as in the data packets used for forwarding. > Control plane mechanisms need to include consistency checks to allow > the configured state of resource allocation in network nodes to be > verified against the intended state. If inconsistency in resource > binding is detected by a network node, by default the impacted > resource-aware SIDs MUST NOT be used for traffic forwarding, and an > error SHOULD be logged and reported. s/diagonosed/diagnosed/ Section 8, paragraph 1 > The allocaton of network resources, the association of resource-aware > SIDs with the allocated network resources, and the distribution of > information of the resource-aware SIDs together with the associated > TE attributes MUST be done via control or management protocol > channels with proper mechanisms for authentication, authorization, > integrity or replay-protection. The specifications of the control or > managment plane protocols for resource-aware segments SHOULD specify > how these security properties are provided. When the control plane > of resource-aware segments is based on Flex-Algo, the security > threats described in [RFC9350] need to be considered, as the hijack > of a Flex-Algo which associates with an resource group would > compromise not just path selection but also resource isolation > correctness. s/allocaton/allocation/ s/managment/management/ s/an resource group/a resource group/ Section 6, paragraph 4 > Resource-aware segments require to introduce additional SR-MPLS SIDs or SRv6 > ^^^^^^^^^^^^ Did you mean "introducing"? Or maybe you should add a pronoun? In active voice, "require" + "to" takes an object, usually a pronoun. Section 7, paragraph 2 > ic, lower the priority and treat it in best effort, etc. 8. Security Consider > ^^^^^^^ A determiner may be missing. Section 7, paragraph 2 > of a Flex-Algo which associates with an resource group would compromise not > ^^ Use "a" instead of "an" if the following word doesn't start with a vowel sound, e.g. "a sentence", "a university". _______________________________________________ spring mailing list -- [email protected] To unsubscribe send an email to [email protected]
