Skip to main content

The Locator/ID Separation Protocol (LISP)
draft-ietf-lisp-24

Revision differences

Document history

Date Rev. By Action
2012-11-13
24 Dino Farinacci New version available: draft-ietf-lisp-24.txt
2012-08-22
23 (System) post-migration administrative database adjustment to the No Objection position for Sean Turner
2012-08-22
23 (System) post-migration administrative database adjustment to the No Objection position for Stewart Bryant
2012-08-22
23 (System) post-migration administrative database adjustment to the No Objection position for Robert Sparks
2012-08-22
23 (System) post-migration administrative database adjustment to the Yes position for Jari Arkko
2012-08-22
23 (System) post-migration administrative database adjustment to the No Objection position for Ralph Droms
2012-08-22
23 (System) post-migration administrative database adjustment to the No Objection position for Stephen Farrell
2012-08-22
23 (System) post-migration administrative database adjustment to the No Objection position for Wesley Eddy
2012-08-22
23 (System) post-migration administrative database adjustment to the No Objection position for Adrian Farrel
2012-08-22
23 (System) post-migration administrative database adjustment to the No Objection position for Ronald Bonica
2012-05-05
23 Dino Farinacci New version available: draft-ietf-lisp-23.txt
2012-05-04
22 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2012-05-04
22 (System) IANA Action state changed to Waiting on RFC Editor from In Progress
2012-05-04
22 (System) IANA Action state changed to In Progress from Waiting on Authors
2012-05-01
22 (System) IANA Action state changed to Waiting on Authors from In Progress
2012-05-01
22 (System) IANA Action state changed to In Progress from Waiting on Authors
2012-05-01
22 (System) IANA Action state changed to Waiting on Authors from In Progress
2012-04-30
22 (System) IANA Action state changed to In Progress from Waiting on Authors
2012-04-25
22 (System) IANA Action state changed to Waiting on Authors from In Progress
2012-04-03
22 (System) IANA Action state changed to In Progress from Waiting on Authors
2012-03-16
22 (System) IANA Action state changed to Waiting on Authors from In Progress
2012-02-14
22 Amy Vezza State changed to RFC Ed Queue from Approved-announcement sent.
2012-02-13
22 (System) IANA Action state changed to In Progress
2012-02-13
22 Amy Vezza IESG state changed to Approved-announcement sent
2012-02-13
22 Amy Vezza IESG has approved the document
2012-02-13
22 Amy Vezza Closed "Approve" ballot
2012-02-13
22 Amy Vezza Approval announcement text regenerated
2012-02-13
22 Amy Vezza Ballot writeup text changed
2012-02-13
22 Jari Arkko State changed to Approved-announcement to be sent from IESG Evaluation::AD Followup.
2012-02-12
22 Adrian Farrel
[Ballot comment]
It's been a long haul, but revision -22 addresses all of my remaining Discuss issues. I hope the quality and utility of the …
[Ballot comment]
It's been a long haul, but revision -22 addresses all of my remaining Discuss issues. I hope the quality and utility of the document has been improved as a result.

I'll leave in place my outstanding (non-blocking Comments)

---

Section 2

  Routing Locators ( RLOCs), which are topologically assigned to network
  attachment points (and are therefore amenable to aggregation)

I don't see that RLOCs are any more amenable to aggregation than today's
IP addresses.

There is nothing factually incorrect in what the text says, but it is implied that RLOCs are somehow special or good. They are no better or worse than pre-LISP IP addresses in respect of aggregation.

If you wanted to fix the Comment, then you might try:

  Routing Locators (RLOCs), which are topologically assigned to network
  attachment points (and are therefore as amenable to aggregation as
  other IP addresses used for routing).

---

The architectural overview in Section 4 would be enhanced by a picture.

The example in 4.1 would similarly benefit.
2012-02-12
22 Adrian Farrel [Ballot Position Update] Position for Adrian Farrel has been changed to No Objection from Discuss
2012-02-12
22 (System) New version available: draft-ietf-lisp-22.txt
2012-02-10
22 Adrian Farrel
[Ballot comment]
I have updated my Comment for revision -21 and after further discussions with the authors.

---

Section 2

  Routing Locators (RLOCs), which …
[Ballot comment]
I have updated my Comment for revision -21 and after further discussions with the authors.

---

Section 2

  Routing Locators (RLOCs), which are topologically assigned to network
  attachment points (and are therefore amenable to aggregation)

I don't see that RLOCs are any more amenable to aggregation than today's
IP addresses.

There is nothing factually incorrect in what the text says, but it is implied that RLOCs are somehow special or good. They are no better or worse than pre-LISP IP addresses in respect of aggregation.

If you wanted to fix the Comment, then you might try:

  Routing Locators (RLOCs), which are topologically assigned to network
  attachment points (and are therefore as amenable to aggregation as
  other IP addresses used for routing).

---

Section 3

      When using multiple mapping database
      systems, care must be taken to not create reencapsulation loops.

Would you consider...

...care must be taken to not create reencapsulation loops through
misconfiguration.

---

The architectural overview in Section 4 would be enhanced by a picture.

The example in 4.1 would similarly benefit.
2012-02-10
22 Adrian Farrel
[Ballot comment]
I have updated my Comment for revision -21 and after further discussions with the authors.

---

Section 2

  Routing Locators (RLOCs), which …
[Ballot comment]
I have updated my Comment for revision -21 and after further discussions with the authors.

---

Section 2

  Routing Locators (RLOCs), which are topologically assigned to network
  attachment points (and are therefore amenable to aggregation)

I don't see that RLOCs are any more amenable to aggregation than today's
IP addresses.

There is nothing factually incorrect in what the text says, but it is implied that RLOCs are somehow special or good. They are no better or worse than pre-LISP IP addresses in respect of aggregation.

If you wanted to fix the Comment, then you might try:

  Routing Locators (RLOCs), which are topologically assigned to network
  attachment points (and are therefore as amenable to aggregation as
  other IP addresses used for routing).

---

Section 3

      When using multiple mapping database
      systems, care must be taken to not create reencapsulation loops.

Would you consider...

...care must be taken to not create reencapsulation loops through
misconfiguration.

---

The architectural overview in Section 4 would be enhanced by a picture.

The example in 4.1 would similarly benefit.

---

Section 5.3

I agree with Wes about the N and V bits.

---

Section 5.3 LISP Nonce

      When the E-bit is clear but the N-bit is
      set, a remote ITR is either echoing a previously requested echo-
      nonce or providing a random nonce.

"is clear/set" in what?
The original message sent, or the new message received?
2012-02-10
22 Adrian Farrel
[Ballot discuss]
Discuss updated for revision -21 and after further discussions with authors.

---

Section 2

  One database design that is being developed
  …
[Ballot discuss]
Discuss updated for revision -21 and after further discussions with authors.

---

Section 2

  One database design that is being developed
  and prototyped as part of the LISP working group work is [ALT].
  Others that have been described but not implemented include [CONS],
  [EMACS], [RPMD], [NERD].

Is the LISP working group undertaking controlled prototyping?

My point here is that prototyping does not seem to be in the WG charter. Suggestion is to remove "and prototyped"


Similarly, what does it mean to say "have been described but not
implemented"? I guessed "At the time of writing, the authors are unaware
of any implementations of..."

The authors say that what they intended was that the suggestion of the authors is to not implement the others mechanisms, but this is not what is written and doesn't have WG buy-in. In fact, they can't know (for sure) whether the other solutions have been implemented.

Suggest to just strike "but not implemented"
2012-02-09
22 Ralph Droms
[Ballot comment]
Added, relative to -21, to replace my previous Discuss on -19:

This text is included in the definition of EID:

      …
[Ballot comment]
Added, relative to -21, to replace my previous Discuss on -19:

This text is included in the definition of EID:

      An EID used on the public Internet
      must have the same properties as any other IP address used in that
      manner; this means, among other things, that it must be globally
      unique.

It would be good to clarify what it means to be "used on the public
Internet."  My understanding is that an EID is assigned within a LISP
site and does not appear as a destination address in traffic between
RLOCs.  Therefore, it wasn't quite clear to me whether an EID needs to
be globally unique within all IP addresses used throughout the
Internet, or globally unique among other EIDs within LISP sites, or
perhaps some other scoping for global uniqueness.

What are the "other things" that derive those "same properties"?

Elsewhere in the LISP spec, RFC 1918 addresses ae mentioned, which are
clearly not globally unique.  How does the use of RFC 1918 addresses
relate to this stated requirement for gloabl uniqueness?

Updated to refer to rev -19

I'd like to see a mention of the complementary observation that
using a single ID-LOC avoids the necessity of a separate step to
bind an identifier to its location and a database to manage those
bindings.  A mention of the scale of the binding database would be
appropriate, too.

As I understand LISP, the EIDs are still ID-LOCs, not pure
identifiers, within a LISP site.  Outside any LISP site, an EID is a
pure identifier.  Which begs the question: exactly what is LISP
providing, since it isn't providing a pure ID/LOC separation.  E.g., a
node can't move within a site without changing its ID, nor can it move
between sites without changing its ID.  Of course, this hybrid ID/LOC
architecture helps with the scaling of the ID/LOC binding database.

In section 4: first bullet of "basic rules": is it the case that
end-systems are aware of LISP at all?

I would write the first phrase of the third paragraph of section 5 as
"Because EIDs and RLOCs can be either IPv4 or IPv6 addresses, ..."

I don't understand the deployment method described in section 5.5.  I
think I understand the scenario, but I don't understand how RFC 1918
prefixes can be used as EID prefixes.  How is an EID that has an RFC
1918
prefix disambiguated to do the EID-RLOC mapping?  This
question is related to the Discuss issue asking for clarification
of the global uniqueness requirements for EIDs.

In section 6.3, how does an ITR determine the original destination of
an encapsulated datagram that triggers an ICMP Network or Host
Unreachable message, so it can construct a meaningful ICMP Unreachable
message to send to the original source of the datagram?

In section 10.2, I understand how LISP can help avoid site
renumbering, as described in RFC 4192, but I don't understand how it
helps with renumbering a single node that moves
within or between sites.  What is the impact of host renumbering on
LISP forwarding?  What is the citation of RFC 4984 at the end of
section 10.2 in reference to?

I see that Jari has a Discuss waiting for IANA review.  I think
section 14 needs clarification - e.g., while section 14 includes
the text "There are two name spaces in LISP that require registration,"
there appear to be four registries requested in section 14.


How is the statement from the definition of EID-prefix:

  A globally routed
  address block MAY be used by its assignee as an EID block.

compatible from this statement from sections 2 and 4, respectively:

  [...] (EIDs), which are assigned independently from
  the network topology, [...]

  [...] an EID is only routable within the scope of a site.

I think the issue is that some additional caveats are required if "a
globally routed address block [is] used [...] as an EID block";
spec. those addresses from the globally routed address block used as
EIDs must not be allowed to be actually routed directly over the
Internet.  Well, maybe, as we'll need to see how the transition
mechanisms provide interoperability between LISP and
non-LISP systems.
2012-02-09
22 Ralph Droms [Ballot Position Update] Position for Ralph Droms has been changed to No Objection from Discuss
2012-02-08
22 Wesley Eddy
[Ballot comment]
(cleared all of my DISCUSS points except one below that is converted into a COMMENT)

If both the N bit and V bit …
[Ballot comment]
(cleared all of my DISCUSS points except one below that is converted into a COMMENT)

If both the N bit and V bit MUST NOT be set in the same packet, I believe it's correct to DROP any packets that arrive this way, as they are certainly errors, and definitely should not be forwarded onwards.
2012-02-08
22 Wesley Eddy [Ballot discuss]
2012-02-08
22 Wesley Eddy [Ballot Position Update] Position for Wesley Eddy has been changed to No Objection from Discuss
2012-02-07
22 Ron Bonica [Ballot comment]
The disclaimers added in the last two revisions of this document make it suitable for publication as EXPERIMENTAL
2012-02-07
22 Ron Bonica [Ballot discuss]
.
2012-02-07
22 Ron Bonica [Ballot Position Update] Position for Ron Bonica has been changed to No Objection from Discuss
2012-02-07
22 Stewart Bryant [Ballot comment]
Thank you for addressing my concerns
2012-02-07
22 Stewart Bryant [Ballot Position Update] Position for Stewart Bryant has been changed to No Objection from Discuss
2012-02-07
21 (System) New version available: draft-ietf-lisp-21.txt
2012-01-31
22 Adrian Farrel
[Ballot discuss]
I have updated my Discuss to remove a major point resolved in the
-20 revision. I will return to look at the other …
[Ballot discuss]
I have updated my Discuss to remove a major point resolved in the
-20 revision. I will return to look at the other points separately.

Thanks to the authors for addressing my concern.

---

Section 2

  Routing Locators (RLOCs), which are topologically assigned to network
  attachment points (and are therefore amenable to aggregation)

I don't see that RLOCs are any more amenable to aggregation than today's
IP addresses. That is, the allocation scheme for RLOCs could be run such
that RLOCs are aggregatable, but could equally be run such that it is
hard to aggregate.

Maybe the points here are that:
- network attachment points are not (currently) mobile
- network attachment points are defined by the networks they attach to
- network attachment points, by definition, impose an aggregation of
  end points.

A way to solve this, if you wrote what you intended to write, would be a
forward pointer to the section in the document that describes
aggregation of RLOCs. Otherwise, perhaps just drop the parentheses.

---

Section 2

  One database design that is being developed
  and prototyped as part of the LISP working group work is [ALT].
  Others that have been described but not implemented include [CONS],
  [EMACS], [RPMD], [NERD].

Is the LISP working group undertaking controlled prototyping?
Is the intention to state that "there are known protocotype
implementations of [ALT]."

Similarly, what does it mean to say "have been described but not
implemented"? I guess: "At the time of writing, the authors are unaware
of any implementations of..."

---

Section 3

      When using multiple mapping database
      systems, care must be taken to not create reencapsulation loops.

What is this "care"?
What about loops caused by transient conditions (or errors) in a single
LISP mapping database?
Shouldn't the payload TTL at least be decremented by one for each
tunnel?

Note that reencapsulation is not the same as nested encapsulation.
You are clear about avoiding the latter (although some form of DPI
may be required to achieve it).

---

Step 7 of Section 4.1 doesn't make it clear what has happened to the
first packet in the flow. I had assumed that it was buffered pending
the Map-Reply, but I now suspect it was discarded as soon as the
Map-Request was constructed. Can you add a clarification.
2012-01-22
22 (System) Sub state has been changed to AD Follow up from New Id Needed
2012-01-22
20 (System) New version available: draft-ietf-lisp-20.txt
2012-01-20
22 Elwyn Davies Request for Telechat review by GENART Completed. Reviewer: Elwyn Davies.
2012-01-19
22 Cindy Morgan Removed from agenda for telechat
2012-01-19
22 Cindy Morgan State changed to IESG Evaluation::Revised ID Needed from IESG Evaluation::AD Followup.
2012-01-19
22 Jari Arkko [Ballot Position Update] Position for Jari Arkko has been changed to Yes from Discuss
2012-01-19
22 Jari Arkko Dino replied to IANA on December 14th, which seems to clear the IANA issues.
2012-01-19
22 Stewart Bryant
[Ballot comment]
"Tunnel Router".  - should he in the definitions section as a generic type since you say it is a fundamental component.

==========


5.1.  …
[Ballot comment]
"Tunnel Router".  - should he in the definitions section as a generic type since you say it is a fundamental component.

==========


5.1.  LISP IPv4-in-IPv4 Header Format

SB> It would be helpful to the reader to put a forward ref to
SB> the definition of terms in 5.3 - same in 5.2.

==========


  UDP Checksum:  The UDP checksum field SHOULD be transmitted as zero
      by an ITR for either IPv4 [RFC0768] or IPv6 encapsulation
      [UDP-TUNNELS].  When a packet with a zero UDP checksum is received

SB> UDP-TUNNELS seems to be a normative reference to an expired
SB> individual draft. That seems to risk this (LISP) document going
SB> into limbo. The following text suggests that the reference
SB> should be changed to informative anyway.

      .... The handling of UDP
      checksums for all tunneling protocols, including LISP, is under
      active discussion within the IETF.  When that discussion
      concludes, any necessary changes will be made to align LISP with
      the outcome of the broader discussion.

=========

    0 x 0 1 x x x x
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |N|L|E|V|I|flags|  Source Map-Version  |  Dest Map-Version    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                Instance ID/Locator Status Bits              |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

SB> I cannot see a definition in this section of the terms
SB> Source Map-Version and Dest Map-Version

  I: The I bit is the Instance ID bit.  See Section 5.5 for more
      details.  When this bit is set to 1, the Locator Status Bits field
      is reduced to 8-bits and the high-order 24-bits are used as an
      Instance ID.  If the L-bit is set to 0, then the low-order 8 bits
      are transmitted as zero and ignored on receipt.  The format of the
      LISP header would look like:


    x x x x 1 x x x
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |N|L|E|V|I|flags|            Nonce/Map-Version                  |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                Instance ID                  |    LSBs      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

SB> s/LISP header would look like:/LISP header in this case is:/
SB> More importantly it is slightly confusing putting the 0 case
SB> rider before the format, since at first glance it looks like
SB> the format is only like this when L = 0.



=========

  o  The outer header Type of Service field (or the Traffic Class
      field, in the case of IPv6) SHOULD be copied from the inner header
      Type of Service field (with one caveat, see below).

SB> Given that you have separated the host domain from the
SB> ISP domain, I am not sure why this is a SHOULD.

==========

  When doing ETR/PETR decapsulation:

  o  The inner header Time to Live field (or Hop Limit field, in case
      of IPv6) SHOULD be copied from the outer header Time to Live
      field, when the Time to Live field of the outer header is less
      than the Time to Live of the inner header.  Failing to perform
      this check can cause the Time to Live of the inner header to
      increment across encapsulation/decapsulation cycle.  This check is
      also performed when doing initial encapsulation when a packet
      comes to an ITR or PITR destined for a LISP site.


SB> What LISP is doing is very similar in many respects to
SB> MPLS does, and MPLS found that it needed both copy TTL and
SB> not copy TTL. I am surprised that you did not follow that model.



========


6.1.  LISP IPv4 and IPv6 Control Plane Packet Formats

  The following UDP packet formats are used by the LISP control-plane.

SB> They are not UDP pkt formats, they are UDP/IP packet formats.

========

6.1.1.  LISP Packet Type Allocations

  This section will be the authoritative source for allocating LISP
  Type values.  Current allocations are:

SB> Surely the section *is* the authoritative source?
SB> Are you sure you do not need a registry for this?

=======


9.2.  IPv4 Traceroute

  The solution we propose to solve this problem is to cache traceroute
  IPv4 headers in the ITR and to match them up with corresponding IPv4
  Time Exceeded messages received from core routers and the ETR.

SB> This sounds like quite a complicated mechanism. Did the authors
SB> consider having the ITR do proxy traceroute?
2012-01-19
22 Stewart Bryant
[Ballot discuss]
Having re-read the document and having reviewed some of the other LISP documents I am updating my discuss.

The fundamental problem is understanding …
[Ballot discuss]
Having re-read the document and having reviewed some of the other LISP documents I am updating my discuss.

The fundamental problem is understanding the LISP as presented in this base specification is that there is an implicit rather than explicit architecture. Understanding the architecture is important in understanding how the experiment is (or is not working) and understanding how to modify/correct/extend the protocol. Either this documents needs an architectural description up front showing how all the components fit together and which precedes the protocol definitions, or an architectural of framework document needs to be published first.

In addition the definitions section really needs be split into a definitions section (with care being taken over the
generic definition of terms vs the unicast specific  definition), and a section describing the protocol
operations associated with those terms.

The document needs to be clearer on what happens when the traffic is a high volume UDP source that only transmits occasionally. Say (but not limited to)  some form of remote IPFIX collector that is occasionally triggered.

My concern is

a) Do we see a large chunk of the flow dropped on the floor until the mapping is learned - the conflict is between DOS attack and degradation of service WRT the "legacy Internet".

b) Do we see a miss ordering of packets during as the system swaps from probe to normal operation

c) Do we see a repeat of this as a result of cache aging.

========

I am also moving the following up to Discuss since it is related
to the need for a clear description of the impact of the cache
vs the existing behavior of the Internet.

5.4.2.  A Stateful Solution to MTU Handling

SB> It looks like there needs to be some discussion about
SB> the state lifetime, and the issue of holding a stale
SB> MTU vs transienting a flow by flushing the cache.

Note that in both cases I am not requesting a change to the protocol,
just a clear explanation of the expected behavior.
2012-01-19
22 Sean Turner [Ballot Position Update] Position for Sean Turner has been changed to No Objection from Discuss
2012-01-18
22 Dan Romascanu
[Ballot comment]
1. I support Pete's COMMENT and Adrian's DISCUSS about the need to make more clear the goals of the experiment, the criteria of …
[Ballot comment]
1. I support Pete's COMMENT and Adrian's DISCUSS about the need to make more clear the goals of the experiment, the criteria of success and the limits of deployment while the document stays Experimental.

2. It would be more clear to split 14.1. into two sub-sections, especially as IANA is required to create a registry for LISP ACT if I understand correctly, while no action is required from IANA for the Flag Fields

3. I support Stewart's DISCUSS. One of the sources of UDP traffic that transmit occasionally may be SNMP agents in the core. When sending unaknowledged notifications (a.k.a. traps) these could be dropped on the floor and then if the cache is flushed they will be lost forever. Altough traps are not supposed to be used in critical applications, systematic loss in what would not be a meltdown situation could badly impact the manageability of the routing environment,
2012-01-18
22 Ron Bonica
[Ballot discuss]
.

Success Criteria
============
Please be specific about success criteria for this experiment. What outcome must an experimenter observe in order to consider …
[Ballot discuss]
.

Success Criteria
============
Please be specific about success criteria for this experiment. What outcome must an experimenter observe in order to consider the experiment a success? Clearly, the experimenter must observe no significant decrease in network performance or availability. However, that alone is not enough to motivate the experiment.

The Introduction suggests that the experiment is motivated by a desire to enhance the scaling characteristics of the global Internet. Having completed the experiment, how will you determine whether you have achieved that goal? One possibility is to make some predictions regarding the size of the global routing tables versus the size of the routing tables carried in LISP ALT at various points in the experiment (i.e., when only a few sites participate in LISP, when half of the Internet participates in LISP, when most of the Internet participates in LISP). The experiment could compare projected results to observations.

Experiment Scoping
===============
Joel points out that the DISCUSS item below is redundant with Adrian's. So, I will withdraw this part of the DISCUSS pending resolution of Adrian's.

{Please scope the experiment. How many sites or prefixes must be carried by LISP in order to yield meaningful results? Given the remote possibility that LISP machinery may scale to a certain point and then fail dramatically, should the document provide any guidelines regarding experiment participation (e.g., non-mission critical).}

IPv4 vs IPv6
=========
Please comment on how LISP will enhance the scaling capabilities of the IPv4 routing system, in which it is impossible to allocate a contiguous address block for EID use.
2012-01-17
22 Ron Bonica
[Ballot discuss]
Fifth item delete......

Success Criteria
============
Please be specific about success criteria for this experiment. What outcome must an experimenter observe in order …
[Ballot discuss]
Fifth item delete......

Success Criteria
============
Please be specific about success criteria for this experiment. What outcome must an experimenter observe in order to consider the experiment a success? Clearly, the experimenter must observe no significant decrease in network performance or availability. However, that alone is not enough to motivate the experiment.

The Introduction suggests that the experiment is motivated by a desire to enhance the scaling characteristics of the global Internet. Having completed the experiment, how will you determine whether you have achieved that goal? One possibility is to make some predictions regarding the size of the global routing tables versus the size of the routing tables carried in LISP ALT at various points in the experiment (i.e., when only a few sites participate in LISP, when half of the Internet participates in LISP, when most of the Internet participates in LISP). The experiment could compare projected results to observations.

Experiment Scoping
===============
Joel points out that the DISCUSS item below is redundant with Adrian's. So, I will withdraw this part of the DISCUSS pending resolution of Adrian's.

{Please scope the experiment. How many sites or prefixes must be carried by LISP in order to yield meaningful results? Given the remote possibility that LISP machinery may scale to a certain point and then fail dramatically, should the document provide any guidelines regarding experiment participation (e.g., non-mission critical).}

IPv4 vs IPv6
=========
Please comment on how LISP will enhance the scaling capabilities of the IPv4 routing system, in which it is impossible to allocate a contiguous address block for EID use.

Traffic Engineering
=============
The LISP protocol appears to lack machinery required to pass traffic engineering information from inside LISP to the global routing system. The problem is illustrated by example, below:

Assume that there are two LISP sites, one in Australia and the other in the United States. The Australian LISP site numbers its resources from one /24 and the American LISP site numbers its resources from another /24.

Assume also that there are two PITRs. One PITR is located in Australia and the other in the United States. Both PITRs need to advertise both /24s to the global Internet. However, the American PITR's advertisement for the American site should be more attractive that the Australian PITRs advertisement for that same site. Likewise, the Australian PITR's advertisement for the Australian site should be more attractive that the American PITRs advertisement for that same site. This could be achieved by varying the BGP AS Path length as it is advertised into the global Internet.

However, it is not clear how the PITR does this? If the PITR also serves as an XTR to both LISP sites, it might evaluate the cost of traversing the tunnel and pad the BGP AS path appropriately. However, it the PITR does not also serve as XTR to both LISP site, some additional protocol mechanism is needed.
2012-01-17
22 Ralph Droms
[Ballot comment]
Updated to refer to rev -19

I'd like to see a mention of the complementary observation that
using a single ID-LOC avoids the …
[Ballot comment]
Updated to refer to rev -19

I'd like to see a mention of the complementary observation that
using a single ID-LOC avoids the necessity of a separate step to
bind an identifier to its location and a database to manage those
bindings.  A mention of the scale of the binding database would be
appropriate, too.

As I understand LISP, the EIDs are still ID-LOCs, not pure
identifiers, within a LISP site.  Outside any LISP site, an EID is a
pure identifier.  Which begs the question: exactly what is LISP
providing, since it isn't providing a pure ID/LOC separation.  E.g., a
node can't move within a site without changing its ID, nor can it move
between sites without changing its ID.  Of course, this hybrid ID/LOC
architecture helps with the scaling of the ID/LOC binding database.

In section 4: first bullet of "basic rules": is it the case that
end-systems are aware of LISP at all?

I would write the first phrase of the third paragraph of section 5 as
"Because EIDs and RLOCs can be either IPv4 or IPv6 addresses, ..."

I don't understand the deployment method described in section 5.5.  I
think I understand the scenario, but I don't understand how RFC 1918
prefixes can be used as EID prefixes.  How is an EID that has an RFC
1918
prefix disambiguated to do the EID-RLOC mapping?  This
question is related to the Discuss issue asking for clarification
of the global uniqueness requirements for EIDs.

In section 6.3, how does an ITR determine the original destination of
an encapsulated datagram that triggers an ICMP Network or Host
Unreachable message, so it can construct a meaningful ICMP Unreachable
message to send to the original source of the datagram?

In section 10.2, I understand how LISP can help avoid site
renumbering, as described in RFC 4192, but I don't understand how it
helps with renumbering a single node that moves
within or between sites.  What is the impact of host renumbering on
LISP forwarding?  What is the citation of RFC 4984 at the end of
section 10.2 in reference to?

I see that Jari has a Discuss waiting for IANA review.  I think
section 14 needs clarification - e.g., while section 14 includes
the text "There are two name spaces in LISP that require registration,"
there appear to be four registries requested in section 14.


How is the statement from the definition of EID-prefix:

  A globally routed
  address block MAY be used by its assignee as an EID block.

compatible from this statement from sections 2 and 4, respectively:

  [...] (EIDs), which are assigned independently from
  the network topology, [...]

  [...] an EID is only routable within the scope of a site.

I think the issue is that some additional caveats are required if "a
globally routed address block [is] used [...] as an EID block";
spec. those addresses from the globally routed address block used as
EIDs must not be allowed to be actually routed directly over the
Internet.  Well, maybe, as we'll need to see how the transition
mechanisms provide interoperability between LISP and
non-LISP systems.
2012-01-17
22 Ralph Droms
[Ballot comment]
Updated to refer to rev -19

I'd like to see a mention of the complementary observation that
using a single ID-LOC avoids the …
[Ballot comment]
Updated to refer to rev -19

I'd like to see a mention of the complementary observation that
using a single ID-LOC avoids the necessity of a separate step to
bind an identifier to its location and a database to manage those
bindings.  A mention of the scale of the binding database would be
appropriate, too.

As I understand LISP, the EIDs are still ID-LOCs, not pure
identifiers, within a LISP site.  Outside any LISP site, an EID is a
pure identifier.  Which begs the question: exactly what is LISP
providing, since it isn't providing a pure ID/LOC separation.  E.g., a
node can't move within a site without changing its ID, nor can it move
between sites without changing its ID.  Of course, this hybrid ID/LOC
architecture helps with the scaling of the ID/LOC binding database.

In section 4: first bullet of "basic rules": is it the case that
end-systems are aware of LISP at all?

I would write the first phrase of the third paragraph of section 5 as
"Because EIDs and RLOCs can be either IPv4 or IPv6 addresses, ..."

I don't understand the deployment method described in section 5.5.  I
think I understand the scenario, but I don't understand how RFC 1918
prefixes can be used as EID prefixes.  How is an EID that has an RFC
1918
prefix disambiguated to do the EID-RLOC mapping?  This
question is related to the Discuss issue asking for clarification
of the global uniqueness requirements for EIDs.

In section 6.3, how does an ITR determine the original destination of
an encapsulated datagram that triggers an ICMP Network or Host
Unreachable message, so it can construct a meaningful ICMP Unreachable
message to send to the original source of the datagram?

In section 10.2, I understand how LISP can help avoid site
renumbering, as described in RFC 4192, but I don't understand how it
helps with renumbering a single node that moves
within or between sites.  What is the impact of host renumbering on
LISP forwarding?  What is the citation of RFC 4984 at the end of
section 10.2 in reference to?

I see that Jari has a Discuss waiting for IANA review.  I think
section 14 needs clarification - e.g., while section 14 includes
the text "There are two name spaces in LISP that require registration,"
there appear to be four registries requested in section 14.
2012-01-17
22 Ralph Droms
[Ballot discuss]
Updated to refer to rev -19

EIDs are defined to be "not routable on the public
Internet."  What are the global uniqueness properties …
[Ballot discuss]
Updated to refer to rev -19

EIDs are defined to be "not routable on the public
Internet."  What are the global uniqueness properties
required for EIDs, both among EIDs and between
EIDs and globally routable IP addresses?  How
are EIDs with the appropriate properties chosen
and coordinated among LISP sites?
2012-01-17
22 Ron Bonica
[Ballot discuss]
Updated again, adding a fifth point.

Success Criteria
============
Please be specific about success criteria for this experiment. What outcome must an experimenter …
[Ballot discuss]
Updated again, adding a fifth point.

Success Criteria
============
Please be specific about success criteria for this experiment. What outcome must an experimenter observe in order to consider the experiment a success? Clearly, the experimenter must observe no significant decrease in network performance or availability. However, that alone is not enough to motivate the experiment.

The Introduction suggests that the experiment is motivated by a desire to enhance the scaling characteristics of the global Internet. Having completed the experiment, how will you determine whether you have achieved that goal? One possibility is to make some predictions regarding the size of the global routing tables versus the size of the routing tables carried in LISP ALT at various points in the experiment (i.e., when only a few sites participate in LISP, when half of the Internet participates in LISP, when most of the Internet participates in LISP). The experiment could compare projected results to observations.

Experiment Scoping
===============
Joel points out that the DISCUSS item below is redundant with Adrian's. So, I will withdraw this part of the DISCUSS pending resolution of Adrian's.

{Please scope the experiment. How many sites or prefixes must be carried by LISP in order to yield meaningful results? Given the remote possibility that LISP machinery may scale to a certain point and then fail dramatically, should the document provide any guidelines regarding experiment participation (e.g., non-mission critical).}

IPv4 vs IPv6
=========
Please comment on how LISP will enhance the scaling capabilities of the IPv4 routing system, in which it is impossible to allocate a contiguous address block for EID use.

Traffic Engineering
=============
The LISP protocol appears to lack machinery required to pass traffic engineering information from inside LISP to the global routing system. The problem is illustrated by example, below:

Assume that there are two LISP sites, one in Australia and the other in the United States. The Australian LISP site numbers its resources from one /24 and the American LISP site numbers its resources from another /24.

Assume also that there are two PITRs. One PITR is located in Australia and the other in the United States. Both PITRs need to advertise both /24s to the global Internet. However, the American PITR's advertisement for the American site should be more attractive that the Australian PITRs advertisement for that same site. Likewise, the Australian PITR's advertisement for the Australian site should be more attractive that the American PITRs advertisement for that same site. This could be achieved by varying the BGP AS Path length as it is advertised into the global Internet.

However, it is not clear how the PITR does this? If the PITR also serves as an XTR to both LISP sites, it might evaluate the cost of traversing the tunnel and pad the BGP AS path appropriately. However, it the PITR does not also serve as XTR to both LISP site, some additional protocol mechanism is needed.

Initial Packet Loss
=============
You may want to add a bullet to Section 15 indicating that some applications will not perform well in LISP sites unless the cache-mappings that they require are either statically configured or protected from expiration. One such application is SNMPv2. Others have yet to be identified.
2012-01-17
22 Ron Bonica
[Ballot discuss]
Updated again, adding a fourth point.

Success Criteria
============
Please be specific about success criteria for this experiment. What outcome must an experimenter …
[Ballot discuss]
Updated again, adding a fourth point.

Success Criteria
============
Please be specific about success criteria for this experiment. What outcome must an experimenter observe in order to consider the experiment a success? Clearly, the experimenter must observe no significant decrease in network performance or availability. However, that alone is not enough to motivate the experiment.

The Introduction suggests that the experiment is motivated by a desire to enhance the scaling characteristics of the global Internet. Having completed the experiment, how will you determine whether you have achieved that goal? One possibility is to make some predictions regarding the size of the global routing tables versus the size of the routing tables carried in LISP ALT at various points in the experiment (i.e., when only a few sites participate in LISP, when half of the Internet participates in LISP, when most of the Internet participates in LISP). The experiment could compare projected results to observations.

Experiment Scoping
===============
Joel points out that the DISCUSS item below is redundant with Adrian's. So, I will withdraw this part of the DISCUSS pending resolution of Adrian's.

{Please scope the experiment. How many sites or prefixes must be carried by LISP in order to yield meaningful results? Given the remote possibility that LISP machinery may scale to a certain point and then fail dramatically, should the document provide any guidelines regarding experiment participation (e.g., non-mission critical).}

IPv4 vs IPv6
=========
Please comment on how LISP will enhance the scaling capabilities of the IPv4 routing system, in which it is impossible to allocate a contiguous address block for EID use.

Traffic Engineering
=============
The LISP protocol appears to lack machinery required to pass traffic engineering information from inside LISP to the global routing system. The problem is illustrated by example, below:

Assume that there are two LISP sites, one in Australia and the other in the United States. The Australian LISP site numbers its resources from one /24 and the American LISP site numbers its resources from another /24.

Assume also that there are two PITRs. One PITR is located in Australia and the other in the United States. Both PITRs need to advertise both /24s to the global Internet. However, the American PITR's advertisement for the American site should be more attractive that the Australian PITRs advertisement for that same site. Likewise, the Australian PITR's advertisement for the Australian site should be more attractive that the American PITRs advertisement for that same site. This could be achieved by varying the BGP AS Path length as it is advertised into the global Internet.

However, it is not clear how the PITR does this? If the PITR also serves as an XTR to both LISP sites, it might evaluate the cost of traversing the tunnel and pad the BGP AS path appropriately. However, it the PITR does not also serve as XTR to both LISP site, some additional protocol mechanism is needed.
2012-01-16
22 Ron Bonica
[Ballot discuss]
Joel points out that the second part of my DISCUSS is redundant with Adrian's. So, I will withdraw that part of the DISCUSS …
[Ballot discuss]
Joel points out that the second part of my DISCUSS is redundant with Adrian's. So, I will withdraw that part of the DISCUSS pending resolution of Adrian's.

Success Criteria
============
Please be specific about success criteria for this experiment. What outcome must an experimenter observe in order to consider the experiment a success? Clearly, the experimenter must observe no significant decrease in network performance or availability. However, that alone is not enough to motivate the experiment.

The Introduction suggests that the experiment is motivated by a desire to enhance the scaling characteristics of the global Internet. Having completed the experiment, how will you determine whether you have achieved that goal? One possibility is to make some predictions regarding the size of the global routing tables versus the size of the routing tables carried in LISP ALT at various points in the experiment (i.e., when only a few sites participate in LISP, when half of the Internet participates in LISP, when most of the Internet participates in LISP). The experiment could compare projected results to observations.

Experiment Scoping
===============
Joel points out that the DISCUSS item below is redundant with Adrian's. So, I will withdraw this part of the DISCUSS pending resolution of Adrian's.

{Please scope the experiment. How many sites or prefixes must be carried by LISP in order to yield meaningful results? Given the remote possibility that LISP machinery may scale to a certain point and then fail dramatically, should the document provide any guidelines regarding experiment participation (e.g., non-mission critical).}

IPv4 vs IPv6
=========
Please comment on how LISP will enhance the scaling capabilities of the IPv4 routing system, in which it is impossible to allocate a contiguous address block for EID use.
2012-01-16
22 Stephen Farrell
[Ballot comment]
This was a discuss, but on the basis that the lisp WG re-chartering
will address the issue, I'm clearing.

#12, It looks from …
[Ballot comment]
This was a discuss, but on the basis that the lisp WG re-chartering
will address the issue, I'm clearing.

#12, It looks from 6.1.6 like a Map-Register can be replayed. That's
not a good thing. There may be a similar replay
issue with Map-Notify messages.
2012-01-16
22 Stephen Farrell [Ballot discuss]
2012-01-16
22 Stephen Farrell [Ballot Position Update] Position for Stephen Farrell has been changed to No Objection from Discuss
2012-01-16
22 Ron Bonica
[Ballot discuss]
The following is an updated DISCUSS

Success Criteria
============
Please be specific about success criteria for this experiment. What outcome must an experimenter …
[Ballot discuss]
The following is an updated DISCUSS

Success Criteria
============
Please be specific about success criteria for this experiment. What outcome must an experimenter observe in order to consider the experiment a success? Clearly, the experimenter must observe no significant decrease in network performance or availability. However, that alone is not enough to motivate the experiment.

The Introduction suggests that the experiment is motivated by a desire to enhance the scaling characteristics of the global Internet. Having completed the experiment, how will you determine whether you have achieved that goal? One possibility is to make some predictions regarding the size of the global routing tables versus the size of the routing tables carried in LISP ALT at various points in the experiment (i.e., when only a few sites participate in LISP, when half of the Internet participates in LISP, when most of the Internet participates in LISP). The experiment could compare projected results to observations.

Experiment Scoping
===============
Please scope the experiment. How many sites or prefixes must be carried by LISP in order to yield meaningful results? Given the remote possibility that LISP machinery may scale to a certain point and then fail dramatically, should the document provide any guidelines regarding experiment participation (e.g., non-mission critical).

IPv4 vs IPv6
=========
Please comment on how LISP will enhance the scaling capabilities of the IPv4 routing system, in which it is impossible to allocate a contiguous address block for EID use.
2012-01-12
22 Jean Mahoney Request for Telechat review by GENART is assigned to Elwyn Davies
2012-01-12
22 Jean Mahoney Request for Telechat review by GENART is assigned to Elwyn Davies
2012-01-12
22 Jari Arkko Placed on agenda for telechat - 2012-01-19
2012-01-08
22 Adrian Farrel
[Ballot discuss]
I have updated my Discuss to remove the issues resolved in the -19
revision.

---

I'm inclined to agree with Russ that this …
[Ballot discuss]
I have updated my Discuss to remove the issues resolved in the -19
revision.

---

I'm inclined to agree with Russ that this is well-enough specified for
an experimental status document, but I have some concerns.

---

I don't see any statement of the scope of the experiment or how it will
be judged. Traditionally, experiments are not released into the Internet
but are operated in a controlled way in walled gardens. It appears that
the intention with this experiment is that it should be conducted in the
Internet, and that makes it important to examine the risks and
uncertaintes.

As part of the Discuss resolution on other LISP documents, and in
accordance with the LISP WG charter, we had agreed that this
specification would countain an upfront and clear statement of the
issues and concerns. To remind you, the charter says:

At this time, these proposals are at an early stage. All proposals
(including LISP) have potentially harmful side-effects to Internet
traffic carried by the involved routers, have parts where deployment
incentives may be lacking, and are NOT RECOMMENDED for deployment beyond
experimental situations at this stage. Many of the proposals have
components (such as the identifier to locator mapping system) where it
is not yet known what kind of design alternative is the best one among
many.

and

The LISP WG is NOT chartered to develop the final
or standard solution for solving the routing scalability problem. Its
specifications are Experimental and labeled with accurate disclaimers
about their limitations and not fully understood implications for
Internet traffic. In addition, as these issues are understood, the
working group will analyze and document the implications of LISP on
Internet traffic, applications, routers, and security. This analysis
will explain what role LISP can play in scalable routing. The analysis
should also look at scalability and levels of state required for
encapsulation, decapsulation, liveness, and so on

I do not consider that this draft has adhered to the WG charter, and I
consider the active encouragement of "early deployments" to be both
against the spirit and the letter of the charter. If you believe that
the experiment needs to be conducted "in the wild" you need to spend a
bit more text explaining why this is safe and how the experiment is
contained.

I have proposed text on the LISP mailing list to address this part of my Discuss.

---

Section 2

  Routing Locators (RLOCs), which are topologically assigned to network
  attachment points (and are therefore amenable to aggregation)

I don't see that RLOCs are any more amenable to aggregation than today's
IP addresses. That is, the allocation scheme for RLOCs could be run such
that RLOCs are aggregatable, but could equally be run such that it is
hard to aggregate.

Maybe the points here are that:
- network attachment points are not (currently) mobile
- network attachment points are defined by the networks they attach to
- network attachment points, by definition, impose an aggregation of
  end points.

A way to solve this, if you wrote what you intended to write, would be a
forward pointer to the section in the document that describes
aggregation of RLOCs. Otherwise, perhaps just drop the parentheses.

---

Section 2

  One database design that is being developed
  and prototyped as part of the LISP working group work is [ALT].
  Others that have been described but not implemented include [CONS],
  [EMACS], [RPMD], [NERD].

Is the LISP working group undertaking controlled prototyping?
Is the intention to state that "there are known protocotype
implementations of [ALT]."

Similarly, what does it mean to say "have been described but not
implemented"? I guess: "At the time of writing, the authors are unaware
of any implementations of..."

---

Section 3

      When using multiple mapping database
      systems, care must be taken to not create reencapsulation loops.

What is this "care"?
What about loops caused by transient conditions (or errors) in a single
LISP mapping database?
Shouldn't the payload TTL at least be decremented by one for each
tunnel?

Note that reencapsulation is not the same as nested encapsulation.
You are clear about avoiding the latter (although some form of DPI
may be required to achieve it).

---

Step 7 of Section 4.1 doesn't make it clear what has happened to the
first packet in the flow. I had assumed that it was buffered pending
the Map-Reply, but I now suspect it was discarded as soon as the
Map-Request was constructed. Can you add a clarification.
2012-01-08
22 Adrian Farrel
[Ballot comment]
I have updated my Comment to remove those points that you have addressed
in revision -19 (thanks).

---

The architectural overview in Section …
[Ballot comment]
I have updated my Comment to remove those points that you have addressed
in revision -19 (thanks).

---

The architectural overview in Section 4 would be enhanced by a picture.

The example in 4.1 would similarly benefit.

---
Section 5.3

I agree with Wes about the N and V bits.

---

Section 5.3 LISP Nonce

      When the E-bit is clear but the N-bit is
      set, a remote ITR is either echoing a previously requested echo-
      nonce or providing a random nonce.

"is clear/set" in what?
The original message sent, or the new message received?
2012-01-08
22 Adrian Farrel
[Ballot discuss]
I have updated my Discuss to remove the issues resolved in the -19
revision.

---

I'm inclined to agree with Russ that this …
[Ballot discuss]
I have updated my Discuss to remove the issues resolved in the -19
revision.

---

I'm inclined to agree with Russ that this is well-enough specified for
an experimental status document, but I have some concerns.

I don't see any statement of the scope of the experiment or how it will
be judged. Traditionally, experiments are not released into the Internet
but are operated in a controlled way in walled gardens. It appears that
the intention with this experiment is that it should be conducted in the
Internet, and that makes it important to examine te risks and
uncertaintes.

As part of the Discuss resolution on other LISP documents, and in
accordance with the LISP WG charter, we had agreed that this
specification would countain an upfront and clear statement of the
issues and concerns. To remind you, the charter says:

At this time, these proposals are at an early stage. All proposals
(including LISP) have potentially harmful side-effects to Internet
traffic carried by the involved routers, have parts where deployment
incentives may be lacking, and are NOT RECOMMENDED for deployment beyond
experimental situations at this stage. Many of the proposals have
components (such as the identifier to locator mapping system) where it
is not yet known what kind of design alternative is the best one among
many.

and

The LISP WG is NOT chartered to develop the final
or standard solution for solving the routing scalability problem. Its
specifications are Experimental and labeled with accurate disclaimers
about their limitations and not fully understood implications for
Internet traffic. In addition, as these issues are understood, the
working group will analyze and document the implications of LISP on
Internet traffic, applications, routers, and security. This analysis
will explain what role LISP can play in scalable routing. The analysis
should also look at scalability and levels of state required for
encapsulation, decapsulation, liveness, and so on

I do not consider that this draft has adhered to the WG charter, and I
consider the active encouragement of "early deployments" to be both
against the spirit and the letter of the charter. If you believe that
the experiment needs to be conducted "in the wild" you need to spend a
bit more text explaining why this is safe and how the experiment is
contained.

---

Section 2

  Routing Locators (RLOCs), which are topologically assigned to network
  attachment points (and are therefore amenable to aggregation)

I don't see that RLOCs are any more amenable to aggregation than today's
IP addresses. That is, the allocation scheme for RLOCs could be run such
that RLOCs are aggregatable, but could equally be run such that it is
hard to aggregate.

Maybe the points here are that:
- network attachment points are not (currently) mobile
- network attachment points are defined by the networks they attach to
- network attachment points, by definition, impose an aggregation of
  end points.

A way to solve this, if you wrote what you intended to write, would be a
forward pointer to the section in the document that describes
aggregation of RLOCs. Otherwise, perhaps just drop the parentheses.

---

Section 2

  One database design that is being developed
  and prototyped as part of the LISP working group work is [ALT].
  Others that have been described but not implemented include [CONS],
  [EMACS], [RPMD], [NERD].

Is the LISP working group undertaking controlled prototyping?
Is the intention to state that "there are known protocotype
implementations of [ALT]."

Similarly, what does it mean to say "have been described but not
implemented"? I guess: "At the time of writing, the authors are unaware
of any implementations of..."

---

Section 3

      When using multiple mapping database
      systems, care must be taken to not create reencapsulation loops.

What is this "care"?
What about loops caused by transient conditions (or errors) in a single
LISP mapping database?
Shouldn't the payload TTL at least be decremented by one for each
tunnel?

Note that reencapsulation is not the same as nested encapsulation.
You are clear about avoiding the latter (although some form of DPI
may be required to achieve it).

---

Step 7 of Section 4.1 doesn't make it clear what has happened to the
first packet in the flow. I had assumed that it was buffered pending
the Map-Reply, but I now suspect it was discarded as soon as the
Map-Request was constructed. Can you add a clarification.
2012-01-06
22 Stephen Farrell
[Ballot discuss]
While this was a lot of discuss points, its now just one which is
really the same as my discuss point on lisp-ms …
[Ballot discuss]
While this was a lot of discuss points, its now just one which is
really the same as my discuss point on lisp-ms (not yet clear what
fix where might best resolve this).

#12, It looks from 6.1.6 like a Map-Register can be replayed. That's
not a good thing. What prevents/detects such replays which should be
a nice DoS if a site changes its config? Maybe that nonce ought not
be zero and maybe there should be a Map-Server or ETR defined window
during which nonces MUST be kept? (I may need to check [LISP-MS]
again to see what's what there.) There may be a similar replay
issue with Map-Notify messages, not sure. -17 seems to be the same
here so I think there's more to discuss.
2012-01-05
19 (System) New version available: draft-ietf-lisp-19.txt
2012-01-05
22 Stephen Farrell
[Ballot comment]
(A) (was discuss #4) 5.4.1 says that reassembly (if needed) happens at the destination
and not the ETR, but then later says that …
[Ballot comment]
(A) (was discuss #4) 5.4.1 says that reassembly (if needed) happens at the destination
and not the ETR, but then later says that setting DF=1 in the
encapsulated packet avoids "ETR fragment reassembly." Those seem to
be in conflict. -17 has no change and I still think those conflict.

After a bit of back and forth, I now get it. If the spec added the following
to 5.4.1 it would have avoided my confusion but since in the end it has to
work this way this is no longer a discuss point.

The suggested addition is: "Note that reassembly can happen at the
ETR if the packet was fragmented at or after the ITR."
2012-01-05
22 Stephen Farrell
[Ballot discuss]
While this was a lot of discuss points, its now a lot fewer:-)
           
#1 cleared

#2, How …
[Ballot discuss]
While this was a lot of discuss points, its now a lot fewer:-)
           
#1 cleared

#2, How does an ITR know or when to use the underlying routing system
or the ALT? Is that just config or packet-by-packet? (4.1 4th
bullet.) -17 still doesn't answer that for me sorry - there are two clear
ways to send a map request but how is one selected?

#3, cleared

#4, cleared, moved this to comment (A) once it was explained to me.

#5, cleared

#6, cleared

#7 cleared. (But as a comment it might be good to more fully explain the actual status
of [CONS] when its first referenced?)

#8, 6.1.3 talks about a destination IP address being a
destination-EID.  That's odd. There's no field in 6.1.2 named that so
you must mean the destination IP address of the UDP packet containing
the Map-Request, but then you're sending a UDP packet to the Internet
with an EID as its destination IP address which I thought was the
main thing LISP wanted to avoid. I don't understand how that works
since it seems to mean that all EIDs MUST be globally routable.
Reading to the next paragraph perhaps you mean that such a request
MUST be LISP encapsulated and sent to a Map-Resovler but then how
would the ITR know which Map-Resolver RLOC to use for the EID in
question? -17 has no change here

#9, Last para of 6.1.3. I think you need to say that an ETR MUST NOT
add such a mapping to its map-cache until after it has been
successfully verified. Its currently a "may" I think. If an
implementation did add the mapping whilst verification was pending,
then sending two Map-Requests with the mapping might work for an
attacker if they can respond sooner than the mapping DB. If the ETR
just added the mapping with no verification then I think the attack
is clear - any ITR (or maybe any host?) can conincve any ETR that its
the place to send stuff for any EID previously unknown to that ETR.
Section 6.2 says that gleaned map-cache entries can be stored for "a
few seconds" so this race may be a real issue. Probably easiest is to
say something in 6.1.3 about such map-cache entries when they're in
the "pending" state. -17 has no change and I think this still needs
discussing.

#10, cleared

#11, cleared

#12, It looks from 6.1.6 like a Map-Register can be replayed. That's
not a good thing. What prevents/detects such replays which should be
a nice DoS if a site changes its config? Maybe that nonce ought not
be zero and maybe there should be a Map-Server or ETR defined window
during which nonces MUST be kept? (I may need to check [LISP-MS]
again to see what's what there.) There may be a similar replay
issue with Map-Notify messages, not sure. -17 seems to be the same
here so I think there's more to discuss.

#13, cleared
2011-12-15
18 (System) New version available: draft-ietf-lisp-18.txt
2011-12-13
22 Ron Bonica
[Ballot discuss]
Experimental Status (Was Issue 1)
=================================
In the Introduction, please add text that describes what you expect to learn from the experiment. The …
[Ballot discuss]
Experimental Status (Was Issue 1)
=================================
In the Introduction, please add text that describes what you expect to learn from the experiment. The following potential discoveries should be discussed:

- Benefits derived from LISP
- LISP operational characteristics

Regarding benefits, you might want to say that you expect to demonstrate a reduction in the size of the global routing table, traffic engineering, multi-homing, etc.

Regarding operational characteristics, you might to say that LISP introduces several new mechanisms (e.g., ITR map-caching) with which we have little operational experience. The experiment will reveal these mechanism's scaling, performance and security characteristics. The experiment will also reveal the degree of effort required to diagnose LISP network problems. This section might want to include a pointer to Section 15.

Experimental Status Redux (Was Issue 2 and 3)
=============================================
When the experiment is performed in an IPv4 network, is it likely to yield the same results as it will in an IPv6 network? When answering this question, recall that a large, contiguous block of IPv6 address space will be allocated for EIDs. In IPv4, such an allocation is not possible.

Mapping Registration (Was Issue 9)
==========================
All ETRs serving a particular prefix must maintain synchronization with each other, at least regarding that prefix. The LISP document suite offers no mechanism for keeping ETRs in sync. Also, if ETRs become out of sync, temporary or persistent packet loss may result.

Given these restrictions, is it reasonable to say that  all ETRs servicing a prefix MUST be under the same configuration authority, so that updates can be coordinated?


Forwarding Plane Encapsulation (Was Issue 7)
============================================
- Regarding the outer header, you say, "The DF bit of the Flags field is set to 0 when the method in Section 5.4.1 is used and set to 1 when the method in Section 5.4.2 is used." You contradict this statement in the last paragraph of Section 5.4.1.

- The diagram associated with the I flag suggests that the LSB bits will be set even if the I flag is set to 1 and the L flag is set to 0. Is that what you meant to say?
2011-12-13
22 Ron Bonica
[Ballot discuss]
Experimental Status (Was Issue 1)
=================================
In the Introduction, please add text that describes what you expect to learn from the experiment. The …
[Ballot discuss]
Experimental Status (Was Issue 1)
=================================
In the Introduction, please add text that describes what you expect to learn from the experiment. The following potential discoveries should be discussed:

- Benefits derived from LISP
- LISP operational characteristics

Regarding benefits, you might want to say that you expect to demonstrate a reduction in the size of the global routing table, traffic engineering, multi-homing, etc.

Regarding operational characteristics, you might to say that LISP introduces several new mechanisms (e.g., ITR map-caching) with which we have little operational experience. The experiment will reveal these mechanism's scaling, performance and security characteristics. The experiment will also reveal the degree of effort required to diagnose LISP network problems. This section might want to include a pointer to Section 15.

Experimental Status Redux (Was Issue 2 and 3)
=============================================
When the experiment is performed in an IPv4 network, is it likely to yield the same results as it will in an IPv6 network? When answering this question, recall that a large, contiguous block of IPv6 address space will be allocated for EIDs. In IPv4, such an allocation is not possible.

Mapping Registration (Was Issue 9)
==========================
All ETRs serving a particular prefix must maintain synchronization with each other, at least regarding that prefix. The LISP document suite offers no mechanism for keeping ETRs in sync. Also, if ETRs become out of sync, temporary or persistent packet loss may result.

Given these restrictions, is it reasonable to say that  all ETRs service a prefix MUST be under the same configuration authority, so that updates can be coordinated?


Forwarding Plane Encapsulation (Was Issue 7)
============================================
- Regarding the outer header, you say, "The DF bit of the Flags field is set to 0 when the method in Section 5.4.1 is used and set to 1 when the method in Section 5.4.2 is used." You contradict this statement in the last paragraph of Section 5.4.1.

- The diagram associated with the I flag suggests that the LSB bits will be set even if the I flag is set to 1 and the L flag is set to 0. Is that what you meant to say?
2011-12-13
22 Ron Bonica
[Ballot discuss]
Experimental Status (Was Issue 1)
=================================
In the Introduction, please add text that describes what you expect to learn from the experiment. The …
[Ballot discuss]
Experimental Status (Was Issue 1)
=================================
In the Introduction, please add text that describes what you expect to learn from the experiment. The following potential discoveries should be discussed:

- Benefits derived from LISP
- LISP operational characteristics

Regarding benefits, you might want to say that you expect to demonstrate a reduction in the size of the global routing table, traffic engineering, multi-homing, etc.

Regarding operational characteristics, you might to say that LISP introduces several new mechanisms (e.g., ITR map-caching) with which we have little operational experience. The experiment will reveal these mechanism's scaling, performance and security characteristics. Then experiment will also reveal the degree of effort required to diagnose LISP network problems. This section might want to include a pointer to Section 15.

Experimental Status Redux (Was Issue 2 and 3)
=============================================
When the experiment is performed in an IPv4 network, is it likely to yield the same results as it will in an IPv6 network? When answering this question, recall that a large, contiguous block of IPv6 address space will be allocated for EIDs. In IPv4, such an allocation is not possible.

Mapping Registration (Was Issue 9)
==========================
All ETRs serving a particular prefix must maintain synchronization with each other, at least regarding that prefix. The LISP document suite offers no mechanism for keeping ETRs in sync. Also, if ETRs become out of sync, temporary or persistent packet loss may result.

Given these restrictions, is it reasonable to say that  all ETRs service a prefix MUST be under the same configuration authority, so that updates can be coordinated?


Forwarding Plane Encapsulation (Was Issue 7)
============================================
- Regarding the outer header, you say, "The DF bit of the Flags field is set to 0 when the method in Section 5.4.1 is used and set to 1 when the method in Section 5.4.2 is used." You contradict this statement in the last paragraph of Section 5.4.1.

- The diagram associated with the I flag suggests that the LSB bits will be set even if the I flag is set to 1 and the L flag is set to 0. Is that what you meant to say?
2011-12-13
22 Sean Turner [Ballot comment]
2011-12-13
22 Sean Turner
[Ballot discuss]
Updated based on -17.  #2 I cleared, but I am still curious about #1.

#1) s5.3: LISP Nonce: Trying to figure out why …
[Ballot discuss]
Updated based on -17.  #2 I cleared, but I am still curious about #1.

#1) s5.3: LISP Nonce: Trying to figure out why you'd resend the same nonce.  It seems like you're using it for reachability purposes? Why wouldn't you just use a new value each time?  Are you send the same set of packets multiple times (i.e., retransmitting)?

#2) cleared
2011-12-13
22 Stephen Farrell
[Ballot discuss]
While this was a lot of discuss points, its now a lot fewer:-)
           
#1 cleared

#2, How …
[Ballot discuss]
While this was a lot of discuss points, its now a lot fewer:-)
           
#1 cleared

#2, How does an ITR know or when to use the underlying routing system
or the ALT? Is that just config or packet-by-packet? (4.1 4th
bullet.) -17 still doesn't answer that for me sorry - there are two clear
ways to send a map request but how is one selected?

#3, cleared

#4, 5.4.1 says that reassembly (if needed) happens at the destination
and not the ETR, but then later says that setting DF=1 in the
encapsulated packet avoids "ETR fragment reassembly." Those seem to
be in conflict. -17 has no change and I still think those conflict.

#5, cleared

#6, cleared

#7 cleared. (But as a comment it might be good to more fully explain the actual status
of [CONS] when its first referenced?)

#8, 6.1.3 talks about a destination IP address being a
destination-EID.  That's odd. There's no field in 6.1.2 named that so
you must mean the destination IP address of the UDP packet containing
the Map-Request, but then you're sending a UDP packet to the Internet
with an EID as its destination IP address which I thought was the
main thing LISP wanted to avoid. I don't understand how that works
since it seems to mean that all EIDs MUST be globally routable.
Reading to the next paragraph perhaps you mean that such a request
MUST be LISP encapsulated and sent to a Map-Resovler but then how
would the ITR know which Map-Resolver RLOC to use for the EID in
question? -17 has no change here

#9, Last para of 6.1.3. I think you need to say that an ETR MUST NOT
add such a mapping to its map-cache until after it has been
successfully verified. Its currently a "may" I think. If an
implementation did add the mapping whilst verification was pending,
then sending two Map-Requests with the mapping might work for an
attacker if they can respond sooner than the mapping DB. If the ETR
just added the mapping with no verification then I think the attack
is clear - any ITR (or maybe any host?) can conincve any ETR that its
the place to send stuff for any EID previously unknown to that ETR.
Section 6.2 says that gleaned map-cache entries can be stored for "a
few seconds" so this race may be a real issue. Probably easiest is to
say something in 6.1.3 about such map-cache entries when they're in
the "pending" state. -17 has no change and I think this still needs
discussing.

#10, cleared

#11, cleared

#12, It looks from 6.1.6 like a Map-Register can be replayed. That's
not a good thing. What prevents/detects such replays which should be
a nice DoS if a site changes its config? Maybe that nonce ought not
be zero and maybe there should be a Map-Server or ETR defined window
during which nonces MUST be kept? (I may need to check [LISP-MS]
again to see what's what there.) There may be a similar replay
issue with Map-Notify messages, not sure. -17 seems to be the same
here so I think there's more to discuss.

#13, cleared
2011-12-13
22 Stephen Farrell
[Ballot comment]
- intro: says "non-routable EIDs" - are there no cases where EIDs are
routed? There are - you say they may be used …
[Ballot comment]
- intro: says "non-routable EIDs" - are there no cases where EIDs are
routed? There are - you say they may be used for routing within the
site (subnetting) in the definition of EID in section 3.  Maybe say
"non globally-routable EIDs"?

- intro: "an Internet"? maybe "the Internet"

- intro: maybe s/along administrative boundaries/along administrative
boundaries meaningful to device owners/ the topology also works along
administrative boundaries, just different (ISP) ones.

- intro: "xTRs" used before being defined (end of 2nd last para), you
could just say mapping modules or something generic here I guess.

- section 3, typo, s/a address block/an address block/ in defn of PA
addresses

- s3, EID definition says " An EID is allocated to a host from an
EID-prefix block associated with the site where the host is located."
Doesn't that sound more like a PA address? Maybe s/is located/at
home/ or something would be better? 

- s3, EID defn: "As the architecture is realized," is vague and maybe
a bit misleading, I think you mean "At present," ? (And maybe s/must
refer/ MUST refer/ in that same place?)

- on 2119 language generally, are you assuming upper and lower case
2119 terms are both the same? If so I think its useful to say so.  If
not then there are a bunch of lower case 2119 terms that may need
checking. (E.g. "may be used" in definition of EID-prefix is the next
one I saw. I've no idea how many of those there are.)

- s3, EID prefix defn: The term "smaller EID prefix" is a bit
confusing maybe. I guess smaller here refers to the block size and
not the number of bits in the prefix. Might help to say that just for
clarity.

- s3, EID prefix defn: typo "as a globally prefix"

- s3, Recursive tunneling defn: typo, s/never are they/they are
never/ same in defn of reencapsulating tunnels.

- s3, Route-returnability defn: type, s/limits/this limits/

- s4, 3rd para typo:  s/and strip/and strips/

- 4.1, step2 typo: s/EID destination/destination EID/

- 4.1, step3, is it a good idea to have 2119 language within an
example like this? Probably best to repeat it later in any case.

- 5.3, UDP header: typo s/a ITR/an ITR/

- 5.3, N bit: saying "Both N amd V bits MUST NOT be set..." is a bit
ambiguous, I think you mean "at the same time" but it could be read
to mean something different.

- 5.3, decapsulation TTL handling: I wonder why you said SHOULD copy
for the TTL field - while there is a condition, that could still be
"MUST copy except when " I'd have thought. If there's a reason
(other than ) why you might do something else, it'd be good to
say what that might be. Similar comment for the SHOULD copy on the
ToS/traffic class.

- 6.1.2 - What does the "A" bit actually mean? You don't say. And
when is that set to 1?

- 6.1.2 - IRC descrption, I think s/must/MUST/ in "must be encoded"
would be better.

- 6.1.2 - This reads oddly and could be cleared I think: "Source EID
Address:  This is the EID of the source host which originated the
packet which is invoking this Map-Request." It reads oddly since EIDs
are not supposed to be addresses really. I think it could be clearer
if you say that this is almost always not an EID for an ITR (assuming
that's right).  Maybe just s/is invoking/caused/ would help too.

- 6.1.3 - s/recommended/RECOMMENDED/ when talking about
rate-limiting?  and s/may optionally/MAY/

- 6.1.4- the TTL in 6.1.4 is specified in minutes with 32 bits
available.  That means a max of more than 8000 *years* is possible.
Sheesh! That seems a bit optimistic. A 24 bit value would allow for
45 days which sounds more reasonable. Or, a 32 bit value in seconds
would allow for 132 years which seems more than enough to me.
Basically, this is just oddly done. I'd also argue that better would
be to say that implementations MUST include some control over the max
value here. (No need to say how to manage that, but it'd be good to
make sure it can be managed.) Given that its probably late to
change this, I guess some text recommending implementations do
some sanity checking on this TTL would be good.

- 6.1.4 ACT bits - I think this is saying these MUST be zero'd in
any mapping data accompanying a Map-Request - is that right? If so,
it'd be good to state that and that a receiver of a Map-Request
MUST NOT act on them, e.g. by storing a negative cache entry or
whatever (which might cause some security concerns, hard to tell
though).

- 6.1.5, should 10/8 addresses be used in these examples? Better
to use the specfic example ranges I'd have thought. I think those
are in RFC 5737.

- 6.1.5, some forward reference to things like map-cache
expiration time would be useful here.

- 6.1.5.1, its probably more accurate to say that shared keys
mean that its easier to detect misbehaviour or to hold someone
to account for that, rather than say that its more difficult
to misbehave.

- 6.1.6, details of the P bit's usage "will be provided in a
future version of this draft" has to be wrong at this point.

- 6.1.6, might be good to say that the nonce is ok to be zero
because the message is authenticated.

- 6.1.8, I think it'd be better to say that [MLISP] message
might, in future, be allowed. As-is, one could argue that
[MLISP] needs to be a normative reference.

- 6.3 uses the term CE-based ITRs but doesn't explain it and
its not in section 3, nor is PE.

- 6.2 references [LOC-ID-ARCH] from 2009. Is that still
live? If not, is the reference useful?

- section 12, The I in PKI already means infrastructure.
2011-12-13
22 Stephen Farrell
[Ballot discuss]
While this is a lot of discuss points, most should be easily
resolved especially since this is just going for experimental.

#1 cleared …
[Ballot discuss]
While this is a lot of discuss points, most should be easily
resolved especially since this is just going for experimental.

#1 cleared

#2, How does an ITR know or when to use the underlying routing system
or the ALT? Is that just config or packet-by-packet? (4.1 4th
bullet.) -17 still doesn't answer that for me sorry - there are two clear
ways to send a map request but how is one selected?

#3, cleared

#4, 5.4.1 says that reassembly (if needed) happens at the destination
and not the ETR, but then later says that setting DF=1 in the
encapsulated packet avoids "ETR fragment reassembly." Those seem to
be in conflict. -17 has no change and I still think those conflict.

#5, cleared

#6, Can a bad ITR cheat on an ETR by including Map-Reply Records in a
Map-Request message? I think this is ok in the end, but just want to
check.

#7, [CONS] is needed to understand the Map-Request message format, so
does [CONS] need to be a normative reference? What if an ETR gets a
Map-Request but does not support [CONS]? Does it ignore the extra
bytes in the message or ignore the message? If you said one of those
then [CONS] could be an informative reference, but as-is I need to
read [CONS] to know what to do with those bytes. [CONS] also seems to
be needed to understand how TCP might be handled in 6.1.4 (in the
discussion of the A bit), I'd say maybe just deleting the mention of
[CONS] should be ok there.

#8, 6.1.3 talks about a destination IP address being a
destination-EID.  That's odd. There's no field in 6.1.2 named that so
you must mean the destination IP address of the UDP packet containing
the Map-Request, but then you're sending a UDP packet to the Internet
with an EID as its destination IP address which I thought was the
main thing LISP wanted to avoid. I don't understand how that works
since it seems to mean that all EIDs MUST be globally routable.
Reading to the next paragraph perhaps you mean that such a request
MUST be LISP encapsulated and sent to a Map-Resovler but then how
would the ITR know which Map-Resolver RLOC to use for the EID in
question?

#9, Last para of 6.1.3. I think you need to say that an ETR MUST NOT
add such a mapping to its map-cache until after it has been
successfully verified. Its currently a "may" I think. If an
implementation did add the mapping whilst verification was pending,
then sending two Map-Requests with the mapping might work for an
attacker if they can respond sooner than the mapping DB. If the ETR
just added the mapping with no verification then I think the attack
is clear - any ITR (or maybe any host?) can conincve any ETR that its
the place to send stuff for any EID previously unknown to that ETR.
Section 6.2 says that gleaned map-cache entries can be stored for "a
few seconds" so this race may be a real issue. Probably easiest is to
say something in 6.1.3 about such map-cache entries when they're in
the "pending" state.

#10, 6.1.4 defn of "S" bit: there is no field following the Mapping
Protocol Data field in the diagram at the start of the section. I
realise this may be a change resulting from an earlier comment of
mine about [LISP-SEC] being normative at that point, but I think
you'd be better off just saying that this bit is going to be used for
some security stuff in future and leaving it at that and so deleting
the figure at the top of page 33. (That should be enough to ensure
that no other spec assumed that that bit is like the other reserved
bits, which is all that ought be needed for now I think.) Section
6.1.8 has the same issue.

#11, In the case where a 24-bit nonce is included in the 64 bit nonce
field how are those bits encoded (LSB, MSB?) or if only 24 bits are
provided then are the offsets in the figure at the start of 6.1.4 not
used? Either would be ok but it needs to be stated or different
implementers might do different things.

#12, It looks from 6.1.6 like a Map-Register can be replayed. That's
not a good thing. What prevents/detects such replays which should be
a nice DoS if a site changes its config? Maybe that nonce ought not
be zero and maybe there should be a Map-Server or ETR defined window
during which nonces MUST be kept? (I may need to check [LISP-MS]
again to see what's what there.) There may be a similar replay
issue with Map-Notify messages, not sure.

#13, What does "MUST be verified" mean exactly in 6.6.2? Do you
mean via the mapping DB (I guess so) or something else? Just
checking.
2011-12-08
22 Amanda Baber
IANA has questions about the IANA actions in this document. IANA
understands that, upon approval of this document, there are four actions
which IANA must …
IANA has questions about the IANA actions in this document. IANA
understands that, upon approval of this document, there are four actions
which IANA must complete.

First, IANA will create the "LISP ACT value" registry. New
values in this registry will be added through IETF Review or IESG Approval.

IANA Question: The IANA Considerations section of this document uses
6.1.5 as the reference for the initial values in this registry. IANA
wonders if the suthors meant the definition in the Map-Reply Message
Format section of the document (Section 6.1.4)? If so, the initial
values of this registry will be:

Value Action Description
----- ----- --------------------------------------------------
0 No-Action The map-cache is kept alive and no packet encapsulation
occurs
1 Natively-Forward The packet is not encapsulated or dropped but natively
forwarded
2 Send-Map-Request The packet invokes sending a Map-Request
3 Drop A packet that matches this map-cache entry is dropped.
An ICMP Unreachable message SHOULD be sent.

Second, a new registry called "LISP Address Type Codes" will be created.
LISP Address [LCAF] type codes have a range from 0 to 255. New type
codes are to be allocated consecutively starting at 0. Type Codes 0 -
127 are to be assigned by IETF Review or IESG Approval. Type Codes 128 -
255 are available on a First Come First Served basis.

This registry is initially empty.

IANA Question --> what fields will this registry have when it is populated?

Third, IANA has already completed the registration of a pair of port
numbers in the Service Name and Transport Protocol Port Number Registry.
The allocated port numbers are 4341 and 4342 for LISP data-plane and
control-plane operation, respectively. The references will be updated.

Fourth, the document references a registry called LISP Key ID Numbers.

IANA Question -> Is this to be a new registry with its own set of
registration rules? In the document the following description is provided:

14.4. LISP Key ID Numbers

The following Key ID values are defined by this specification as used in
any packet type that references a Key ID field.

Name Number Defined in
-----------------------------------------------
None 0 n/a
HMAC-SHA-1-96 1 [RFC2404]
HMAC-SHA-256-128 2 [RFC6234]

IANA understands that these four actions are the only ones required to
be completed upon approval of this document.
2011-12-06
22 (System) Sub state has been changed to AD Follow up from New Id Needed
2011-12-06
17 (System) New version available: draft-ietf-lisp-17.txt
2011-12-01
22 Ron Bonica
[Ballot discuss]
Issues 5, 8 have been dropped from the Discuss.

Experimental Status (Was Issue 1)
=================================
Near the top of the document, please add …
[Ballot discuss]
Issues 5, 8 have been dropped from the Discuss.

Experimental Status (Was Issue 1)
=================================
Near the top of the document, please add text that describes what you expect to learn from the experiment. IMO, the experiment will answer the following questions:

- What benefits are actually derived from LISP?
- What are the operational characteristics of the implementation?

In the first section, you can talk about routing table reduction, traffic engineering, multihoming and mobility. In the second section, enumerate the unconventional aspects of your draft, such as fib-caching and interaction between the control and data planes, whose behavior is worth observing.

It shouldn't take more than two or three paragraphs to address this aspect of the discuss. The pointer to Section 15 might want to live in these paragraphs, too.

Experimental Status Redux (Was Issue 2 and 3)
=============================================
When the experiment is performed in an IPv4 network, is it likely to yield the same results as it will in an IPv6 network? When answering this question, recall that a large, contiguous block of IPv6 address space will be allocated for EIDs. In IPv4, such an allocation is not possible.

Mapping Registration (Was Issue 9)
==================================
The map-versioning document says, "Indeed, ETRs belonging to the same LISP site must return for a specific EID- prefix the same mapping". This document should mention something about that. Also, it should explain how ETRs are kept in sync and what happens when they get out of sync.


Forwarding Plane Encapsulation (Was Issue 7)
============================================
- Regarding the outer header, you say, "The DF bit of the Flags field is set to 0 when the method in Section 5.4.1 is used and set to 1 when the method in Section 5.4.2 is used." You contradict this statement in the last paragraph of Section 5.4.1.

- The diagram associated with the I flag suggests that the LSB bits will be set even if the I flag is set to 1 and the L flag is set to 0. Is that what you meant to say?


Please reword the third bullet in Section 15 as follows (Was issue 6 and some new stuff) 
==================================================================
Further experience is needed to determine whether current caching methods are practical or in need of further development.  In particular, the performance, scaling and security characteristics of the map-cache will be discovered as part of this experiment. Performance metrics to be observed are packet reordering associated with the LISP data probe and loss of the first packet in a flow associated with map-caching. The impact of these upon TCP will be observed. See Section 12 for additional thoughts and considerations.

Please add the following bullet to Section 15 (Was Issue 4)
============================================================
In order to maintain security and stability, Internet Protocols typically isolate the control and data planes. Therefore, user activity cannot cause control plane state to be created or destroyed. LISP does not maintain this separation. The degree to which the loss of separation impacts security and stability is a topic for experimental observation.
2011-12-01
22 Cindy Morgan Removed from agenda for telechat
2011-12-01
22 Cindy Morgan State changed to IESG Evaluation::Revised ID Needed from Waiting for AD Go-Ahead.
2011-12-01
22 Jari Arkko [Ballot discuss]
Holding a DISCUSS until IANA provides a review, that has not arrived yet but should in a couple of days.
2011-12-01
22 Jari Arkko [Ballot Position Update] Position for Jari Arkko has been changed to Discuss from Yes
2011-12-01
22 Robert Sparks
[Ballot comment]
I'm clearing, trusting the shepherd and responsible AD to ensure that the informative references point to to appropriate places. In particular, please verify …
[Ballot comment]
I'm clearing, trusting the shepherd and responsible AD to ensure that the informative references point to to appropriate places. In particular, please verify that it's possible to obtain [RPMD].
2011-12-01
22 Robert Sparks [Ballot Position Update] Position for Robert Sparks has been changed to No Objection from Discuss
2011-12-01
22 Sean Turner
[Ballot comment]
s5: r/It is recommended in IPv4/It is RECOMMENDED in IPv4 ?

s5.3: LISP Nonce: I looked in s6.3.1 for the obligatory reference to …
[Ballot comment]
s5: r/It is recommended in IPv4/It is RECOMMENDED in IPv4 ?

s5.3: LISP Nonce: I looked in s6.3.1 for the obligatory reference to RFC4086 and didn't see it.  There's one in 6.1.2 - just add another one in either s5.3 or s6.3.1 to provide the pointer to RFC4086 for the the LISP nonce generation recommendations.

s6.1.3: This seems like this ought to be 2119ed:

r/It is recommended that a Map-Request for the same EID-prefix be sent no more than once per second/It is RECOMMENDED that a Map-Request for the same EID-prefix be sent no more than once per second

s6.1.6: r/and support for HMAC-SHA-256-128 [RFC6234]
      is recommended./and support for HMAC-SHA-256-128 [RFC6234]
      is RECOMMENDED.
2011-12-01
22 Sean Turner
[Ballot discuss]
#1) s5.3: LISP Nonce: Trying to figure out why you'd resend the same nonce.  It seems like you're using it for reachability purposes? …
[Ballot discuss]
#1) s5.3: LISP Nonce: Trying to figure out why you'd resend the same nonce.  It seems like you're using it for reachability purposes? Why wouldn't you just use a new value each time?  Are you send the same set of packets multiple times (i.e., retransmitting)?

#2) s6.1.2 and s6.1.4: Nonces and Probes. This might be a typo but s6.1.4 (map-reply) includes:

Nonce:  A 24-bit value set in a Data-Probe packet or a 64-bit value
  from the Map-Request is echoed in this Nonce field of the Map-
  Reply.

I see in 6.1.2 you can set the P bit to indicate it's a probe and include the nonce in the request, but it says:

P: This is the probe-bit which indicates that a Map-Request SHOULD be
    treated as a locator reachability probe.  The receiver SHOULD
    respond with a Map-Reply with the probe-bit set, indicating the
    Map-Reply is a locator reachability probe reply, with the nonce
    copied from the Map-Request.  See Section 6.3.2 for more details.

now if we look at the Nonce in 6.1.2 (map-request), it says:

Nonce:  An 8-byte random value created by the sender of the Map-
    Request.  This nonce will be returned in the Map-Reply.  The
    security of the LISP mapping protocol depends critically on the
    strength of the nonce in the Map-Request message.  The nonce
    SHOULD be generated by a properly seeded pseudo-random (or strong
    random) source.  See [RFC4086] for advice on generating security-
    sensitive random data.

so which bits of the 64-bit nonce in the reply do you take to make the 24-bit reply for the probe?  There's a 24-bit nonce but that's in the encapsulation header. Is this just a typo?
2011-12-01
22 Sean Turner [Ballot Position Update] New position, Discuss, has been recorded
2011-12-01
22 Stephen Farrell
[Ballot comment]
- intro: says "non-routable EIDs" - are there no cases where EIDs are
routed? There are - you say they may be used …
[Ballot comment]
- intro: says "non-routable EIDs" - are there no cases where EIDs are
routed? There are - you say they may be used for routing within the
site (subnetting) in the definition of EID in section 3.  Maybe say
"non globally-routable EIDs"?

- intro: "an Internet"? maybe "the Internet"

- intro: maybe s/along administrative boundaries/along administrative
boundaries meaningful to device owners/ the topology also works along
administrative boundaries, just different (ISP) ones.

- intro: "xTRs" used before being defined (end of 2nd last para), you
could just say mapping modules or something generic here I guess.

- section 3, typo, s/a address block/an address block/ in defn of PA
addresses

- s3, EID definition says " An EID is allocated to a host from an
EID-prefix block associated with the site where the host is located."
Doesn't that sound more like a PA address? Maybe s/is located/at
home/ or something would be better? 

- s3, EID defn: "As the architecture is realized," is vague and maybe
a bit misleading, I think you mean "At present," ? (And maybe s/must
refer/ MUST refer/ in that same place?)

- on 2119 language generally, are you assuming upper and lower case
2119 terms are both the same? If so I think its useful to say so.  If
not then there are a bunch of lower case 2119 terms that may need
checking. (E.g. "may be used" in definition of EID-prefix is the next
one I saw. I've no idea how many of those there are.)

- s3, EID prefix defn: The term "smaller EID prefix" is a bit
confusing maybe. I guess smaller here refers to the block size and
not the number of bits in the prefix. Might help to say that just for
clarity.

- s3, EID prefix defn: typo "as a globally prefix"

- s3, Recursive tunneling defn: typo, s/never are they/they are
never/ same in defn of reencapsulating tunnels.

- s3, Route-returnability defn: type, s/limits/this limits/

- s4, 3rd para typo:  s/and strip/and strips/

- 4.1, step2 typo: s/EID destination/destination EID/

- 4.1, step3, is it a good idea to have 2119 language within an
example like this? Probably best to repeat it later in any case.

- 5.3, UDP header: typo s/a ITR/an ITR/

- 5.3, N bit: saying "Both N amd V bits MUST NOT be set..." is a bit
ambiguous, I think you mean "at the same time" but it could be read
to mean something different.

- 5.3, decapsulation TTL handling: I wonder why you said SHOULD copy
for the TTL field - while there is a condition, that could still be
"MUST copy except when " I'd have thought. If there's a reason
(other than ) why you might do something else, it'd be good to
say what that might be. Similar comment for the SHOULD copy on the
ToS/traffic class.

- 6.1.2 - What does the "A" bit actually mean? You don't say. And
when is that set to 1?

- 6.1.2 - IRC descrption, I think s/must/MUST/ in "must be encoded"
would be better.

- 6.1.2 - This reads oddly and could be cleared I think: "Source EID
Address:  This is the EID of the source host which originated the
packet which is invoking this Map-Request." It reads oddly since EIDs
are not supposed to be addresses really. I think it could be clearer
if you say that this is almost always not an EID for an ITR (assuming
that's right).  Maybe just s/is invoking/caused/ would help too.

- 6.1.3 - s/recommended/RECOMMENDED/ when talking about
rate-limiting?  and s/may optionally/MAY/

- 6.1.4- the TTL in 6.1.4 is specified in minutes with 32 bits
available.  That means a max of more than 8000 *years* is possible.
Sheesh! That seems a bit optimistic. A 24 bit value would allow for
45 days which sounds more reasonable. Or, a 32 bit value in seconds
would allow for 132 years which seems more than enough to me.
Basically, this is just oddly done. I'd also argue that better would
be to say that implementations MUST include some control over the max
value here. (No need to say how to manage that, but it'd be good to
make sure it can be managed.) Given that its probably late to
change this, I guess some text recommending implementations do
some sanity checking on this TTL would be good.

- 6.1.4 ACT bits - I think this is saying these MUST be zero'd in
any mapping data accompanying a Map-Request - is that right? If so,
it'd be good to state that and that a receiver of a Map-Request
MUST NOT act on them, e.g. by storing a negative cache entry or
whatever (which might cause some security concerns, hard to tell
though).

- 6.1.5, should 10/8 addresses be used in these examples? Better
to use the specfic example ranges I'd have thought. I think those
are in RFC 5737.

- 6.1.5, some forward reference to things like map-cache
expiration time would be useful here.

- 6.1.5.1, its probably more accurate to say that shared keys
mean that its easier to detect misbehaviour or to hold someone
to account for that, rather than say that its more difficult
to misbehave.

- 6.1.6, details of the P bit's usage "will be provided in a
future version of this draft" has to be wrong at this point.

- 6.1.6, might be good to say that the nonce is ok to be zero
because the message is authenticated.

- 6.1.8, I think it'd be better to say that [MLISP] message
might, in future, be allowed. As-is, one could argue that
[MLISP] needs to be a normative reference.

- 6.3 uses the term CE-based ITRs but doesn't explain it and
its not in section 3, nor is PE.

- 6.2 references [LOC-ID-ARCH] from 2009. Is that still
live? If not, is the reference useful?

- section 12, The I in PKI already means infrastructure.
2011-12-01
22 Stephen Farrell
[Ballot discuss]
While this is a lot of discuss points, most should be easily
resolved especially since this is just going for experimental.

#1 EID-to-RLOC …
[Ballot discuss]
While this is a lot of discuss points, most should be easily
resolved especially since this is just going for experimental.

#1 EID-to-RLOC database - the definition in s3 says "The" database,
but there are in principle many. What happens if their security
properties differ? I think this might be one to note in section
15 at least.

#2, How does an ITR know or when to use the underlying routing system
or the ALT? Is that just config or packet-by-packet? (4.1 4th
bullet.)

#3, Is ALT or an equivalent mandatory to implement or use really? If
an ITR has no ALT or equivalent, then how would the Map-Request end
up at the right ETR?

#4, 5.4.1 says that reassembly (if needed) happens at the destination
and not the ETR, but then later says that setting DF=1 in the
encapsulated packet avoids "ETR fragment reassembly." Those seem to
be in conflict.

#5, Just checking - is there a missing "not" in this sentence from
6.1?  "Implementations MUST be prepared to accept packets when either
the source port or destination UDP port is set to 4342 due to NATs
changing port number values."

#6, Can a bad ITR cheat on an ETR by including Map-Reply Records in a
Map-Request message? I think this is ok in the end, but just want to
check.

#7, [CONS] is needed to understand the Map-Request message format, so
does [CONS] need to be a normative reference? What if an ETR gets a
Map-Request but does not support [CONS]? Does it ignore the extra
bytes in the message or ignore the message? If you said one of those
then [CONS] could be an informative reference, but as-is I need to
read [CONS] to know what to do with those bytes. [CONS] also seems to
be needed to understand how TCP might be handled in 6.1.4 (in the
discussion of the A bit), I'd say maybe just deleting the mention of
[CONS] should be ok there.

#8, 6.1.3 talks about a destination IP address being a
destination-EID.  That's odd. There's no field in 6.1.2 named that so
you must mean the destination IP address of the UDP packet containing
the Map-Request, but then you're sending a UDP packet to the Internet
with an EID as its destination IP address which I thought was the
main thing LISP wanted to avoid. I don't understand how that works
since it seems to mean that all EIDs MUST be globally routable.
Reading to the next paragraph perhaps you mean that such a request
MUST be LISP encapsulated and sent to a Map-Resovler but then how
would the ITR know which Map-Resolver RLOC to use for the EID in
question?

#9, Last para of 6.1.3. I think you need to say that an ETR MUST NOT
add such a mapping to its map-cache until after it has been
successfully verified. Its currently a "may" I think. If an
implementation did add the mapping whilst verification was pending,
then sending two Map-Requests with the mapping might work for an
attacker if they can respond sooner than the mapping DB. If the ETR
just added the mapping with no verification then I think the attack
is clear - any ITR (or maybe any host?) can conincve any ETR that its
the place to send stuff for any EID previously unknown to that ETR.
Section 6.2 says that gleaned map-cache entries can be stored for "a
few seconds" so this race may be a real issue. Probably easiest is to
say something in 6.1.3 about such map-cache entries when they're in
the "pending" state.

#10, 6.1.4 defn of "S" bit: there is no field following the Mapping
Protocol Data field in the diagram at the start of the section. I
realise this may be a change resulting from an earlier comment of
mine about [LISP-SEC] being normative at that point, but I think
you'd be better off just saying that this bit is going to be used for
some security stuff in future and leaving it at that and so deleting
the figure at the top of page 33. (That should be enough to ensure
that no other spec assumed that that bit is like the other reserved
bits, which is all that ought be needed for now I think.) Section
6.1.8 has the same issue.

#11, In the case where a 24-bit nonce is included in the 64 bit nonce
field how are those bits encoded (LSB, MSB?) or if only 24 bits are
provided then are the offsets in the figure at the start of 6.1.4 not
used? Either would be ok but it needs to be stated or different
implementers might do different things.

#12, It looks from 6.1.6 like a Map-Register can be replayed. That's
not a good thing. What prevents/detects such replays which should be
a nice DoS if a site changes its config? Maybe that nonce ought not
be zero and maybe there should be a Map-Server or ETR defined window
during which nonces MUST be kept? (I may need to check [LISP-MS]
again to see what's what there.) There may be a similar replay
issue with Map-Notify messages, not sure.

#13, What does "MUST be verified" mean exactly in 6.6.2? Do you
mean via the mapping DB (I guess so) or something else? Just
checking.
2011-12-01
22 Stephen Farrell [Ballot Position Update] New position, Discuss, has been recorded
2011-12-01
22 Gonzalo Camarillo [Ballot Position Update] New position, No Objection, has been recorded
2011-12-01
22 Stewart Bryant
[Ballot comment]
o  End-systems (hosts) only send to addresses which are EIDs.  They
      don't know addresses are EIDs versus RLOCs but assume …
[Ballot comment]
o  End-systems (hosts) only send to addresses which are EIDs.  They
      don't know addresses are EIDs versus RLOCs but assume packets get
      to LISP routers, which in turn, deliver packets to the destination
      the end-system has specified.  The procedure a host uses to send
      IP packets does not change.

SB> Hosts don't assume packets get to LISP routers they assume they get SB> to other hosts - they don't know about LISP routers

==========


5.1.  LISP IPv4-in-IPv4 Header Format

SB> It would be helpful to the reader to put a forward ref to
SB> the definition of terms in 5.3 - same in 5.2.

==========


  UDP Checksum:  The UDP checksum field SHOULD be transmitted as zero
      by an ITR for either IPv4 [RFC0768] or IPv6 encapsulation
      [UDP-TUNNELS].  When a packet with a zero UDP checksum is received

SB> UDP-TUNNELS seems to be a normative reference to an expired
SB> individual draft. That seems to risk this (LISP) document going
SB> into limbo. The following text suggests that the reference
SB> should be changed to informative anyway.

      .... The handling of UDP
      checksums for all tunneling protocols, including LISP, is under
      active discussion within the IETF.  When that discussion
      concludes, any necessary changes will be made to align LISP with
      the outcome of the broader discussion.

=========

    0 x 0 1 x x x x
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |N|L|E|V|I|flags|  Source Map-Version  |  Dest Map-Version    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                Instance ID/Locator Status Bits              |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

SB> I cannot see a definition in this section of the terms
SB> Source Map-Version and Dest Map-Version

  I: The I bit is the Instance ID bit.  See Section 5.5 for more
      details.  When this bit is set to 1, the Locator Status Bits field
      is reduced to 8-bits and the high-order 24-bits are used as an
      Instance ID.  If the L-bit is set to 0, then the low-order 8 bits
      are transmitted as zero and ignored on receipt.  The format of the
      LISP header would look like:


    x x x x 1 x x x
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |N|L|E|V|I|flags|            Nonce/Map-Version                  |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                Instance ID                  |    LSBs      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

SB> s/LISP header would look like:/LISP header in this case is:/
SB> More importantly it is slightly confusing putting the 0 case
SB> rider before the format, since at first glance it looks like
SB> the format is only like this when L = 0.



=========

  o  The outer header Type of Service field (or the Traffic Class
      field, in the case of IPv6) SHOULD be copied from the inner header
      Type of Service field (with one caveat, see below).

SB> Given that you have separated the host domain from the
SB> ISP domain, I am not sure why this is a SHOULD.

==========

  When doing ETR/PETR decapsulation:

  o  The inner header Time to Live field (or Hop Limit field, in case
      of IPv6) SHOULD be copied from the outer header Time to Live
      field, when the Time to Live field of the outer header is less
      than the Time to Live of the inner header.  Failing to perform
      this check can cause the Time to Live of the inner header to
      increment across encapsulation/decapsulation cycle.  This check is
      also performed when doing initial encapsulation when a packet
      comes to an ITR or PITR destined for a LISP site.


SB> What LISP is doing is very similar in many respects to
SB> MPLS does, and MPLS found that it needed both copy TTL and
SB> not copy TTL. I am surprised that you did not follow that model.



========


6.1.  LISP IPv4 and IPv6 Control Plane Packet Formats

  The following UDP packet formats are used by the LISP control-plane.

SB> They are not UDP pkt formats, they are UDP/IP packet formats.

========

6.1.1.  LISP Packet Type Allocations

  This section will be the authoritative source for allocating LISP
  Type values.  Current allocations are:

SB> Surely the section *is* the authoritative source?
SB> Are you sure you do not need a registry for this?

=======


9.2.  IPv4 Traceroute

  The solution we propose to solve this problem is to cache traceroute
  IPv4 headers in the ITR and to match them up with corresponding IPv4
  Time Exceeded messages received from core routers and the ETR.

SB> This sounds like quite a complicated mechanism. Did the authors
SB> consider having the ITR do proxy traceroute?
2011-12-01
22 Stewart Bryant
[Ballot discuss]
The document needs to be clearer on what happens when the traffic is a high volume UDP source that only transmits occasionally. Say …
[Ballot discuss]
The document needs to be clearer on what happens when the traffic is a high volume UDP source that only transmits occasionally. Say (but not limited to)  some form of remote IPFIX collector that is occasionally triggered.

My concern is

a) Do we see a large chunk of the flow dropped on the floor until the mapping is learned - the conflict is between DOS attack and degradation of service WRT the "legacy Internet".

b) Do we see a miss ordering of packets during as the system swaps from probe to normal operation

c) Do we see a repeat of this as a result of cache aging.

========

I am also moving the following up to Discuss since it is related
to the need for a clear description of the impact of the cache
vs the existing behavior of the Internet.

5.4.2.  A Stateful Solution to MTU Handling

SB> It looks like there needs to be some discussion about
SB> the state lifetime, and the issue of holding a stale
SB> MTU vs transienting a flow by flushing the cache.

Note that in both cases I am not requesting a change to the protocol,
just a clear explanation of the expected behavior.
2011-12-01
22 Stewart Bryant [Ballot Position Update] Position for Stewart Bryant has been changed to Discuss from No Objection
2011-11-30
22 Ron Bonica
[Ballot discuss]
Experimental Status
===================
What are the success criteria for this experiment? Is the experiment successful if LISP is deployed at a non-trivial number …
[Ballot discuss]
Experimental Status
===================
What are the success criteria for this experiment? Is the experiment successful if LISP is deployed at a non-trivial number of sites and nothing breaks? Are achievement of LISP's goals to be included in the success criteria? For example, must the experiment cause a reduction in the size of the global routing tables to be considered a success?

Experimental Scope
==================
Considering the current state of LISP research, should the scope of the LISP experiment be constrained in any way?

For example, would it be reasonable for a large enterprise to make all of its sites LISP sites? What benefits would the enterprise realize? To what risks would it be exposed? Would it be reasonable for that enterprise to share a LISP control plane with another enterprise? Again, what are the risks and benefits? Finally would it be reasonable for a major ISP to adopt LISP? To share a LISP control plane with another ISP?

In answering this question, keep in mind that each of the open issues enumerated in Section 15 translate to operational risk. Operational risk is also introduced by issues that are not mentioned in Section 15. For example, little is known regarding the scaling characteristics of the cache-management system and control plane. Also, site partitioning may lead to more severe consequences than those described in Section 8.5

Routing Table Reduction
=======================
During the transition period, when some sites have not yet deployed LISP, will LISP reduce the size of the global routing table? How? When answering this question, assume that connectivity is required between LISP and non-LISP sites.

Architecture
============
Typically, Internet Protocols maintain a strict separation between the forwarding and control planes. Because of this separation, there is nothing that a user can do on the forwarding plane that would cause control plane state to be created or destroyed. This separation is fundamental to the stability of the Internet.

To the best of my knowledge, the only Internet Protocol that violates this separation is PIM, which for many reasons, is not natively deployed in most large carrier networks. LISP, like PIM, intermixes the control and forwarding planes. Explain why this should not be viewed as a problem?

Terminology
==========
The definition of EID needs clarification. Assume that a IPv4-only host is contained by a LISP site. Assume also that the host requires connectivity to both LISP and non-LISP endpoints. Must that host be represented by two distinct 32-bit strings, an EID and a plain-old IPv4 address? Or can the same 32-bit string be used as both EID and the IPv4 address?

Having answered that question, consider the following two statements:

"host1.abc.example.com wants to open a TCP connection to host2.xyz.example.com.  It does a DNS lookup on host2.xyz.example.com.  An A/AAAA record is returned."

"EIDs are not expected to be usable for global end-to-end communication in the absence of an EID-to-RLOC mapping operation. They are expected to be used locally for intra-site communication"

If the answer to the first question is yes, the first statement is problematic. If the answer to the second question is yes the second statement is confusing.


TCP Friendliness
================
In section 4.1 you say, "Subsequent packets from host1.abc.example.com to host2.xyz.example.com will have a LISP header prepended by the ITR using the appropriate RLOC as the LISP header destination address learned from the ETR".

What happens to the initial packet? If it is discarded, how will user experience of TCP connections be impacted?

Forwarding Plane Encapsulation
===============================
- Regarding the outer header, you say, "The DF bit of the Flags field is set to 0 when the method in Section 5.4.1 is used and set to 1 when the method in Section 5.4.2 is used." You contradict this statement in the last paragraph of Section 5.4.1.

- The diagram associated with the I flag suggests that the LSB bits will be set even if the I flag is set to 1 and the L flag is set to 0. Is that what you meant to say?

EID-to-RLOC UDP Map-Request Message
===================================
You say, "A Map-Request is sent from an ITR when it needs a mapping for an EID wants to test an RLOC for reachability, or wants to refresh a mapping before TTL expiration.  For the initial case, the destination IP address used for the Map-Request is the destination-EID from the packet which had a mapping cache lookup failure."

How did the ITR learn a route to this address? What device advertised it? Where will the packet arrive?


Mapping Registration
====================
The map-versioning document says, "Indeed, ETRs belonging to the same LISP site must return for a specific EID-prefix the same mapping". This document should mention something about that. Also, it should explain how ETRs are kept in sync and what happens when they get out of sync.

Interworking
=========
The viability of LISP depends on the success of the Interworking model, which we have not seen yet.
2011-11-30
22 Ron Bonica
[Ballot discuss]
Experimental Status
===================
What are the success criteria for this experiment? Is the experiment successful if LISP is deployed at a non-trivial number …
[Ballot discuss]
Experimental Status
===================
What are the success criteria for this experiment? Is the experiment successful if LISP is deployed at a non-trivial number of sites and nothing breaks? Are achievement of LISP's goals to be included in the success criteria? For example, must the experiment cause a reduction in the size of the global routing tables to be considered a success?

Experimental Scope
==================
Considering the current state of LISP research, should the scope of the LISP experiment be constrained in any way?

For example, would it be reasonable for a large enterprise to make all of its sites LISP sites? What benefits would the enterprise realize? To what risks would it be exposed? Would it be reasonable for that enterprise to share a LISP control plane with another enterprise? Again, what are the risks and benefits? Finally would it be reasonable for a major ISP to adopt LISP? To share a LISP control plane with another ISP?

In answering this question, keep in mind that each of the open issues enumerated in Section 15 translate to operational risk. Operational risk is also introduced by issues that are not mentioned in Section 15. For example, little is known regarding the scaling characteristics of the cache-management system and control plane. Also, site partitioning may lead to more severe consequences than those described in Section 8.5

Routing Table Reduction
=======================
During the transition period, when some sites have not yet deployed LISP, will LISP reduce the size of the global routing table? How? When answering this question, assume that connectivity is required between LISP and non-LISP sites.

Architecture
============
Typically, Internet Protocols maintain a strict separation between the forwarding and control planes. Because of this separation, there is nothing that a user can do on the forwarding plane that would cause control plane state to be created or destroyed. This separation is fundamental to the stability of the Internet.

To the best of my knowledge, the only Internet Protocol that violates this separation is PIM, which for many reasons, is not natively deployed in most large carrier networks. LISP, like PIM, intermixes the control and forwarding planes. Explain why this should not be viewed as a problem?

Terminology
==========
The definition of EID needs clarification. Assume that a IPv4-only host is contained by a LISP site. Assume also that the host requires connectivity to both LISP and non-LISP endpoints. Must that host be represented by two distinct 32-bit strings, an EID and a plain-old IPv4 address? Or can the same 32-bit string be used as both EID and the IPv4 address?

Having answered that question, consider the following two statements:

"host1.abc.example.com wants to open a TCP connection to host2.xyz.example.com.  It does a DNS lookup on host2.xyz.example.com.  An A/AAAA record is returned."

"EIDs are not expected to be usable for global end-to-end communication in the absence of an EID-to-RLOC mapping operation. They are expected to be used locally for intra-site communication"

If the answer to the first question is yes, the first statement is problematic. If the answer to the second question is yes the second statement is confusing.


TCP Friendliness
================
In section 4.1 you say, "Subsequent packets from host1.abc.example.com to host2.xyz.example.com will have a LISP header prepended by the ITR using the appropriate RLOC as the LISP header destination address learned from the ETR".

What happens to the initial packet? If it is discarded, how will user experience of TCP connections be impacted?

Forwarding Plane Encapsulation
===============================
- Regarding the outer header, you say, "The DF bit of the Flags field is set to 0 when the method in Section 5.4.1 is used and set to 1 when the method in Section 5.4.2 is used." You contradict this statement in the last paragraph of Section 5.4.1.

- The diagram associated with the I flag suggests that the LSB bits will be set even if the I flag is set to 1 and the L flag is set to 0. Is that what you meant to say?

EID-to-RLOC UDP Map-Request Message
===================================
You say, "A Map-Request is sent from an ITR when it needs a mapping for an EID wants to test an RLOC for reachability, or wants to refresh a mapping before TTL expiration.  For the initial case, the destination IP address used for the Map-Request is the destination-EID from the packet which had a mapping cache lookup failure."

How did the ITR learn a route to this address? What device advertised it? Where will the packet arrive?


Mapping Registration
====================
The map-versioning document says, "Indeed, ETRs belonging to the same LISP site must return for a specific EID-prefix the same mapping". This document should mention something about that. Also, it should explain how ETRs are kept in sync and what happens when they get out of sync.
2011-11-30
22 Ron Bonica [Ballot Position Update] New position, Discuss, has been recorded
2011-11-30
22 Peter Saint-Andre
[Ballot comment]
Experiments are good. Although I share Pete's and Adrian's concerns about the scope of the experiment and the parameters for evaluating its success, …
[Ballot comment]
Experiments are good. Although I share Pete's and Adrian's concerns about the scope of the experiment and the parameters for evaluating its success, I agree with Russ that the document is specified clearly enough to be implemented in an experimental fashion (modulo Ralph's question about global uniqueness).
2011-11-30
22 Peter Saint-Andre [Ballot Position Update] New position, No Objection, has been recorded
2011-11-30
22 Elwyn Davies Request for Last Call review by GENART Completed. Reviewer: Elwyn Davies.
2011-11-30
22 Ralph Droms
[Ballot comment]
My apologies for the changes to the Comments.  Reading
draft-ietf-lisp-alt raised a couple of new questions about
this doc.

I'll take this opportunity …
[Ballot comment]
My apologies for the changes to the Comments.  Reading
draft-ietf-lisp-alt raised a couple of new questions about
this doc.

I'll take this opportunity to get on a soapbox for a moment and ask
for two bits of "truth in advertising" in the Introduction.

First, I'd like to see a mention of the complementary observation that
using a single ID-LOC avoids the necessity of a separate step to
bind an identifier to its location and a database to manage those
bindings.  A mention of the scale of the binding database would be
appropriate, too.

Second, as I understand LISP, the EIDs are still ID-LOCs, not pure
identifiers, within a LISP site.  Outside any LISP site, an EID is a
pure identifier.  Which begs the question: exactly what is LISP
providing, since it isn't providing a pure ID/LOC separation.  E.g., a
node can't move within a site without changing its ID, nor can it move
between sites without changing its ID.  Of course, this hybrid ID/LOC
architecture helps with the scaling of the ID/LOC binding database.

OK, I'm back down off my soapbox.  I feel better now.

Continuing...

In section 4: first bullet of "basic rules": is it the case that
end-systems are aware of LISP at all?

I would write the first phrase of the third paragraph of section 5 as
"Because EIDs and RLOCs can be either IPv4 or IPv6 addresses, ..."

I don't understand the deployment method described in section 5.5.  I
think I understand the scenario, but I don't understand how RFC 1918
prefixes can be used as EID prefixes.  How is an EID that has an RFC
1918
prefix disambiguated to do the EID-RLOC mapping?

How is the numbering of RLOCs described in section 6.3, which maps
RLOCs to bit positions in the Locator Status Bits field, determined?
How is the numbering affected by RLOCs leaving and joining the set of
RLOCs at a LISP site?

In section 6.3, how does an ITR determine the original destination of
an encapsulated datagram that triggers an ICMP Network or Host
Unreachable message, so it can construct a meaningful ICMP Unreachable
message to send to the original source of the datagram?

Typo in section 6.5: s/will be yield/will yield/

In section 10.2, I understand how LISP can help avoid site
renumbering, as described in RFC 4192, but I don't understand how it
helps with renumbering a single node that moves
within or between sites.  What is the impact of host renumbering on
LISP forwarding?

For clarity in section 14.1, is this document asking IANA to
create and maintain a registry of ACT values?  Related
typo: s/6.1.5/6.1.4/
2011-11-30
22 Ralph Droms
[Ballot comment]
I made a minor, non-substantive edit to these Comments
on 11/30.

I'll take this opportunity to get on a soapbox for a moment …
[Ballot comment]
I made a minor, non-substantive edit to these Comments
on 11/30.

I'll take this opportunity to get on a soapbox for a moment and ask
for two bits of "truth in advertising" in the Introduction.

First, I'd like to see a mention of the complementary observation that
using a single ID-LOC avoids the necessity of a separate step to
bind an identifier to its location and a database to manage those
bindings.  A mention of the scale of the binding database would be
appropriate, too.

Second, as I understand LISP, the EIDs are still ID-LOCs, not pure
identifiers, within a LISP site.  Outside any LISP site, an EID is a
pure identifier.  Which begs the question: exactly what is LISP
providing, since it isn't providing a pure ID/LOC separation.  E.g., a
node can't move within a site without changing its ID, nor can it move
between sites without changing its ID.  Of course, this hybrid ID/LOC
architecture helps with the scaling of the ID/LOC binding database.

OK, I'm back down off my soapbox.  I feel better now.

Continuing...

In section 4: first bullet of "basic rules": is it the case that
end-systems are aware of LISP at all?

I would write the first phrase of the third paragraph of section 5 as
"Because EIDs and RLOCs can be either IPv4 or IPv6 addresses, ..."

I don't understand the deployment method described in section 5.5.  I
think I understand the scenario, but I don't understand how RFC 1918
prefixes can be used as EID prefixes.  How is an EID that has an RFC
1918
prefix disambiguated to do the EID-RLOC mapping?

How is the numbering of RLOCs described in section 6.3, which maps
RLOCs to bit positions in the Locator Status Bits field, determined?
How is the numbering affected by RLOCs leaving and joining the set of
RLOCs at a LISP site?

In section 6.3, how does an ITR determine the original destination of
an encapsulated datagram that triggers an ICMP Network or Host
Unreachable message, so it can construct a meaningful ICMP Unreachable
message to send to the original source of the datagram?

Typo in section 6.5: s/will be yield/will yield/

In section 10.2, I understand how LISP can help avoid site
renumbering, as described in RFC 4192, but I don't understand how it
helps with renumbering a single node that moves
within or between sites.  What is the impact of host renumbering on
LISP forwarding?
2011-11-30
22 Ralph Droms
[Ballot discuss]
I added this Discuss and changed my position to
Discuss on 11/30.

In reading draft-ietf-lisp-alt, I discovered I have a
technical question …
[Ballot discuss]
I added this Discuss and changed my position to
Discuss on 11/30.

In reading draft-ietf-lisp-alt, I discovered I have a
technical question about draft-ietf-lisp that needs
to be answered before it can be correctly deployed.

EIDs are defined to be "not routable on the public
Internet."  What are the global uniqueness properties
required for EIDs, both among EIDs and between
EIDs and globally routable IP addresses?  How
are EIDs with the appropriate properties chosen
and coordinated among LISP sites?
2011-11-30
22 Ralph Droms [Ballot Position Update] Position for Ralph Droms has been changed to Discuss from No Objection
2011-11-30
22 Stewart Bryant
[Ballot comment]
o  End-systems (hosts) only send to addresses which are EIDs.  They
      don't know addresses are EIDs versus RLOCs but assume …
[Ballot comment]
o  End-systems (hosts) only send to addresses which are EIDs.  They
      don't know addresses are EIDs versus RLOCs but assume packets get
      to LISP routers, which in turn, deliver packets to the destination
      the end-system has specified.  The procedure a host uses to send
      IP packets does not change.

SB> Hosts don't assume packets get to LISP routers they assume they get SB> to other hosts - they don't know about LISP routers

==========


5.1.  LISP IPv4-in-IPv4 Header Format

SB> It would be helpful to the reader to put a forward ref to
SB> the definition of terms in 5.3 - same in 5.2.

==========


  UDP Checksum:  The UDP checksum field SHOULD be transmitted as zero
      by an ITR for either IPv4 [RFC0768] or IPv6 encapsulation
      [UDP-TUNNELS].  When a packet with a zero UDP checksum is received

SB> UDP-TUNNELS seems to be a normative reference to an expired
SB> individual draft. That seems to risk this (LISP) document going
SB> into limbo. The following text suggests that the reference
SB> should be changed to informative anyway.

      .... The handling of UDP
      checksums for all tunneling protocols, including LISP, is under
      active discussion within the IETF.  When that discussion
      concludes, any necessary changes will be made to align LISP with
      the outcome of the broader discussion.

=========

    0 x 0 1 x x x x
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |N|L|E|V|I|flags|  Source Map-Version  |  Dest Map-Version    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                Instance ID/Locator Status Bits              |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

SB> I cannot see a definition in this section of the terms
SB> Source Map-Version and Dest Map-Version

  I: The I bit is the Instance ID bit.  See Section 5.5 for more
      details.  When this bit is set to 1, the Locator Status Bits field
      is reduced to 8-bits and the high-order 24-bits are used as an
      Instance ID.  If the L-bit is set to 0, then the low-order 8 bits
      are transmitted as zero and ignored on receipt.  The format of the
      LISP header would look like:


    x x x x 1 x x x
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |N|L|E|V|I|flags|            Nonce/Map-Version                  |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                Instance ID                  |    LSBs      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

SB> s/LISP header would look like:/LISP header in this case is:/
SB> More importantly it is slightly confusing putting the 0 case
SB> rider before the format, since at first glance it looks like
SB> the format is only like this when L = 0.



=========

  o  The outer header Type of Service field (or the Traffic Class
      field, in the case of IPv6) SHOULD be copied from the inner header
      Type of Service field (with one caveat, see below).

SB> Given that you have separated the host domain from the
SB> ISP domain, I am not sure why this is a SHOULD.

==========

  When doing ETR/PETR decapsulation:

  o  The inner header Time to Live field (or Hop Limit field, in case
      of IPv6) SHOULD be copied from the outer header Time to Live
      field, when the Time to Live field of the outer header is less
      than the Time to Live of the inner header.  Failing to perform
      this check can cause the Time to Live of the inner header to
      increment across encapsulation/decapsulation cycle.  This check is
      also performed when doing initial encapsulation when a packet
      comes to an ITR or PITR destined for a LISP site.


SB> What LISP is doing is very similar in many respects to
SB> MPLS does, and MPLS found that it needed both copy TTL and
SB> not copy TTL. I am surprised that you did not follow that model.

========



5.4.2.  A Stateful Solution to MTU Handling

SB> It looks like there needs to be some discussion about
SB> the state lifetime, and the issue of holding a stale
SB> MTU vs transienting a flow by flushing the cache.

========


6.1.  LISP IPv4 and IPv6 Control Plane Packet Formats

  The following UDP packet formats are used by the LISP control-plane.

SB> They are not UDP pkt formats, they are UDP/IP packet formats.

========

6.1.1.  LISP Packet Type Allocations

  This section will be the authoritative source for allocating LISP
  Type values.  Current allocations are:

SB> Surely the section *is* the authoritative source?
SB> Are you sure you do not need a registry for this?

=======


9.2.  IPv4 Traceroute

  The solution we propose to solve this problem is to cache traceroute
  IPv4 headers in the ITR and to match them up with corresponding IPv4
  Time Exceeded messages received from core routers and the ETR.

SB> This sounds like quite a complicated mechanism. Did the authors
SB> consider having the ITR do proxy traceroute?
2011-11-30
22 Stewart Bryant [Ballot Position Update] New position, No Objection, has been recorded
2011-11-30
22 Stewart Bryant
[Ballot comment]
o  End-systems (hosts) only send to addresses which are EIDs.  They
      don't know addresses are EIDs versus RLOCs but assume …
[Ballot comment]
o  End-systems (hosts) only send to addresses which are EIDs.  They
      don't know addresses are EIDs versus RLOCs but assume packets get
      to LISP routers, which in turn, deliver packets to the destination
      the end-system has specified.  The procedure a host uses to send
      IP packets does not change.

SB> Hosts don't assume packets get to LISP routers they assume they get SB> to other hosts - they don't know about LISP routers

==========


5.1.  LISP IPv4-in-IPv4 Header Format

SB> It would be helpful to the reader to put a forward ref to
SB> the definition of terms in 5.3 - same in 5.2.

==========


  UDP Checksum:  The UDP checksum field SHOULD be transmitted as zero
      by an ITR for either IPv4 [RFC0768] or IPv6 encapsulation
      [UDP-TUNNELS].  When a packet with a zero UDP checksum is received

SB> UDP-TUNNELS seems to be a normative reference to an expired
SB> individual draft. That seems to risk this (LISP) document going
SB> into limbo. The following text suggests that the reference
SB> should be changed to informative anyway.

      .... The handling of UDP
      checksums for all tunneling protocols, including LISP, is under
      active discussion within the IETF.  When that discussion
      concludes, any necessary changes will be made to align LISP with
      the outcome of the broader discussion.

=========

    0 x 0 1 x x x x
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |N|L|E|V|I|flags|  Source Map-Version  |  Dest Map-Version    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                Instance ID/Locator Status Bits              |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

SB> I cannot see a definition in this section of the terms
SB> Source Map-Version and Dest Map-Version

  I: The I bit is the Instance ID bit.  See Section 5.5 for more
      details.  When this bit is set to 1, the Locator Status Bits field
      is reduced to 8-bits and the high-order 24-bits are used as an
      Instance ID.  If the L-bit is set to 0, then the low-order 8 bits
      are transmitted as zero and ignored on receipt.  The format of the
      LISP header would look like:


    x x x x 1 x x x
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |N|L|E|V|I|flags|            Nonce/Map-Version                  |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                Instance ID                  |    LSBs      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

SB> s/LISP header would look like:/LISP header in this case is:/
SB> More importantly it is slightly confusing putting the 0 case
SB> rider before the format, since at first glance it looks like
SB> the format is only like this when L = 0.



=========

  o  The outer header Type of Service field (or the Traffic Class
      field, in the case of IPv6) SHOULD be copied from the inner header
      Type of Service field (with one caveat, see below).

SB> Given that you have separated the host domain from the
SB> ISP domain, I am not sure why this is a SHOULD.

==========

  When doing ETR/PETR decapsulation:

  o  The inner header Time to Live field (or Hop Limit field, in case
      of IPv6) SHOULD be copied from the outer header Time to Live
      field, when the Time to Live field of the outer header is less
      than the Time to Live of the inner header.  Failing to perform
      this check can cause the Time to Live of the inner header to
      increment across encapsulation/decapsulation cycle.  This check is
      also performed when doing initial encapsulation when a packet
      comes to an ITR or PITR destined for a LISP site.


SB> What LISP is doing is very similar in many respects to
SB> MPLS does, and MPLS found that it needed both copy TTL and
SB> not copy TTL. I am surprised that you did not follow that model.

========



5.4.2.  A Stateful Solution to MTU Handling

SB> It looks like there needs to be some discussion about
SB> the state lifetime, and the issue of holding a stale
SB> MTU vs transienting a flow by flushing the cache.

========


6.1.  LISP IPv4 and IPv6 Control Plane Packet Formats

  The following UDP packet formats are used by the LISP control-plane.

SB> They are not UDP pkt formats, they are UDP/IP packet formats.

========

6.1.1.  LISP Packet Type Allocations

  This section will be the authoritative source for allocating LISP
  Type values.  Current allocations are:

SB> Surely the section *is* the authoritative source?
SB> Are you sure you do not need a registry for this?

=======


9.2.  IPv4 Traceroute

  The solution we propose to solve this problem is to cache traceroute
  IPv4 headers in the ITR and to match them up with corresponding IPv4
  Time Exceeded messages received from core routers and the ETR.

SB> This sounds like quite a complicated mechanism. Did the authors
SB> consider having the ITR do proxy traceroute?
2011-11-30
22 Dan Romascanu
[Ballot comment]
1. I support Pete's COMMENT and Adrian's DISCUSS about the need to make more clear the goals of the experiment, the criteria of …
[Ballot comment]
1. I support Pete's COMMENT and Adrian's DISCUSS about the need to make more clear the goals of the experiment, the criteria of success and the limits of deployment while the document stays Experimental.

2. It would be more clear to split 14.1. into two sub-sections, especially as IANA is required to create a registry for LISP ACT if I understand correctly, while no action is required from IANA for the Flag Fields
2011-11-30
22 Dan Romascanu
[Ballot comment]
1. I support Pete and Adrian's DISCUSSes about the need to make more clear the goals of the experiment, the criteria of success …
[Ballot comment]
1. I support Pete and Adrian's DISCUSSes about the need to make more clear the goals of the experiment, the criteria of success and the limits of deployment while the document stays Experimental.

2. It would be more clear to split 14.1. intp two sub-sections, especially as IANA is required to create a registry for LISP ACT if I understand correctly, while no action is required from IANA for the Flag Fields
2011-11-30
22 Dan Romascanu [Ballot Position Update] New position, No Objection, has been recorded
2011-11-30
22 Adrian Farrel
[Ballot comment]
Abstract

What is a "network-based protocol"?

---

Please expand acronyms on first use. For example, xTRs.

---              …
[Ballot comment]
Abstract

What is a "network-based protocol"?

---

Please expand acronyms on first use. For example, xTRs.

---                                       

Please decide "an EID" or "a EID" and apply consistently.

---

The architectural overview in Seciton 4 would be enhanced by a picture.

The example in 4.1 would similarly benefit.

---

Section 5

  It is recommended in IPv4 that packets do not get
  fragmented as they are encapsulated by the ITR.  Instead, the packet
  is dropped and an ICMP Too Big message is returned to the source.

Is that REOMMENDED?

---
Section 5.3

I agree with Wes about the N and V bits.

---

Section 5.3 LISP Nonce

      When the E-bit is clear but the N-bit is
      set, a remote ITR is either echoing a previously requested echo-
      nonce or providing a random nonce.

"is clear/set" in what?
The original message sent, or the new message received?

---

Section 5.3 LISP Locator Status Bits

Please say "(LSB)" in the text to match the figure.
2011-11-30
22 Adrian Farrel
[Ballot discuss]
I'm inclined to agree with Russ that this is well-enough specified for
an experimental status document, but I have some concerns.

I don't …
[Ballot discuss]
I'm inclined to agree with Russ that this is well-enough specified for
an experimental status document, but I have some concerns.

I don't see any statement of the scope of the experiment or how it will
be judged. Traditionally, experiments are not released into the Internet
but are operated in a controlled way in walled gardens. It appears that
the intention with this experiment is that it should be conducted in the
Internet, and that makes it important to examine te risks and
uncertaintes.

As part of the Discuss resolution on other LISP documents, and in
accordance with the LISP WG charter, we had agreed that this
specification would countain an upfront and clear statement of the
issues and concerns. To remind you, the charter says:

At this time, these proposals are at an early stage. All proposals
(including LISP) have potentially harmful side-effects to Internet
traffic carried by the involved routers, have parts where deployment
incentives may be lacking, and are NOT RECOMMENDED for deployment beyond
experimental situations at this stage. Many of the proposals have
components (such as the identifier to locator mapping system) where it
is not yet known what kind of design alternative is the best one among
many.

and

The LISP WG is NOT chartered to develop the final
or standard solution for solving the routing scalability problem. Its
specifications are Experimental and labeled with accurate disclaimers
about their limitations and not fully understood implications for
Internet traffic. In addition, as these issues are understood, the
working group will analyze and document the implications of LISP on 
Internet traffic, applications, routers, and security. This analysis
will explain what role LISP can play in scalable routing. The analysis
should also look at scalability and levels of state required for
encapsulation, decapsulation, liveness, and so on

I do not consider that this draft has adhered to the WG charter, and I
consider the active encouragement of "early deployments" to be both
against the spirit and the letter of the charter. If you believe that
the experiment needs to be conducted "in the wild" you need to spend a
bit more text explaining why this is safe and how the experiment is
contained.

---

Section 2

  Routing Locators (RLOCs), which are topologically assigned to network
  attachment points (and are therefore amenable to aggregation)

I don't see that RLOCs are any more amenable to aggregation than today's
IP addresses. That is, the allocation scheme for RLOCs could be run such
that RLOCs are aggregatable, but could equally be run such that it is
hard to aggregate.

Maybe the points here are that:
- network attachment points are not (currently) mobile
- network attachment points are defined by the networks they attach to
- network attachment points, by definition, impose an aggregation of
  end points.

A way to solve this, if you wrote what you intended to write, would be a
forward pointer to the section in the document that describes
aggregation of RLOCs. Otherwise, perhaps just drop the parentheses.

---

Section 2

  One database design that is being developed
  and prototyped as part of the LISP working group work is [ALT].
  Others that have been described but not implemented include [CONS],
  [EMACS], [RPMD], [NERD].

Is the LISP working group undertaking controlled prototyping?
Is the intention to state that "there are known protocotype
implementations of [ALT]."

Similarly, what does it mean to say "have been described but not
implemented"? I guess: "At the time of writing, the authors are unaware
of any implementations of..."

---

Section 3

      When using multiple mapping database
      systems, care must be taken to not create reencapsulation loops.

What is this "care"?
What about loops caused by transient conditions (or errors) in a single
LISP mapping database?
Shouldn't the payload TTL at least be decremented by one for each
tunnel?

Note that reencapsulation is not the same as nested encapsulation.
You are clear about avoiding the latter (although some form of DPI
may be required to achieve it).
                                                             
---


Step 7 of Section 4.1 doesn't make it clear what has happened to the
first packet in the flow. I had assumed that it was buffered pending
the Map-Reply, but I now suspect it was discarded as soon as the
Map-Request was constructed. Can you add a clarification.

---


Section 5

  This specification recommends that implementations support for one of
  the proposed fragmentation and reassembly schemes.  These two
  existing schemes are detailed in Section 5.4.

This recommendation is presumably upper case, but should be made clear
in the pre-amble to section 5.4.

---


Section 5.3

  E: The E bit is the echo-nonce-request bit.  When this bit is set to
      1, the N bit MUST be 1.  This bit SHOULD be ignored and has no
      meaning when the N bit is set to 0.  See Section 6.3.1 for
      details.

Confused. I think you need:

  E: The E bit is the echo-nonce-request bit.  This bit MUST be ignored
      and has no meaning when the N bit is set to 0.  When the N bit is
      set to 1 and this bit is set to 1, this means blah.  See Section
      6.3.1 for details.
2011-11-30
22 Adrian Farrel [Ballot Position Update] New position, Discuss, has been recorded
2011-11-30
22 (System) State changed to Waiting for AD Go-Ahead from In Last Call.
2011-11-29
22 Wesley Eddy
[Ballot comment]
In Section 5.3, UDP Checksum discussion, the reference to draft-eubanks-chimento-6man should probably be to draft-ietf-6man-udpzero instead.

In section 5.4.1, what is "an architectural …
[Ballot comment]
In Section 5.3, UDP Checksum discussion, the reference to draft-eubanks-chimento-6man should probably be to draft-ietf-6man-udpzero instead.

In section 5.4.1, what is "an architectural constant"?  Should this just say "a constant"?
2011-11-29
22 Wesley Eddy
[Ballot discuss]
If both the N bit and V bit MUST NOT be set in the same packet, then why would there be any rule …
[Ballot discuss]
If both the N bit and V bit MUST NOT be set in the same packet, then why would there be any rule defined for processing such a packet rather than to DROP it?  It seems wrong to pretent that's okay and just treat it as if the V bit wasn't set.  What is the advantage of this, and is there any risk?

Section 5.4.1 is not clearly written, and seems fairly critical to proper performance.  For instance, what does it mean when it says S is the maximum size of a packet that an ITR "would like to receive"?  Is it the maximum that it *can* receive, the maximum that it can send on a next hop without fragmenting, etc.?  From the description in the 2nd paragraph, the size would only be S/2 + H if the incoming packet were size S, in which case after adding H, it would be size L, NOT greater than L as the first sentence says.  The definitions here really need to be tightened up and clarified.

I believe the stateful solution in 5.4.2 is preferable to the stateless one which seems like it could have very bad effects if it really sets DF=1 and isn't keeping any state about whether smaller fragments need to be sent for a particular destination.  The 5.4.1 algorithm doesn't solve this at all, and seems inadequate for providing a robust infrastructure.

RLOC probing has an impact on the network capacity in-use and there is no way to sense when the overall rate of probing may simply be too great for some bottleneck to handle (due to some combination of the number of RLOCs being probed or the rate of probing).  Losses can occur either of the probes or the map-replies.  Even in cases where it isn't a significant source of congestion, the probing has to be implemented to avoid having bad things happen like accidentally causing synchronization of sending the probes such that this control traffic spikes periodically.  Overall, unless the RLOC probing is better specified so that the risks and necessary precautions are well understood, this seems like a feature that could cause unexpected impact to data flows under some conditions.
2011-11-29
22 Wesley Eddy [Ballot Position Update] New position, Discuss, has been recorded
2011-11-29
22 Ralph Droms
[Ballot comment]
I'll take this opportunity to get on a soapbox for a moment and ask
for two bits of "truth in advertising" in the …
[Ballot comment]
I'll take this opportunity to get on a soapbox for a moment and ask
for two bits of "truth in advertising" in the Introduction.

First, I'd like to see a mention of the complementary observation that
using a single ID-LOC avoids the necessity of a separate step to
bind an identifier to its location and a database to manage those
bindings.  A mention of the scale of the binding database would be
appropriate, too.

Second, as I understand LISP, the EIDs are still ID-LOCs, not pure
identifiers, within a LISP site.  Outside any LISP site, an EID is a
pure identifier.  Which begs the question: exactly what is LISP
providing, since it isn't providing a pure ID/LOC separation.  E.g., a
node can't move within a site without changing its ID, nor can it move
between sites without changing its ID.  Of course, this hybrid ID/LOC
architecture helps with the scaling of the ID/LOC binding database.

OK, I'm back down off my soapbox.  I feel better now.

Continuing...

In section 4: first bullet of "basic rules": is it the case that
end-systems are aware of LISP at all?

I would write the first phrase of the third paragraph of section 5 as
"Because EIDs and RLOCs can be either IPv4 or IPv6 addresses, ..."

I don't understand the deployment method described in section 5.5.  I
think I understand the scenario, but I don't understand how RFC 1918
prefixes can be used as EID prefixes.  How is an EID that has an RFC
1918
prefix disambiguated to do the EID-RLOC mapping?

How is the numbering of RLOCs described in section 6.3, which maps
RLOCs to bit positions in the Locator Status Bits field, determined?
How is the numbering affected by RLOCs leaving and joining the set of
RLOCs at a LISP site?

In section 6.3, how does an ITR determine the original destination of
an encapsulated datagram that triggers an ICMP Network or Host
Unreachable message, so it can construct a meaningful ICMP Unreachable
message to send to the original source of the datagram?

Typo in section 6.5: s/will be yield/will yield/

In section 10.2, I understand how LISP can help avoid site
renumbering, as described in RFC 4192, but I don't understand how it
helps with renumbering a single node (why "endpoint"?) that moves
within or between sites.  What is the impact of host renumbering on
LISP forwarding?
2011-11-29
22 Ralph Droms [Ballot Position Update] New position, No Objection, has been recorded
2011-11-29
22 Pete Resnick
[Ballot comment]
LISP sounds like a serious protocol experiment. I would have liked there to be more discussion in either the document or in the …
[Ballot comment]
LISP sounds like a serious protocol experiment. I would have liked there to be more discussion in either the document or in the writeup about how that experiment is going to conclude. That is, though I see the things in section 15 that indicate what it would take to really move this to the standards track, it would be nice to see some discussion about how interoperability is going to be measured as the experiment progresses.
2011-11-29
22 Pete Resnick [Ballot Position Update] New position, No Objection, has been recorded
2011-11-29
22 Russ Housley
[Ballot comment]
This is going for experimental, and I think it clears the bar for
  experimental.  However, I think Section 6 could be much …
[Ballot comment]
This is going for experimental, and I think it clears the bar for
  experimental.  However, I think Section 6 could be much more clear.
2011-11-29
22 Russ Housley [Ballot Position Update] New position, No Objection, has been recorded
2011-11-29
22 Robert Sparks [Ballot comment]
Consider tightening the 3 steps listed in section 5.4.1. Step 2 is really the place you calculated L based on S and H.
2011-11-29
22 Robert Sparks
[Ballot discuss]
This document is almost ready for publication as Experimental, but I would like to ask about the status of some of the Informative …
[Ballot discuss]
This document is almost ready for publication as Experimental, but I would like to ask about the status of some of the Informative references before approving it.

[CHIAPPA] points to a personal webserver (that redirects to a university server) - what's the expected stability of that reference.

Where can I find the document pointed to by [RPMD]?

[CONS] appears to be abandoned (the last update was in 2008) - are there plans to advance it?
2011-11-29
22 Robert Sparks [Ballot Position Update] New position, Discuss, has been recorded
2011-11-28
22 Jari Arkko [Ballot Position Update] New position, Yes, has been recorded for Jari Arkko
2011-11-28
22 Jari Arkko Ballot has been issued
2011-11-28
22 Jari Arkko Created "Approve" ballot
2011-11-24
22 Sam Weiler Request for Last Call review by SECDIR is assigned to Matt Lepinski
2011-11-24
22 Sam Weiler Request for Last Call review by SECDIR is assigned to Matt Lepinski
2011-11-17
22 Jean Mahoney Request for Last Call review by GENART is assigned to Elwyn Davies
2011-11-17
22 Jean Mahoney Request for Last Call review by GENART is assigned to Elwyn Davies
2011-11-14
22 Jari Arkko Placed on agenda for telechat - 2011-12-01
2011-11-13
22 Cindy Morgan Last call sent
2011-11-13
22 Cindy Morgan
State changed to In Last Call from Last Call Requested.

The following Last Call Announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: …
State changed to In Last Call from Last Call Requested.

The following Last Call Announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Subject: Last Call:  (Locator/ID Separation Protocol (LISP)) to Experimental RFC


The IESG has received a request from the Locator/ID Separation Protocol
WG (lisp) to consider the following document:
- 'Locator/ID Separation Protocol (LISP)'
  as an Experimental RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2011-11-30. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  This draft describes a network-based protocol that enables separation
  of IP addresses into two new numbering spaces: Endpoint Identifiers
  (EIDs) and Routing Locators (RLOCs).  No changes are required to
  either host protocol stacks or to the "core" of the Internet
  infrastructure.  LISP can be incrementally deployed, without a "flag
  day", and offers traffic engineering, multi-homing, and mobility
  benefits to early adopters, even when there are relatively few LISP-
  capable sites.

  Design and development of LISP was largely motivated by the problem
  statement produced by the October 2006 IAB Routing and Addressing
  Workshop.





The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-lisp/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-lisp/


No IPR declarations have been submitted directly on this I-D.


2011-11-13
22 Jari Arkko Last Call was requested
2011-11-13
22 Jari Arkko State changed to Last Call Requested from AD Evaluation::AD Followup.
2011-11-13
22 Jari Arkko Last Call text changed
2011-11-13
22 (System) Ballot writeup text was added
2011-11-13
22 (System) Last call text was added
2011-11-13
22 (System) Ballot approval text was added
2011-11-04
22 (System) Sub state has been changed to AD Follow up from New ID Needed
2011-11-04
16 (System) New version available: draft-ietf-lisp-16.txt
2011-10-23
22 Jari Arkko
I have now completed my review.

In general, I'm quite happy with the document. There were of course a number of issues, even some technical …
I have now completed my review.

In general, I'm quite happy with the document. There were of course a number of issues, even some technical ones such as explaining the areas where experimentation is needed in Section 1, expanding the security considerations section, when you do return routability checks, pointing to normal ECN functionality, advice for ICMP treatment, the scope of the mobility section, better acknowledgment of cache management difficulties in the router performance section, contents of the IANA section, normative/non-normative reference split, and so on. But on the whole I did not see any showstoppers. We should be able to make the modifications quickly and last call the document. I can see that Dino has already done a lot of that; thanks. In some cases further discussion is needed. I will respond on the mail thread on each specific mail.

One additional follow-up on my own earlier note:

>> An ITR that is configured with mapping database information (i.e. it
>> is also an ETR) may optionally include those mappings in a Map-
>> Request.  When an ETR configured to accept and verify such
>> "piggybacked" mapping data receives such a Map-Request and it does
>> not have this mapping in the map-cache, it may originate a "verifying
>> Map-Request", addressed to the map-requesting ITR.  If the ETR has a
>> map-cache entry that matches the "piggybacked" EID and the RLOC is in
>> the locator-set for the entry, then it may send the "verifying Map-
>> Request" directly to the originating Map-Request source.  If the RLOC
>> is not in the locator-set, then the ETR MUST send the "verifying Map-
>> Request" to the "piggybacked" EID.  Doing this forces the "verifying
>> Map-Request" to go through the mapping database system to reach the
>> authoritative source of information about that EID, guarding against
>> RLOC-spoofing in in the "piggybacked" mapping data.
>
> I want to understand this better and I guess reading to the end of the document will answer some of my questions. But as a general rule, I think we should not trust other nodes in the network to claim alternative addresses for themselves, unless we can somehow verify (via return routability or via mapping data base) that they appear to really be at that address. So I am wondering if the "may originate" should become "originates". But I'm reading on.

I think the right thing here is already specified in your text for the case when the map-cache entry exists. But I think you need to change the "may originate" in the to "MUST originate" when there is no map-cache entry. Otherwise, you are believing a locator claim from a random packet sent to you. It is too easy to misuse this, and the remedy is simple: just require the same check as you already do when the cache entry exists but the locator is new.

Jari
2011-10-22
22 Jari Arkko
This is the last part of my review, as far as the actual document contents go. I will send another summary e-mail.

Technical:

> 14.1.  …
This is the last part of my review, as far as the actual document contents go. I will send another summary e-mail.

Technical:

> 14.1.  LISP Address Type Codes
>
>    Instance ID type codes have a range from 0 to 15, of which 0 and 1
>    have been allocated [LCAF].  New Type Codes MUST be allocated
>    starting at 2.  Type Codes 2 - 10 are to be assigned by IETF Review.
>    Type Codes 11 - 15 are available on a First Come First Served policy.
>
>    The following codes have been allocated:
>
>    Type 0:  Null Body Type
>
>    Type 1:  AFI List Type
>
>    See [LCAF] for details for other possible unapproved address
>    encodings.  The unapproved LCAF encodings are an area for further
>    study and experimentation.

To begin with, I did not understand this definition. I'm trying to understand where the LCAF draft actually makes the instance ID allocations, and I can't see it. In addition, the "Null Body Type" string only appears twice in this and the LCAF draft, and neither occurrence explains what it is. I think something is missing here.

Finally, I do not understand why this section is in -lisp to begin with. The string "LISP Address Type Code" does not appear in the rest of the document AFAICT. The allocations in the LCAF draft seem to be inside a format defined in that draft.  Shouldn't the IANA allocations and the creation of the registry be in that draft as well? This seems particularly important, given that the list of types in -lisp does not match the list in -lcaf.

Suggested edit: delete this section.

>
>
>    o  The following policies are used here with the meanings defined in
>      BCP 26: "Specification Required", "IETF Consensus", "Experimental
>      Use", "First Come First Served".

None of these terms are used in the rest of the document.

> 14.  IANA Considerations

This sections makes the right allocations from other, already existing registries (like UDP port numbers). But it should also define what the policies are for allocating new values with the various new number spaces that Lisp introduces:

- flags
- type
- reserved
- act
- unused flags
- ...

>    [BGP-SEC]  Lepinski, M., "An Overview of BGPSEC",
>              draft-lepinski-bgpsec-overview-00.txt (work in progress),
>              March 2011.
>
>    [KARP]    Lebovitz, G. and M. Bhatia, "Keying and Authentication for
>              Routing Protocols (KARP)Design Guidelines",
>              draft-ietf-karp-design-guide-02.txt (work in progress),
>              March 2011.
>    [RPKI]    Lepinski, M., "An Infrastructure to Support Secure
>              Internet Routing", draft-ietf-sidr-arch-13.txt (work in
>              progress), February 2011.


I have a hard time seeing why these should be normative references. They are just mentioned as work that is in progress in securing the routing system. You do not need to read these to implement LISP as specified in this document, or even to understand what Lisp is or its impacts.

>    [RFC1034]  Mockapetris, P., "Domain names - concepts and facilities",
>              STD 13, RFC 1034, November 1987.

If you look at the way this is referenced from the text, it is clear that this should be a non-normative reference.

      The host obtains
      a destination EID the same way it obtains an destination address
      today, for example through a Domain Name System (DNS) [RFC1034]
      lookup or Session Invitation Protocol (SIP) [RFC3261] exchange.

>    [RFC3261]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
>              A., Peterson, J., Sparks, R., Handley, M., and E.
>              Schooler, "SIP: Session Initiation Protocol", RFC 3261,
>              June 2002.

Same as above.

>    [RFC2784]  Farinacci, D., Li, T., Hanks, S., Meyer, D., and P.
>              Traina, "Generic Routing Encapsulation (GRE)", RFC 2784,
>              March 2000.

If you look at the way this is referenced from the text, I think this should be a non-normative reference.

  o  On an ITR, prepending a new IP header consists of adding more
      bytes to a MAC rewrite string and prepending the string as part of
      the outgoing encapsulation procedure.  Routers that support GRE
      tunneling [RFC2784] or 6to4 tunneling [RFC3056] may already
      support this action.

GRE is here use as an example, not as normative behavior.

>    [RFC3056]  Carpenter, B. and K. Moore, "Connection of IPv6 Domains
>              via IPv4 Clouds", RFC 3056, February 2001.

Same as above.

>
>    [RFC4866]  Arkko, J., Vogt, C., and W. Haddad, "Enhanced Route
>              Optimization for Mobile IPv6", RFC 4866, May 2007.

I think this one can be non-normative or even be removed, depending on how the mobility section rewrite goes.

>
>    [RFC4984]  Meyer, D., Zhang, L., and K. Fall, "Report from the IAB
>              Workshop on Routing and Addressing", RFC 4984,
>              September 2007.

Background. Non-normative.

>    [AFI]      IANA, "Address Family Indicators (AFIs)", ADDRESS FAMILY
>              NUMBERS
>              http://www.iana.org/assignments/address-family-numbers.
>
>    [AFI-REGISTRY]
>              IANA, "Address Family Indicators (AFIs)", ADDRESS FAMILY
>              NUMBER registry http://www.iana.org/assignments/
>              address-family-numbers/
>              address-family-numbers.xml#address-family-numbers-1.

Is there really no better reference for this, an RFC perhaps?

I wish there were... and that RFC could be put in to the normative-reference section. If there is no suitable RFC I'm fine with the current two references as-is.

>    [INTERWORK]
>              Lewis, D., Meyer, D., Farinacci, D., and V. Fuller,
>              "Interworking LISP with IPv4 and IPv6",
>              draft-ietf-lisp-interworking-02.txt (work in progress).

I think this one should be normative. This is such a key piece of work to understanding Lisp, and the text seems to treat it as if it is a normative part. For instance:

  Proxy ITR (PITR):  A PITR is also known as a PTR is defined and
      described in [INTERWORK], a PITR acts like an ITR but does so on
      behalf of non-LISP sites which send packets to destinations at
      LISP sites.

>    [LISP-MS]  Farinacci, D. and V. Fuller, "LISP Map Server",
>              draft-ietf-lisp-ms-09.txt (work in progress).

Isn't this normative as well? Here's an example of how the text refers to it:

  Map-Requests can also be LISP encapsulated using UDP destination port
  4342 with a LISP type value set to "Encapsulated Control Message",
  when sent from an ITR to a Map-Resolver.  Likewise, Map-Requests are
  LISP encapsulated the same way from a Map-Server to an ETR.  Details
  on encapsulated Map-Requests and Map-Resolvers can be found in
  [LISP-MS].

>
>
>    [VERSIONING]
>              Iannone, L., Saucez, D., and O. Bonaventure, "LISP Mapping
>              Versioning", draft-ietf-lisp-map-versioning-01.txt (work
>              in progress).

I suspect this is normative, too. See Section 6.6.3.

Jari
2011-10-19
22 Jari Arkko
I'm still continuing my review. I've now read halfway through Section 11, and hope to complete the review by Friday.

Technical:

> 6.3.  Routing Locator …
I'm still continuing my review. I've now read halfway through Section 11, and hope to complete the review by Friday.

Technical:

> 6.3.  Routing Locator Reachability

I think Lisp supports only bidirectional reachability (unless it relies on underlying BGP information), but I was unable to tell for sure from the document. Nonces and probes appear to work only when the same locator pairs are used for both directions of traffic. Could you say something about this in the document?

> 6.5.  Routing Locator Hashing

It may be useful to point to http://tools.ietf.org/html/draft-ietf-6man-flow-ecmp-05 as well.

>    1.  Either a source and destination address hash can be used or the
>        traditional 5-tuple hash which includes the source and
>        destination addresses, source and destination TCP, UDP, or SCTP
>        port numbers and the IP protocol number field or IPv6 next-
>        protocol fields of a packet a host originates from within a LISP
>        site.  When a packet is not a TCP, UDP, or SCTP packet, the
>        source and destination addresses only from the header are used to
>        compute the hash.

There is a complication that fragments, and in general, IPv6 extension headers make the 5-tuple approach impractical on some systems. I wonder if this should affect the recommendation somehow. I can see the danger that people implement the 5-tuple check incompletely, causing fragmented packets to potentially go to a different path. But this is obviously a general issue, not Lisp specific. I can't remember other recommendations than the 6man document above about this matter. Does someone else remember?

> 6.6.2. Solicit-Map-Request (SMR)

The various rate limit mechanisms should either be specified or you should state that the right parameters are still under experimentation (I'd prefer the latter).

>    Since the ETRs don't keep track of remote ITRs that have cached their
>    mappings, they do not know which ITRs need to have their mappings
>    updated.  As a result, an ETR will solicit Map-Requests (called an
>    SMR message) from those sites to which it has been sending
>    encapsulated data to for the last minute.  In particular, an ETR will
>    send an SMR an ITR to which it has recently sent encapsulated data.

More time factors that we do not yet know if they work well.

But more importantly, what happens with ITRs who are not currently sending data but had cached a map entry? If the previous cache entry still contains working locators, we are fine, but what if not? Doesn't this point to a limitation that locator sets cannot (completely) change except on time scales longer than map entry cache lifetimes? Or am I missing something?

>    o  When a tunnel encapsulated packet is received by an ETR, the outer
>      destination address may not be the address of the router.

This seems like a basic thing, but I must have missed this. Which Lisp tunnel packets do not use the address of an ETR as the destination?

> 7.  Router Performance Considerations

I expected this section to also talk about the effects of caching-based designs. What happens when you suddenly are getting a flood of new destinations to find a mapping to, etc.

> The solution we propose to solve this problem is to cache traceroute
> IPv4 headers in the ITR and to match them up with corresponding IPv4
> Time Exceeded messages received from core routers and the ETR.  The
> ITR will use a circular buffer for caching the IPv4 and UDP headers
> of traceroute packets.

All IPv4 UDP packets? Uh oh... perhaps you should include some of the implications either here or Section 7. This means inspecting every packet, for instance... Are you sure there are no other solutions to doing this?

> The signature of a traceroute packet comes in two forms.  The first
> form is encoded as a UDP message where the destination port is
> inspected for a range of values.  The second form is encoded as an
> ICMP message where the IP identification field is inspected for a
> well-known value.

This is not much fun, either. Traceroute implementations generally allow quite liberal specification of which packets should be used for the probing: ICMP echo, UDP, TCP SYN, port selections, etc. At the very least you should document what the implications are, i.e., that only limited traceroute functionality can be supported. I don't think you can rely on configuration of port ranges and other things, because even if the administrator would know what traceroute types are used in his own network, traceroute should also work from the outside in the other direction, initiated by other people.

> 10.  Mobility Considerations

We've talked about this in the past. I don't think mobility-as-a-feature-of-lisp belongs in this document, it belongs in the possible future document on Lisp mobility. We should not speculate what could be done.

The impacts of Lisp to mobility protocols are, however, in scope. But I at least found the text somewhat unclear. First, I think you have decide what kind of scenarios you'd like to support. The text talks about changing EIDs, and I think that is something that you wouldn't necessarily need to cover; it is pretty alien to the current mobility protocols. But it would be a very reasonable question to ask if mobile nodes can move in and out of Lisp networks, and what the effects are? As far as I can tell, this can subdivided into the following aspects:

1) Pure mobile nodes (like most of today's laptops and PDAs) that do not support mobility protocols. When such a node arrives in a Lisp site, it will cause cache activity as it continues to do what it wants to do and re-establish connections to the sites that it wants to communicate with.

2) Mobile nodes that support a mobility protocol (MIP4, MIP6, HIP, etc). If all parties in the communication are in Lisp sites, these should not be affected beyond the usual cache effects. Lisp as is should be able to support this.

3) As above but using interworking between the Lisp and the Non-Lisp Internets. These bring NAT-like effects, I think, which may work with MIP4 but may have issues with MIP6.

4) Home agents and other forwarding agents. Can these exist in a Lisp site? I think the considerations are very similar to those in items 2 and 3.

Here's a suggested quick rewrite:

10.  Mobility Considerations

  There are several kinds of mobility of which only some might be of
  concern to LISP.  Essentially they are as follows.

10.1.  Site Mobility

  A site wishes to change its attachment points to the Internet, and
  its LISP Tunnel Routers will have new RLOCs when it changes upstream
  providers.  Changes in EID-RLOC mappings for sites are expected to be
  handled by configuration, outside of the LISP protocol.

10.2.  Slow Endpoint Mobility

  An individual endpoint wishes to move, but is not concerned about
  maintaining session continuity.  Renumbering is involved.  LISP can
  help with the issues surrounding renumbering [RFC4192] [LISA96] by
  decoupling the address space used by a site from the address spaces
  used by its ISPs.  [RFC4984]

10.3.  Fast Endpoint Mobility

  Fast endpoint mobility occurs when an endpoint moves relatively
  rapidly, changing its IP layer network attachment point.  Maintenance
  of session continuity is a goal.  This is where the Mobile IPv4
  [RFC5944] and Mobile IPv6 [RFC3775] [RFC4866]. Possible Lisp support for
  similar functionality remains to be addressed by future work.

10.4. Interaction with Existing Mobile Nodes

  Mobile nodes that do not support any particular protocol mechanism (such
  as Mobile IP) should appear to Lisp sites just as other hosts do. However,
  nodes that move around are likely to re-establish connections to their
  communication peers when they enter the Lisp site, and this will likely
  cause additional mapping entries to be fetched for the caches, and
  may cause some initial performance degradation.

  Mobile nodes that use a mobility protocol (Mobile IPv4, Mobile IPv6, HIP)
  but communicate entirely within Lisp-enabled sites should not experience
  any differences to their usual operations. Again, mobile node movement will
  cause new communication patterns to the relevant home agents and, in the case
  of route optimization, correspondent nodes.

  The use of mobility protocols between Lisp-enabled and non-Lisp enabled sites
  will likely cause NAT-like effects. The specific effects remain a topic for further
  work and experimentation.

Editorial:

>    There are two basic deployment trade-offs to consider: centralized
>    versus distributed caches and flat, recursive, or re-encapsulating
>    tunneling.  When deciding on centralized versus distributed caching,
>    the following issues should be considered:

Perhaps you should define what you mean by centralized caching, distributed caching, etc. It was not clear for me.
2011-10-13
22 Jari Arkko
Still more parts in my review. I have now read until the beginning of Section 6.3.1. Some of these comments may change as I have …
Still more parts in my review. I have now read until the beginning of Section 6.3.1. Some of these comments may change as I have read to the end of the document.

Technical:

>    When an ETR is misconfigured or compromised, it could return coarse
>    EID-prefixes in Map-Reply messages it sends.  The EID-prefix could
>    cover EID-prefixes which are allocated to other sites redirecting
>    their traffic to the locators of the compromised site.
>
>    To solve this problem, there are two basic solutions that could be
>    used.  The first is to have Map-Servers proxy-map-reply on behalf of
>    ETRs so their registered EID-prefixes are the ones returned in Map-
>    Replies.  Since the interaction between an ETR and Map-Server is
>    secured with shared-keys, it is more difficult for an ETR to
>    misbehave.  The second solution is to have ITRs and PTRs cache EID-
>    prefixes with mask-lengths that are greater than or equal to a
>    configured prefix length.  This limits the damage to a specific width
>    of any EID-prefix advertised, but needs to be coordinated with the
>    allocation of site prefixes.  These solutions can be used
>    independently or at the same time.
>
>    At the time of this writing, other approaches are being considered
>    and researched.

There are obvious remaining issues with these solutions. Map-Servers may also be compromised, it is not clear that site prefix allocations have all equal size, ETRs may still return prefixes for someone else, etc. Have these been described in the security considerations section?

> S:  This is the Security bit.  When set to 1 the field following the
>      Reserved field will have the following format.  The detailed
>      format of the Authentication Data Content is for further study.

For further study, as in not defined by any of the LISP documents currently being published? It might be more appropriate to say "This contents of this field are reserved for future use and no current authentication data formats are defined."  And the implications should be described somewhere in security considerations section or the overall list of issues that need further work. (Or if this is actually defined somewhere, say "The detailed format of the field is described in [normative reference].")

And why is this definition different from other places where an authentication data field was included?

>    2.  An ITR may receive an ICMP Network or ICMP Host Unreachable
>        message for an RLOC it is using.  This indicates that the RLOC is
>        likely down.

There is obviously a need to soften the impact spurious or spoofed ICMP messages. There is probably a TCP RFC somewhere where you can copy some current advise wrt. trusting ICMP error messages.

> When a bit goes from 1 to 0, the ETR will
> refrain from encapsulating packets to an RLOC that is indicated as
> down.

Some considerations might be necessary for conflicting information. For instance, what do you do if you receive a packet from a locator that is claimed to be down by another ITR?

Also, I do not fully understand what happens when you include the map version numbers in a LISP packet (V=1) and no nonce. Can off-the path attackers spoof a packet that claims to come from an ITR and which changes the locator status bits? That would open an ETR up for believe anyone in the Internet. Or am I missing something?

Editorial:

>      10.0.0.0/8
>      10.1.0.0/16
>      10.1.1.0/24
>      10.1.2.0/24
>
>    A Map-Request for EID 10.1.1.1 would cause a Map-Reply with a record
>    count of 1 to be returned with a mapping record EID-prefix of
>    10.1.1.0/24.

This is just a comment, but I would personally use the IPv4 example address ranges for these sorts of examples, particularly given that both identifiers and locators are normally globally reachable addresses.
2011-10-11
22 Jari Arkko
Continuing my review:

Technical:

> LISP Nonce:  The LISP nonce field is a 24-bit value that is randomly
> generated by an ITR when the …
Continuing my review:

Technical:

> LISP Nonce:  The LISP nonce field is a 24-bit value that is randomly
> generated by an ITR when the N-bit is set to 1.  The nonce is also
> used when the E-bit is set to request the nonce value to be echoed
> by the other side when packets are returned.  When the E-bit is
> clear but the N-bit is set, a remote ITR is either echoing a
> previously requested echo-nonce or providing a random nonce.  See
> Section 6.3.1 for more details.

I read 6.3.1 and this text but it was still unclear to me if the nonces are generated fresh on a per-packet basis, or if one nonce value is sent on a stream of packets until you see it echoed back.

Can you clarify?

>    When doing ITR/PITR encapsulation:
>
>    o  The outer header Time to Live field (or Hop Limit field, in case
>      of IPv6) SHOULD be copied from the inner header Time to Live
>      field.

Just checking: this happens *after* you have decremented the TTL/HL as you were making a forwarding decision for the packet. So when the packet passes through an ITR, the outer IP header has a TTL that is decremented by one compared to the original packet, when looking at the packets on the wire. Right?

>    Note if an ETR/PETR is also an ITR/PITR and choose to reencapsulate
>    after decapsulating, the net effect of this is that the new outer
>    header will carry the same Time to Live as the old outer header.

This seems wrong. Shouldn't the TTL be decremented even in this situation. But I'm sure you thought about this. What am I missing?

> The ECN field occupies bits 6 and 7 of both the IPv4 Type of Service
> field and the IPv6 Traffic Class field [RFC3168].  The ECN field
> requires special treatment in order to avoid discarding indications
> of congestion [RFC3168].  ITR encapsulation MUST copy the 2-bit ECN
> field from the inner header to the outer header.  Re-encapsulation
> MUST copy the 2-bit ECN field from the stripped outer header to the
> new outer header.  If the ECN field contains a congestion indication
> codepoint (the value is '11', the Congestion Experienced (CE)
> codepoint), then ETR decapsulation MUST copy the 2-bit ECN field from
> the stripped outer header to the surviving inner header that is used
> to forward the packet beyond the ETR.  These requirements preserve
> Congestion Experienced (CE) indications when a packet that uses ECN
> traverses a LISP tunnel and becomes marked with a CE indication due
> to congestion between the tunnel endpoints.

This works for routers that do not participate in ECN process themselves. I suppose it is theoretically possible that an xTR would also be doing ECN. Perhaps you could add to the end of this paragraph: "In addition, at the end of the process specified above, an ECN-capable xTR may perform its own modification of the ECN bits per [RFC3168] when it detects congestion.

> An ITR that is configured with mapping database information (i.e. it
> is also an ETR) may optionally include those mappings in a Map-
> Request.  When an ETR configured to accept and verify such
> "piggybacked" mapping data receives such a Map-Request and it does
> not have this mapping in the map-cache, it may originate a "verifying
> Map-Request", addressed to the map-requesting ITR.  If the ETR has a
> map-cache entry that matches the "piggybacked" EID and the RLOC is in
> the locator-set for the entry, then it may send the "verifying Map-
> Request" directly to the originating Map-Request source.  If the RLOC
> is not in the locator-set, then the ETR MUST send the "verifying Map-
> Request" to the "piggybacked" EID.  Doing this forces the "verifying
> Map-Request" to go through the mapping database system to reach the
> authoritative source of information about that EID, guarding against
> RLOC-spoofing in in the "piggybacked" mapping data.

I want to understand this better and I guess reading to the end of the document will answer some of my questions. But as a general rule, I think we should not trust other nodes in the network to claim alternative addresses for themselves, unless we can somehow verify (via return routability or via mapping data base) that they appear to really be at that address. So I am at least wondering if the "may originate" should become "originates". But I'm reading on.

> Weight:  when priorities are the same for multiple RLOCs, the weight
> indicates how to balance unicast traffic between them.  Weight is
> encoded as a relative weight of total unicast packets that match
> the mapping entry.  For example if there are 4 locators in a
> locator set, where the weights assigned are 30, 20, 20, and 10,
> the first locator will get 37.5% of the traffic, the 2nd and 3rd
> locators will get 25% of traffic and the 4th locator will get
> 12.5% of the traffic.  If all weights for a locator-set are equal,
> receiver of the Map-Reply will decide how to load-split traffic.

I am  surprised by the last sentence. Do you really mean that the receiver has the power to distribute, e.g., all traffic to the first locator? Or that the load-split will be equal among the locators? If you mean the former, how do I signal that I desire an equal load split? Send 49-51?

Editorial:

>    UDP Length:  The UDP length field is for an IPv4 encapsulated packet,
>      the inner header Total Length plus the UDP and LISP header lengths
>      are used.  For an IPv6 encapsulated packet, the inner header
>      Payload Length plus the size of the IPv6 header (40 bytes) plus
>      the size of the UDP and LISP headers are used.  The UDP header
>      length is 8 bytes.


I had trouble parsing this text. The first sentence seems to say that the is only for IPv4, but I think you mean that the values are calculated in different ways for IPv4 and IPv6.

Please clarify/reformulate.

> The format of the
> last 4 bytes of the LISP header would look like:
>
>
>      x x x x 1 x x x
>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>    |N|L|E|V|I|flags|            Nonce/Map-Version                  |
>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>    |                Instance ID                  |    LSBs      |
>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

... format of the last 8 bytes of the LISP header ....

>    M: When set, it indicates a Map-Reply Record segment is included in
>      the Map-Request.

Unlike other bits this one has no name. Or is it the "Map-Reply Record Bit"?

>    S: This is the SMR bit.  See Section 6.6.2 for details.

Please expand SMR, as this is the first time this abbreviation appears in the document.

>    S: This is the SMR bit.  See Section 6.6.2 for details.
>
>    s: This is the SMR-invoked bit.  This bit is set to 1 when an xTR is
>      sending a Map-Request in response to a received SMR-based Map-
>      Request.

The naming looks somewhat odd. Maybe SMR-request and SMR-response bits, or Solicited Map Request bit and Solicited Map Request Response bit...

> IRC:  This 5-bit field is the ITR-RLOC Count which encodes the
> additional number of (ITR-RLOC-AFI, ITR-RLOC Address) fields
> present in this message.  At least one (ITR-RLOC-AFI, ITR-RLOC-
> Address) pair must always be encoded.  Multiple ITR-RLOC Address
> fields are used so a Map-Replier can select which destination
> address to use for a Map-Reply.  The IRC value ranges from 0 to
> 31, and for a value of 1, there are 2 ITR-RLOC addresses encoded
> and so on up to 31 which encodes a total of 32 ITR-RLOC addresses.

Perhaps you should explicitly say that value 0 means there are 1 ITR-RLOC addresses.

(You say only that "At least one pair must always be encoded", but does that mean that value 0 is disallowed or that it means 1 pair?)

Jari
2011-10-03
22 Jari Arkko
Continuing with my review. Many of the observations below are questions. I may understand many of these better once I finish the whole document, but …
Continuing with my review. Many of the observations below are questions. I may understand many of these better once I finish the whole document, but I wanted to send out my notes already now.

Technical:

>    o  End-systems (hosts) only send to addresses which are EIDs.  They
>      don't know addresses are EIDs versus RLOCs but assume packets get
>      to LISP routers, which in turn, deliver packets to the destination
>      the end-system has specified.

Is this always true, e.g, when some interworking mechanism between the LISP and non-LISP parts of the Internet is in use, and one of the peers employs some NAT traversal techniques? It would seem that there can be cases where the peers observe RLOC addresses and use them for some purpose.

This might be something to mention in the limitations/things to test section, for instance, or discussed in in the interworking document (and maybe it already is, I did not check).


>
>  A server host can be the endpoint
>      of a LISP tunnel as well.
...
>    o  RLOCs are always IP addresses assigned to routers

Isn't this an inconsistency? Or is a server that terminates a tunnel called a router?

>    o  When a router originates packets it may use as a source address
>      either an EID or RLOC.

You should state somewhere what the manageability requirements are for making this happen, or if hardcoded policies are sufficient (e.g., iBGP vs. eBGP use of addresses). Does this require additional functionality for RFC 3484 style source address selection, or can you cope with existing functionality?

Note: I'm not asking for any new functionality, just a statement about the expectations.

>    In order to avoid excessive packet overhead as well as possible
>    encapsulation loops, this document mandates that a maximum of two
>    LISP headers can be prepended to a packet.

This seems hard to mandate in any real sense. Perhaps you want to say "recommends" instead of "mandates"?
>    2.  The LISP ITR must be able to map the EID destination to an RLOC
>        of one of the ETRs at the destination site.  The specific method
>        used to do this is not described in this example.  See [ALT] or
>        [CONS] for possible solutions.
>
>    3.  The ITR will send a LISP Map-Request.  Map-Requests SHOULD be
>        rate-limited.
>
>    4.  When an alternate mapping system is not in use, the Map-Request
>        packet is routed through the underlying routing system.
>        Otherwise, the Map-Request packet is routed on an alternate
>        logical topology.  In either case, when the Map-Request arrives
>        at one of the ETRs at the destination site, it will process the
>        packet as a control message.

First, the the "alternate mapping system" appears here for the first time. Maybe you should indicate it refers to [ALT].

Second, parts of step 4 go pretty deep in what the specific mapping methods are. I'm wondering if this alternative text would fit better:

"4.  The Map-Request packet is delivered to the right ETR with the help of the mapping system. (For instance, in [ALT] this happens via an EID-based alternate routing topology.) In any case, when the Map-Request arrives ..."

> 6.  The ITR receives the Map-Reply message, parses the message (to
>    check for format validity) and stores the mapping information
>    from the packet.  This information is stored in the ITR's EID-to-
>    RLOC mapping cache.  Note that the map cache is an on-demand
>    cache.  An ITR will manage its map cache in such a way that
>    optimizes for its resource constraints.

This is just a comment, but FWIW, I am not super happy about the way the caching is an integral part of the specifications for LISP. Fundamentally, you could have used two orthogonal tools for dealing with routing scalability: 1. have only a subset of routers have to deal with EID routing (the xTRs) and 2. use caching for scaling these routers better. If we had done this, then we would have had a very easy answer to those who have criticized the caching approach over the years: it is optional and up to the implementors to use or not. The first tool would still have been a valid approach to make the Internet scale better, even if you never did any caching.

In any case, your description of the thins-to-test should probably say something about effects of caching.

>    8.  The ETR receives these packets directly (since the destination
>        address is one of its assigned IP addresses), strips the LISP
>        header and forwards the packets to the attached destination host.
>    Spoofing of inner header addresses of LISP encapsulated packets is
>    possible like with any tunneling mechanism.  ITRs MUST verify the
>    source address of a packet to be an EID that belongs to the site's
>    EID-prefix range prior to encapsulation.  An ETR must only
>    decapsulate and forward datagrams with an inner header destination
>    that matches one of its EID-prefix ranges.  If, upon receipt and
>    decapsulation, the destination EID of a datagram does not match one
>    of the ETR's configured EID-prefixes, the ETR MUST drop the
>    datragram.  If a LISP encapsulated packet arrives at an ETR, it MAY
>    compare the inner header source EID address and the outer header
>    source RLOC address with the mapping that exists in the mapping
>    database.  Then when spoofing attacks occur, the outer header source
>    RLOC address can be used to trace back the attack to the source site,
>    using existing operational tools.

First, I think Step 8 should be slightly edited to cover the fact that some additional checks are being made. E.g., "The ETR receives these packets directly (since ...), checks the validity of the addresses used in the packet, strips the LISP header and ..."

Second, I wish you would have specified the source address checks better. Are there situations where you would NOT want to make a pretty strict test, i.e., that source EID maps to  source RLOC?

> The next sub-sections illustrate packet formats for the
>    homogenous case (IPv4-in-IPv4 and IPv6-in-IPv6) but all 4
>    combinations SHOULD be supported.

For interoperability, wouldn't it be cleaner to have a MUST here? How would I otherwise know if I can send an IPv4-in-IPv6 packet to a destination?

Editorial:

> Since additional tunnel headers are prepended, the packet becomes
> larger and can exceed the MTU of any link traversed from the ITR to
> the ETR.  It is recommended in IPv4 that packets do not get
> fragmented as they are encapsulated by the ITR.  Instead, the packet
> is dropped and an ICMP Too Big message is returned to the source.

This feels odd, as there is no explanation in this point about what you do with IPv6. Maybe a sentence on IPv6 should be added?

I'm sure the details on IPv6 follow later in the document, but I suspect that other readers would be wondering here in the same way as I am.

I'm reading on...
2011-09-30
22 Jari Arkko State changed to AD Evaluation::Revised ID Needed from AD Evaluation.
2011-09-30
22 Jari Arkko
I am reviewing this draft. Here's the first part of my review. So far I like what I've seen, but there are a few small …
I am reviewing this draft. Here's the first part of my review. So far I like what I've seen, but there are a few small observations below. I'm at the beginning of Section 4, and will continue tomorrow with the rest.

Technical:

> 2.  Introduction

I liked how this section was written. I would like to add a little bit of information, however. The section already talks about experimentation around the mapping system, but like with the other documents it would be useful to explicitly point out the areas where some further testing is needed. I presume it is more than just the mapping system.

> Note
> that there may be transient conditions when the EID-prefix for the
> site and locator-set for each EID-prefix may not be the same on
> all ETRs.  This has no negative implications.

It is of course fine to have transient conditions like this. But I'm trying hard to convince myself that this would never have negative implications. Why would this be the case? What if we for some reason needed to quickly add or remove an EID prefix? Wouldn't there be a short negative implication if a particular ETR did not yet add a new prefix, for instance?

I guess I'm wondering why you are making such an absolute statement about the lack of implications. Maybe saying nothing or saying "This has usually no negative implications" would be better.

Editorial:

> This document describes the protocol that implements these functions.
> The database which stores the mappings between EIDs and RLOCs is
> explicitly a separate "module" to facilitate experimentation with a
> variety of approaches.  One database design that is being developed
> and prototyped as part of the LISP working group work is [ALT].
> Others that have been described but not implemented include [CONS],
> [EMACS], [RPMD], [NERD].  Finally, [LISP-MS], documents a general-
> purpose service interface for accessing a mapping database; this
> interface is intended to make the mapping database modular so that
> different approaches can be tried without the need to modify
> installed xTRs.

I think the introduction would be a good place to add some pointers to not just ALT/MS and their competing alternatives but also to -interworking and perhaps also -map-versioning and -multicast.

> LISP can be incrementally deployed, without a "flag
> day", and offers traffic engineering, multi-homing, and mobility
> benefits even to early adopters, when there are relatively few LISP-
> capable sites.

s/when/even when/ (sounds better to me, but I'm not a native speaker)

I think the mobility benefits could be left to another document, since there is nothing about this in the current set of documents. I think your message about the benefits will be stronger if you just say "traffic engineeering and multi-homing benefits".

>  == Outdated reference: A later version (-05) exists of
>      draft-ietf-karp-design-guide-02
>
>  ** Obsolete normative reference: RFC 3775 (Obsoleted by RFC 6275)
>
>  == Outdated reference: A later version (-09) exists of
>      draft-ietf-lisp-alt-07
>
>  == Outdated reference: A later version (-06) exists of
>      draft-ietf-lisp-lig-02
>
>  == Outdated reference: A later version (-11) exists of draft-ietf-lisp-ms-09
>
>  == Outdated reference: A later version (-08) exists of
>      draft-ietf-lisp-multicast-06
>
>  -- Unexpected draft version: The latest known version of
>      draft-iannone-openlisp-implementation is -01, but you're referring to -02.
>
>  -- No information found for draft-handley-p2ppush-unpublished-2007726 - is
>      the name correct?
>
>  == Outdated reference: A later version (-04) exists of
>      draft-ietf-lisp-map-versioning-01

These could perhaps be fixed.

>  == There are 8 instances of lines with non-RFC2606-compliant FQDNs in the
>      document.
>    o  Source host "host1.example.abc.com" is sending a packet to
>      "host2.example.xyz.com", exactly what host1 would do if the site
>      was not using LISP.

These need to change. We should not use non-RFC2606 FQDNs. For instance, abc.com in particular is someone else's domain. Use host1.abc.example.com or example.com vs. example.net.

>      Reachability Algoriths described in Section 6.3.

typo

>    homogenous case (IPv4-in-IPv4 and IPv6-in-IPv6) but all 4

homogeneous
2011-09-07
22 Jari Arkko State changed to AD Evaluation from Publication Requested.
2011-07-28
22 Cindy Morgan
(1.a) Joel Halpern is the Shepherd and has reviewed this version
and believes it is ready to be forwarded to the IESG.

(1.b) The document …
(1.a) Joel Halpern is the Shepherd and has reviewed this version
and believes it is ready to be forwarded to the IESG.

(1.b) The document has had adequate review. The shepherd has no concerns
regarding the reviews which have been performed.

(1.c) The document shepherd does not have concerns that the document
requires a broader review.

(1.d) No IPR disclosures have been raised. Several issues may be raised
at IETF last call (again) relating to attack surfaces of various
parts of LISP. Questions about the readability of the document
may be raised. Many reviewers concerns seemed more appropriate
for a document intended for PS publication whereas we are
looking for experimental publication.

(1.e) The WG consensus reflects active agreement among about about 10
participants, with the bulk of the WG being silent, and a few vocal
objectors.

(1.f) No threats of appeal or discontent on this document have
manifested.

(1.g) IDNITs responds with:

== There are 8 instances of lines with non-RFC2606-compliant FQDNs in the
document.

== There are 10 instances of lines with private range IPv4 addresses in
the document. If these are generic example addresses, they should be
changed to use any of the ranges defined in RFC 5735 (or successor):
192.0.2.x, 198.51.100.x or 203.0.113.x.


The authors responded with the need to call on a broader and deeper
set of example prefixes to add meaning to the document. Documentation
prefixes alone could not provide this so RFC1918 based addresses were used.


(1.h) References have been split. No downward normative references exist.
One WIP draft exists as a normative reference, however it has
already been submitted to the IESG (draft-ietf-sidr-arch)

(1.i) The document makes requests of the IANA, The IANA considerations
are consistent and well formed.

(1.j) Formal language has been verified.

(1.k)
Technical Summary

This draft describes a network-based protocol that enables separation
of IP addresses into two new numbering spaces: Endpoint Identifiers
(EIDs) and Routing Locators (RLOCs). No changes are required to
either host protocol stacks or to the "core" of the Internet
infrastructure. LISP can be incrementally deployed, without a "flag
day", and offers traffic engineering, multi-homing, and mobility
benefits even to early adopters, when there are relatively few LISP-
capable sites.

Working Group Summary

Many of the comments received during last call were complex and
difficult for the working group to understand. The working group last
call was held open for an extended time to ensure sufficient
discussion and sufficient effort to address those objections.

Document Quality

There are several implementations of LISP in existence.
Alia Atlas has done significant review and deserves
special mention.
2011-07-28
22 Cindy Morgan Draft added in state Publication Requested
2011-07-28
22 Cindy Morgan [Note]: 'Joel Halpern (jmh@joelhalpern.com) is the document shepherd.' added
2011-07-09
15 (System) New version available: draft-ietf-lisp-15.txt
2011-06-29
14 (System) New version available: draft-ietf-lisp-14.txt
2011-06-21
13 (System) New version available: draft-ietf-lisp-13.txt
2011-04-26
12 (System) New version available: draft-ietf-lisp-12.txt
2011-03-29
11 (System) New version available: draft-ietf-lisp-11.txt
2011-03-04
10 (System) New version available: draft-ietf-lisp-10.txt
2010-10-11
09 (System) New version available: draft-ietf-lisp-09.txt
2010-08-13
08 (System) New version available: draft-ietf-lisp-08.txt
2010-04-26
07 (System) New version available: draft-ietf-lisp-07.txt
2010-01-25
06 (System) New version available: draft-ietf-lisp-06.txt
2009-09-30
05 (System) New version available: draft-ietf-lisp-05.txt
2009-09-16
04 (System) New version available: draft-ietf-lisp-04.txt
2009-07-27
03 (System) New version available: draft-ietf-lisp-03.txt
2009-07-10
02 (System) New version available: draft-ietf-lisp-02.txt
2009-05-29
01 (System) New version available: draft-ietf-lisp-01.txt
2009-05-26
00 (System) New version available: draft-ietf-lisp-00.txt