MPLS Network Actions for Network Resource Partition Selector
draft-ietf-mpls-mna-nrp-selector-06
Discuss
Yes
Jim Guichard
No Objection
Andy Newton
Summary: Has 3 DISCUSSes. Has enough positions to pass once DISCUSS positions are resolved.
Éric Vyncke
Discuss
Discuss
(2026-04-28 for -04)
Sent
# Éric Vyncke INT AD comments for draft-ietf-mpls-mna-nrp-selector-04 CC @evyncke Thank you for the work put into this document. Please find below some blocking DISCUSS points, some non-blocking COMMENT points/nits (replies would be appreciated even if only for my own education). Special thanks to Adrian Farrel for the shepherd's *detailed* write-up including the WG *rough* consensus *and* the justification of the intended status. Other thanks to Jen Linkova, the Internet directorate reviewer (at my request), please consider this int-dir review: https://datatracker.ietf.org/doc/review-ietf-mpls-mna-nrp-selector-04-intdir-telechat-linkova-2026-04-24/ (and I have yet to read a reply by the authors) I hope that this review helps to improve the document, Regards, -éric Note: this ballot comments follow the Markdown syntax of https://github.com/mnot/ietf-comments/tree/main, i.e., they can be processed by a tool to create github issues. ## DISCUSS (blocking) As noted in https://datatracker.ietf.org/doc/statement-iesg-handling-ballot-positions-20220121/, a DISCUSS ballot is a request to have a discussion on the points below; I really think that the document would be improved with a change here, but can be convinced otherwise. ### Sections 2.1, 2.2, 2.3 I agree with Jen INT-directorate review and raises to a DISCUSS as it is unclear (hence non implementable). The text and the graphics appear to be disjunct and unrelated. Not all header fields are explained (either in this document or by adding a reference to another document). I note that Mahesh's ballot raised similar concerns. ### Section 2.5 A MUST followed by later opposing MAY is a SHOULD with guidance. ``` An NRP-capable node MUST drop a packet by default if the encoded NRPS cannot be mapped to a known NRP. This requirement MAY be overridden by an operator-specified policy, the specification of which is outside the scope of this document. ``` ### Deployment (Section 3) Please be clear whether all devices must have this feature enabled (e.g., if not the case, then traffic is still flowing but without isolation/QoS/...). ### Section 5 Please add some privacy considerations as the NRP itself may leak some information about the packet content (even if transport/application crypto is used). It is also unclear whether the NRP values are opaque. I will let the SEC ADs to comment further, but I find the security considerations section rather light.
Comment
(2026-04-28 for -04)
Sent
## COMMENTS (non-blocking) ### Link with TEAS RFC 9543 ? While this document has an informative reference to RFC 9543 for some definitions, it does not explain the relationship (noting that RFC 9543 was published in 2024). I would have expected some use cases when this I-D could be used within RFC 9543 framework. ### Abstract The first paragraph is really hard to parse and understand (actually I tried to read it twice before abandoning). Suggest keeping only the 1st and last sentence of the first paragraph. ### Section 1 As it is a proposed standard, please be more assertive (rather than using `discusses` or `proposed`) in ``` This document discusses a few options for using MPLS network actions to carry the NRP Selector. The proposed encodings are compliant with the MNA header encoding formats defined in [I-D.ietf-mpls-mna-hdr]. ``` ### Section 2 Please expand "LSE" at first use. ### Section 2.4 Why not "MAY" in `Multiple NRPS Actions may be encoded in a single packet` to be consistent with the rest of the paragraph ? ### Section 4 Suggest using informative references to the various IANA registries. Also, be clear in all sub-sections which is the value for the "description" field in the registry. ## NITS (non-blocking / cosmetic) ### Use of SVG graphics To make a much nicer HTML rendering, suggest using the aasvg tool to generate SVG graphics. It is worth a try especially if the I-D uses the Kramdown file format ;-)
Ketan Talaulikar
Discuss
Discuss
(2026-05-04 for -05)
Sent for earlier
Thanks to the authors and the WG for their work on this document. I have a few points that I would like to discuss. #Updated for v05 with removal of points that have been addressed (see email thread for discussion details) - the original numbering has been retained. <discuss-2> The actions in this document as specified to be "valid for all scopes". Based on my understanding of NRP, I would have expected it to be HBH scope per https://www.ietf.org/archive/id/draft-ietf-mpls-mna-hdr-21.html#section-5.3 ... Note: one of the scopes is "reserved for future" and hence unspecified, so it makes be wonder how the NRPS action can be known to be valid in that scope too. If the action is indeed valid for other than HBH scope, then can you please explain or provide pointers where this is covered? <discuss-3> The document specifies the 3 NRPS opcodes for the MNA sub-stack. It does not cover other aspects such as processing of the MNA Sub-Stack with NRPS (encapsulation, handling with push/pop along transit, PHP, egress) or the signalling of the capability in control plane. Are those aspects expected to be covered in some other document? If so, would it be possible for someone to implement this solution without those aspects being specified?
Comment
(2026-04-27 for -05)
Sent for earlier
I also have just one comment to share regarding recommendations: 262 The choice of which Action to use when the NRP Selector could fit in 263 multiple Actions, is open, but it is RECOMMENDED to use NRPS13 where 264 possible unless Entropy is also to be carried and it is possible to 265 use ENSRP20. I believe NRPS13 is recommended because it has the best encoding efficiency and 13-bits are expected to be sufficient for majority of deployments. Also, ENRPS20 (there is a typo on line 265) gives 8-bit NRPS so it can be used only if that size is suitable AND EL is also needed. Since this document introduces 3 ways of encoding, it would be beneficial if it were to provide some more detailed explanatory text for the benefits of each and then provide the recommendations on that basis. This would help implementers and operators get some convergence on the minimum desired support given that the WG could not reach a consensus on determining one or all to be mandatory to support.
Mahesh Jethanandani
Discuss
Discuss
(2026-04-26 for -04)
Sent
The shepherd's write-up (thanks, Adrian) is candid that WG consensus was only rough, that no implementations have been reported, and that five interconnected technical issues generated reservations from participants. I have several DISCUSS items, primarily around diagram ambiguities that may reflect genuine technical issues. Most of them are easy to address, except maybe the last one. Section 2.1, paragraph 5 > * In-Stack Data: The NRPS13 Action carries 13 bits of ancillary > data. The NRPS is encoded in the 13 bits. The packet carrying > the NRPS13 action should be given the forwarding treatment > specified by the associated NRP policy. This lowercase "should" is ambiguous. If it is intended as normative (i.e., SHOULD per BCP 14), it must be capitalized. If it is descriptive prose, the statement is unclear — what does an implementation do when it cannot apply the NRP-policy-specified forwarding treatment? The INTDIR reviewer flagged this as well. Please either capitalize and justify the requirement level, or rewrite as plain English with explicit normative behavior specified separately. This applies to Section 2.2, and 2.3 also. Section 2.2, paragraph 1 > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | Opcode=TBA2 | NRPS |S| NRPS |U| NAL | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The label "NRPS" appears twice — separated by the S bit. The text says "The NRPS is encoded in the 20 bits" suggesting a single 20-bit field, yet the diagram shows it split around the S bit position. Can this be explained? Section 2.3, paragraph 1 > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | Opcode=TBA3 | Entropy | NRPS |S| NRPS |U| NAL | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Similarly, the NRPS field again appears split, and the text says, "The least significant 8 bits of ancillary data is the NRPS," — but the diagram seems to show an additional NRPS fragment appearing after the S bit. Is the NRPS a contiguous field, or is it split across the S-bit boundary by the LSE format constraint? If it is split, the diagram must label the two parts distinctly (e.g., NRPS[19:8] and NRPS[7:0]) and the text must explain how an implementation assembles them. If it is contiguous and the S bit position allows it, the diagram must be corrected. This was also raised by the INTDIR reviewer (thanks, Jen Linkova). The GENART reviewer (thanks, Vijay Gurbani) similarly flagged bit-field boundary alignment for this section. This needs to be technically resolved, not just editorially corrected. Section 2.4, paragraph 0 > Multiple NRPS Actions may be encoded in a single packet. An > implementation MUST use only the top-most NRPS Action to determine > the packet's forwarding treatment. An implementation that finds a > subsequent opcode of any of the three NRPS Actions in the label stack > MUST ignore it. The specific scenarios where multiple NRPS Actions > are present in the label stack are outside the scope of this > document. This specifies that when multiple NRPS Actions appear in the label stack, the top-most one governs, and further ones MUST be ignored. It then states: "The specific scenarios where multiple NRPS Actions are present in the label stack are outside the scope of this document." This is architecturally incomplete. A reader implementing this specification encounters a hard MUST behavioral requirement (use only the top-most; ignore others) for scenarios that are not defined anywhere accessible. The question is - does a document exist today or in progress that defines these scenarios? If so, it should be cited. If not, the WG should document at a minimum the motivating use cases to prevent incompatible implementations from arising independently.
Comment
(2026-04-26 for -04)
Sent
Section 2.5, paragraph 0 > An NRP-capable node MUST drop a packet by default if the encoded NRPS > cannot be mapped to a known NRP. This requirement MAY be overridden > by an operator-specified policy, the specification of which is > outside the scope of this document. This section is operationally important, and this document could do with an Operational Considerations section. For example, - Should the node generate any diagnostic signal (Syslog entry, ICMP unreachable, YANG notification)? Silence on this point will result in a black hole behavior that is hard to diagnose. - What makes a node "NRP-capable"? If a node only understands some NRPS Actions (e.g., it knows NRPS13 but not NRPS20), is it NRP-capable for the purposes of this section? - The MAY override by operator-specified policy is permitted, but there is no guidance on what safe alternative behaviors exist (e.g., forwarding without NRP policy, logging and forwarding, etc.). Without this, operators will implement inconsistently. Section 3, paragraph 1 > The choice of which Action to use when the NRP Selector could fit in > multiple Actions, is open, but it is RECOMMENDED to use NRPS13 where > possible unless Entropy is also to be carried and it is possible to > use ENSRP20. What are the migration considerations when an NRP deployment grows beyond 13-bit capacity? Similarly, is mixing NRPS13 and NRPS20 in the same network supportable? Section 5, paragraph 1 > The forwarding plane is insecure. If an adversary can affect the > forwarding plane, then they can inject data, remove data, corrupt > data, or modify data. MNA additionally allows an adversary to make > packets perform arbitrary network actions. > > Link-level security mechanisms can help mitigate some on-link > attacks, but does nothing to preclude hostile nodes. This section is thin and insufficient for the threat model out there. Missing from the Security Considerations: - NRP Selector injection/spoofing: An attacker who can inject or modify packets could forge NRPS values to redirect traffic to a different NRP, potentially obtaining unauthorized resource allocations or causing QoS policy violations. This is a concrete threat for the MPLS forwarding plane. - Escalation through NRP misuse: If an attacker can map a packet to a high-priority NRP they are not entitled to, what is the blast radius? The security model of NRP Policies (mentioned in Section 1) is relevant here. - Relationship to mna-hdr security considerations: Since this document builds on [I-D.ietf-mpls-mna-hdr], it should explicitly reference and supplement the security considerations of that document rather than treating security in isolation. - Trust model: There is no discussion of trust boundaries. The document defines what NRP-capable nodes MUST do with unknown NRPS values (drop), but does not discuss how a node determines whether an NRPS value comes from a trusted source. The SECDIR reviewer (thanks, Shawn Emery) noted these gaps and the general thinness of the Security Considerations. I will let the AD decide how he wants the authors to address these details.
Jim Guichard
Yes
Andy Newton
No Objection
Charles Eckel
No Objection
Comment
(2026-04-28 for -04)
Not sent
I support the DISCUSS positions of the other ADs, but do not have anything more to add.
Christopher Inacio
No Objection
Comment
(2026-04-25 for -04)
Sent
Thanks to Shawn E. and Vijay G. for their SECDIR and GENART reviews. I also appreciated the shepherds write up for this document, so thanks to Adrian F. for that. Being a security AD I feel it necessary to comment on the security considerations: I appreciate the blunt honesty in the security considerations in that this switch construct is inherently insecure, with some minimal mitigations. At the same time, I bemoan the state of this security. I have no particular advice to change this state of affairs beyond something drastic like adding security into the label stack processing with known security approaches.
Deb Cooley
No Objection
Comment
(2026-04-26 for -04)
Sent
Thanks to Shawn Emery for their secdir review. I tend to agree with his comments. I support Med's discuss as it pertains to Normative References. Section 2.3: Is the Entropy value transmitted? If it is, then that needs to be addressed in Section 5. (I notice that RFC 6790 says that it is not signaled) Section 5: Using RFC 9789, possibly referencing its Security Consideration section, would give some potential mitigations which could be used.
Gorry Fairhurst
No Objection
Comment
(2026-04-20 for -04)
Sent
Thanks for providing this document. I do not see any transport-protocol related concerns, however I do have comments that I think ought to be addressed. I did consider balloting "DISCUSS" on the basis that the protocol did specify how to handle receiver processing of the R and the NAL fields (see (4) and (6) below), but I decided instead to ballot "No Objection, on the basis that this looked like an omission, rather than a problem. None-the-less, I would appreciate a response to this set of comments to confirm this suspicion and explain how a receiver is expected to process these two fields. Please find non-blocking comments below: (1) I share the OPS-Dir IETF Last Call Review comment on specifying the options, rather than discussing these, please consider addressing this, e.g.: /This document discusses a few options for..../ /The proposed encodings are compliant/ In Sections 2.1 and 2.2: (2) Please consider adding a one-line caption to each figure. (3) I was a little by the field /NRPS/ in both figures without an explanation, please explain or perhaps consider whether the figures read better with the field set to /NRPS13/ and /NRPS20/ respectively? (4) I could not find a description of the receiver processing for the NAL field. I expected to see words explaining how a receiver must handle a non-zero value in this field. Normally I'd expect the protocol to say: "This field MUST be set to zero on transmission and ignored upon receipt.", but another action could be defined, but needs to be specified here. (5) The fields:|R|IHS|S| are not explained. It would at least be helpful to directly refer to a reference that defines these fields. e.g. S:The Bottom of Stack [RFC3032], etc. Please define for the figure at least: NAL = Network Action Length, NASL = Network Action Sub-Stack, IHS = I2E, HBH, or Select Scope, all of which I understand are defined in [draft-ietf-mpls-mna-hdr]. (6) If I understand, R = Reserved. If so, please specify the value when sending, and the action required when a value for R is receive, e.g."This bit MUST be set to zero on transmission and ignored upon receipt." In Section 2.13: (7) It was not clear to me what was intended by the two fields both labelled /NRPS/. (8) Please add a one-line caption to this figure. (9) Please expand NMA on first use - is this MPLS Network Actions (MNA)? Thanks again, Gorry Fairhurst (WIT AD)
Gunter Van de Velde
No Objection
Comment
(2026-04-21 for -04)
Not sent
Thanks for writing this document. I found it well written, a nice read, and found that it explains well the intent and definitions used in a concise way.
Mike Bishop
No Objection
Comment
(2026-04-28 for -04)
Not sent
I support the DISCUSS positions of the other ADs, particularly as regards normative references.
Mohamed Boucadair
(was Discuss)
No Objection
Comment
(2026-05-04 for -05)
Sent
Hi Tony, Pavan, John, Tarek, and Israel, Thank you for the changes made in -05 [1]; these address all DISCUSS points and many of comments in my previous ballot [2]. I appreciate that the following comments are better addressed in draft-ietf-teas-ns-ip-mpls as draft-ietf-mpls-mna-nrp-selector now depends normatively on draft-ietf-teas-ns-ip-mpls. These considerations can be inherited ** if discussed there **. I think having a sentence early in draft-ietf-mpls-mna-nrp-selector would be useful to set the expectation vs. draft-ietf-teas-ns-ip-mpls. ** Items that would be resolved in draft-ietf-teas-ns-ip-mpls ** # Missing behavior Do we allow NRPS remarking/rewriting to take place once progressing in a forwarding path? # Single vs. Multiple NRPs CURRENT: The NRP Selector is used to map the packet to the associated NRP and provides the corresponding forwarding treatment to the packet. May be remind that * Slicing does not require several NRPs * The mechanism is applicable only when there are multiple NRPs. ## More operational considerations For example, we do say: CURRENT: An NRP-capable node MUST drop a packet by default if the encoded NRPS cannot be mapped to a known NRP. ### Such events need to be logged/alarm generated (syslog, for example) as this is a symptom that some classification were broken or that local configuration is not updated. Of course, such events should be rate-limited. ### Idem, counters of discarded packets should be maintained. ### There is a need to trace and isolate nodes in the network vs support of a given NRPS. ### We need a discussion about scalability. The use of slide-flow aggregates is a means to optimize state. Cheers, Med [1] https://author-tools.ietf.org/iddiff?url1=draft-ietf-mpls-mna-nrp-selector-04&url2=draft-ietf-mpls-mna-nrp-selector-05&difftype=--html [2] https://mailarchive.ietf.org/arch/msg/mpls/JA4Qi9yXLz7MaTWYf7AAUAlbErQ/
Roman Danyliw
No Objection
Comment
(2026-04-29 for -04)
Not sent
Thank you to Vijay Gurbani for the GENART review. I support the DISCUSS positions of Éric Vyncke, Ketan Talaulikar, Mahesh Jethanandani and Mohamed Boucadair.
Tommy Jensen
No Objection
Comment
(2026-04-29 for -04)
Sent
I support the existing DISCUSS positions and will not re-iterate any points there. One minor point: Section 2.3 says: > Entropy Label [RFC6790]. While the RFC 6790 Entropy Label has > some restrictions to avoid collisions with the reserved label > space (0-15) [RFC3032], those restrictions are not necessary for > the Entropy Value and do not apply. The packet carrying the Why do these restrictions not apply? It isn't obvious (at least to me) and probably warrants either an in-line answer or a reference to another section of the document.