Ballot for draft-ietf-mpls-rfc6374-udp-return-path
Discuss
Yes
No Objection
Note: This ballot was opened for revision 04 and is now closed.
I am in favour of publishing this document, but I have two major points that are not addressed in the document by now: 1) It is not clear for anybody what the expected size and sending frequency of such MPLS-PLDM over IP/UDP responses are. This will influence any measures an operator has to take in order to assure that there is no congestion caused by these messages. I can understand that this cannot be foreseen, but a few words considering this fact are excellent to have in the document. 2) This leads to my second point: the lack of any reference to RFC 5405 "Unicast UDP Usage Guidelines for Application Designers" and the content out of this RFC that is applicable for this draft. There is no discussion about this at all. Please note well that this is BCP 145. With regard to point 2): I can try to find some help from the transport area, in case you need help.
The introduction uses a MUST for the receiver to use the URO, but the later text uses SHOULD. Could you please clarify and make them the same?
The text related to when the URO is used of not clear, and I think it could even result in technical incompatibility. I don't think that this main concern raises to the level of a DISCUSS since it should be resolved easily (but it might be close). In short, it is not completely clear when the URO should be considered in light of the rules in RFC6374; it is not completely clear if the rules in RFC6374 always take precedence. Here are the specifics of my concern: Section 4.2. (Receiving an MPLS PM Query Request) says that "in addition" to the processing in RFC6374, "with a URO present, then the responder SHOULD use that IP address and UDP port to send MPLS-PLDM response back to querier." RFC6374 says that the "Source Address of a query message SHOULD be used as the destination for an out-of-band response unless some other out-of-band response mechanism has been configured, and unless a Return Address object is present, in which case the Return Address specifies the target of the response." Several questions/observations: * What does the phrase "in addition" mean in 4.2? I'm interpreting it as adding rules to what RFC6374 says. IOW, this document seems to be updating what RFC6374 says (or at least adding extra rules if the URO is present). Is that the intent? * As far as I can tell, there is no restriction for having both a Return Address object and the URO in the same query, right? If so, and if the intent is *not* to update RFC6374, then it seems (from the text in RFC6374) that the URO would never be used (if a Return Address object is also present). * Nitpicking a little at the meaning/interpretation of "configuration". RFC6374 mentions (from above) "some other out-of-band response mechanism has been configured", but as you imply in (i.e as I interpret) Section 5. (Manageability Considerations) the mechanism in this document is signaling, not configuration: "Nothing in this document precludes the use of a configured UDP/IP return path in a deployment in which configuration is preferred to signalling." Yes, you could configure the system to prefer the URO signaling.. * The point with all this is that it is not clear what exactly is meant, and that the current text can result in more than one (defensible) interpretation. * Small nit from the text quoted above in section 4.2: the response may in fact not go back to the querier. I have a couple of other minor comments: 1. Section 3. (Solution Overview) says (in the first sentence) that if the URO "is present in a MPLS-PLDM Query, the responder MUST use the IP address and UDP port in the URO to reply back to the querier". Clearly related to the comments above, but also an incomplete statement: as explained in 4 and 4.1, the Control Code should also be set to "Out-of-band Response Requested". Comments/questions: * [Nit] I don't think there's anything explicitly wrong with that first sentence, but it just doesn't sound right because of the conditional MUST ("unless configured otherwise"). You might want to consider something like this instead: "This document specifies that if the Control Code of the MPLS-PLDM query is set to "Out-of-band Response Requested", and a UDP Return Object (URO) is present in a MPLS-PLDM Query, the responder SHOULD use the IP address and UDP port in the URO to reply back to the querier." * What happens the URO is received in a query that doesn't have the correct Control Code? 2. Section 3.1. (UDP Return Object) * What happens if the URO contains an address not supported by the receiver? * "The URO MUST NOT appear in a response." What should the receiver do if it does? Should it ignore the URO or the whole datagram? 3. s/MPLS-PM (and MPLS PM)/MPLS-PLDM
-- Section 3 -- Multiple UROs MAY be present in a MPLS-PLDM Query indicating that an identical responses SHOULD be sent to each address-port pair. A small point: I think this is not meant to be instructions to the entity issuing the query, but to the entity responding. Is that correct? If so, the "MAY" is a statement of fact, not a normative requirement, so it should be "may" (or "might"). Also, the word "an" should be removed. -- Sections 4.x -- Should the subsection titles of 4.1, 4.2, 4.3, and 4.4 say "MPLS-PLDM" instead of "MPLS-PM"?
And we're now redoing the OWAMP/TWAMP protocols ... This is kind of sad that there is no alignment. At the very minimum, in the terminology and concepts. From RFC 5357 +----------------+ +-------------------+ | Session-Sender |<-TWAMP-Test-->| Session-Reflector | +----------------+ +-------------------+ ^ ^ | | | | | | | +----------------+<----------------+ | | Server | | +----------------+ | ^ | | | TWAMP-Control | | v v +----------------+ | Control-Client | +----------------+ Something I already mentioned to the RFC 6374 authors in the past when doing my OPS-DIR review. Sigh... Anyway, please engage in the discussion regarding Eric Vyncke's OPS DIR review: This short I-D is quite clear and easy to understand, security & manageability sections are correct. I found nothing in this framework document which could cause operational issues EXCEPT: as I am unsure of the usual PLDM procedures, what is the expected behavior when a PLDM message (incl a URO) is received by a PLDM node which does not support this object type? If it is well defined in PLDM, then there is no problem of course. Can a reply be fragmented? Should the reply contains the DF bit for IPv4? Probably worth mentioning what to do over fragmentation. What is the expected behavior when the URO contains an IPv6 address and the PLDM responder only has IPv4 address(es)? Small nits: in introduction, I guess you meant "internally be forwarded" rather than "internally forwarded" Section 4.3, when selecting the source address, you may want to refer to RFC 6724
Eric Vynke performed the opsdir review
I agree with Stephen's comments and would like to see additional follow up from the SecDir review.
Thanks for addressing Martin's Discuss in the new section 5 of -05. This version is now ready!
I would be fine keeping the to-be-deleted text explaining alternatives that were not selected, especially if it was moved to an appendix. If anyone ever wonders about the alternatives, that would mean they didn't have to dig through e-mail archives to see what was considered and why the alternatives were rejected. I'm not understanding why When the MPLS-PLDM Response is requested out-of-band by setting the Control Code of the MPLS-PLDM query to "Out-of-band Response Requested", and the URO is present, the responder SHOULD send the response back to querier on the specified destination UDP port at the specified destination IP address contained in the URO. is a SHOULD. Could you help me with that?
There were changes that seem to have been agreed as as result of the secdir review. [1] Some of those could I think nearly but not quite be discuss level, but as they aren't and the discussion seems to have started, I'll ballot no-objection but I do hope that the promised changes get made, and I'd recommend cycling back to the secdir reviewer (Sandy Murphy) as it wasn't clear to me that the discussion reached closure just before the holidays. [1] https://www.ietf.org/mail-archive/web/secdir/current/msg06296.html - Could this be used as a way to nicely disguise a DoS? I'm not sure if that's new to this or not though. - Thanks for the applicability statement in the security considerations. Makes me wonder about MPLS/UDP but sure. - Saving a single bit to distinguish address families via length seems unwise here, as everywhere.