Operations, Administration, and Maintenance Framework for MPLS-Based Transport Networks
draft-ietf-mpls-tp-oam-framework-11

[Ballot discuss]
I am concerned about this text:

Protection Switching: default transmission period is 3.33ms (i.e. transmission rate of 300 packets/second).

Firstly the the requirement in RFC5654 only specifies the total time to detect and to act as 50ms and how the system partitions this time should be a local matter.

Secondly there are some applications of MPLS-TP that may not need this high peed detection, and it is unreasonable to burden them with the need to implement this high speed detection mechanism.

[Ballot comment]
The Gen-ART Review by David Black lead to some document updates.
  However, one comment was not addressed.  Please consider updates
  to the security considerations section.  David said:
  >
  > [D] The security considerations section should include specific
  > mention of injection of LKI request OAM packets as a vector for a
  > denial-of-service attack (this is an obvious way for a man-in-the-
  > middle to quickly cause serious havoc).  That would be a good
  > specific example to add to the end of the current security
  > considerations paragraph that requires the network to be
  > physically secure against man-in-the-middle attacks.
  >
  While the security considerations section does cover the
  countermeasures necessary to prevent this attack, it seems like
  a good idea to document something that can go badly wrong when
  implementers do not pay attention.

[Ballot comment]
The Gen-ART Review by David Black lead to some document updates.
  However, one comment was not addressed.  Please consider updates
  to the security considerations section.  David said:
  >
  > [D] The security considerations section should include specific
  > mention of injection of LKI request OAM packets as a vector for a
  > denial-of-service attack (this is an obvious way for a man-in-the-
  > middle to quickly cause serious havoc).  That would be a good
  > specific example to add to the end of the current security
  > considerations paragraph that requires the network to be
  > physically secure against man-in-the-middle attacks.
  >
  While the security considerations section does cover the
  countermeasures necessary to prevent this attack, it seems like
  a good idea to document something that can go badly wrong when
  implementers do not pay attention.

[Ballot comment]
Three Directorate reviews have been addressed, but a few non-blocking comments remain that should be addressed to improve the document before it is published as an RFC:

SecDir - vincent.roca@inrialpes.fr

> However there's a (naive) question which you didn't answer: is it
> realistic to assume the physical network can be secured? Are there
> known weaknesses in the MPLS infrastructure? Nothing is said in
> the I-D.
>
> Another point (from -10). It is said:
>
>        However
>        it should be observed that the combination of the need for
>        timeliness of OAM transaction exchange and all permutations of
>        unique MEP to MEP, MEP to MIP, and intermediate system
>        originated transactions mitigates against the practical
>        establishment and maintenance of a large number of security
>        associations per MEG either in advance or as required.
>
> The reasons mentioned here to justify nothing is done is critical.
> Only two reasons are listed: timeliness and combinatorial motivations.
> In your answer you also mention the high transmission frequency of
> heartbeats. This is not mentioned. Something else?

GenArt - david.black@emc.com

> The authors have addressed most of the items noted in the Gen-ART review
> of the -09 version, but there is one item that could still use some attention. 
> From the original review:
>
> [D] The security considerations section should include specific mention
> of injection of LKI request OAM packets as a vector for a denial-of-service
> attack (this is an obvious way for a man-in-the-middle to quickly cause
> serious havoc).  That would be a good specific example to add to the end
> of the current security considerations paragraph that requires the network
> to be physically secure against man-in-the-middle attacks.
>
> This has not been done.  While the security considerations section does
> cover the countermeasures necessary to prevent this attack, I prefer security
> considerations sections that include examples of things that can go badly
> wrong when implementers don't pay attention when the examples are simple.
> That preference is a matter of style/taste that I'll leave to the responsible AD's
> judgment

RtgDir - thomas.morin@orange-ftgroup.com

> I replied to Dave Allan that my current
> feeling, after going through today's revision of the OAM framework
> document, is that the comments I made are only partially addressed.

The MPLS WG requests that:
  MPLS-TP OAM Framework
  draft-ietf-mpls-tp-oam-framework-09

is published as an informational RFC with IETF consensus.


> (1.a) Who is the Document Shepherd for this document? Has the
>      Document Shepherd personally reviewed this version of the
>      document and, in particular, does he or she believe this
>      version is ready for forwarding to the IESG for publication?

Loa Andersson is the Document Shepherd.
He has reviewed the document and believes it is ready to be
forwarded to the IESG for publication.

> (1.b) Has the document had adequate review both from key WG members
>      and from key non-WG members? Does the Document Shepherd have
>      any concerns about the depth or breadth of the reviews that
>      have been performed?

The document has been reviewed in
- mpls, ccamp and pwe3 working groups
- the ITU-T MPLS-TP Ad Hoc Team
- the ITU-T SG15, Q9, Q10, Q12 and Q14.

We have requested publication of this document once before, but since
there were a large number of comments during the IETF last call we have
updated the document and last called another time in the mpls working.

The shephered is convinced that this is sufficient review for this
framework document.


> (1.c) Does the Document Shepherd have concerns that the document
>      needs more review from a particular or broader perspective,
>      e.g., security, operational complexity, someone familiar with
>      AAA, internationalization or XML?

No.

> (1.d) Does the Document Shepherd have any specific concerns or
>      issues with this document that the Responsible Area Director
>      and/or the IESG should be aware of? For example, perhaps he
>      or she is uncomfortable with certain parts of the document, or
>      has concerns whether there really is a need for it. In any
>      event, if the WG has discussed those issues and has indicated
>      that it still wishes to advance the document, detail those
>      concerns here. Has an IPR disclosure related to this document
>      been filed? If so, please include a reference to the
>      disclosure and summarize the WG discussion and conclusion on
>      this issue.

No such concerns. There is one IPR claim for this draft. This has been
pointed out to the working group, but no concerns has been raised.



> (1.e) How solid is the WG consensus behind this document? Does it
>      represent the strong concurrence of a few individuals, with
>      others being silent, or does the WG as a whole understand and
>      agree with it?

The mpls-tp project is a joint project between IETF and ITU-T, this document
has been in focus when we sorted out differences between IETF and ITU-T
perspectives on Operations Administration and Maintenance. The shepherd
is not aware of any unresolved issues.



> (1.f) Has anyone threatened an appeal or otherwise indicated extreme
>      discontent? If so, please summarise the areas of conflict in
>      separate email messages to the Responsible Area Director. (It
>      should be in a separate email because this questionnaire is
>      entered into the ID Tracker.)

No threats or extreme discontent.

There is however one un-resolved comment that the editors and document
shepherd are convinced is a terminology issue. It has been pointed to the
comment holder that if he is not comfortable with the current resolution
it is possible to bring this to the attention of the IESG during the
IETF last call.

> (1.g) Has the Document Shepherd personally verified that the
>      document satisfies all ID nits? (See the Internet-Drafts Checklist
>      and http://tools.ietf.org/tools/idnits/). Boilerplate checks are
>      not enough; this check needs to be thorough. Has the document
>      met all formal review criteria it needs to, such as the MIB
>      Doctor, media type and URI type reviews?

The document compiles clean.


> (1.h) Has the document split its references into normative and
>      informative? Are there normative references to documents that
>      are not ready for advancement or are otherwise in an unclear
>      state? If such normative references exist, what is the
>      strategy for their completion? Are there normative references
>      that are downward references, as described in [RFC3967]? If
>      so, list these downward references to support the Area
>      Director in the Last Call procedure for them [RFC3967].

References are correctly split.


> (1.i) Has the Document Shepherd verified that the document IANA
>      consideration section exists and is consistent with the body
>      of the document? If the document specifies protocol
>      extensions, are reservations requested in appropriate IANA
>      registries? Are the IANA registries clearly identified? If
>      the document creates a new registry, does it define the
>      proposed initial contents of the registry and an allocation
>      procedure for future registrations? Does it suggest a
>      reasonable name for the new registry? See [RFC5226]. If the
>      document describes an Expert Review process has Shepherd
>      conferred with the Responsible Area Director so that the IESG
>      can appoint the needed Expert during the IESG Evaluation?

There are no IANA actions requested by this document.


> (1.j) Has the Document Shepherd verified that sections of the
>      document that are written in a formal language, such as XML
>      code, BNF rules, MIB definitions, etc., validate correctly in
>      an automated checker?

No such formal language.

> (1.k) The IESG approval announcement includes a Document
>      Announcement Write-Up. Please provide such a Document
>      Announcement Write-Up? Recent examples can be found in the
>      "Action" announcements for approved documents. The approval
>      announcement contains the following sections:

Technical Summary


  This MPLS-TP OAM Framework defines the mechanisms and procedures for
  alarm, fault, performance and protection-switching management for
  an MPLS based packet transport applications.

  Care has been taken to make sure the OAM for MPLS based packet transport
  networks is backwards compatible with existing MPLS OAM tools, New OAM mechanisms
  have only been defined when existing mechanisms are not sufficient to meet
  the MPLS-TP requirements.

  This document includes a comprehensive set of OAM procedures that
  satisfy the requirements mentioned above. The docement defines a
  set of functions that has great affinity with comparable functions
  in existing transport networks, e.g. SONET/SDH and OTN.

  The MPLS-TP OAM framework discusses mechanisms that are applicable
  to LSPs and/or (MS-)PWs. Co-routed and associated bidirectional p2p transport
  paths as well as unidirectional p2p and p2mp transport paths are within
  scope of the document.


Working Group Summary

  Since the document is an output from the MPLS-TP project it is the
  joint output of several IETF working groups and Qustion 9, 10, 12 and
  14 of ITU-T SG15.

Document Quality

The document is well reviewed in all the groups mentioned above.

The MPLS WG requests that:
  MPLS-TP OAM Framework
  draft-ietf-mpls-tp-oam-framework-06

is published as an informational RFC with IETF consensus.


> (1.a) Who is the Document Shepherd for this document? Has the
>      Document Shepherd personally reviewed this version of the
>      document and, in particular, does he or she believe this
>      version is ready for forwarding to the IESG for publication?

Loa Andersson is the Document Shepherd.
He has reviewed the document and believes it is ready to be
forwarded to the IESG for publication.

> (1.b) Has the document had adequate review both from key WG members
>      and from key non-WG members? Does the Document Shepherd have
>      any concerns about the depth or breadth of the reviews that
>      have been performed?

The document has been reviewed in
- mpls, ccamp and pwe3 working groups
- the ITU-T MPLS-TP Ad Hoc Team
- the ITU-T SG15, Q9, Q10, Q12 and Q14.

The shephered is convinced that this is sufficient review for this
framework document.


> (1.c) Does the Document Shepherd have concerns that the document
>      needs more review from a particular or broader perspective,
>      e.g., security, operational complexity, someone familiar with
>      AAA, internationalization or XML?

No.

> (1.d) Does the Document Shepherd have any specific concerns or
>      issues with this document that the Responsible Area Director
>      and/or the IESG should be aware of? For example, perhaps he
>      or she is uncomfortable with certain parts of the document, or
>      has concerns whether there really is a need for it. In any
>      event, if the WG has discussed those issues and has indicated
>      that it still wishes to advance the document, detail those
>      concerns here. Has an IPR disclosure related to this document
>      been filed? If so, please include a reference to the
>      disclosure and summarize the WG discussion and conclusion on
>      this issue.

No such concerns. There is no IPR claim for this draft.



> (1.e) How solid is the WG consensus behind this document? Does it
>      represent the strong concurrence of a few individuals, with
>      others being silent, or does the WG as a whole understand and
>      agree with it?

The mpls-tp project is a joint project between IETF and ITU-T, this document
has been in focus when we sorted out differences between IETF and ITU-T
perspectives on Operations Administration and Maintenance. The shepherd
is not aware of any unresolved issues.



> (1.f) Has anyone threatened an appeal or otherwise indicated extreme
>      discontent? If so, please summarise the areas of conflict in
>      separate email messages to the Responsible Area Director. (It
>      should be in a separate email because this questionnaire is
>      entered into the ID Tracker.)

No threats or extreme discontent.

> (1.g) Has the Document Shepherd personally verified that the
>      document satisfies all ID nits? (See the Internet-Drafts Checklist
>      and http://tools.ietf.org/tools/idnits/). Boilerplate checks are
>      not enough; this check needs to be thorough. Has the document
>      met all formal review criteria it needs to, such as the MIB
>      Doctor, media type and URI type reviews?

We have one warning, the IETF Trust, could be easily fixed in the
.txt version.


> (1.h) Has the document split its references into normative and
>      informative? Are there normative references to documents that
>      are not ready for advancement or are otherwise in an unclear
>      state? If such normative references exist, what is the
>      strategy for their completion? Are there normative references
>      that are downward references, as described in [RFC3967]? If
>      so, list these downward references to support the Area
>      Director in the Last Call procedure for them [RFC3967].

References are correctly split.


> (1.i) Has the Document Shepherd verified that the document IANA
>      consideration section exists and is consistent with the body
>      of the document? If the document specifies protocol
>      extensions, are reservations requested in appropriate IANA
>      registries? Are the IANA registries clearly identified? If
>      the document creates a new registry, does it define the
>      proposed initial contents of the registry and an allocation
>      procedure for future registrations? Does it suggest a
>      reasonable name for the new registry? See [RFC5226]. If the
>      document describes an Expert Review process has Shepherd
>      conferred with the Responsible Area Director so that the IESG
>      can appoint the needed Expert during the IESG Evaluation?

There are no IANA actions requested by this document.


> (1.j) Has the Document Shepherd verified that sections of the
>      document that are written in a formal language, such as XML
>      code, BNF rules, MIB definitions, etc., validate correctly in
>      an automated checker?

No such formal language.

> (1.k) The IESG approval announcement includes a Document
>      Announcement Write-Up. Please provide such a Document
>      Announcement Write-Up? Recent examples can be found in the
>      "Action" announcements for approved documents. The approval
>      announcement contains the following sections:

Technical Summary


  This MPLS-TP OAM Framework defines the mechanisms and procedures for
  alarm, fault, performance and protection-switching management for
  an MPLS based packet transport applications.

  Care has been taken to make sure the OAM for MPLS based packet transport
  networks is backwards compatible with existing MPLS OAM tools, New OAM mechanisms
  have only been defined when existing mechanisms are not sufficient to meet
  the MPLS-TP requirements.

  This document includes a comprehensive set of OAM procedures that
  satisfy the requirements mentioned above. The docement defines a
  set of functions that has great affinity with comparable functions
  in existing transport networks, e.g. SONET/SDH and OTN.

  The MPLS-TP OAM framework discusses mechanisms that are applicable
  to LSPs and/or (MS-)PWs. Co-routed and associated bidirectional p2p transport
  paths as well as unidirectional p2p and p2mp transport paths are within
  scope of the document.


Working Group Summary

  Since the document is an output from the MPLS-TP project it is the
  joint output of several IETF working groups and Qustion 9, 10, 12 and
  14 of ITU-T SG15.

Document Quality

The document is well reviewed in all the groups mentioned above.