Advertising Node Administrative Tags in OSPF
draft-ietf-ospf-node-admin-tag-09

[Ballot comment]
I am clearing my DISCUSS because we seem to be going around in circles in my exchanges with the authors.

I still have some concerns about the normative language in section 3.2 (some of it has been updated as a result of our discussions) — I think that some of the text is not in line with what seems to be the intent of the extension: "…allows simplification, ease of management and control over…policies. …node-tags can be used to express and apply locally-defined network policies."

Specifically, I have strong concerns about the ability (or not, as defined in the text) to flood the same tag value with different scopes, and about potential instability caused by sources other than topology changes.

To all this, I trust the responsible AD and hope that the WG had the appropriate discussions, so I'm changing my ballot and not standing in the way.

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet
    Standard, Informational, Experimental, or Historic)? Why is this the
    proper type of RFC? Is this type of RFC indicated in the title page
    header?

      A Standards Track RFC is being requested and is indicated in the
      title page header.

(2) The IESG approval announcement includes a Document Announcement
    Write-Up.  Please provide such a Document Announcement Write-Up.
    Recent examples can be found in the "Action" announcements for
    approved documents. The approval announcement contains the following
    sections:

Technical Summary:

      This document specifies extensions to OSPF Router Informational
      (RI) to advertise multiple 32-bit admin tags. These tags can be
      then used for policy decisions in OSPF routers in the OSPF routing
      domain. While the tag applications are enumerated, they are not
      formally specified.

Working Group Summary:

      Initially, there was a concern with the number of tags being
      unbounded and the size of the OSPF RI LSA being finite. However,
      RFC 4970 has updated (publication requested) to allow an OSPF
      Router to advertise multiple instances of the OSPF RI LSA.

      During WG last call, it was noted that the behavior must be
      specified when there are multiple instances of the Admin Tag
      TLV.

Document Quality:

      This document has been a WG document for about a year and has been
      stable other than addressing minor comments.

Personnel:

      Acee Lindem is the Document Shepherd.
      Alia Atlas is the Responsible Area Director.

(3) Briefly describe the review of this document that was performed by
    the Document Shepherd. If this version of the document is not ready
    for publication, please explain why the document is being forwarded
    to the IESG.

    The document shepherd has reviewed each revision of the document
    and followed the discussion on the OSPF mailing list.


(4) Does the document Shepherd have any concerns about the depth or
    breadth of the reviews that have been performed?

      No.

(5) Do portions of the document need review from a particular or from
    broader perspective, e.g., security, operational complexity, AAA,
    DNS, DHCP, XML, or internationalization? If so, describe the review
    that took place.

      No.

(6) Describe any specific concerns or issues that the Document Shepherd
    has with this document that the Responsible Area Director and/or
    the IESG should be aware of? For example, perhaps he or she is
    uncomfortable with certain parts of the document, or has concerns
    whether there really is a need for it. In any event, if the WG has
    discussed those issues and has indicated that it still wishes to
    advance the document, detail those concerns here.

      None.

(7) Has each author confirmed that any and all appropriate IPR
    disclosures required for full conformance with the provisions of BCP
    78 and BCP 79 have already been filed. If not, explain why?

    Yes.

(8) Has an IPR disclosure been filed that references this document? If
    so, summarize any WG discussion and conclusion regarding the IPR
    disclosures.

      Yes - http://datatracker.ietf.org/ipr/2460/

(9) How solid is the WG consensus behind this document? Does it
    represent the strong concurrence of a few individuals, with others
    being silent, or does the WG as a whole understand and agree with it?

      There is consensus from the WG and others outside the WG that
      this document can progress. It complements work done on LFA
      managability in the RTG Working Group.

(10) Has anyone threatened an appeal or otherwise indicated extreme
    discontent?  If so, please summarise the areas of conflict in
    separate email messages to the Responsible Area Director. (It
    should be in a separate email because this questionnaire is
    publicly available.)

      No.

(11) Identify any ID nits the Document Shepherd has found in this
    document.  (See http://www.ietf.org/tools/idnits/ and the
    Internet-Drafts Checklist).  Boilerplate checks are not enough;
    this check needs to be thorough.

      Nits are all resolved.

(12) Describe how the document meets any required formal review
    criteria, such as the MIB Doctor, media type, and URI type reviews.

      Not applicable.

(13) Have all references within this document been identified as either
    normative or informative?

      Yes.

(14) Are there normative references to documents that are not ready for
    advancement or are otherwise in an unclear state? If such
    normative references exist, what is the plan for their completion?
 
      No. Publication has been requested for the RFC 4970 BIS draft.

(15) Are there downward normative references references (see RFC 3967)?
    If so, list these downward references to support the Area Director
    in the Last Call procedure.

      No.

(16) Will publication of this document change the status of any existing
    RFCs?  Are those RFCs listed on the title page header, listed in
    the abstract, and discussed in the introduction? If the RFCs are
    not listed in the Abstract and Introduction, explain why, and point
    to the part of the document where the relationship of this document
    to the other RFCs is discussed. If this information is not in the
    document, explain why the WG considers it unnecessary.

      No.

(17) Describe the Document Shepherd's review of the IANA considerations
    section, especially with regard to its consistency with the body of
    the document.  Confirm that all protocol extensions that the
    document makes are associated with the appropriate reservations in
    IANA registries. Confirm that any referenced IANA registries have
    been clearly identified. Confirm that newly created IANA registries
    include a detailed specification of the initial contents for the
    registry, that allocations procedures for future registrations are
    defined, and a reasonable name for the new registry has been
    suggested (see RFC 5226).
 
      This document defines a single new OSPF Router Information LSA
      TLV, Node Admin Tag TLV, to the OSPF Router Information (RI)
      TLVs Registry. There shouldn't be any confusion with this IANA
      action.

(18) List any new IANA registries that require Expert Review for future
    allocations. Provide any public guidance that the IESG would find
    useful in selecting the IANA Experts for these new registries.

      None.

(19) Describe reviews and automated checks performed by the Document
    Shepherd to validate sections of the document written in a formal
    language, such as XML code, BNF rules, MIB definitions, etc.

      Not applicable.

[Ballot comment]

- I think Alavaro and Brian make some good points. I'll be
interested in how that discussion turns out.

- Good to see that you recognise that even opaque tag values
can expose sensitive information (the attacker isn't limited
in how they are allowed interpret what they see). However,
given that we recognise that confidentiality ought be provided
sometimes, isn't there an onus on us to actually provide some
usable way to get that service? If so, then who is looking at
that problem? If not, then why is that acceptable? (This isn't
a discuss as I don't think there is any PII or similar
information being transferred, and the confidentiality
requirement here really relates to network topology etc. But
please do correct me if one of these tags could be PII-like
and I'll make this a discuss if that's better.)

[Ballot comment]
I support Alvaro's DISCUSS position.  I also wonder why we are turning OSPF into a generic container protocol.  That approach has caused issues with BGP and I don't see it being any better doing it in OSPF.

[Ballot comment]
The shepherd write up says that there have been no IPR disclosures, but there has in fact been a disclosure on an earlier version. Wast he working group aware of this disclosure?

3.2, paragraph 4: "Each tag MUST be treated as an independent identifier that MAY be
used in policy to perform a policy action."

Given the context of the previous MUST, the MAY seems more descriptive than  normative.

[Ballot comment]
The abstract reads a bit oddly, repeating "This document describes an extension to OSPF protocol".  Perhaps while you're making changes to address the other IESG comments, you could re-word the abstract to avoid that repetition.

[Ballot comment]
Thanks for your responsive and helpful feedback to the SecDir review.  The suggested and agreed changes look good and I'll continue to watch the thread as the discussion seems to be going very well and is managed very well on both ends.

Thank you!
https://mailarchive.ietf.org/arch/msg/secdir/FT81G3Iml0J1alWq5wdVaBYXiao

[Ballot discuss]
Section 3.2. (Elements of procedure) says that the "interpretation of tag values is specific to the administrative domain of a particular network operator", which makes them opaque and obviously locally significant.  I then have an issue with the following text, which tries to (using rfc2119 keywords) specify how to interpret the tags, which doesn't make sense to me given the text above:

  Each tag MUST be treated as an independent identifier that MAY be
  used in policy to perform a policy action.  Tags carried by the
  administrative tag TLV SHOULD be used to indicate independent
  characteristics of a node.  The administrative tag list within the
  TLV MUST be considered an unordered list.  Whilst policies may be
  implemented based on the presence of multiple tags (e.g., if tag A
  AND tag B are present), they MUST NOT be reliant upon the order of
  the tags (i.e., all policies should be considered commutative
  operations, such that tag A preceding or following tag B does not
  change their outcome).

  To avoid incomplete or inconsistent interpretations of the per-node
  administrative tags the same tag value MUST NOT be advertised by a
  router in RI LSAs of different scopes.  The same tag MAY be
  advertised in multiple RI LSAs of the same scope, for example, OSPF
  Area Border Router (ABR) may advertise the same tag in area-scope RI
  LSAs in multiple areas connected to the ABR.
. . .
  Being part of the RI LSA, the per-node administrative tag TLV must be
  reasonably small and stable.  In particular, but not limited to,
  implementations supporting the per-node administrative tags MUST NOT
  tie advertised tags to changes in the network topology (both within
  and outside the OSPF domain) or reachability of routes.
. . .
  instances of the RI LSA.  The node administrative tags associated
  with a node that originates tags for the purpose of any computation
  or processing at a receiving node SHOULD be a superset of node
  administrative tags from all the TLVs in all the received RI LSA
  instances originated by that node.When an RI LSA is received that
  changes the set of tags applicable to any originating node, a
  receiving node MUST repeat any computation or processing that is
  based on those administrative tags.

If the tags are opaque, I don't think that anything can be mandated as to how they are interpreted or what they're used for.  That is the point I want to talk about with this DISCUSS.

[Ballot comment]
Related to the DISCUSS:  Section 3.2 says that the "meaning of the Node administrative tags is generally opaque to OSPF", are there cases where the meaning is not opaque?  Even if the application is well known there is no indication that the tag is not opaque.  Yes, this is a nit with the word "generally".

All the references related to rfc4970 should be changed to draft-ietf-ospf-rfc4970bis.

[Ballot comment]
- "Tags carried by the
  administrative tag TLV SHOULD be used to indicate independent
  characteristics of a node."

I was initially confused by that sentence.
So there are tags carried by a different TLV than the administrative one? Actually, no (I checked with one of the authors).
I would simply write:
  "Administrative tag TLV SHOULD be used to indicate independent
  characteristics of a node."

This would be in line with the definition:
  An administrative Tag is a 32-bit integer value that can be used to
  identify a group of nodes in the OSPF domain.

- Router information LSA [RFC4970] can have link, area or AS
  level flooding scope.  Choosing the flooding scope to flood the group
  tags are defined by the policies and is a local matter.

"and is a local matter". Hopefully there is some sort of centralized management application that checks consistency.

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-ospf-node-admin-tag-05. If any part of this review is inaccurate, please let us know.

Once this document has been approved for publication, IANA will add the following to the OSPF Router Information (RI) TLVs registry at http://www.iana.org/assignments/ospfv2-parameters:

TBD (suggested value 10)  Node Admin tag TLV  [this document]

QUESTION: Should "tag" be capitalized? 

Please note that IANA cannot reserve specific values. However, early allocation is available for some types of registrations. For more information, please see RFC 7120.

The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (Advertising per-node administrative tags in OSPF) to Proposed Standard


The IESG has received a request from the Open Shortest Path First IGP WG
(ospf) to consider the following document:
- 'Advertising per-node administrative tags in OSPF'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2015-10-08. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  This document describes an extension to OSPF protocol to add an
  optional operational capability, that allows tagging and grouping of
  the nodes in an OSPF domain.  This allows simplification, ease of
  management and control over route and path selection based on
  configured policies.  This document describes an extension to OSPF
  protocol to advertise per-node administrative tags.  The node-tags
  can be used to express and apply locally-defined network policies
  which is a very useful operational capability.  Node tags may be used
  either by OSPF itself or by other applications consuming information
  propagated via OSPF.

  This document describes the protocol extensions to disseminate per-
  node administrative-tags to the OSPFv2 and OSPFv3 protocol.  It
  provides example use cases of administrative node tags.





The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-ospf-node-admin-tag/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-ospf-node-admin-tag/ballot/


The following IPR Declarations may be related to this I-D:

  https://datatracker.ietf.org/ipr/2460/