Fast Failover in Protocol Independent Multicast - Sparse Mode (PIM-SM) Using Bidirectional Forwarding Detection (BFD) for Multipoint Networks
draft-ietf-pim-bfd-p2mp-use-case-10

I support Martin’s discuss position, and have one other nit. The first sentence in the below is very difficult to parse:

   If a PIM-SM router is configured to monitor the head by using p2mp
   BFD, referred to through this document as 'tail', receives a PIM-
   Hello packet with the BFD Discriminator PIM Hello option, the tail
   MAY create a p2mp BFD session of type MultipointTail, as defined in
   [RFC8562].

Suggested rewrite: “A PIM-SM router that is configured to monitor the head by using p2mp BFD is referred to throughout this document as a “tail”. When such a tail receives a PIM-Hello…”

The shepherd writeup says simply "Proposed standard" in answer to the question "Why is this the proper type of RFC?".

The SHOULDs in Section 2.1 give the implementer a choice.  I suggest including some guidance about how to make that choice, or perhaps more concretely, when one might opt not to do what the SHOULD says.

Thank you to Russ Housley for the SECDIR review.

This short document looks good to me and thanks for working with it. 

I have one comment -

- It would be great to have the "throttling logging mechanism" explained or provide reference for further details. This will help the reader understand better.

Thank you for the work put into this document. 

Please find below some non-blocking COMMENT points (but replies would be appreciated even if only for my own education).

Special thanks to Mike McBride the shepherd's write-up including the section about the WG consensus.

I hope that this helps to improve the document,

Regards,

-éric

== COMMENTS ==

Does the use of BFD prevent the use of normal PIM detection? It is a little unclear from the text and I hope that BFD comes on the top of normal PIM detection mode.

-- Section 2.3 --
Please add "All received BFD Control packets that are
   demultiplexed to the session MUST be discarded if the received TTL or
   Hop Limit is not equal to 255." Copied from RFC 5881.

-- Section 4 --
The security section appears rather light to me as now any BFD security issues can also impact PIM.

Do we want to provide any guidance on how to configure the BFD
parameters (most notably the timeout intervals)?  (I assume the answer
is "no", but still have to ask.)

Section 1

   Among specific characteristics of p2mp BFD that particularly benefit
   PIM-SM over a LAN segment is a faster transition to the Up state of
   the p2mp BFD session due to avoidance of the three-way handshake
   required in p2p BFD [RFC5880].  [...]

I'm not sure I understand how this works.  RFC 8562 seems to require the
head node to stay in down state for the max timeout before transitioning
to "up" and starting to send control packets.  With a three-way
handshake there is immediate feedback at startup and, while there is a
round-trip cost incurred, there is no mandatory enforced delay.  Could
you say a bit more about which scenarios are being compared so that p2mp
BFD is faster to Up than p2p BFD?

                                                         Point-to-
   multipoint (p2mp) BFD can enable faster detection of PIM-SM router
   failure and thus minimize multicast service disruption.  [...]

Just to confirm: here, the comparison is PIM-SM without BFD against
PIM-SM with (p2mp) BFD, right?  So that we're going from 105 seconds to
potentially sub-second detection.  Assuming that, I'd consider "faster
detection of PIM-SM router failure compared to PIM-SM without BFD".

Section 2.1

   Note that any PIM-SM router, regardless of its role, MAY become a
   head of a p2mp BFD session.  [...]

While I don't see any problem with this behavior, I'm also a bit
confused as to when an arbitrary (i.e., non-RP) router would benefit
from being the head of a p2mp BFD session.  Also, RFC 7761 doesn't seem
to use "role" as a defined term, so there may be some room for
clarification if we had particular roles in mind.

   If a PIM-SM router is configured to monitor the head by using p2mp
   BFD, referred to through this document as 'tail', receives a PIM-
   Hello packet with the BFD Discriminator PIM Hello option, the tail

Since we're presuming that the tail is configured to monitor "the head",
does this behavior only apply to PIM-Hello packets received specifically
from "the head" (as opposed to all received PIM-Hello packets)?

   If the tail detects a MultipointHead failure [RFC8562], it MUST
   delete the corresponding neighbor state and follow procedures defined
   in [RFC7761].

Do we want to give a more precise reference for which RFC 7761
procedures are to be followed in this case?  (Perhaps, the
neighbor.timeout behavior?)  (Also, we might clarify that the neighbor
state being deleted is the PIM state, not the BFD state.)

Section 2.2

                 The head router administratively sets the
   bfd.SessionState to Up in the MultipointHead session [RFC8562] only
   if it is a Group Designated Router (GDR) Candidate, as specified in
   Sections 5.5 and 5.6 of [RFC8775].  If the router is no longer the
   GDR, then it MUST shut down following the procedures described in
   Section 5.9 [RFC8562].  [...]

There seems to be a slight mismatch, here -- we start the BFD session if
we're a GDR *Candidate*, and stop it if we're no longer *the GDR*.  So
what do we do if we are a candidate but not the selected GDR?

                           For each GDR Candidate that includes BFD
   Discriminator option in its PIM Hello, the PIM DR creates a
   MultipointTail session [RFC8562].  [...]

Interestingly, this seems to be a stronger requirement on the tail than
in the non-RFC8775 case, where we just say "MAY create a p2mp BFD
session of type MultipointTail".  It might be worth emphasizing the
contrast by using "MUST" here (assuming that the contrast is intended).

             If PIM DR detects a failure of one of the sessions, it MUST
   remove that router from the GDR Candidate list and immediately
   transmit a new DRLB-List option.

Is this "MUST ... immediately transmit" going to run any risk of causing
a traffic spike/congestion?  I find it unlikely, but am not really an
expert here.

Section 2.3

   The MultipointHead of a p2mp BFD session when transmitting BFD
   Control packets:

      MUST set TTL or Hop Limit value to 255 (Section 5 [RFC5881]);

Is there a corresponding requirement or recommendation on tails to
reject BFD Control packets with received TTL or Hop Limit not equal to
255?  Where is this requirement specified?

Section 4

   The security considerations discussed in [RFC7761], [RFC5880],
   [RFC8562], and [RFC8775] apply to this document.

Do the considerations of RFC 5881 also apply?

NITS

Section 1

   Bidirectional Forwarding Detection (BFD) [RFC5880] had been
   originally defined to detect a failure of a point-to-point (p2p)

I'd s/had been/was/ -- the "had been" verb tense feels out of place
here.

Thanks to Meral Shirazipour for their General Area Review Team (Gen-ART) review
(https://mailarchive.ietf.org/arch/msg/gen-art/3VY7s4HnPhPf8ijxLhhh9gHNp10).

-------------------------------------------------------------------------------
All comments below are about very minor potential issues that you may choose to
address in some way - or ignore - as you see fit. Some were flagged by
automated tools (via https://github.com/larseggert/ietf-reviewtool), so there
will likely be some false positives. There is no need to let me know what you
did with these suggestions.

Section 2.1. , paragraph 5, nit:
> affecting the PIM state in any way. Thus the tail stops using BFD to monitor
>                                     ^^^^
A comma may be missing after the conjunctive/linking adverb "Thus".

---DISCUSS record---
Hi,

thank you for your work. I have two points I'd like to discuss with you:

1/
You write:
   If the value of the OptionLength field is not equal to 4, the BFD
   Discriminator PIM Hello option is considered malformed, and the
   receiver MUST stop processing PIM Hello options.
Do you mean ignore all other options that would be in the PIM Hello message?
I rapidly skimmed through 7761 and could not find such requirement nor an indication that documents defining new Hello options would have to define how to treat options when at least one is malformed.
It may be that I simply failed to find the relevant text in PIM specs but I'd nevertheless appreciate if you could elaborate a bit on this.

2/
Twice you write that a PIM-SM router MAY/can become a head. First time in 2nd paragraph of 2.1, and the second time in 2.2.
"become" gives a sense of automation, meaning without human intervention, and this is apparently confirmed by section 2.2 where becoming a head is driven by the node becoming a GDR.
The issue I have is that 8562 is pretty explicit about the fact that the transition to Up state for a head is administratively controlled.
You take great care in reusing that word (The head router administratively sets the bfd.SessionState to Up in the MultipointHead session) but I'm not sure this is sufficient to make this an administratively driven action.
Maybe it's simply a discussion about the meaning of "administratively", but according to the understanding I have of this word (which is influenced by the typical use of it in router implementations), it seems to me that this document departs from 8562.

Thank you
---DISCUSS record---

additionally, here are some minor comments:

   it precisely characterizes deployment scenarios for PIM-SM over a LAN
   segment.
What do you mean here? I couldn't find any mention of PIM-SM over a LAN segment in RFC8562.

   HeadDiscriminator: equals the value of My Discriminator
   ([RFC5880]) allocated by the head.
I would specify here that it MUST always be present and MUST NOT be zero.

   The head MUST include the BFD Discriminator option in its Hello
   messages, and it MUST include a 4-byte HeadDiscriminator with a value
   other than zero.
Should this more precisely be written as:
   The head MUST include the BFD Discriminator PIM Hello option in its
   PIM Hello messages, and it MUST include a 4-byte HeadDiscriminator
   with a value other than zero.
If you implement the change I have suggested above then you could remove the second part of the sentence.

   For the tail to
   correctly demultiplex BFD [RFC8562], the source address, and My
   Discriminator values of the BFD packets MUST be the same as those of
   the HeadDiscriminator in the PIM Hello message.
This is not fully clear. Do you mean:
   For the tail to
   correctly demultiplex BFD [RFC8562], the source address and My
   Discriminator of the BFD packets MUST be the same as the source
   address and the HeadDiscriminator, respectively, of the PIM Hello
   message.

s/The document/This document/

Hi,

I was surprised by both of the statements in section 2.3 (but that may just be due to my lack of BFD expertise):

1. Wouldn't the base BFD protocol specify the TTL or Hop Limit?  Or is there a special/different consideration when BFD is being used for this use case that justifies RFC 2119 language?

2. This may just be my lack of BFD knowledge because I had assumed that BFD sessions could be shared between different protocols wanting fast failure detection, and hence I was surprised that the p2mp BFD session MUST be targeted to the ALL-PIM-ROUTERs multicast address?

Thanks,
Rob