Note: This ballot was opened for revision 07 and is now closed.
Thanks for the work on this. I have a couple of minor comments: - There is an IPR disclosure with possible royalties. The shepherd report says there were no comments in the WG. Was the WG reminded of it? §9: "Existing OSPF security considerations and stronger authentication and manual key management mechanisms are specified in [RFC7474] SHOULD be considered for OSPF deployments." Could this say something stronger than "SHOULD be considered"? I'm fine with the SHOULD part, but simply considering it may not be that helpful.
I was forced to make lots of inferences while reading this document, so it's pretty likely that some of my comments will not make sense because I misunderstood the technology. My apologies in advance, and please help me to become un-confused. I think part of this is because the document relies very heavily on prior knowledge, and could be avoided by sprinkling a few more words here and there, such as "downstream-paths-only (for micro-loop avoidance)" or "alternate neighbor N of S". I've tried to note some more cases in the section-by-section comments. The Abstract and Introduction sound like they should be attached to an Informational document; why is this going for PS? Section 1.1 SPF - Shortest Path First PDU Is the "PDU" really entirely silent in the acronym? Section 2 It might be nice to super-briefly reframe the situation, maybe: The scenario for LFA protection for MHPs involves protecting a node N in the path from source S to MHP prefix P, providing an alternate path subject to constraints on the distance metric, measured as the sum of the cost of the links traversed by the path. Perhaps also expand the inequality headers slightly, as "Link-Protection for PO_i to P is possible via N if:" Cost(X,P) - Cost of reaching the prefix P from prefix originating node X. Isn't it important to note that the Cost differs from a D_opt in that the Cost is only defined for what we essentially model here as a link and not a multi-link path? Section 3 Are these procedures supposed to terminate when the first LFA is found, or produce multiple LFAs as output? (Perhaps this is just an editorial nit, but "for each alternate neighbor N" and "a valid LFA" would then be a singular/plural mismatch", and perhaps the "select N as" steps in the various procedures as well. The phrase "If alternate neighbor N is also prefix-originator of P" confused me a fair amount -- the "also" makes me think that what N is a neighbor of should be the "primary" prefix-originator of P, i.e., PO_best, but text elsewhere in the document implies that N is a neighbor of *S*, to be used as the next-hop for forwarding to P. I guess the intended sense of the "also" could be more like "if, in addition to being a neighbor, N is also a prefix-originator of P", but as written it seems ambiguous to me. However, if N is not a prefix-originator of P, the computing router SHOULD evaluate one of the corresponding LFA inequalities, as Why is this a SHOULD? Section 3.1 In this scenario, E and F both are pre-failure optimal points of attachment and share the same primary next-hop. Hence, an implementation MAY compare the kind of protection A provides to F (link-and-node protection) with the kind of protection C provides to E (link protection) and inherit the better alternative to prefix P and here it is A. I find that this chunk makes more sense if I read it as "kind of protection A provides to E" (not F). Am I just confused? In this case, prefix P MUST inherit corresponding LFAs of each primary next-hop calculated for the router advertising the same respectively. Is this MUST a new requirement imposed by this specification or a restatement of something from (e.g.) RFC 5286? In summary, if there are multiple pre-failure points of attachment for a MHP and primary next-hop of a MHP is same as that of the primary next-hop of the router that was pre-failure optimal point of attachment, an implementation MAY provide a better protection to MHP without incurring any additional computation cost. I had a hard time understanding why this is the case, most likely because I don't have a clear picture about what the reference point is for computational cost (that this is not "additional" to). Section 4.2.1 This procedure is not super-well-defined if a cost type other than 1 or 2 is encountered. 5. If route type (type 5/type 7) 5a. If route type is same, check route p-bit, forwarding address field for routes from both ASBRs match. [...] nit: "check if the route p-bit and the forwarding address field for" Section 18.104.22.168 If there are multiple ASBRs not pruned via rules defined in Section 22.214.171.124, [...] nit: I wouldn't exactly say that the rules are *defined* in 126.96.36.199, rather that they are "described in" or "referred to by" it. Section 188.8.131.52 Similarly to a previous comment, if we started out with "A neighbor N of S is a valid LFA to P under the named conditions when the corresponding inequality holds:", that would seem to help readability a lot. Section 5.2 In Multi Topology (MT) IGP deployments, for each MT ID, a separate shortest path tree (SPT) is built with topology specific adjacencies, the LFA principles laid out in [RFC5286] are actually applicable for MT IS-IS [RFC5120] LFA SPF. [...] nit: I think this is formally a comma splice as written, and would be better by adding "so" after the last comma, and maybe expanding to "so the LFA principles laid out in [RFC5286] are actually applicable on a per-MT-ID basis for MT IS-IS [RFC5120] LFA SPF." Section 9 I don't see any new security considerations to mention here, but would suggest a rewording of the current text for readability: The existing OSPF security considerations continue to apply, as do the recommended manual key management mechanisms specified in [RFC7474]. The existing security considerations for IS-IS also continue to apply, as specified in [RFC5304] and [RFC5310] and extended by [RFC7645] for KARP. This document does not change any of the discussed protocol specifications [RFC1195] [RFC5120] [RFC2328] [RFC5838], and the security considerations of the LFA base specification [RFC5286] therefore continue to apply.
I second Ben's question on the IPR issue.
Thanks for doing this work! (1) I've read rfc5286, but I still had to go back to it to refresh my memory of the Inequalities...even to make sure that I was understanding/remembering the inequalities in §2 correctly. I think it would be good to (1) include some text to go over (in plain English) what the inequalities are saying, and, (2) "show your work" (at least reference where the corresponding Inequalities came from in rfc5286). IOW, add text to describe the inequalities in Figures 1, 6 and 7. (2) §3 says both that "a computing router S MUST follow one of the appropriate procedures below, for each alternate neighbor N", and "the computing router SHOULD evaluate one of the corresponding LFA inequalities, as mentioned in Figure 1, once for each remote node that originated the prefix". First off, MUST != SHOULD. Also, it seems to me that "each alternate neighbor" is not the same as "each...node that originated the prefix". However §3.1 points out that they are the same (or, I guess, at least equivalent): "[RFC5286] Section 6.1 recommends that a router computes the alternate next-hop for an IGP multi-homed prefix by considering alternate paths via all routers that have announced that prefix and the same has been elaborated with appropriate inequalities in the above section". Please clarify what is meant with the different terminology, or (maybe better) use the same words. (3) The document doesn't explain what a multi-homed prefix is. There are some hints throughout the text, but I couldn't find a clear definition. rfc5286 has a description in §6.1, but about "multi-homed routes". For clarity, the document would benefit from a couple of sentences in the Introduction... (4) This document uses MAX_METRIC to describe constants in IS-IS and OSPF: "0xffffff /2^24 - 1 for IS-IS and 0xffff for OSPF" (§5.1). However neither protocol use MAX_METRIC as the name for those values: OSPF uses MaxLinkMetric (rfc6987) and IS-IS simply "maximum link metric" (rfc5305). I think that it is ok to use the term MAX_METRIC in this document, but please be clear on what it is from the start (in the Introduction). BTW, Figure 8 uses MAX_MET (not MAX_METRIC) (5) §3.1: "The approach specified here MAY also be applicable for handling default routes as explained in Section 3.2." I think that MAY is out of place because it is pointing out a fact, and there doesn't seem to be a normative behavior attached. s/MAY/may (6) §3.2: "...when multiple ECMP L1/L2 routers are reachable in an L1 area corresponding best LFAs SHOULD be given for each primary next-hop associated with default route". I don't know what this sentence says. Please clarify. Specifically, what does "SHOULD be given" mean? (7) §4.1: "LFA evaluation for multi-homed external prefixes in IS-IS is similar to the multi-homed internal prefixes." The text says "similar", but no differences are mentioned...is it similar, or the same? (8) Do we really still have to worry about RFC1583Compatibility? Just wondering... (9) The document could benefit from a grammar-focused review as many articles (the, an, a) are missing. (10) "proceed to step 4c" in Figure 5 seems to not be needed.
Thanks for the work everyone did on this document. --------------------------------------------------------------------------- Please expand the following acronyms upon first use and in the title; see https://www.rfc-editor.org/materials/abbrev.expansion.txt for guidance. - LFA - Loop-Free Alternate - FRR - Fast Reroute - AS - Autonomous System - LSA - Link State Advertisement