A Session Initiation Protocol (SIP) Load-Control Event Package
draft-ietf-soc-load-control-event-package-13
Yes
(Richard Barnes)
No Objection
(Adrian Farrel)
(Brian Haberman)
(Gonzalo Camarillo)
(Jari Arkko)
(Martin Stiemerling)
(Sean Turner)
Note: This ballot was opened for revision 10 and is now closed.
Richard Barnes Former IESG member
Yes
Yes
(for -10)
Unknown
Spencer Dawkins Former IESG member
Yes
Yes
(2013-11-30 for -11)
Unknown
I'm very pleased to see this work moving forward and find it of generally high quality (thank you). I have some comments. Most are about clarity. None rise to the level of Discuss, but I'd appreciate it if you paid special attention to my comments on 6.8 and 7.4 (it took me three shots at the pseudocode to be fairly sure I was understanding the 7.4 text). In this text: 6.8. Subscriber Processing of NOTIFY Requests The subscriber SHOULD discard unknown bodies. If the NOTIFY request contains several bodies, none of them being supported, it SHOULD unsubscribe. A NOTIFY request without a body indicates that no load filtering policies need to be updated. I may very well be confused, but I'm reading this as saying that a subscriber that gets NOTIFY bodies it doesn't understand is better off knowing nothing than staying subscribed on the off-chance that future NOTIFY bodies will make sense. Is that right? That could very well be an appropriate response for most event packages, but a subscriber who unsubscribes from an overload control event package won't be enforcing filtering policies at all - is that the desired behavior? I'm not understanding why this is a SHOULD, either, but let's ignore that for now. In this text: 7.3.1. Call Identity A URI identifying a SIP user, however, can also be a 'tel' URI. We therefore need a similar way to match a group of 'tel' URIs. According to [RFC3966], there are two forms of 'tel' URIs for global numbers and local numbers, respectively. All phone numbers must be ^^^^^^^^^^^^^^^^^^^^^^^^^ expressed in global form when possible. The global number 'tel' URIs ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ start with a "+". The rest of the numbers are expressed as local numbers, which must be qualified by a "phone-context" parameter. The "phone-context" parameter may be labelled as a global number or any number of its leading digits, or a domain name. Both forms of the 'tel' URI make the resulting URI globally unique. I don't understand why "must be expressed in global form where possible". I'm reading this paragraph as saying "the resulting URI MUST be globally unique, whether because the number itself was a global number or because the number was qualified using a phone-context parameter". Am I understanding this correctly? I'll admit that the two lower-case "must"s make me uneasy ... In this text: 7.4. Actions o The "drop" action means simply ignoring the request without doing anything, which can in certain cases help save processing capability during overload. For example, when SIP is running over a reliable transport such as TCP, the "drop" action does not send out the rejection response, neither does it close the transport connection. The "drop" action is generally also good at dealing with telephony DOS attacks. However, when running SIP over an unreliable transport such as UDP, using the "drop" action will create message retransmissions that further worsen the possible overload situation. Therefore, any "drop" action applied to an unreliable transport MUST be treated as if it were "reject". I'm distracted by the offhand remark about telephony DOS attacks (is the point that attackers aren't going to respect rejects or redirects? If so, OK, but how do you know you're being telephony-DOSed?). I'm reading the rest of this paragraph as IF you can suggest another target THEN "redirect" ELSE IF unreliable-transport THEN treat "drop" as "reject" ELSE "drop" Am I reading this correctly? Or is the point more nuanced? In this text: 7.5.1. Load Control Document Examples Sometimes it may occur that multiple rules in a ruleset define actions that match the same methods, call identity and validity. In those cases, the "first-match-wins" principle is used. For example, in the following ruleset, the first rule requires all calls from the "example.com" domain to be rejected. Even though the rule following that one specifies that calls from "sip:alice@example.com" be redirected to a specific target "sip:eve@example.com", the calls from "sip:alice@example.com" will still be rejected because they have already been matched by the earlier rule. would it be clearer to say 'the calls from "sip:alice@example.com" will not be redirected because they have already been matched by the earlier rule and rejected'? The current text reads as if you're still evaluating calls that have been matched by a previous rule, at least to me. In this text: 10. Discussion of this specification meeting the requirements of RFC5390 REQ 1: The overload mechanism shall strive to maintain the overall useful throughput (taking into consideration the quality-of- service needs of the using applications) of a SIP server at reasonable levels, even when the incoming load on the network is far in excess of its capacity. The overall throughput under load is the ultimate measure of the value of an overload control mechanism. P/A. The goal of the load filtering is to prevent overload or maintain overall goodput during the time of overload, but it is dependent on the advance predictions of the load. If the predictions are incorrect, in either direction, the effectiveness of the mechanism will be affected. I would agree with this assessment if the mechanism was only used to distribute policies based on predictions, but is this also true when reactive filtering policy distribution is taken into account? ("why isn't this 'Yes?") Also in Section 10, there are five occurences of "N/A to the load control event package mechanism itself". This is quite terse. If I'm reading it correctly, it's saying "This requirement is N/A to the load control event package mechanism itself, but network elements can use the event package to fulfill this requirement". Is that what's intended? If so, I think you get at least partial credit ...
Adrian Farrel Former IESG member
No Objection
No Objection
(for -12)
Unknown
Barry Leiba Former IESG member
(was Discuss)
No Objection
No Objection
(2013-12-04)
Unknown
Mostly, I'll let Spencer's review and comments stand here. This document is as full of bloviation as I've come to expect from SIP documents: we really do need to fix that. Take note of the quote from Antoine de Saint-Exupéry, "Il semble que la perfection soit atteinte non quand il n'y a plus rien à ajouter, mais quand il n'y a plus rien à retrancher." The only other thing I'll note is that "MIME types" are now called "media types", and I'd appreciate it, though it's not a big deal, if the former could be globally changed to the latter.
Benoît Claise Former IESG member
No Objection
No Objection
(2013-12-05 for -12)
Unknown
Putting Barry's hat for one minute (private IESG joke). Anyway, my message is: Not sure a write-up like this is that useful. (13) Yes (14) No (15) No (16) No Even if I've been reviewing a lot of write-ups in the last 2 years, I don't want to have to learn the questions by heart.
Brian Haberman Former IESG member
No Objection
No Objection
(for -12)
Unknown
Gonzalo Camarillo Former IESG member
No Objection
No Objection
(for -12)
Unknown
Jari Arkko Former IESG member
No Objection
No Objection
(for -11)
Unknown
Martin Stiemerling Former IESG member
No Objection
No Objection
(for -11)
Unknown
Pete Resnick Former IESG member
No Objection
No Objection
(2013-12-05 for -12)
Unknown
I strongly agree with Barry. This entire document could use a huge editing pass to eliminate a lot of excess verbiage. I suspect there are 10 pages of actual useful spec here, and the rest could probably be cut in half, and perhaps put into appendices. Here are some specific things that should be changed: Throughout the document: IETF specifications do not use the "we" and "our" affectation from academic papers, because it's not clear to whom it refers (the authors of the document? the WG? the entire IETF?). Please change these "this document" or "this specification", or in some cases simply rewrite the sentence. Section 1: - Strike the first two paragraphs. Unnecessary. - Third paragraph: The first sentence should reference RFC 6357, which discusses what "congestion collapse" means in the context of SIP. Change "these cases" to "cases of SIP server overload". Strike the last sentence of the paragraph. You can certainly shorten the rest. - The fifth through seventh paragraphs should be compressed to a single short paragraph. - I think you could drop the last paragraph. There is a table of contents. I found none of the definitions in section 3 useful to my understand of the document. You reiterate the first 5 in section 5.1 in context, and fully explain the other two in context in 6.8 and 7. Section 4 I would strike as non-useful. Section 5.2: I don't understand what you mean by load filtering "computation". Do you simply mean "design" or "creation" of the load filtering policies? Since you've already said in the introduction that discussion of this is out of scope for the document, I don't understand why 5.2 is here. Section 5.3: - Strike the second and third sentence of the first paragraph. Unnecessary. - Second paragraph: SHOULD is inappropriate. You're not making a protocol statement here. Also, "outgoing signaling neighbor" is a term that is only used in this section and is not necessary. There is a bunch of other unnecessary verbiage in this paragraph. I suggest: In order for load filtering polices to be properly distributed, each capable SIP entity in the netwok subscribes to the SIP load control event package of each SIP entity to which it sends signaling requests. A SIP entity that accepts subscription requests is called a notifier (Section 6.6). Subscription is initiated and maintained during normal server operation. The subscription of neighboring SIP entities needs to be persistent, as described in Section 4.1 and Section 4.2 of [RFC6665]. The refresh procedure is describe in Section 6.7. The subscribers can terminate the subscription after an extended period of absence of signaling message exchange, and can resubscribe if it determines that signaling with the notifier becomes active again. - The examples could be greatly simplified in language. Sections 7.5, 9, and 10 should be moved to appendices and could be greatly shortened. I would simply strike section 10.
Sean Turner Former IESG member
(was Discuss)
No Objection
No Objection
()
Unknown
Stephen Farrell Former IESG member
No Objection
No Objection
(2013-12-05 for -12)
Unknown
Fully support Sean's discuss.
Stewart Bryant Former IESG member
No Objection
No Objection
(2013-12-03 for -11)
Unknown
I take a position of no objection based on a quick scan which shows no impact on the routing system.