Skip to main content

Interoperation between Multicast Virtual Private Network (MVPN) and Multicast Source Directory Protocol (MSDP) Source-Active Routes
RFC 9081

Yes

(Martin Vigoureux)

No Objection

Erik Kline
Francesca Palombini
Martin Duke

Note: This ballot was opened for revision 06 and is now closed.

Alvaro Retana No Objection

Comment (2021-05-17 for -06)
The MSDP reference (rfc3618) should be Normative.

Erik Kline (was Abstain) No Objection

Francesca Palombini No Objection

John Scudder No Objection

Comment (2021-05-14 for -06)
Thanks for this short document! I have a few questions and comments, below.

1. Section 3

   The MVPN PEs that act as customer RPs or have one or more MSDP
   sessions in a VPN (or the global table in case of GTM) are treated as
   an MSDP mesh group for that VPN (or the global table).  In the rest
   of the document, it is referred to as the PE mesh group.  It MUST NOT
   include other MSDP speakers, and is integrated into the rest of MSDP

On first reading I had difficulty following “it MUST NOT include other MSDP speakers“. You mean, MSDP speakers from another VPN, right? It didn’t come together for me until I reread it and realized the referent of “it“ is “the PE mesh group“. Anyway, this confused at least one reader, it might stand a little rewording. (Replacing “it” with “The PE mesh group” in the last sentence would do the trick.)

2. Section 3

   In addition to procedures in [RFC6514], an MVPN PE may be provisioned
   to generate MSDP SA messages from received MVPN SA routes, with or
   without local policy control.  If a received MVPN SA route is to
   trigger MSDP SA message, 

There are a couple things wrong with the preceding clause. First, it’s either missing an article before “MSDP” as in “trigger an MSDP SA message” or possibly “message” is supposed to be pluralized as in “trigger MSDP messages”. Second and more troublesome, that “if... is to trigger” seems wrong, that’s normally a construct which would introduce a precondition but that’s not what happens. Can you reword this? Do you mean “if a received MVPN SA route triggers an MSDP SA message”?

               it is treated as if a corresponding MSDP SA
   message was received from within the PE mesh group and normal MSDP
   procedure is followed (e.g. an MSDP SA message is advertised to other
   MSDP peers outside the PE mesh group).  

Your use of “e.g.”, meaning “for example”, implies other things could happen instead as a result of normal MSDP procedure, and this is just a for-instance. Right? Just checking. 

               The (S,G) information comes
   from the (C-S,C-G) encoding in the MVPN SA NLRI and the RP address
   comes from the "MVPN SA RP-address EC" mentioned above.  If the
   received MVPN SA route does not have the EC (this could be from a
   legacy PE that does not have the capability to attach the EC), the
   local RP address for the C-G is used.  In that case, it is possible
   that receiving PE's RP for the C-G is actually the MSDP peer to which

“The receiving PE’s”

   the generated MSDP message is advertised, causing the peer to discard
   it due to RPF failure.  To get around that problem the peer SHOULD
   use local policy to accept the MSDP SA message.

That sounds pretty gross considering the MSDP state is built dynamically (isn’t it?) but ok. 

   An MVPN PE MAY treat only the best MVPN SA route selected by BGP
   route selection process (instead of all MVPN SA routes) for a given

“The BGP route selection process”

   (C-S,C-G) as a received MSDP SA message (and advertise corresponding
   MSDP message).  In that case, if the selected best MVPN SA route does

“The corresponding”

Lars Eggert No Objection

Comment (2021-05-17 for -06)
All comments below are about very minor potential issues that you may choose to
address in some way - or ignore - as you see fit. Some were flagged by
automated tools (via https://github.com/larseggert/ietf-reviewtool), so there
will likely be some false positives. There is no need to let me know what you
did with these suggestions.

Section 2, paragraph 9, nit:
> rce Active route using an Extended Community so this information can be share
>                                    ^^^^^^^^^
Use a comma before 'so' if it connects two independent clauses (unless they are
closely connected and short).

Section 2.1, paragraph 2, nit:
> ation for the "rpt-spt" mode is outside of the scope of this document. In th
>                                 ^^^^^^^^^^
This phrase is redundant. Consider using "outside".

Martin Duke No Objection

Murray Kucherawy No Objection

Comment (2021-05-17 for -06)
The shepherd writeup asks "Why is this the proper type of RFC?" but the answer to this question is missing.

Robert Wilton No Objection

Comment (2021-05-19 for -06)
Thanks Qin for the OPSDIR review.

Roman Danyliw No Objection

Comment (2021-05-19 for -06)
Section 4.  Editorial.

OLD
This document extends this capability in the reverse
   direction - upon receiving an MVPN SA route in a VPN generate
   corresponding MSDP SA and advertise to MSDP peers in the same VPN.

NEW
This document extends this capability in the reverse direction - upon receiving an MVPN SA route in a VPN, the PE generates a corresponding MSDP SA and advertises it to MSDP peers in the same VPN.

Éric Vyncke (was Discuss) No Objection

Comment (2021-05-17 for -06)
Thank you Alvaro for explaining to me that MSDP is IPv4-only so this document must be IPv4-only as well. I am now clearing my previous DISCUSS ballot.

Thanks to the authors, WG, and doc shepherd for the work done (though the text is very hard to read, quite dense, and little context is given).

Regards

-éric

(Martin Vigoureux; former steering group member) Yes

Yes (for -06)

                            

(Benjamin Kaduk; former steering group member) No Objection

No Objection (2021-05-19 for -07)
This looks like a nice, simple way to improve the interoperation scenarios.
All my comments are relatively minor (and most are explicitly classified as nits).

Section 2

   Section "14.  Supporting PIM-SM without Inter-Site Shared C-Trees" of
   [RFC6514] specifies the procedures for MVPN PEs to discover (C-S,C-G)
   via MVPN Source Active A-D routes and then send (C-S,C-G) C-multicast
   routes towards the ingress PEs, [...]

Just to check my understanding: when we say "send (C-S,C-G) C-multicast
routes toward the ingress PEs", does that refer to the "Source Tree Join
C-multicast route"s that RFC 6514 describes?  Would it be helpful to
write it out using the same terminology?

Section 3

   When an MVPN PE advertises an MVPN SA route following procedures in
   [RFC6514] for the "spt-only" mode, it SHOULD attach an "MVPN SA RP-
   address Extended Community".  [...]

I don't really understand why this is only a "SHOULD".  If the whole
point of this document is to let MVPN S-A announcements get propagated
out to MSDP, it seems required, and people who don't care about that
scenario can ignore the document entirely; they don't need SHOULD vs
MUST to get out of it.

   In addition to procedures in [RFC6514], an MVPN PE may be provisioned
   to generate MSDP SA messages from received MVPN SA routes, with or

When would something that implements the rest of this document not be
expected to generate MSDP SA messages in such a manner?  (That is, why
use "may be"?)

Section 4

I'm always a little wary of claims of "no additional security
considerations", though in many cases there are no *significant* new
security considerations, even if there are some considerations that are
new.  In this case, we have the option of using the local RP address for
the C-G when constructing a MSDP SA message (when the EC is not present
in the MVPN SA NRLI), and since this causes different nodes in the MVPN
to see different RPs for the group, it's not immediately clear that
there are no relevant security considerations from having different
views of the RP.  What is the behavior when different nodes are using
different RPs?

(There is also the fact that the address of the RP is now sent to a
larger population by virtue of being in the new BCP EC, which should
cause us to consider if there are any privacy considerations from the
broadedend information distribution.  I don't see anything noteworthy,
though.)

RFC 6514's security considerations section mentions (by section number,
not name) that for the spt-only mode implementations should have an
upper bound on the number of SA A-D routes.  IIUC, the mechanisms in
this document do not change relative resource consumption in a way that
might require the specific value of the upper bound to change, but
please confirm.

The security considerations for RFC 3618 mandate implementation of
TCP-MD5, which is a bit dated.  Should we say anything about TCP-AO (RFC
5925) here?

Section 7.2

While RFC 3618 is not specifically cited in any location that would
require it to be classified as normative, I think that it should be
classified as normative, and thus presumably that more references to it
should also be added where the normative use of MSDP is mentioned in the
text.

NITS

Section 1

   Familiarity with MVPN and MSDP protocols and procedures is assumed.
   Some terminologies are listed below for convenience.

References for MVPN and MSDP would go well here.

Section 2

   similar to MSDP Source-Active messages [RFC3618].  For a VPN, one or
   more of the PEs, say PE1, either act as a C-RP and learn of (C-S,C-G)
   via PIM Register messages, or have MSDP sessions with some MSDP peers
   and learn (C-S,C-G) via MSDP SA messages.  [...]

Since we specified "say PE1", we should probably take the "one" branch
of "one or more" and use "has" and "learns" for singular/plural agreement.

   corresponding (C-*,C-G) state learnt from its CE.  PE2 may also have
   MSDP sessions for the VPN with other C-RPs at its site, but [RFC6514]
   does not specify that it advertises MSDP SA messages to those MSDP

I suggest s/it/PE2/ just to avoid any doubt.

   which are redundant and unnecessary.  Also notice that the PE1-PE2
   MSDP session is VPN-specific, while the BGP sessions over which the
   MVPN routes are advertised are not.

I suggest s/VPN-specific/used only for a single MVPN/

   o  VPN extranet mechanisms can be used to propagate (C-S,C-G)
      information across VPNs with flexible policy control.

Is RFC 7900 a good reference for "VPN extranet"?  I had to look it up...

   contain the source and group.  MSDP requires the RP address
   information in order to perform peer-RPF.  Therefore, this document

I'd suggest expanding RPF on first use.

Section 3

   attach the EC), the local RP address for the C-G is used.  In that
   case, it is possible that the receiving PE's RP for the C-G is
   actually the MSDP peer to which the generated MSDP message is

I suggest s/receiving PE's RP/RP inserted into the MSDP SA message/.

   from before.  The previously advertised MSDP SA message with the
   older RP address will be timed out.

I guess technically it's the state that the older message induced that
times out, not the message itself.

   direction - upon receiving an MVPN SA route in a VPN generate
   corresponding MSDP SA and advertise to MSDP peers in the same VPN.

"generate a"; "advertise it"