[RTG-DIR] Routing directorate review of draft-ietf-trill-channel-tunnel

Jonathan Hardwick <Jonathan.Hardwick@metaswitch.com> Thu, 28 April 2016 13:27 UTC

Return-Path: <Jonathan.Hardwick@metaswitch.com>
X-Original-To: rtg-dir@ietfa.amsl.com
Delivered-To: rtg-dir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63D8A12D742; Thu, 28 Apr 2016 06:27:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=metaswitch.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VwbeNtvRuzOe; Thu, 28 Apr 2016 06:27:02 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0710.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:710]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2CD412D75F; Thu, 28 Apr 2016 06:26:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metaswitch.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=sa+jzxTKLWt7Z6caQc8nahX6dwUOA8//DB2v4Q5azMU=; b=fTyQ5Bdfw0ZElBV8UnVNtU0CjRgFAcoy/EjtYbaQgPKJQENMCZf42mePFFexTDq214vM5bvCwA1KOT7Z37sSLikeTzsEwZSKIoarvoEoV1mXs2QtaJmaTgU+2cc5tMwL9UrdJ2IabzJ6j9douc98/xqnCFu0RiBJuBQlQ+Xewcc=
Received: from BY2PR0201MB1910.namprd02.prod.outlook.com (10.163.75.152) by BY2PR0201MB1909.namprd02.prod.outlook.com (10.163.75.151) with Microsoft SMTP Server (TLS) id 15.1.477.8; Thu, 28 Apr 2016 13:26:00 +0000
Received: from BY2PR0201MB1910.namprd02.prod.outlook.com ([10.163.75.152]) by BY2PR0201MB1910.namprd02.prod.outlook.com ([10.163.75.152]) with mapi id 15.01.0477.014; Thu, 28 Apr 2016 13:26:00 +0000
From: Jonathan Hardwick <Jonathan.Hardwick@metaswitch.com>
To: "<rtg-ads@ietf.org> (rtg-ads@ietf.org)" <rtg-ads@ietf.org>, "akatlas@gmail.com" <akatlas@gmail.com>
Thread-Topic: Routing directorate review of draft-ietf-trill-channel-tunnel
Thread-Index: AdGhTmtHFH0TbXDCR3+6jGztLdmlHw==
Date: Thu, 28 Apr 2016 13:26:00 +0000
Message-ID: <BY2PR0201MB19103E57307C3C19AD96D85E84650@BY2PR0201MB1910.namprd02.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=metaswitch.com;
x-originating-ip: [2620:104:4001:73:b8b5:e102:f74d:550c]
x-ms-office365-filtering-correlation-id: 751cc00d-5bc5-43c3-3129-08d36f68a3e0
x-microsoft-exchange-diagnostics: 1; BY2PR0201MB1909; 5:1XUxsWDG2n9+59JplllGBDV99JzlzuE18IcrHxuiiF9WwAS3lXW7Z1I3cFJEovxdglq0Ejfpr0I+g5rt9NUjQvP6QYs0o7VUhwaJerT2y6X72RnpBJtmftkI/gBOqNX8CsunPKdyGj/f7MW68XABJw==; 24:cJpVzSGjatUK6nl7Kli6qmntxnZrFvXOeAiUasM+uBa7Y67cks2sSwVG9a8sn3Qqygbm3G5H9YrDEKCMoJ75+mxnqSUWvVuBZAZp5gHO7gA=; 7:awPLbt8vKweykBktnS1BCrhvK3ysfkWcIzloMof3L89wx1LPNbXFHd22XLm8w+jpB738x/Vgd9jEFRmX+y+M2LgYLu4p/Bvcp3/RifMxOtfofbjFgctXsnmLiEvQGSjDHFyj2lTdtP87JFxegwhe5XCAlmwxiJVJQqxwayE35mUVt8IEuoz0qYLpm6TZxev6
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR0201MB1909;
x-microsoft-antispam-prvs: <BY2PR0201MB190926121DC77065F3D47C2684650@BY2PR0201MB1909.namprd02.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(9101521072)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046); SRVR:BY2PR0201MB1909; BCL:0; PCL:0; RULEID:; SRVR:BY2PR0201MB1909;
x-forefront-prvs: 0926B0E013
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(51444003)(790700001)(6116002)(102836003)(19300405004)(3660700001)(19617315012)(1096002)(1220700001)(9326002)(87936001)(50986999)(54356999)(76576001)(92566002)(99286002)(86362001)(230783001)(2906002)(586003)(19580395003)(9686002)(3280700002)(81166005)(229853001)(5004730100002)(33656002)(189998001)(74316001)(10400500002)(15975445007)(11100500001)(77096005)(16236675004)(2501003)(5002640100001)(5008740100001)(122556002)(4326007)(5003600100002)(19625215002)(110136002)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR0201MB1909; H:BY2PR0201MB1910.namprd02.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BY2PR0201MB19103E57307C3C19AD96D85E84650BY2PR0201MB1910_"
MIME-Version: 1.0
X-OriginatorOrg: metaswitch.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Apr 2016 13:26:00.3063 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9d9e56eb-f613-4ddb-b27b-bfcdf14b2cdb
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR0201MB1909
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtg-dir/KfEho1lFFrhdbi5Vc7uW-Uz1isc>
Cc: "rtg-dir@ietf.org" <rtg-dir@ietf.org>, "trill@ietf.org" <trill@ietf.org>, "draft-ietf-trill-channel-tunnel@ietf.org" <draft-ietf-trill-channel-tunnel@ietf.org>
Subject: [RTG-DIR] Routing directorate review of draft-ietf-trill-channel-tunnel
X-BeenThere: rtg-dir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Routing Area Directorate <rtg-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-dir/>
List-Post: <mailto:rtg-dir@ietf.org>
List-Help: <mailto:rtg-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Apr 2016 13:27:05 -0000

Hello,

I have been selected as the Routing Directorate reviewer for this draft. The Routing Directorate seeks to review all routing or routing-related drafts as they pass through IETF last call and IESG review, and sometimes on special request. The purpose of the review is to provide assistance to the Routing ADs. For more information about the Routing Directorate, please see ​http://trac.tools.ietf.org/area/rtg/trac/wiki/RtgDir

Although these comments are primarily for the use of the Routing ADs, it would be helpful if you could consider them along with any other IETF Last Call comments that you receive, and strive to resolve them through discussion or by updating the draft.

Best regards
Jon
===

Document: draft-ietf-trill-channel-tunnel
Reviewer: Jon Hardwick
Review Date: 28 April 2016
Intended Status: Standards Track


Summary
I have some concerns about this document and recommend that the Routing ADs discuss these issues further with the authors.


Comments
The draft is overall well written and the specification is quite easy to understand, but I found some of the terminology and rationale to be confusing.  I would prefer to see this clarified before the document is published as RFC.  Note that this is the first TRILL document I’ve reviewed, so my context comes largely from mailing list searches and the shepherd’s report.


Major Comments
The motivations for this draft are quite obscure from the perspective of the outsider ☺ which makes it hard for me to evaluate the proposed mechanism.

I think the problems that the draft solves should be more clearly spelled out.  From the introduction:

   This document updates [RFC7178] and specifies extensions to RBridge
   Channel that provide two additional facilities as follows:

      (1) A standard method to tunnel a variety of payload types by
          encapsulating them in an RBridge Channel message.

      (2) A method to provide security facilities for RBridge Channel
          messages.

I think that number (1) requires more explanation because the RBridge channel already provides a standard method for a variety of payload types to be transmitted without needing the current draft.  What tunnelling capability is this draft adding?

A significant amount of text in the draft discusses number (2), which secures the channel payload, presumably to cover cases where the payload has no in-built security mechanism.  This appears to be the major purpose of the draft.  The draft achieves number (2) by adding a security shim header between the RBridge channel header and the payload.  One consideration in doing this is to remain backwards compatible with RFC 7178, and it looks like the working group has decided to achieve backwards compatibility by defining a new RBridge channel protocol type called “channel tunnel” – where this effectively means the RBridge channel payload contains an additional security shim which in turn contains an identifier that determines the real payload protocol type.

I find the term “channel tunnel” misleading, as the draft does not appear to add any additional tunnelling capability above and beyond the tunnelling that can already be done using RFC 7178.  The draft actually describes an RBridge channel with enhanced security, so a term like “secure channel” would make more sense to me than “channel tunnel”.


Minor Comments
Section 3.1 – “Any particular use of the Null Payload should specify what VLAN or priority should be used when relevant.” – is unclear and no context for this statement is given.  Should be used by what and for what purpose?

Section 4.3 feels like a corollary to section 4.5 and so may be better placed as a subsection of 4.5.

Section 4.6 “The PType indicates the nature of the application_data.” - is potentially open to misinterpretation.  At face value it sounds like you are leaking some potentially sensitive information about the “nature” of the encrypted payload.  I think all you are actually saying is that it indicates whether the payload is an Ethertype, an Ethernet frame etc.  Suggest instead “In this case, the PType value in the RBridge Channel Tunnel Protocol Specific Data applies to the decrypted application_data.”

Section 5.2 “with a payload type (PType) indicating a nested RBridge Channel message” – strictly all the PType can indicate is that the payload is Ethertyped; on its own it cannot indicate a nested RBridge Chanel message.  Suggest “and it contains a nested RBridge Chanel message”.

Section 6.2
“Section xxx of [RFC 7178]” should be “Section 3.2 of [RFC 7178]”.
Don’t you also need a new IANA registry for the “Rbridge Channel Error Subcodes” listed in table 5.2?


Nits
Section 3.2
“as describe in” -> “as described in”

Section 4
“not to met” -> “not to meet”
2nd paragraph – this sentence is quite long and hard to parse.

Section 4.2 & Section 5.1
“As show in” - > “As shown in”

Section 4.3
“The use Derived Material” -> “The use of the Derived Material”
Does Derived Material really need to be capitalised in this section?

Section 4.5
“can reasonable be” -> “can reasonably be”

Section 4.6
“minimum MTU Sz” -> “minimum MTU size”
“Actual application_data sent with Channel Tunnel” -> “Actual application_data sent within the Channel Tunnel”
Why do you say “application_data” not “application data”?

Appendix Z should presumably be removed prior to IETF last call.