ietf
[Top] [All Lists]

RE: Gen-ART Last Call Review of draft-ietf-l2vpn-etree-frwk-06

2014-07-16 10:05:14
Hi Ben,

Thank you for the review and suggestions. Please see inline below w/ [Lucy]

-----Original Message-----
From: Ben Campbell [mailto:ben(_at_)nostrum(_dot_)com] 
Sent: Monday, July 14, 2014 5:40 PM
To: draft-ietf-l2vpn-etree-frwk(_dot_)all(_at_)tools(_dot_)ietf(_dot_)org
Cc: gen-art(_at_)ietf(_dot_)org Team (gen-art(_at_)ietf(_dot_)org); 
ietf(_at_)ietf(_dot_)org list
Subject: Gen-ART Last Call Review of draft-ietf-l2vpn-etree-frwk-06

I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, 
please see the FAQ at

<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Please resolve these comments along with any other Last Call comments you may 
receive.

Document:  draft-ietf-l2vpn-etree-frwk-06
Reviewer: Ben Campbell
Review Date: 2014-07-14
IETF LC End Date: 2014-07-15

Summary: This draft is almost ready for publication as an RFC, but I have a few 
minor issues and editorial comments that may be worth consideration prior to 
publication.

Major issues:

None

Minor issues:

-- I suggest removing the 2119 language. Ignoring the general controversies 
over whether informational RFCs should use 2119 language, I don't think it fits 
for _this_ draft. In particular, all the small number of normative language 
instances seems to be either statements of fact or restatements of requirements 
that are defined elsewhere. These would all be better served with descriptive 
language. 
[Lucy] OK. I will change as you suggested.

-- Section 4, paragraph after Table 1: "If direct Layer 2 Leaf-to-Leaf 
communication needs to be prohibited, E-Tree should be used."

That sounds more like advocacy than architecture/framework. Do you mean to 
suggest that other potential solutions (if any) should not be used, or that 
E-Tree is somehow the best solution?  Or did you mean to say "E-Trees are 
appropriate for whenever..."?
[Lucy] OK, I will change the wording.

-- Similarly, 2 paragraphs down: "An E-Tree service can meet these use case 
requirements."

That also sounds like advocacy. This draft doesn't seem to do a requirements 
analysis for those use cases, beyond an assumption that they need inter-leaf 
isolation at Layer 2. Something to the effect of "E-Trees can meet the common 
requirement to avoid the exchange of frames between Leaf CAs." would be more 
appropriate.
[Lucy] OK. Will fix that.

-- 5.1 and 5.2:

5.2 seems like the same "gap" as discussed in 5.1, just from a perspective of 
CA role vs forwarding constraint. Handing around constraints vs roles seem more 
like solution questions than requirements or architecture questions.
[Lucy] One is assigned the role at AC that impacts the forwarding; another is 
to convey or advertise the assigned AC role. Since these may relate to 
different techniques used in L2VPN, it is good to keep them in different 
sections. 

-- 5.3, First sentence:

The first sentence seems like yet a further restatement of the issue from 5.1 
and 5.2.  (The rest of the section seems reasonably distinct from the others.)
[Lucy] Yeah. I will remove the first sentence.

-- Security Considerations:

The security considerations mostly say that e-trees have to act like e-trees. I 
think there is room for more discussion. Are the e-tree rules sufficient for 
scenarios where inter-leaf isolation is critical for security reasons? Does it 
remove needs for higher layer protections? (I hope not.) The guidance to use 
IPSec if additional security is required is not entirely satisfying here--how 
would an higher layer protocol know whether or not it had a fully protected 
path?
[Lucy] For the first point, yes, E-tree can be used to inter-leaf isolation for 
the security reason. However higher layer does not have any knowledge of AC 
role at lower layer, I don't think that it can rely on the lower layer for the 
protection.  I'll add that clarification. For the second point, to clarify, 
E-Tree is an L2 service that is implemented over MPLS network, not IP 
underlying. If an operator chooses running the mpls over IP network, such 
security concern need to be addressed there. This has no change on the security 
that the mpls provides.

Are there trust issues between PEs? Can one PE assume that another will enforce 
the leave/root constraints? Can it trust that the other PE has the same idea of 
what should be a leaf vs root? Is there a need for one PE to determine if 
another supports E-Trees at all?
[Lucy] A MPLS domain is operated by an operator. Thus, there is trust between 
PEs. I will explicitly make that clear in this section.


Nits/editorial comments:

-- 2.2, 4th paragraph: "Furthermore, MEF also defines AC roles. One
   role is Root and another is Leaf."

Are these the same usages as defined in this document? If so, it might be 
helpful to attribute these in the terminology section.
[Lucy] We define Root AC and Leaf AC in terminology and use them in the 
framework. Will that be OK?

-- 2.3, 2nd paragraph: "... distinct differentiation for multicast groups in 
one VPN."

I suggest "... distinct differentiation among multicast groups in the same VPN."
[Lucy] OK.

-- 3: Figure 1

The figure is two pages from the paragraph that describes it. I suggest moving 
Figure 1 to either before or after the first paragraph in the section.
[Lucy] OK.

-- 3, first paragraph "This implies that an Ethernet frame from CE01, CE02, etc 
will be treated as a frame originated from a Root AC; a frame
   from CE03, CE04, etc will be treated as a frame originated from a Leaf AC."

Treated by what? (Consider restating in active voice).
[Lucy] It implies the receiver. Will modify the wording.

-- 3, last paragraph before Figure 1: " A VSI on a PE corresponds to an E-Tree 
instance ..."

This can be read to imply a 1-to-1 cardinality between "A VSI on a PE" and "an 
E-Tree instance". I don't think that is intended.

Also, is an "E-Tree instance" the same thing as and "E-Tree service instance", 
as mentioned elsewhere?
[Lucy] It means E-Tree service instance. It is 1-to-1 relationship in between. 
Will fix the missing word.

-- Section 4, paragraph after Table 1:

Can you provide a reference and/or expansion for LTE X2?  (I think LTE may be 
on the well-known abbreviation list, but I'm not sure about X2).
[Lucy] OK.

-- Section 4, last paragraph:

Unless you mean to say that broadcast video is a significant driver for this 
work, this paragraph seems off topic.
[Lucy] OK. I will remove it.

-- Section 5 and subsections

Section 5  needs additional proof reading for missing articles and 
singular/plural mismatches.
[Lucy] OK. I will double check and fix the grammar error.

-- Normative References:

The two IEEE references seem more like informative rather than normative ones.
[Lucy] right. I will fix them.

Please let me that additional clarification and suggestions above will be 
acceptable?

Regards,
Lucy


<Prev in Thread] Current Thread [Next in Thread>