Hi Joe,
Thanks for the comments.
On Tue, Jan 3, 2017 at 1:56 PM, Joe Touch <touch(_at_)isi(_dot_)edu> wrote:
Some observations:
- the title is misleading; this is TRILL over UDP, not trill over IP.
Humm... The two encapsulations specified do use UDP and it seems
implausible that TCP would be used. But it is possible someone would
want to use SCTP or some other non-UDP IP encapsulation. That would
presumably be via some future document. So I guess, on balance it
would be better to change the title as you suggest.
- the use of two different ports invites some potentially unintended
problems, e.g., selective blocking of the control vs. data plane. IMO,
given that TRILL's purpose is to extend Ethernet (not IP), this service
would be better served using a single port and differentiated
encapsulated traffic by whatever method TRILL nodes use internally.
Otherwise, this spec needs to include specific description of unexpected
behavior, e.g., data frames on the IS-IS port and IS-IS frames on the
data port.
I guess I don't see this.
As for selective blocking, if someone can control the passing of
traffic through links connecting TRILL switches, they can always block
a subset of traffic based on whatever criteria they want. I don't
think it makes significant difference what header field they look at.
Similarly, if someone can modify traffic passing through links between
TRILL switches, if the traffic is IP they could swap around port
numbers, but they could also swap around other header fields.
Presumably it is a policy decision for network managers based on their
threat model whether or not to use facilities by TRILL or otherwise to
provided to secure control traffic and/or use link security to protect
all traffic over a link. (Similarly, it is a matter for end system
users/managers to decide whether to use end-to-end security.)
I suppose we could throw in a few sentences saying that if security is
not being used and data or control is mislabeled as the other and it
happens to be parseable as the other, you will get junk in the data
stream or screwed up control information. But I don't think the
mislabeling of control and data as the other by TRILL code is a
realistic problem. It would be detected by the crudest of testing.
- regardless of whether one or two ports are requested, this doc should
provide the needed information for IANA (e.g., a service name and
description compliant with RFC6335).
OK.
- the section on MTU handling might benefit from informationally citing
intarea-tunnels, and consider using the recommendations there. In
particular, it's not sufficient to assume IPv4 supports 576 byte MTUs
(that's the minimum receiver reassembly MTU, not the transit MTU). That
section should also address issues of PMTUD and PLMTUD.
I'll take a look at that draft in this context.
Thanks,
Donald
===============================
Donald E. Eastlake 3rd +1-508-333-2270 (cell)
155 Beaver Street, Milford, MA 01757 USA
d3e3e3(_at_)gmail(_dot_)com
FWIW.
Joe