Explicit Tracking with Wildcard Routes in Multicast VPN

Note: This ballot was opened for revision 12 and is now closed.

Martin Vigoureux Yes

(Ignas Bagdonas) No Objection

Deborah Brungard No Objection

(Ben Campbell) No Objection

Comment (2018-10-24 for -12)
Thanks for the work on this!

*** Substantive Comments ***

I support Mirja's DISCUSS.

- There is an IPR disclosure with possible royalties. The shepherd report says there were no WG objections. How was the disclosure communicated? For example, was the WG reminded of the disclosure at WGLC?

*** Editorial Comments ***

- Part way through the section, starting with "We also introduce a new notion, the "match for tracking":", there is a section of text that has a significantly different tone from the rest of the draft. It switches more of a lecture style, then switches back. I suggest an edit pass to keep a consistent tone.  (I know this is a question of style, and I will not press it further if people prefer not to change it.)

- 2 paragraphs starting with "For a given C-flow..."
Why is this indented?

Alissa Cooper No Objection

(Spencer Dawkins) No Objection

Comment (2018-10-24 for -12)
Keeping in mind that reading multicast specifications now is like reading the denser MPLS specifications 10-15 years ago, even with the forest of unfamiliar terms in the Introduction, you manage to explain clearly what the problems being addressed are. Thank you for that effort. 

I support Mirja's Discuss, specifically because if this ever goes wrong, the people writing this spec probably know the most about what to do about it. If you can provide guidance, it will probably be better guidance than operators will get from anyone else.

(And please take this as a compliment!)

Benjamin Kaduk (was Discuss) No Objection

Comment (2018-12-02)
No email
send info
Thank you for addressing my Discuss points!

[original COMMENT section preserved, though I believe that they have
all been addressed via email clarification or in the -13]

Section 1

   This document clarifies the procedures for originating and receiving
   S-PMSI A-D routes and Leaf A-D routes.  This document also adds new
   procedures to allow more efficient explicit tracking.  The procedures
   being clarified and/or extended are discussed in multiple places in
   the documents being updated.

This is in effect saying to the reader, "you must read the updated
document(s) in their entirety and decide for yourself whether a procedure
being updated is described", which is perhaps not the most friendly thing
to be doing.

Section 2

   If the LIR-pF flag is set in the PTA of an S-PMSI A-D route, the LIR
   flag of that PTA MUST also be set.

What do I do if I receive a PTA in violation of the MUST?

   Note that support for the LIR-pF flag is OPTIONAL.  This flag SHOULD
   NOT be set unless it is known that all the PEs that are to receive
   the route carrying the PTA support the flag.  How this is known is
   outside the scope of this document.

Maybe remind us what a PE that doesn't support this flag will do if it
happens to receive a PTA with it set?  (I see discussion below of the state
at the ingress node in this case, but not an explicit confirmation of what
egress nodes do.)  It would also be nice to give non-normative examples of
how a sender might know that receivers support the flag.

Section 3

   The rules for finding a "match for reception" in [RFC6625] are hereby
   modified as follows:

Maybe give a section reference too?  (Especially since 6625 does not use
the abbreviated version we define here, and instead writes "Finding the
Match for Data Reception".)

      For a given C-flow ((C-S,C-G) or (C-*,C-G)) the "match for
      tracking" is chosen as follows.  Ignore any S-PMSI A-D route that
      has no PTA.  Also ignore any S-PMSI A-D route whose PTA specifies
      "no tunnel information present", but does not have either LIR or
      LIR-pF set.  (That is, DO NOT ignore an S-PMSI A-D route that has

I think this would be clearer as "and has neither LIR nor LIR-pF set" --
the "but" can easily lead the reader astray.

      a PTA specifying "no tunnel information present" unless its LIR
      and LIR-pF bits are both clear).  [...]

      Note that the procedure for finding the match for tracking takes
      into account S-PMSI A-D routes whose PTAs specify "no tunnel
      information present" and that have either LIR or LIR-pf set.  The
      procedure for finding the match for reception ignores such routes.

Why are we talking about this like LIR and LIR-pF can be set independently,
when just last page we said that if LIR-pF is set, LIR MUST be set?

Section 4

Please expand I-PMSI on first usage.

       When following this procedure, the PTA of the S-PMSI A-D route
       may specify a tunnel, or may specify "no tunnel information
       present".  The choice between these two options is determined by
       considerations that are outside the scope of this document.

Could you give some examples of what sort of things might be involved in
making that choice?

Section 5.3

   Suppose the forwarded S-PMSI A-D route has a PTA specifying a tunnel,
   and also has LIR-pF set.  [...]

nit: is this this "route being forwarded" (i.e., where the ABR/ASBR acts as
egress) or the "after forwarding route" (i.e., where the ABR/ASBR acts as

   As a result of propagating such an S-PMSI A-D route, the egress ABR/
   ASBR may receive one or more Leaf A-D routes that correspond to that
   S-PMSI A-D route.  [...]

Just to check my understanding (no document change requested), this
correspondance is determined by the NLRI in the Leaf A-D route matching the
NLRI from the S-PMSI A-D route?

   The "global administrator" field of the modified RT will be set to
   the IP address taken either from the S-PMSI A-D route's next hop
   field ([RFC6514]), or from its Segmented P2MP Next Hop Extended
   Community ([RFC7524]).

How do I choose which one to use?

Section 6

   then the action taken by N when it receives L is a local matter.  In
   this case, the Leaf A-D route L provides N with explicit tracking
   information for the flow identified by L's NLRI.  However, that
   information is for management/monitoring purposes and does not have
   an effect on the flow of multicast traffic.

I would prefer to say "does not necessarily have an effect".

Section 9

I agree with the secdir reviewer that some mitigation for the new problem
indicated is appropriate.  (Some justification for why the problem is
insoluble in the scope of this document might also suffice.)

Additionally, it seems that the mechanisms here can require more state to
be maintained in the SP network than a pure 6513/6514 solution would, and
that could be worth mentioning (along the lines of 6513's mention of the
potential for overload when multicast activity exceeds expectations).
Similarly, additional implementation limitations may be advisable.

(Suresh Krishnan) (was Discuss) No Objection

Comment (2018-11-28)
Thanks for addressing my DISCUSS

(Mirja Kühlewind) (was Discuss) No Objection

Comment (2018-11-29)
Thanks for addressing my discuss!

(Alexey Melnikov) No Objection

Alvaro Retana No Objection

Comment (2018-10-24 for -12)
I have some non-blocking comments:

(1) §3:

   The rules for finding a "match for reception" in [RFC6625] are hereby
   modified as follows:

      When applying the rules of Section 3.2.1 or 3.2.2 of [RFC6625], it
      is REQUIRED to ignore any S-PMSI A-D route that has no PTA, or
      whose PTA specifies "no tunnel information present".

   There are other RFCs that update [RFC6625] and that modify the rules
   for finding a "match for reception".  See, e.g., [RFC7582] and
   [RFC7900].  When applying those modified rules, it is REQUIRED to
   ignore any S-PMSI A-D route that has no PTA, or whose PTA specifies
   "no tunnel information present".

This text is also Updating rfc7582 and rfc7900 (and others?) that Updated rfc6625.  This document should then be marked to Update those other RFCs explicitly.

(2) How is this phrase intended to be interpreted: "the following procedure can be used if and only if it is known that the egress nodes support the optional LIR-pF flag" (§4)?  I ask because, even though there's no rfc2119 language, I would be inclined to interpret "if and only if" as an absolute requirement: just like a MUST.  However, later in the same section there is normative language that doesn't seem to match: "this procedure...if there are egress nodes that do not support the LIR-pF flag, and hence SHOULD NOT be used in that case."  I think that, in the best case, there may be some confusion in the text -- it would be good to clarify by maybe not using an expression as absolute as "if and only if".

(3) §5.1, Case 3: "...LIR-pF is set.  The egress node MUST follow whatever procedures are required by other specifications, based on the match for reception.  If the egress node supports the LIR-pF flag, it MUST also follow the procedures of Section 5.2."

The text above seems to account for the case where the egress node doesn't support the LIR-pF flag in the first sentence quoted.  However, if the node doesn't support the flag, it can't be assumed that it has knowledge of this document...which means that we shouldn't use normative language to instruct those nodes to do anything.  Also, the specification of "whatever procedures are required by other specifications" is too vague for being normative.  s/MUST/must

(4) §2: s/Since an ingress node that sets the LIR-pF flag is also REQUIRED to set the LIR flag,/Since an ingress node that sets the LIR-pF flag is also required to set the LIR flag,

The normative behavior is already specified above ("If the LIR-pF flag is set in the PTA of an S-PMSI A-D route, the LIR flag of that PTA MUST also be set").  I know that MUST = REQUIRED, but in this case the sentence is just stating a fact.

(Adam Roach) No Objection

Comment (2018-10-24 for -12)
Thanks for the work everyone did on this document.


Please expand the following acronyms upon first use and in the abstract;
see https://www.rfc-editor.org/materials/abbrev.expansion.txt for guidance.

 - MVPN - Multicast VPN
 - I-PMSI - ???
 - P2MP - Point-to-Multipoint