Invalid TLV Handling in IS-IS
draft-ietf-lsr-isis-invalid-tlv-03

[Ballot comment]
The document is short and easy to read, thanks!  However, I was sure whether I should put a DISCUSS on this document for section 3.4.

I find that the quoted paragraph from RFC6232 to be badly worded:

      "The POI TLV SHOULD be found in all purges and
      MUST NOT be found in LSPs with a non-zero
      Remaining Lifetime."

Taking a strict reading of this, my interpretation is that an implementation is not compliant to RFC 6232 if it happens to receive a POI TLV in an LSP with non-zero remaining lifetime!  Further, this text then arguably conflicts with earlier parts of this document regarding how unrecognized or bad TLVs should be handled.

Hence, given that RFC6232 is being updated, I would prefer it if this document also updated RFC6232 to clarify the above paragraph to something like:

      "The POI TLV SHOULD be sent in all purges and
      MUST NOT be sent in LSPs with a non-zero
      Remaining Lifetime."

One other minor comment:

    It is RECOMMENDED that implementations provide controls for the enablement of behaviors that are not backward compatible.

Is this covered by the existing ISIS YANG model, or included in the latest update to that YANG model?

Regards,
Rob

[Ballot comment]
The shepherd writeup is a bit unclear as to why Proposed Standard is the
right document status (vs., e.g., Informational).  I guess it's desired
to have the Updates: relationship to the indicated documents, which
essentially forces it to be standards-track.  On the other hand, perhaps
the sense that ignoring a TLV that is specifically disallowed (as
opposed to "merely" unrecognized) is itself a newly specified
requirement, in which case the status as Proposed Standard makes sense
for that reason.  It might be worth a little more clarity on which (if
either) of these scenarios are intended.

Section 1

  A corollary to ignoring unknown TLVs is having the validation of PDUs
  be independent from the validation of the TLVs contained in the PDU.

nit: this doesn't exactly seem like a "corollary" specifically, but
rather a choice that [ISO10589] made (and which keeps some overall sense
of consistency between PDU and TLV handling).

Section 3.1

  [ISO10589] defines the behavior required when a PDU is received
  containing a TLV which is "not recognised".  It states (see Sections
  9.3 - 9.13):

This is Sections 9.5 (not 9.3) to 9.13 in the copy I have.

Section 3.2

  Similarly, the extensions defined by [RFC6233] are not compatible
  with the behavior defined in [RFC5304], therefore can only be safely
  enabled when all nodes support the extensions.

nit: I'd argue that technically the extensions are *defined* by 6232, even
though 6233 is what makes their nature (as "allowed in purge") easily
discoverable.

  It is RECOMMENDED that implementations provide controls for the
  enablement of behaviors that are not backward compatible.

We also specifically want the ability to generate but not
process/require at least some of them, right?  Is that worth calling out
in addition to just "controls for the enablement"?

Section 3.3

  a given sub-TLV is allowed.  Section 2 of [RFC5305] is updated by the
  following sentence:

      "As with TLVs, it is required that sub-TLVs which
      are disallowed MUST be ignored on receipt.".

Do we want to say where this logical insertion occurs?

Section 3.4

  The correct setting for "LSP" is "n".  This document updates
  [RFC6232] by correcting that error.

It's slightly interesting that there doesn't seem to be a corresponding
Errata Report (but may not be worth doing anything about given that this
update is about to be approved).

Section 8.1

It's not entirely clear that RFC 7356 is referenced in a normative
manner.

[Ballot comment]
I'm glad to see language clarifying error handling.  Thanks for the work on it.

Section 3.2.  Per “It is RECOMMENDED that implementations provide controls for the enablement of behaviors that are not backward compatible”, I want to double check that I’m understanding this  sentence correctly. RFC5304 provides normative guidance that isn’t backward compatible with ISO10589. RFC6233 provide guidance that isn’t backward compatible with either RFC5304 or ISO10589.  Is the initial sentence effectively saying that implementations should support deployments in configurations that are not backward compatible (i.e., those using the newer TLVs)?  As these changes are covering security matters, I read “controls” in the cyber mitigation sense -- they prevent an action, not enable one.

[Ballot comment]
Section 3.2.  Per “It is RECOMMENDED that implementations provide controls for the enablement of behaviors that are not backward compatible”, I want to double check that I’m understanding this  sentence correctly. RFC5304 provides normative guidance that isn’t backward compatible with ISO10589. RFC6233 provide guidance that isn’t backward compatible with either RFC5304 or ISO10589.  Is the initial sentence effectively saying that implementations should support deployments in configurations that are not backward compatible (i.e., those using the newer TLVs)?  As these changes are covering security matters, I read “controls” in the cyber mitigation sense -- they prevent an action, not enable one.

[Ballot comment]
Minor nits in the abstract:

Suggest using ';' and more commas in
  "Although there are explicit
  statements in existing specifications, deployment experience has
  shown that there are inconsistencies in the behavior when a TLV which
  is disallowed in a particular Protocol Data Unit (PDU) is received."

[Ballot comment]
It might be helpful to define “ignore” as “skip the number of octets indicated by the length field.” An alternate interpretation might skip the number of bytes implied by the type code, if the type is known.

Similarly, I take it that a length value beyond the end of the message ends processing of the PDU, but the PDU as a whole MUST NOT be discarded.

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-lsr-isis-invalid-tlv-02. If any part of this review is inaccurate, please let us know.

The IANA Functions Operator understands that, upon approval of this document, there are two actions which we must complete.

First, in the TLV Codepoints Registry on the IS-IS TLV Codepoints registry page located at:

https://www.iana.org/assignments/isis-tlv-codepoints/

the reference for the registry will be changed by adding [ RFC-to-be ] to the list of existing references (RFC3563, RFC6233, and RFC7356).

Second, also in the TLV Codepoints Registry on the IS-IS TLV Codepoints registry page located at:

https://www.iana.org/assignments/isis-tlv-codepoints/

the entry for:

Value: 13
Name: Purge Originator Identification
IIH: n
LSP: y
SNP: n
Purge: y
Reference: RFC6232

will be changed to:

Value: 13
Name: Purge Originator Identification
IIH: n
LSP: n
SNP: n
Purge: y
Reference: [ RFC-to-be ]

As this document requests changes in an Expert Review (see RFC 8126) registry, we will initiate the required Expert Review via a separate request. This review must be completed before the document's IANA state can be changed to "IANA OK."

The IANA Functions Operator understands that these are the only actions required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

Thank you,

Sabrina Tanamal
Senior IANA Services Specialist

The following Last Call announcement was sent out (ends 2020-07-08):

From: The IESG
To: IETF-Announce
CC: lsr-chairs@ietf.org, aretana.ietf@gmail.com, Christian Hopps , chopps@chopps.org, lsr@ietf.org, draft-ietf-lsr-isis-invalid-tlv@ietf.org
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (Invalid TLV Handling in IS-IS) to Proposed Standard


The IESG has received a request from the Link State Routing WG (lsr) to
consider the following document: - 'Invalid TLV Handling in IS-IS'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2020-07-08. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  Key to the extensibility of the Intermediate System to Intermediate
  System (IS-IS) protocol has been the handling of unsupported and/or
  invalid Type/Length/Value (TLV) tuples.  Although there are explicit
  statements in existing specifications, deployment experience has
  shown that there are inconsistencies in the behavior when a TLV which
  is disallowed in a particular Protocol Data Unit (PDU) is received.

  This document discusses such cases and makes the correct behavior
  explicit in order to insure that interoperability is maximized.

  This document updates RFC5305 and RFC6232.





The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-lsr-isis-invalid-tlv/



No IPR declarations have been submitted directly on this I-D.

Writeup for draft-ietf-lsr-isis-invalid-tlv-01

    (1) What type of RFC is being requested (BCP, Proposed Standard, Internet
        Standard, Informational, Experimental, or Historic)? Why is this the
        proper type of RFC? Is this type of RFC indicated in the title page
        header?

A: Proposed Standard

    (2) The IESG approval announcement includes a Document Announcement
        Write-Up. Please provide such a Document Announcement Write-Up. Recent
        examples can be found in the "Action" announcements for approved
        documents. The approval announcement contains the following sections:

    Technical Summary:

    Relevant content can frequently be found in the abstract and/or introduction
    of the document. If not, this may be an indication that there are
    deficiencies in the abstract or introduction.

Key to the extensibility of the Intermediate System to Intermediate
System (IS-IS) protocol has been the handling of unsupported and/or
invalid Type/Length/Value (TLV) tuples.  Although there are explicit
statements in existing specifications, deployment experience has
shown that there are inconsistencies in the behavior when a TLV which
is disallowed in a particular Protocol Data Unit (PDU) is received.

This document discusses such cases and makes the correct behavior
explicit in order to insure that interoperability is maximized.

    Working Group Summary:

    Was there anything in WG process that is worth noting? For example, was
    there controversy about particular points or were there decisions where the
    consensus was particularly rough?

The document was well received.

    Document Quality:

    Are there existing implementations of the protocol? Have a significant
    number of vendors indicated their plan to implement the specification? Are
    there any reviewers that merit special mention as having done a thorough
    review, e.g., one that resulted in important changes or a conclusion that
    the document had no substantive issues? If there was a MIB Doctor, YANG
    Doctor, Media Type or other expert review, what was its course (briefly)? In
    the case of a Media Type review, on what date was the request posted?

Most implementations already follow what this document specifies. The
implementations which do not must be updated.

    Personnel:

    Who is the Document Shepherd? Who is the Responsible Area Director?

Document Shepherd: Christian Hopps
Responsible AD: Alvaro Retana

    (3) Briefly describe the review of this document that was performed by the
        Document Shepherd. If this version of the document is not ready for
        publication, please explain why the document is being forwarded to the
        IESG.

I have reviewed this document and it is ready for publication.

    (4) Does the document Shepherd have any concerns about the depth or breadth
        of the reviews that have been performed?

No concerns.

    (5) Do portions of the document need review from a particular or from
        broader perspective, e.g., security, operational complexity, AAA, DNS,
        DHCP, XML, or internationalization? If so, describe the review that took
        place.

No.

    (6) Describe any specific concerns or issues that the Document Shepherd has
        with this document that the Responsible Area Director and/or the IESG
        should be aware of? For example, perhaps he or she is uncomfortable with
        certain parts of the document, or has concerns whether there really is a
        need for it. In any event, if the WG has discussed those issues and has
        indicated that it still wishes to advance the document, detail those
        concerns here.

None.

    (7) Has each author confirmed that any and all appropriate IPR disclosures
        required for full conformance with the provisions of BCP 78 and BCP 79
        have already been filed. If not, explain why?

Yes.

    (8) Has an IPR disclosure been filed that references this document? If so,
        summarize any WG discussion and conclusion regarding the IPR
        disclosures.

No.

    (9) How solid is the WG consensus behind this document? Does it represent
        the strong concurrence of a few individuals, with others being silent,
        or does the WG as a whole understand and agree with it?

Strong consensus.

    (10) Has anyone threatened an appeal or otherwise indicated extreme
        discontent? If so, please summarise the areas of conflict in separate
        email messages to the Responsible Area Director. (It should be in a
        separate email because this questionnaire is publicly available.)

No.

    (11) Identify any ID nits the Document Shepherd has found in this document.
        (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts
        Checklist). Boilerplate checks are not enough; this check needs to be
        thorough.

None.

    (12) Describe how the document meets any required formal review criteria,
        such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

N/A.

    (13) Have all references within this document been identified as either
        normative or informative?

Yes.

    (14) Are there normative references to documents that are not ready for
        advancement or are otherwise in an unclear state? If such normative
        references exist, what is the plan for their completion?

No.

    (15) Are there downward normative references references (see RFC 3967)? If
        so, list these downward references to support the Area Director in the
        Last Call procedure.

There is a normative reference to an Informational RFC: RFC 3563, which was a
cooperative agreement with ISO establishing the IANA code point registry.

    (16) Will publication of this document change the status of any existing
        RFCs? Are those RFCs listed on the title page header, listed in the
        abstract, and discussed in the introduction? If the RFCs are not
        listed in the Abstract and Introduction, explain why, and point to the
        part of the document where the relationship of this document to the
        other RFCs is discussed. If this information is not in the document,
        explain why the WG considers it unnecessary.

This document updates RFC3563, RFC5305, RFC6232, and RFC6233.

    (17) Describe the Document Shepherd's review of the IANA considerations
        section, especially with regard to its consistency with the body of
        the document. Confirm that all protocol extensions that the document
        makes are associated with the appropriate reservations in IANA
        registries. Confirm that any referenced IANA registries have been
        clearly identified. Confirm that newly created IANA registries include
        a detailed specification of the initial contents for the registry,
        that allocations procedures for future registrations are defined, and
        a reasonable name for the new registry has been suggested (see RFC
        8126).

This document corrects an mistake with RFC6232 and the IANA registry
for the Purge Originator Identification TLV, fixing the IANA registry.

    (18) List any new IANA registries that require Expert Review for future
        allocations. Provide any public guidance that the IESG would find
        useful in selecting the IANA Experts for these new registries.

Nothing new.

    (19) Describe reviews and automated checks performed by the Document
        Shepherd to validate sections of the document written in a formal
        language, such as XML code, BNF rules, MIB definitions, YANG modules,
        etc.

Ran the standard nits, clean other than downref.

    (20) If the document contains a YANG module, has the module been checked
        with any of the recommended validation tools
        (https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and
        formatting validation? If there are any resulting errors or warnings,
        what is the justification for not fixing them at this time? Does the
        YANG module comply with the Network Management Datastore Architecture
        (NMDA) as specified in RFC8342?

No YANG module.

Writeup for draft-ietf-lsr-isis-invalid-tlv-01

    (1) What type of RFC is being requested (BCP, Proposed Standard, Internet
        Standard, Informational, Experimental, or Historic)? Why is this the
        proper type of RFC? Is this type of RFC indicated in the title page
        header?

A: Proposed Standard

    (2) The IESG approval announcement includes a Document Announcement
        Write-Up. Please provide such a Document Announcement Write-Up. Recent
        examples can be found in the "Action" announcements for approved
        documents. The approval announcement contains the following sections:

    Technical Summary:

    Relevant content can frequently be found in the abstract and/or introduction
    of the document. If not, this may be an indication that there are
    deficiencies in the abstract or introduction.

Key to the extensibility of the Intermediate System to Intermediate
System (IS-IS) protocol has been the handling of unsupported and/or
invalid Type/Length/Value (TLV) tuples.  Although there are explicit
statements in existing specifications, deployment experience has
shown that there are inconsistencies in the behavior when a TLV which
is disallowed in a particular Protocol Data Unit (PDU) is received.

This document discusses such cases and makes the correct behavior
explicit in order to insure that interoperability is maximized.

    Working Group Summary:

    Was there anything in WG process that is worth noting? For example, was
    there controversy about particular points or were there decisions where the
    consensus was particularly rough?

The document was well received.

    Document Quality:

    Are there existing implementations of the protocol? Have a significant
    number of vendors indicated their plan to implement the specification? Are
    there any reviewers that merit special mention as having done a thorough
    review, e.g., one that resulted in important changes or a conclusion that
    the document had no substantive issues? If there was a MIB Doctor, YANG
    Doctor, Media Type or other expert review, what was its course (briefly)? In
    the case of a Media Type review, on what date was the request posted?

Most implementations already follow what this document specifies. The
implementations which do not must be updated.

    Personnel:

    Who is the Document Shepherd? Who is the Responsible Area Director?

Document Shepherd: Christian Hopps
Responsible AD: Alvaro Retana

    (3) Briefly describe the review of this document that was performed by the
        Document Shepherd. If this version of the document is not ready for
        publication, please explain why the document is being forwarded to the
        IESG.

I have reviewed this document and it is ready for publication.

    (4) Does the document Shepherd have any concerns about the depth or breadth
        of the reviews that have been performed?

No concerns.

    (5) Do portions of the document need review from a particular or from
        broader perspective, e.g., security, operational complexity, AAA, DNS,
        DHCP, XML, or internationalization? If so, describe the review that took
        place.

No.

    (6) Describe any specific concerns or issues that the Document Shepherd has
        with this document that the Responsible Area Director and/or the IESG
        should be aware of? For example, perhaps he or she is uncomfortable with
        certain parts of the document, or has concerns whether there really is a
        need for it. In any event, if the WG has discussed those issues and has
        indicated that it still wishes to advance the document, detail those
        concerns here.

None.

    (7) Has each author confirmed that any and all appropriate IPR disclosures
        required for full conformance with the provisions of BCP 78 and BCP 79
        have already been filed. If not, explain why?

Yes.

    (8) Has an IPR disclosure been filed that references this document? If so,
        summarize any WG discussion and conclusion regarding the IPR
        disclosures.

No.

    (9) How solid is the WG consensus behind this document? Does it represent
        the strong concurrence of a few individuals, with others being silent,
        or does the WG as a whole understand and agree with it?

Strong consensus.

    (10) Has anyone threatened an appeal or otherwise indicated extreme
        discontent? If so, please summarise the areas of conflict in separate
        email messages to the Responsible Area Director. (It should be in a
        separate email because this questionnaire is publicly available.)

No.

    (11) Identify any ID nits the Document Shepherd has found in this document.
        (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts
        Checklist). Boilerplate checks are not enough; this check needs to be
        thorough.

None.

    (12) Describe how the document meets any required formal review criteria,
        such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

N/A.

    (13) Have all references within this document been identified as either
        normative or informative?

Yes.

    (14) Are there normative references to documents that are not ready for
        advancement or are otherwise in an unclear state? If such normative
        references exist, what is the plan for their completion?

No.

    (15) Are there downward normative references references (see RFC 3967)? If
        so, list these downward references to support the Area Director in the
        Last Call procedure.

There is a normative reference to an Informational RFC: RFC 3563, which was a
cooperative agreement with ISO establishing the IANA code point registry.

    (16) Will publication of this document change the status of any existing
        RFCs? Are those RFCs listed on the title page header, listed in the
        abstract, and discussed in the introduction? If the RFCs are not
        listed in the Abstract and Introduction, explain why, and point to the
        part of the document where the relationship of this document to the
        other RFCs is discussed. If this information is not in the document,
        explain why the WG considers it unnecessary.

This document updates RFC3563, RFC5305, RFC6232, and RFC6233.

    (17) Describe the Document Shepherd's review of the IANA considerations
        section, especially with regard to its consistency with the body of
        the document. Confirm that all protocol extensions that the document
        makes are associated with the appropriate reservations in IANA
        registries. Confirm that any referenced IANA registries have been
        clearly identified. Confirm that newly created IANA registries include
        a detailed specification of the initial contents for the registry,
        that allocations procedures for future registrations are defined, and
        a reasonable name for the new registry has been suggested (see RFC
        8126).

This document corrects an mistake with RFC6232 and the IANA registry
for the Purge Originator Identification TLV, fixing the IANA registry.

    (18) List any new IANA registries that require Expert Review for future
        allocations. Provide any public guidance that the IESG would find
        useful in selecting the IANA Experts for these new registries.

Nothing new.

    (19) Describe reviews and automated checks performed by the Document
        Shepherd to validate sections of the document written in a formal
        language, such as XML code, BNF rules, MIB definitions, YANG modules,
        etc.

Ran the standard nits, clean other than downref.

    (20) If the document contains a YANG module, has the module been checked
        with any of the recommended validation tools
        (https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and
        formatting validation? If there are any resulting errors or warnings,
        what is the justification for not fixing them at this time? Does the
        YANG module comply with the Network Management Datastore Architecture
        (NMDA) as specified in RFC8342?

No YANG module.