Draft: draft-ietf-mpls-lsp-ping-09.txt Reviewer: Black_David@emc.com Date: Monday 6/20/2005 5:21 PM CST Summary: This draft is on the right track but has open issues. Review comments: Let me start by saying that I'm not an MPLS expert. Based on the level of MPLS expertise that has been applied to this draft, I'm in no position to check or question the MPLS design aspects of this draft. The issues I'm concerned about are more global: (1) IP ping and traceroute are robust debugging tools because they are based on a simple underlying TTL mechanism, so that if a ping or traceroute packet goes off into a void, one can be reasonably confident that something in the data plane is broken close to where the packet vanished. MPLS ping/traceroute is considerably more complex (40+ page draft). That's not necessarily bad, as MPLS is a more complex entity and ping/traceroute for MPLS has to deal with a known weakness in IP ping/traceroute, namely that an IP TTL mechanism can't see what's going on inside a tunnel ... and MPLS is all about what are essentially tunnels. On balance, I think having a rich mechanism capable of probing the myriad ways in which MPLS could malfunction is highly desirable, but ... ... this complexity carries a risk of fragility - if an arbitrarily complex MPLS ping packet goes off into a void in the absence of other information, it's not as obvious that the data plane is broken (vs. the MPLS ping/traceroute logic being broken, or a mistake having been made in formatting the packet) in contrast to the IP case. OTOH, there are a number of fairly simple examples in the draft that lead me to believe that the richness of the MPLS mechanism can be used with complexity commensurate to the problem being investigated, and that one can start simple and gradually increase the complexity as ping/traceroute success/failure yields more information about where the problem is (and isn't). Section 4 on Theory of Operation contains some useful info, but it's mostly a complete specification of all the possible operational details at full depth. A complementary "advice on usage" and/or "examples of usage" section giving advice and/or examples of how to start with something simple and step up to more complex ping/traceroute probes as one learns more would be useful. This sort of discussion of how to organize pursuit of problems would be valuable to both implementers (indication of what basic portions of MPLS ping/traceroute really need to be robust) and operators (advice on effective usage of the functionality). I realize that I started by noticing the length of the draft, and am nonetheless asking for it to be longer, but I think this would help. (2) The security considerations section vaguely refers to "Authentication" in the abstract without saying what is to be authenticated and how. The reference to "some mechanism devised or suggested by the RPSec WG" as the solution to these issues is not promising. In practice, I would not expect ping/traceroute to be particularly sensitive traffic, and hence suspect that the rate limiting described in the security considerations section is much of what's needed, probably complemented by some discipline in who or what one connects one's MPLS systems to. Unfortunately, as currently written, the security considerations section portrays authentication of a to-be-specified nature as the primary counter- measure. I would expect a "Discuss" from at least the Security ADs if this isn't refocused on what can and should be done today (vs. what has yet to be invented/designed/specified). Nit: This draft uses "TTL" to refer the MPLS TTL and "IP TTL" to refer to the TTL in the IP header. That convention makes sense for an MPLS draft, but it should be stated in the conventions section, just in case the reader is not an MPLS expert. Thanks, --David ---------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 176 South St., Hopkinton, MA 01748 +1 (508) 293-7953 FAX: +1 (508) 293-7786 black_david@emc.com Mobile: +1 (978) 394-7754 ----------------------------------------------------