OSPFv2 Anycast Property Advertisement
draft-ietf-lsr-anycast-flag-13

Yes

Gunter Van de Velde
Mohamed Boucadair

No Objection

Andy Newton
Deb Cooley
Éric Vyncke
Erik Kline
Gorry Fairhurst
Jim Guichard
Mahesh Jethanandani
Mike Bishop
Orie Steele
Paul Wouters
Roman Danyliw

Recuse

Ketan Talaulikar

Note: This ballot was opened for revision 09 and is now closed.

Gunter Van de Velde
Yes
Mohamed Boucadair
(was No Objection) Yes
Comment (2026-01-06 for -10) Sent for earlier 
Hi Ran, Detao, Peter, Ketan, and Changwang, 

Thanks for addressing in -10 all the comments raised in my previous ballot. 

Cheers,
Med

** -09 Ballot (Addressed) **

Thank you for the effort put into this specification, which is about mirroring a functionality already specified for IS-IS and OSPFv3.

Thanks to Juergen for the OPSDIR review and Ran for engaging. Some of the replies in the thread are better if echoed in the document (e.g., backward compatibility mention).

I would ballot Yes if two first points below were addressed.

I have two main points and a set of more low-level comments:

# Summarization

CURRENT:
   The AC-flag MUST be preserved when re-advertising the prefix across
   areas.

Wouldn’t that be lost if the prefix is covered a summarized adv by an ABR? 

Maybe tweak this as?

NEW:
    The AC-flag MUST be preserved when the
    OSPFv2 Extended Prefix Opaque LSA is propagated between areas.

# Operational Considerations

## Consistent configuration

In addition to the backward compatibility mentioned above, I would add a brief discussion that basically say that anycast prefixes should be consistently managed through the network. Stale configuration of a prefix tagged as anycast may have implications as that value will take precedence over other same prefix announcement with AC-flag set to 0.  

## Anomalies

You may also add a point retrieval of a router configuration having N-flag and AC-flag set to 1 for a given prefix should be used as an indication of configuration anomaly. 

Alos, consider adding a point that receipt of adv with both N-flag and AC-flag set to 1 can be used as an indication of configuration anomaly. This can be used by a network controller.

BTW, how such function is supposed to be done using the YANG-based interface? Is retrieval of prefix flags from peers covered by the base YANG OSPF module? If so, please add a mention of the data nodes used for that purpose.

## Please find below some additional comments, fwiw:

## Identifier

CURRENT:
   It is useful for other
   routers to know that the advertisement is for an anycast identifier.

I appreciate this text is grabbed from SR OSPF/IS-IS extension, but I would s/anycast identifier/ anycast prefix

## Mention the YANG augmentation in the abstract 

OLD:
   This document defines a new flag in the OSPFv2 Extended Prefix TLV
   Flags to advertise the anycast property.

NEW:
   This document defines a new flag in the OSPFv2 Extended Prefix TLV
   Flags to advertise the anycast property. The document also specifies
   a companion YANG module for managing this function.
 
You may consider a mention in the introduction as well.

## set/clear  

You may add a mention to say that “set” meant “set to 1” and “clear” means “set to 0”.

## Curiosity

CURRENT:
  When a prefix is configured as anycast, the AC-flag MUST be set

Just out of curiosity, why the WG went for a distinct behavior for the IS-IS part as RFC9352 has: “When the prefix/SRv6 Locator is configured as anycast, the A-flag SHOULD be set”


## Manage vs configure

OLD:
   This section defines a YANG data model that can be used to configure
   and manage the usage of OSPFv2 Anycast Property as defined in this

NEW:
   This section defines a YANG data model that can be used to manage
   the usage of OSPFv2 Anycast Property as defined in this

“configure” is one of the management (FCAPS) function

## nit

OLD: The following show the tree diagram of the module:

NEW: The following shows the tree diagram of the module:

## No need to have the NMDA mention in the module (*)

Consider deleting:

CURRENT:
        This YANG module conforms to the Network Management
        Datastore Architecture (NMDA) as described in RFC 8342.

## The module is not only about configuration, but also retrieval (*)

(1)

OLD:
       "This YANG module adds the support of configuring an OSPFv2
        prefix as anycast.

NEW:
       "This YANG module adds the support of managing an OSPFv2
        prefix as anycast.

(2) Delete:

OLD:
/* Configuration */ 

(3)

OLD: "This augments the OSPFv2 interface configuration.";

NEW: "This augments the OSPFv2 interface.";

(4) 

OLD: "This augments OSPFv2 interface configuration with anycast

NEW: "This augments OSPFv2 interface with anycast


## Update to follow the IETF template + no need to have a reference clause

OLD:
        This version of this YANG module is part of RFC XXXX;
        see the RFC itself for full legal notices.";
     reference
       "RFC XXXX";

NEW:
        All revisions of IETF and IANA published modules can be found
        at the YANG Parameters registry group
        (https://www.iana.org/assignments/yang-parameters).

        This version of this YANG module is part of RFC XXXX; see
        the RFC itself for full legal notices.";

## This is an identity, not a boolean

“when set” does not parse here.

OLD:
       description
         "Anycast flag.  When set, it indicates that the prefix
          is configured as anycast.";

NEW:
       description
         "Indicates that the prefix is configured as anycast.";

## Data node description

OLD:
       leaf anycast-flag {
         type boolean;
         default "false";
         description
           "Sets the prefix as an anycast address.";

NEW:
       leaf anycast-flag {
         type boolean;
         default "false";
         description
            “Indicates that the prefix is an anycast address, if set to 1.
             It indicates a node-specific prefix if set to 0.";

## Please update Section 6 to follow the template at https://datatracker.ietf.org/doc/html/draft-ietf-netmod-rfc8407bis-28#name-security-considerations-sect 

## These are not normative

### Move RFC6241 and RFC8040 to be listed as Informative

### I don’t think RFC9085 is normative, but I leave it to you to double check.

Cheers,
Med
Andy Newton
No Objection
Deb Cooley
No Objection
Comment (2026-01-04 for -10) Not sent 
Thanks to Wes Hardaker for their multiple secdir reviews.
Éric Vyncke
No Objection
Comment (2025-12-23 for -09) Sent 
A glimpse of the "good ole IPv4" OSPFv2 ;-)

This sounds like a useful addition, but it would be nice to explain why `It is useful for other routers to know` as written in the abstract and in the introduction.

Finally, the shepherd's write-up misses the justification for the intended status.

Thanks for the work done

-éric

PS: nice to have such a sweet and easy I-D as my last AD review of 2025 ;-)
Erik Kline
No Objection
Gorry Fairhurst
No Objection
Comment (2025-12-18 for -09) Not sent 
Thanks for the work is described in this document. I do not see any transport-protocol related concerns for this document.
Jim Guichard
No Objection
Mahesh Jethanandani
No Objection
Comment (2026-01-07 for -11) Sent 
Thanks to all the folks who have provided review comments on this document. In particular want to call out OPSDIR review comments from Juergen, and YANG Doctor comments provided by Joe Clarke. Some of these comments builds on the review they have provided.

Section 1, paragraph 0
>    An IP prefix may be configured as anycast and as such the same value
>    can be advertised by multiple routers.  It is useful for other
>    routers to know that the advertisement is for an anycast prefix.

I agree with Juergen that this section could do more to explain the motivation for the draft, and move all the implementation details to later sections.
For example, and as Juergen asks, what are the implications of other routers not knowing about the advertisement? I know that Ran provided the explanation in his response, but it would be even better if that was added here.

Section 2, paragraph 0
>    An IP prefix may be configured as anycast and it is useful for other
>    routers to know that the advertisement is for an anycast prefix.

I would encourage the authors to add some of the responses Ran gave to the OPSDIR review to be added in this document. In this case, the question asked was, what is prefix and where is it being applied? This might be obvious to "router folks" but it cannot be assumed that everyone knows what it means.

Section 4.2, paragraph 0
>    The following is the YANG module:

Please reference all the RFC from which the module imports data from or refers to. For example, it could say - "This YANG module imports definitions from [RFC8349] and [RFC9129]".

Section 4.2,

The file name "ietf-ospf-anycast-flag@2025-08-28.yang" does not match the revision of the module:

  revision 2025-11-18 {
    description
      "Initial version";
    reference
      "RFC XXXX: OSPFv2 Anycast Property Advertisement";
  }

Please make sure they are the same.

Section 6.2, paragraph 3
>    There are a number of data nodes defined in this YANG module that are
>    writable/creatable/deletable (i.e., config true, which is the
>    default).  These data nodes can be considered sensitive or vulnerable
>    in some network environments.  Write operations (e.g., edit-config)
>    to these data nodes without proper protection can have a negative
>    effect on network operations.  Specifically, the following subtrees
>    and data nodes have particular sensitivities/vulnerabilities:

Is it true that this YANG module defines multiple data nodes? I can see only one. The last statement should also be corrected for its pluarity.

Section 6.2, paragraph 3
>    As specified in Section 2, the AC-flag and the N-flag MUST NOT both
>    be set to 1.  An attacker or a misconfiguration that violates this
>    rule creates a configuration anomaly.  The handling of such anomalies
>    is defined in Section 2.  Modifications to these data nodes without
>    proper protection could prevent interpreting the IPv4 prefix as
>    anycast or node-specific.

If the idea is to detect a configuration anomaly, why is that not detected using a "must" statement? Please add one. Otherwise, this hardly belongs in a Security Considerations section.

Section 6.2, paragraph 3
>    Some of the readable data nodes in this YANG module may be considered
>    sensitive or vulnerable in some network environments.  It is thus
>    important to control read access (e.g., via get, get-config, or
>    notification) to these data nodes.  Specifically, the following
>    subtrees and data nodes have particular sensitivities/
>    vulnerabilities:

Same issue with pluraity in this section.

Section 6.2, paragraph 3
>    Exposure of the OSPF link state database may be useful in mounting
>    Denial-of-Service (DoS) attacks.

How is lsdb being exposed by this model? If not, please remove.

Finally, an example showing the use of the new flag and the identity in an instance data example would really help.

-------------------------------------------------------------------------------
NIT
-------------------------------------------------------------------------------

All comments below are about very minor potential issues that you may choose to
address in some way - or ignore - as you see fit. Some were flagged by
automated tools (via https://github.com/larseggert/ietf-reviewtool), so there
will likely be some false positives. There is no need to let me know what you
did with these suggestions.

"I", paragraph 2
> OULD be logged as an operational error(subject to rate-limiting). The AC-fla
>                                       ^
It appears that a white space is missing.

"I", paragraph 9
> eted according to OSPFv2 [RFC7684]. Thus the Flags field of the BGP-LS Prefix
>                                     ^^^^
A comma may be missing after the conjunctive/linking adverb "Thus".
Mike Bishop
No Objection
Comment (2026-01-05 for -10) Sent 
# IESG review of draft-ietf-lsr-anycast-flag-10

CC @MikeBishop

## Comments

### Section 6.1, paragraph 2

This doesn't need 2119 keywords; just highlight the requirement for receivers.

## Nits

All comments below are about very minor potential issues that you may choose to
address in some way - or ignore - as you see fit. Some were flagged by
automated tools (via https://github.com/larseggert/ietf-reviewtool), so there
will likely be some false positives. There is no need to let me know what you
did with these suggestions.

### Typos

#### Section 5.1, paragraph 1
```
-    This document requests the allocation of new value in the "OSPFv2
+    This document requests the allocation of a new value in the "OSPFv2
+                                             ++
```

### Grammar/style

#### Section 2, paragraph 3
```
OULD be logged as an operational error(subject to rate-limiting). The AC-fla
                                      ^
```
It appears that a space is missing.

#### Section 2, paragraph 10
```
eted according to OSPFv2 [RFC7684]. Thus the Flags field of the BGP-LS Prefix
                                    ^^^^
```
A comma may be missing after the conjunctive/linking adverb "Thus".
Orie Steele
No Objection
Paul Wouters
No Objection
Roman Danyliw
No Objection
Ketan Talaulikar
Recuse
Comment (2025-12-18 for -09) Not sent 
I am a co-author