Resource Public Key Infrastructure (RPKI) Origin Validation for BGP Export
draft-ietf-sidrops-ov-egress-04

[Ballot comment]
Thank you for the document.

Randy, thank you for the fix to the the issue found by Jouri in the INTDIR review: https://mailarchive.ietf.org/arch/msg/int-dir/bUWYKX6ey404TmpXdwfdVbWv1yM

Thank you Jouri

-éric

[Ballot comment]
Abstract

[IIRC the mention of "updates 6811" is queued already.]

Section 1

  As the origin AS of a BGP UPDATE is decided by configuration and
  outbound policy of the BGP speaker, a validating BGP speaker MUST
  apply Route Origin Validation policy semantics against the origin
  Autonomous System number which will actually be put in the AS_PATH

(To the extent that the speaker applies outbound policy at all?  Or is
that required by being a "validating BGP speaker"?)

Section 3

  will (or would) be announced to the peer.  The effective origin AS
  may differ from that of the route in the RIB due to commonly
  available knobs such as: removal of private ASs, AS path
  manipulation, confederation handling, etc.

Do we feel a need to add a "but not limited to"?  Feels like overkill to
me...

nit: earlier we wrote "private AS(s)"

Section 4

  Configurations may have complex policy where the final announced
  origin AS may not be easily predicted before all policies have been
  run.  Therefore it SHOULD be possible to specify an origin validation
  policy which MUST BE run after such non-deterministic policies.

nit: are complex policies necessarily non-deterministic (vs. "not easily
predicted")?

[Ballot comment]
(0) This document should be marked as replacing draft-ymbk-sidrops-ov-egress.


(1) The purpose of this document is to clarify "that implementations must use the effective origin AS".  The use of "effective" seems deliberate to qualify a specific characteristic of the origin AS.  However, the term is not only not defined anywhere (with respect to simply using "origin AS", for example), but there is inconsistency in the language, for example: "origin Autonomous System number which will actually be put in the AS_PATH" or "final announced origin AS".  Please be clear in the definition, and consistent in the language used.


(2) §1:

  As the origin AS of a BGP UPDATE is decided by configuration and
  outbound policy of the BGP speaker, a validating BGP speaker MUST
  apply Route Origin Validation policy semantics against the origin
  Autonomous System number which will actually be put in the AS_PATH
  (see [RFC4271] 4.3 Path Attributes:b) of the UPDATE to the peer.

(2a) [major] "MUST apply Route Origin Validation policy semantics against the origin Autonomous System number which will actually be put in the AS_PATH"  Put where? 

The assumption in this text seems to be that there will only be one AS number
present (even with prepending), in line with §5.1.2/rfc4271.  However, rfc7705
(which Updates rfc4271) specifies AS migration mechanisms...some of which may
result in more than one AS number placed in the AS_PATH (even at route
origination).  It is then important to clarify *where* the ASN "will actually
be put", or which ASN should the validation be done against.  [Note that this
is a variation of the initial comment about clearly defining the terms.]

(2b) [nit] s/(see [RFC4271] 4.3 Path Attributes:b)/([RFC4271])

Not only is the detailed reference unnecessary, but the format may be
confusing.  Also, it is §5.1.2 the section that actually talks about the use
of the AS_PATH.


(3) §1: It would be very nice to add these references: s/confederation, AS migration/confederation [rfc5065], AS migration [rfc7705]

Given the comment above, the reference to rfc7705 should be Normative.


(4) §3: "BGP implementations supporting RPKI-based origin validation SHOULD provide the same policy configuration primitives for decisions based on validation state available for use in ingress, redistribution, and egress policies."

When would it be ok for an implementation not to "provide the same policy configuration"?  IOW, why is MUST not used?  s/SHOULD/MUST


(5) §4:

  Configurations may have complex policy where the final announced
  origin AS may not be easily predicted before all policies have been
  run.  Therefore it SHOULD be possible to specify an origin validation
  policy which MUST BE run after such non-deterministic policies.

(5a) [major] "SHOULD be possible to specify an origin validation policy"  What is an "origin validation policy"?  To me it sounds as the ability to either validate or not: as in, "the policy is to validate for this origin AS, but not for a different one".  Is that it?  Or are you referring to a blanket policy akin to "if the origin AS is X, then the route must always be considered Valid"??

[This piece of text confuses me more given the suggestion to Alissa's
comments: "Therefore it SHOULD be possible to specify an origin validation
policy which will run after all such non-deterministic policies."  A
validation policy for *all* policies??]

(5b) I know that this next point was discussed on the list...but describing the outcome of complex policy as not "easily predicted" and non-deterministic is causing me a lot of heartburn.  I can see how optional information in an Update (communities, etc.) can cause a policy result to be known only at "run time", but that doesn't make the outcome unpredictable or non-deterministic: the outcome of the policy is what it is supposed to be, given the current conditions -- we just didn't know before the Update was received.  This is a non-blocking comment and you can consider it a nit...it simply sounds as if the operator was guessing, and I know some are not. ;-)

s/...may not be easily predicted before all policies...such non-deterministic
policies./...may be determined only after all policies...such policies.


(6) §4: "SHOULD be able to list what announcements are not sent to a peer because they were marked Invalid, as long as the router still has them in memory."  After reading this text many times, I think I understand that you mean that the operator should be able to use a "show command"...and not that he/she should be able to create a list of announcements (as in a filter).  Is that what you mean?

Suggestion (maybe something like this)>
  An implementation SHOULD display announcements that are not sent to a peer
  because they were marked Invalid, as long as the router still has them in
  memory.

[Ballot comment]
I'm not a BGP expert, but this document seems sensible to me.

Some comments:

1) In the first sentence of the introduction: Is it really correct that the "This document does not change semantics of [RFC6811] RPKI-based origin validation"?  Given that the 4th paragraph in the introduction then states that "This document clarifies ..."

2) I wasn't entirely sure that section 2 (Suggested Reading) is required at all, given that this is effectively what section 8.1 and 8.2 is listing anyway, but equally I'm okay if the section is left in.

3) The security section is terse, and I agree that this doesn't introduce any new security issues.  But I was wondering if the purpose of this clarification is to improve security with more reliable filtering, and if so, would it be helpful to have a sentence in the security section that states that?

One nit:

1) In the first sentence of the introduction "of [RFC6811] of RPKI-based origin validation" -> "of [RFC6811] RPKI-based origin validation"?

[Ballot comment]
"Therefore it SHOULD be possible to specify an origin validation
  policy which MUST BE run after such non-deterministic policies."

The normative language here doesn't quite make sense. "MUST BE" is not a normative keyword and the construction "SHOULD ... which MUST" is a little confusing. I would suggest something like:

An origin validation policy that is required to be run after such non-deterministic policies SHOULD be specified.

[Ballot comment]
Background for IESG Eval:
The audience of this document is BGP implementers, not the general
public. It is largely a clarification, and intentionally concise to
the point of terseness - think of it as a "Warning: It's easy to get
this bit of the spec wrong. Here is how to navigate it correctly"
document, not a protocol spec or general user document.

BGP policies can be applied on egress that change the AS - an obvious
example of this is removing a private AS#, or when merging ASN.
Because of how / where egress policies are applied, it's very easy for
an implementer to forget that this might occur, and so use the "wrong"
AS when validating. This document just points that out - it doesn't,
and shouldn't, go into too much detail.

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has reviewed draft-ietf-sidrops-ov-egress-01, which is currently in Last Call, and has the following comments:

We understand that this document doesn't require any registry actions.

While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, we do not object.

If this assessment is not accurate, please respond as soon as possible.

Thank you,

Sabrina Tanamal
Senior IANA Services Specialist

The following Last Call announcement was sent out (ends 2020-03-18):

From: The IESG
To: IETF-Announce
CC: sidrops@ietf.org, keyur@arrcus.com, draft-ietf-sidrops-ov-egress@ietf.org, warren@kumari.net, nathalie@ripe.net, sidrops-chairs@ietf.org
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (BGP RPKI-Based Origin Validation on Export) to Proposed Standard


The IESG has received a request from the SIDR Operations WG (sidrops) to
consider the following document: - 'BGP RPKI-Based Origin Validation on
Export'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2020-03-18. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  A BGP speaker may perform RPKI origin validation not only on routes
  received from BGP neighbors and routes that are redistributed from
  other routing protocols, but also on routes it sends to BGP
  neighbors.  For egress policy, it is important that the
  classification uses the effective origin AS of the processed route,
  which may specifically be altered by the commonly available knobs
  such as removing private ASs, confederation handling, and other
  modifications of the origin AS.





The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-sidrops-ov-egress/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-sidrops-ov-egress/ballot/


No IPR declarations have been submitted directly on this I-D.

As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up. Changes are expected over time.

This version is dated 1 November 2019.

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet
Standard, Informational, Experimental, or Historic)? Why is this the proper
type of RFC? Is this type of RFC indicated in the title page header?

Standards Track.

(2) The IESG approval announcement includes a Document Announcement Write-Up.
Please provide such a Document Announcement Write-Up. Recent examples can be
found in the "Action" announcements for approved documents. The approval
announcement contains the following sections:

Technical Summary:

This document highlights an important use case of origin validation in eBGP
egress policies, explaining specifics of correct implementation in this
context. As the origin AS may be modified by outbound policy, policy semantics
based on RPKI Origin Validation state MUST be able to be applied separately on
distribution into BGP and on egress. This document mandates BGP implementations
supporting RPKI-based origin validation to provide the same policy
configuration primitives on egress as they are available for ingress and route
redistribution.


Working Group Summary:

The document went through the review at WGLC to include comments/suggestions/
changes. The conversation in the WG mail-list and meetings was productive and
the chairs believe this document is ready to progress.

Was there anything in WG process that is worth noting? For example, was there
controversy about particular points or were there decisions where the consensus
was particularly rough?

Since the first and only version of the document, there has been support for
this draft.

Document Quality:

The document is simple, clear and concise. There are no nits nor is the
document controversial.

Are there existing implementations of the protocol? Have a significant number
of vendors indicated their plan to implement the specification? Are there any
reviewers that merit special mention as having done a thorough review, e.g.,
one that resulted in important changes or a conclusion that the document had no
substantive issues? If there was a MIB Doctor, YANG Doctor, Media Type or
other expert review, what was its course (briefly)? In the case of a Media Type
review, on what date was the request posted?

None.

Personnel:

Keyur Patel  (keyur@arrcus.com) is Document Shepherd
Warren Kumari (warren@kumari.net) is Area Director

(3) Briefly describe the review of this document that was performed by the
Document Shepherd. If this version of the document is not ready for
publication, please explain why the document is being forwarded to the IESG.

The Document Shepherd read the document and reviewed comments.

(4) Does the document Shepherd have any concerns about the depth or breadth of
the reviews that have been performed?

No concerns.

(5) Do portions of the document need review from a particular or from broader
perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or
internationalization? If so, describe the review that took place.

No.

(6) Describe any specific concerns or issues that the Document Shepherd has
with this document that the Responsible Area Director and/or the IESG should be
aware of? For example, perhaps he or she is uncomfortable with certain parts
of the document, or has concerns whether there really is a need for it. In any
event, if the WG has discussed those issues and has indicated that it still
wishes to advance the document, detail those concerns here.

No.

(7) Has each author confirmed that any and all appropriate IPR disclosures
required for full conformance with the provisions of BCP 78 and BCP 79 have
already been filed. If not, explain why?

Yes.

(8) Has an IPR disclosure been filed that references this document? If so,
summarize any WG discussion and conclusion regarding the IPR disclosures.

Not needed.

(9) How solid is the WG consensus behind this document? Does it represent the
strong concurrence of a few individuals, with others being silent, or does the
WG as a whole understand and agree with it?

Consensus was solid.

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent?
If so, please summarise the areas of conflict in separate email messages to
the Responsible Area Director. (It should be in a separate email because this
questionnaire is publicly available.)

No threats.

(11) Identify any ID nits the Document Shepherd has found in this document.
(See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist).
Boilerplate checks are not enough; this check needs to be thorough.

I did not find any ID nits.

(12) Describe how the document meets any required formal review criteria, such
as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

Not required.

(13) Have all references within this document been identified as either
normative or informative?

Yes.

(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative references
exist, what is the plan for their completion?

No.

(15) Are there downward normative references references (see RFC 3967)? If so,
list these downward references to support the Area Director in the Last Call
procedure.

No.

(16) Will publication of this document change the status of any existing RFCs?
Are those RFCs listed on the title page header, listed in the abstract, and
discussed in the introduction? If the RFCs are not listed in the Abstract and
Introduction, explain why, and point to the part of the document where the
relationship of this document to the other RFCs is discussed. If this
information is not in the document, explain why the WG considers it unnecessary.

Not expected.

(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes are
associated with the appropriate reservations in IANA registries. Confirm that
any referenced IANA registries have been clearly identified. Confirm that newly
created IANA registries include a detailed specification of the initial
contents for the registry, that allocations procedures for future registrations
are defined, and a reasonable name for the new registry has been suggested
(see RFC 8126).

Reviewed, and no actions needed.

(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find useful in
selecting the IANA Experts for these new registries.

Not applicable.

(19) Describe reviews and automated checks performed by the Document Shepherd
to validate sections of the document written in a formal language, such as XML
code, BNF rules, MIB definitions, YANG modules, etc.

Not needed.

(20) If the document contains a YANG module, has the module been checked with
any of the recommended validation tools
(https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and
formatting validation? If there are any resulting errors or warnings, what is
the justification for not fixing them at this time? Does the YANG module comply
with the Network Management Datastore Architecture (NMDA) as specified in
RFC8342?

Not applicable.

As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up. Changes are expected over time.

This version is dated 1 November 2019.

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet
Standard, Informational, Experimental, or Historic)? Why is this the proper
type of RFC? Is this type of RFC indicated in the title page header?

Standards Track.

(2) The IESG approval announcement includes a Document Announcement Write-Up.
Please provide such a Document Announcement Write-Up. Recent examples can be
found in the "Action" announcements for approved documents. The approval
announcement contains the following sections:

Technical Summary:

This document highlights an important use case of origin validation in eBGP
egress policies, explaining specifics of correct implementation in this
context. As the origin AS may be modified by outbound policy, policy semantics
based on RPKI Origin Validation state MUST be able to be applied separately on
distribution into BGP and on egress. This document mandates BGP implementations
supporting RPKI-based origin validation to provide the same policy
configuration primitives on egress as they are available for ingress and route
redistribution.


Working Group Summary:

The document went through the review at WGLC to include comments/suggestions/
changes. The conversation in the WG mail-list and meetings was productive and
the chairs believe this document is ready to progress.

Was there anything in WG process that is worth noting? For example, was there
controversy about particular points or were there decisions where the consensus
was particularly rough?

Since the first and only version of the document, there has been support for
this draft.

Document Quality:

The document is simple, clear and concise. There are no nits nor is the
document controversial.

Are there existing implementations of the protocol? Have a significant number
of vendors indicated their plan to implement the specification? Are there any
reviewers that merit special mention as having done a thorough review, e.g.,
one that resulted in important changes or a conclusion that the document had no
substantive issues? If there was a MIB Doctor, YANG Doctor, Media Type or
other expert review, what was its course (briefly)? In the case of a Media Type
review, on what date was the request posted?

None.

Personnel:

Keyur Patel  (keyur@arrcus.com) is Document Shepherd
Warren Kumari (warren@kumari.net) is Area Director

(3) Briefly describe the review of this document that was performed by the
Document Shepherd. If this version of the document is not ready for
publication, please explain why the document is being forwarded to the IESG.

The Document Shepherd read the document and reviewed comments.

(4) Does the document Shepherd have any concerns about the depth or breadth of
the reviews that have been performed?

No concerns.

(5) Do portions of the document need review from a particular or from broader
perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or
internationalization? If so, describe the review that took place.

No.

(6) Describe any specific concerns or issues that the Document Shepherd has
with this document that the Responsible Area Director and/or the IESG should be
aware of? For example, perhaps he or she is uncomfortable with certain parts
of the document, or has concerns whether there really is a need for it. In any
event, if the WG has discussed those issues and has indicated that it still
wishes to advance the document, detail those concerns here.

No.

(7) Has each author confirmed that any and all appropriate IPR disclosures
required for full conformance with the provisions of BCP 78 and BCP 79 have
already been filed. If not, explain why?

Yes.

(8) Has an IPR disclosure been filed that references this document? If so,
summarize any WG discussion and conclusion regarding the IPR disclosures.

Not needed.

(9) How solid is the WG consensus behind this document? Does it represent the
strong concurrence of a few individuals, with others being silent, or does the
WG as a whole understand and agree with it?

Consensus was solid.

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent?
If so, please summarise the areas of conflict in separate email messages to
the Responsible Area Director. (It should be in a separate email because this
questionnaire is publicly available.)

No threats.

(11) Identify any ID nits the Document Shepherd has found in this document.
(See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist).
Boilerplate checks are not enough; this check needs to be thorough.

I did not find any ID nits.

(12) Describe how the document meets any required formal review criteria, such
as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

Not required.

(13) Have all references within this document been identified as either
normative or informative?

Yes.

(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative references
exist, what is the plan for their completion?

No.

(15) Are there downward normative references references (see RFC 3967)? If so,
list these downward references to support the Area Director in the Last Call
procedure.

No.

(16) Will publication of this document change the status of any existing RFCs?
Are those RFCs listed on the title page header, listed in the abstract, and
discussed in the introduction? If the RFCs are not listed in the Abstract and
Introduction, explain why, and point to the part of the document where the
relationship of this document to the other RFCs is discussed. If this
information is not in the document, explain why the WG considers it unnecessary.

Not expected.

(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes are
associated with the appropriate reservations in IANA registries. Confirm that
any referenced IANA registries have been clearly identified. Confirm that newly
created IANA registries include a detailed specification of the initial
contents for the registry, that allocations procedures for future registrations
are defined, and a reasonable name for the new registry has been suggested
(see RFC 8126).

Reviewed, and no actions needed.

(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find useful in
selecting the IANA Experts for these new registries.

Not applicable.

(19) Describe reviews and automated checks performed by the Document Shepherd
to validate sections of the document written in a formal language, such as XML
code, BNF rules, MIB definitions, YANG modules, etc.

Not needed.

(20) If the document contains a YANG module, has the module been checked with
any of the recommended validation tools
(https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and
formatting validation? If there are any resulting errors or warnings, what is
the justification for not fixing them at this time? Does the YANG module comply
with the Network Management Datastore Architecture (NMDA) as specified in
RFC8342?

Not applicable.

As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up. Changes are expected over time.

This version is dated 1 November 2019.

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet
Standard, Informational, Experimental, or Historic)? Why is this the proper
type of RFC? Is this type of RFC indicated in the title page header?

Standards Track.

(2) The IESG approval announcement includes a Document Announcement Write-Up.
Please provide such a Document Announcement Write-Up. Recent examples can be
found in the "Action" announcements for approved documents. The approval
announcement contains the following sections:

Technical Summary:

This document highlights an important use case of origin validation in eBGP
egress policies, explaining specifics of correct implementation in this
context. As the origin AS may be modified by outbound policy, policy semantics
based on RPKI Origin Validation state MUST be able to be applied separately on
distribution into BGP and on egress. This document mandates BGP implementations
supporting RPKI-based origin validation to provide the same policy
configuration primitives on egress as they are available for ingress and route
redistribution.


Working Group Summary:

The document went through the review at WGLC to include comments/suggestions/
changes. The conversation in the WG mail-list and meetings was productive and
the chairs believe this document is ready to progress.

Was there anything in WG process that is worth noting? For example, was there
controversy about particular points or were there decisions where the consensus
was particularly rough?

Since the first and only version of the document, there has been support for
this draft.

Document Quality:

The document is simple, clear and concise. There are no nits nor is the
document controversial.

Are there existing implementations of the protocol? Have a significant number
of vendors indicated their plan to implement the specification? Are there any
reviewers that merit special mention as having done a thorough review, e.g.,
one that resulted in important changes or a conclusion that the document had no
substantive issues? If there was a MIB Doctor, YANG Doctor, Media Type or
other expert review, what was its course (briefly)? In the case of a Media Type
review, on what date was the request posted?

Not applicable to this document.

Personnel:

Keyur Patel  (keyur@arrcus.com) is Document Shepherd
Warren Kumari (warren@kumari.net) is Area Director

(3) Briefly describe the review of this document that was performed by the
Document Shepherd. If this version of the document is not ready for
publication, please explain why the document is being forwarded to the IESG.

The Document Shepherd read the document and reviewed comments.

(4) Does the document Shepherd have any concerns about the depth or breadth of
the reviews that have been performed?

No concerns.

(5) Do portions of the document need review from a particular or from broader
perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or
internationalization? If so, describe the review that took place.

No.

(6) Describe any specific concerns or issues that the Document Shepherd has
with this document that the Responsible Area Director and/or the IESG should be
aware of? For example, perhaps he or she is uncomfortable with certain parts
of the document, or has concerns whether there really is a need for it. In any
event, if the WG has discussed those issues and has indicated that it still
wishes to advance the document, detail those concerns here.

No.

(7) Has each author confirmed that any and all appropriate IPR disclosures
required for full conformance with the provisions of BCP 78 and BCP 79 have
already been filed. If not, explain why?

Yes.

(8) Has an IPR disclosure been filed that references this document? If so,
summarize any WG discussion and conclusion regarding the IPR disclosures.

Not needed.

(9) How solid is the WG consensus behind this document? Does it represent the
strong concurrence of a few individuals, with others being silent, or does the
WG as a whole understand and agree with it?

Consensus was solid.

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent?
If so, please summarise the areas of conflict in separate email messages to
the Responsible Area Director. (It should be in a separate email because this
questionnaire is publicly available.)

No threats.

(11) Identify any ID nits the Document Shepherd has found in this document.
(See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist).
Boilerplate checks are not enough; this check needs to be thorough.

I did not find any ID nits.

(12) Describe how the document meets any required formal review criteria, such
as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

Not required.

(13) Have all references within this document been identified as either
normative or informative?

Yes.

(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative references
exist, what is the plan for their completion?

No.

(15) Are there downward normative references references (see RFC 3967)? If so,
list these downward references to support the Area Director in the Last Call
procedure.

No.

(16) Will publication of this document change the status of any existing RFCs?
Are those RFCs listed on the title page header, listed in the abstract, and
discussed in the introduction? If the RFCs are not listed in the Abstract and
Introduction, explain why, and point to the part of the document where the
relationship of this document to the other RFCs is discussed. If this
information is not in the document, explain why the WG considers it unnecessary.

Not expected.

(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes are
associated with the appropriate reservations in IANA registries. Confirm that
any referenced IANA registries have been clearly identified. Confirm that newly
created IANA registries include a detailed specification of the initial
contents for the registry, that allocations procedures for future registrations
are defined, and a reasonable name for the new registry has been suggested
(see RFC 8126).

Reviewed, and no actions needed.

(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find useful in
selecting the IANA Experts for these new registries.

Not applicable.

(19) Describe reviews and automated checks performed by the Document Shepherd
to validate sections of the document written in a formal language, such as XML
code, BNF rules, MIB definitions, YANG modules, etc.

Not needed.

(20) If the document contains a YANG module, has the module been checked with
any of the recommended validation tools
(https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and
formatting validation? If there are any resulting errors or warnings, what is
the justification for not fixing them at this time? Does the YANG module comply
with the Network Management Datastore Architecture (NMDA) as specified in
RFC8342?

Not applicable.