Skip to main content

Last Call Review of draft-ietf-bess-evpn-irb-mcast-08

Request Review of draft-ietf-bess-evpn-irb-mcast-07
Requested revision 07 (document currently at 11)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2022-07-08
Requested 2022-06-24
Requested by Andrew Alston
Authors Wen Lin , Zhaohui (Jeffrey) Zhang , John Drake , Eric C. Rosen , Jorge Rabadan , Ali Sajassi
I-D last updated 2022-12-24
Completed reviews Intdir Telechat review of -09 by Brian Haberman (diff)
Genart Last Call review of -09 by Stewart Bryant (diff)
Secdir Last Call review of -08 by Tirumaleswar Reddy.K (diff)
Rtgdir Last Call review of -07 by Acee Lindem (diff)
Requesting security and routing area directorate reviews on this one before I push it into last call.
Assignment Reviewer Tirumaleswar Reddy.K
State Completed
Request Last Call review on draft-ietf-bess-evpn-irb-mcast by Security Area Directorate Assigned
Posted at
Reviewed revision 08 (document currently at 11)
Result Has issues
Completed 2022-12-20

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written with the intent of improving security requirements
and considerations in IETF drafts.  Comments not addressed in the last call
may be included in AD reviews during the IESG review.  Document editors and
WG chairs should treat these comments just like any other last call

Reviewer: Tirumaleswar Reddy
Review result:  Ready with issues


The document covers the procedure for multicast advertisement and
forwarding among BDs.
I don't see any major security issues presented in the security
considerations and I I have the following comments :

   This document uses protocols and procedures defined in the normative
   references, and inherits the security considerations of those

Comment> I suggest adding more details to how the security considerations
in the normative references are applicable to this draft.

   Incorrect addition, removal, or modification of those
   flags and/or ECs will cause the procedures defined herein to
   malfunction, in which case loss or diversion of data traffic is

Comment> The above text discusses the attacks but not possible
mitigations. Please add more details on how the above attack can be