Last Call Review of draft-ietf-bess-evpn-mh-split-horizon-09
review-ietf-bess-evpn-mh-split-horizon-09-secdir-lc-sheffer-2024-06-30-00
Request | Review of | draft-ietf-bess-evpn-mh-split-horizon |
---|---|---|
Requested revision | No specific revision (document currently at 11) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2024-07-09 | |
Requested | 2024-06-25 | |
Authors | Jorge Rabadan , Kiran Nagaraj , Wen Lin , Ali Sajassi | |
I-D last updated | 2024-06-30 | |
Completed reviews |
Genart Early review of -08
by Jouni Korhonen
(diff)
Rtgdir Early review of -04 by Himanshu C. Shah (diff) Secdir Last Call review of -09 by Yaron Sheffer (diff) Opsdir Last Call review of -10 by Susan Hares (diff) Secdir Telechat review of -10 by Yaron Sheffer (diff) |
|
Assignment | Reviewer | Yaron Sheffer |
State | Completed | |
Request | Last Call review on draft-ietf-bess-evpn-mh-split-horizon by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/0Ss0uKHVL5ukc9nByXL6LgJZdPg | |
Reviewed revision | 09 (document currently at 11) | |
Result | Has nits | |
Completed | 2024-06-30 |
review-ietf-bess-evpn-mh-split-horizon-09-secdir-lc-sheffer-2024-06-30-00
This document defines a way to explicitly share the multi-homing split horizon procedures over BGP, for a large variety of NVO use cases. This reviewer is not familiar with the EVPN ecosystem, and comments below may reflect my own ignorance. In general: the document is clear, and does not appear to create any novel security risks. 2.1: the first two paragraphs are duplicates. 2.2: "A received A-D per ES route where Single-Active and SHT bits are different from zero MUST be treat-as-withdraw" - IIUC, this is very fragile behavior, where an incorrect flag results in the entire path being removed. Why does this behavior make more sense than simply ignoring the SHT bits? 2.2: For the Geneve use case: is the value "10" always valid, or is it only valid if the ESI-Label is present? The text is unclear. 4: "The security considerations relevant to multihoming" - is it clear to all readers which security considerations these are? Are you referring to the entirety of Sec. 19 of RFC7432? 4: "unauthorized changes to the SHT configuration by an attacker should not cause traffic disruption" - when various kinds of misconfiguration are "treat as withdraw", how does that NOT cause traffic disruption? I would assume that when the route is withdrawn, eventually traffic is disrupted. 7: the Contributors section is empty.