Last Call Review of draft-ietf-bess-nsh-bgp-control-plane-13

Request Review of draft-ietf-bess-nsh-bgp-control-plane
Requested rev. no specific revision (document currently at 18)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2019-12-13
Requested 2019-11-29
Authors Adrian Farrel, John Drake, Eric Rosen, Jim Uttaro, Luay Jalil
Draft last updated 2020-01-09
Completed reviews Rtgdir Last Call review of -13 by Ravi Singh (diff)
Tsvart Last Call review of -13 by Olivier Bonaventure (diff)
Opsdir Last Call review of -13 by Sheng Jiang (diff)
Secdir Last Call review of -13 by Scott Kelly (diff)
Genart Last Call review of -12 by Brian Carpenter (diff)
Assignment Reviewer Scott Kelly 
State Completed
Review review-ietf-bess-nsh-bgp-control-plane-13-secdir-lc-kelly-2020-01-09
Posted at
Reviewed rev. 13 (document currently at 18)
Review result Ready
Review completed: 2020-01-01


This review is several weeks late, I hope it is still useful.

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

The summary of the review is Ready.

From the abstract, this document describes the use of BGP as a control plane for networks that support Service Function Chaining (SFC).

The document is well-written and the security considerations section points to other RFCs where appropriate, and seems to call out all relevant additional considerations.

I could leave it at that, but I have little routing expertise/experience, so I can't state with confidence that nothing was missed. The instructions for secdir reviews say that the most important item is to give the (security) ADs a sense of how important it is that they pay attention to the document. Given the complexity and interactions between BGP, SFC, and the control plane mechanisms described in this document, I think it *is* important that the security ADs pay attention to this document.