Last Call Review of draft-ietf-bess-virtual-subnet-05
review-ietf-bess-virtual-subnet-05-secdir-lc-eastlake-2015-11-26-00
Request | Review of | draft-ietf-bess-virtual-subnet |
---|---|---|
Requested revision | No specific revision (document currently at 07) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2015-11-24 | |
Requested | 2015-11-12 | |
Authors | Xiaohu Xu , Christian Jacquenet , Robert Raszuk , Truman Boyes , Brendan Fee | |
I-D last updated | 2015-11-26 | |
Completed reviews |
Secdir Last Call review of -05
by Donald E. Eastlake 3rd
(diff)
Opsdir Last Call review of -05 by Jouni Korhonen (diff) Rtgdir Early review of -02 by Ron Bonica (diff) |
|
Assignment | Reviewer | Donald E. Eastlake 3rd |
State | Completed | |
Request | Last Call review on draft-ietf-bess-virtual-subnet by Security Area Directorate Assigned | |
Reviewed revision | 05 (document currently at 07) | |
Result | Has issues | |
Completed | 2015-11-26 |
review-ietf-bess-virtual-subnet-05-secdir-lc-eastlake-2015-11-26-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. Document editors and WG chairs should treat these comments just like any other last call comments. This Informational document describes a straightforward method using existing BGP/MPLS VPN technology along with ARP/ND proxying to interconnect parts of an IP subnet spread across two or more data centers including support of VM migration between data centers. (It also suggest that bridging techniques be used if non-iP traffic has to be supported.) Security: The Security Considerations section in its entirety is as follows: This document doesn't introduce additional security risk to BGP/MPLS IP VPN, nor does it provide any additional security feature for BGP/ MPLS IP VPN. While I don't think the Security Considerations section of this Informational document needs to be particularly large or heavy, I believe there is more to be said. Perhaps points such as the security of the L2 or IP addresses used by the hosts/servers in the data centers or the PE devices seeming like ideal concentration points to observe traffic metadata and content so systems along the lines of those described here should take that into account. Other: While I understand that many disagree with me, I believe that, except in special circumstances, front page authors should list a postal address and/or telephone number in the Authors Addresses section as well as an email address. In my opinion, the Authors Addresses section of this draft is an example of schlock corner cutting. Trivia: Section 1, page 3, item b: "challenge on the forwarding" -> "challenge to the forwarding". item c: "growing by multiples" -> "multiplying" Section 1, page 4: "infrastructures and their corresponding experiences" -> "infrastructure and experience". Section 3.4: "Acting as an ARP or ND proxies, a PE routers" -> "Acting as an ARP or ND proxy, a PE router" I'm not sure what the occurrences of "Infrastructure-as-a-Service (IaaS)" and "IaaS" add other than buzzword compliance think the draft would be improved by deleting them. Thanks, Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3 at gmail.com