Skip to main content

Last Call Review of draft-ietf-bier-evpn-13

Request Review of draft-ietf-bier-evpn
Requested revision No specific revision (document currently at 14)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2023-10-05
Requested 2023-09-21
Authors Zhaohui (Jeffrey) Zhang , Tony Przygienda , Ali Sajassi , Jorge Rabadan
I-D last updated 2024-01-01
Completed reviews Intdir Telechat review of -10 by Haoyu Song (diff)
Secdir Last Call review of -13 by Mohit Sethi (diff)
Rtgdir Last Call review of -08 by Ron Bonica (diff)
Rtgdir Last Call review of -13 by Himanshu C. Shah (diff)
Assignment Reviewer Mohit Sethi
State Completed
Request Last Call review on draft-ietf-bier-evpn by Security Area Directorate Assigned
Posted at
Reviewed revision 13 (document currently at 14)
Result Has nits
Completed 2024-01-01
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last-call

This document defines procedures for forwarding broadcast, unknown unicast, and
multicast (BUM) traffic of Ethernet VPNs (EVPN) using Bit Index Explicit
Replication (BIER).

I am not at all familiar with this area and found the document somewhat
difficult to parse and comprehend. However, that is not necessarily a problem
since I am not the target audience in any case.

Some nits from my limited understanding:

The introduction mentions P-tunnels but it is explained a little later in
section 1.1.

I am not sure how should I interpret "As such, this document is also very much
aligned with [RFC8556]." What is RFC8556 and in what sense is the current draft

Perhaps a reason or justification for this reuse could be helpful: "The same
codepoint 0x0B that IANA has assigned for BIER for MVPN [RFC8556] is used for
EVPN as well."

Several acronyms such as NLRI,mLDP P2MP NVGRE, GENEVE, BD, VNI/VSID are used
without expanding them on first use and without any definition in the
terminology section?

The document is missing the boiler plate text and reference to BCP 14 [RFC2119]

Considering BCP 14, how should one interpret the phrase "they do NOT apply to

The security considerations section simply provides references to [RFC7432] and
[RFC8556] for security implications. I guess that is okay, but I noticed that
[RFC8556] further references [RFC8279] and [RFC8296] for security
considerations. Perhaps that is acceptable. One could consider stating that the
security of this solution is based on the full trust of the complete end-to-end
BIER network. There is no cryptography to ensure that a packet is not
manipulated enroute and properties such as integrity confidentiality of the
traffic is ensured at higher layers?