Last Call Review of draft-ietf-detnet-mpls-over-ip-preof-08
review-ietf-detnet-mpls-over-ip-preof-08-secdir-lc-meadows-2023-12-19-00
Request | Review of | draft-ietf-detnet-mpls-over-ip-preof |
---|---|---|
Requested revision | No specific revision (document currently at 11) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2023-12-22 | |
Requested | 2023-12-08 | |
Authors | Balazs Varga , János Farkas , Andrew G. Malis | |
I-D last updated | 2023-12-19 | |
Completed reviews |
Intdir Telechat review of -09
by Tatuya Jinmei
(diff)
Tsvart Last Call review of -08 by Olivier Bonaventure (diff) Genart Last Call review of -08 by Joel M. Halpern (diff) Secdir Last Call review of -08 by Catherine Meadows (diff) Opsdir Last Call review of -08 by Carlos Pignataro (diff) Rtgdir Early review of -02 by Bruno Decraene (diff) |
|
Assignment | Reviewer | Catherine Meadows |
State | Completed | |
Request | Last Call review on draft-ietf-detnet-mpls-over-ip-preof by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/_sJAa6hKHDR-v392plLAYv4zDT4 | |
Reviewed revision | 08 (document currently at 11) | |
Result | Has nits | |
Completed | 2023-12-19 |
review-ietf-detnet-mpls-over-ip-preof-08-secdir-lc-meadows-2023-12-19-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other comments. This document presents BGP constructs that may be used to implement certain types of network segmentation. This document describes how sequencing information can be encoded in the IP header to be used to support the addition of Packet Replication, Elimination, and Ordering Functions (PREOF) to Deterministic Networking (DetNet )IP. The PREOF service protection method relies on copies of the same packet being sent over multiple maximally disjoint paths and uses sequencing information to elimination duplicates. PREOF has already been implemented for MPLS, and the IP solution is derived from that. This document descibes how to derive the needed sequencing information from the IP header. In particular it describes what information MUST and MAY be included in the header fields so that the sequence information may be derived. I agree with the draft’s security considerations section, which says that no new security considerations are introduced. The procedure is based on a similar solution for MPLS, and so the MPLS security considerations apply. A nit: 1. A possible implementation of POF function should be A possible implementation of the POF function