Last Call Review of draft-ietf-grow-route-leak-problem-definition-04
review-ietf-grow-route-leak-problem-definition-04-genart-lc-resnick-2016-03-21-00

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Document: draft-ietf-grow-route-leak-problem-definition-04
Reviewer: Pete Resnick
Review Date: 2016-03-21
IETF LC End Date: 2016-03-28

Summary: This draft is on the right track but has open issues, described
in this review.

Major issues:

None.

Minor issues:

- Figure 1, along with the discussion of it in section 3, was confusing
to me. First of all, am I correct that the example displays *two* leaks?
That is, there's the leak from AS3 to ISP2, and then there are the
propagated leaks from ISP2 to the rest of the world. Also, "(P)" seems
to be used as both a leaked prefix (from ISP1 through AS3 to ISP2 and
then propagated from there) as well as what looks to be a normal prefix
update between ISP1 and ISP2. Are all of the occurrences of "(P)" in
Figure 1 identical? Or is the prefix update between ISP1 and ISP2 also a
leak? What leaks is Figure 1 intended to show?

- In 3.1: "The leak often succeeds because...". Do you really means
"succeeds" and not "occurs"? If so, what does "succeeds" mean in this
context?

- The description in section 3.5, starting from "However", really needs
a complete rewrite. It's ungrammatical to the point that I'm not really
sure I understand what it is trying to say.

Nits/editorial comments:

- I've mentioned before that I find the "academic research paper" style
a bit jarring in IETF documents. I particularly don't like the use of
"we" and "us", since it's not clear whether "we" is the authors (which
is how it's used in academic papers, but is inappropriate for an IETF
document), the WG, the IETF, etc. Instead, I would replace all instances
of "we" with "this document", or simply re-word into the passive, since
a subject is rarely needed for these sentences. For example, the
abstract could be rewritten as such:

    A systemic vulnerability of the Border Gateway Protocol routing
    system, known as 'route leaks', has received significant attention
in
    recent years.  Frequent incidents that result in significant
    disruptions to Internet routing are labeled "route leaks", but to
    date a common definition of the term has been lacking.  This
document
    provides a working definition of route leaks, keeping in mind the
    real occurrences that have received significant attention. Further,
    this document attempts to enumerate (though not exhaustively)
    different types of route leaks based on observed events on the
    Internet.  The aim is to provide a taxonomy that covers several
forms
    of route leaks that have been observed and are of concern to
Internet
    user community as well as the network operator community.

Please do similar edits throughout.

Similarly, the referencing of authors by name seems like bad form for an
IETF document.

OLD
    This document builds on and extends earlier work in the IETF by
    Dickson
[draft-dickson-sidr-route-leak-def][draft-dickson-sidr-route-
    leak-reqts].
NEW
    This document builds on and extends earlier work in the IETF
    [draft-dickson-sidr-route-leak-def][draft-dickson-sidr-route-leak-
    reqts].
END

OLD
                              Mauch [Mauch] observes that these are
       anomalies and potentially route leaks because very large ISPs
such
       as ATT, Sprint, Verizon, and Globalcrossing do not in general buy
       transit services from each other.  However, he also notes that
       there are exceptions when one very large ISP does indeed buy
       transit from another very large ISP, and accordingly exceptions
       are made in his detection algorithm for known cases.
NEW
                              [Mauch] observes that these are anomalies
       and potentially route leaks because very large ISPs such as ATT,
       Sprint, Verizon, and Globalcrossing do not in general buy transit
       services from each other.  However, it also notes that there are
       exceptions when one very large ISP does indeed buy transit from
       another very large ISP, and accordingly exceptions are made in
its
       detection algorithm for known cases.
END

- Last paragraph in section 2: I'm left wondering what sorts of things
that other folks might consider leaks *aren't* covered by the
definition. Perhaps you want to mention that?

- In 3.6, when you say "more specifics", are you using that as a noun to
mean "more specific prefixes"? It's very hard to read in its current
form.

- Section 5 is superfluous. I'd delete it.

- On a side note, I must say that the writing style of the "Example
incidents" caused me quite a bit of giggling. "Examples include
symmetrical book stacking, just like the Philadelphia mass turbulence of
1947, and the biggest interdimensional crossrip since the Tunguska blast
of 1909 [GhostBusters1984]." Reading them aloud helps. :-) (No need for
a change; they're fine as is. They just sound funny to a person not in
the field.)

pr
--
Pete Resnick <http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478