Skip to main content

Last Call Review of draft-ietf-grow-unique-origin-as-
review-ietf-grow-unique-origin-as-secdir-lc-melnikov-2011-04-30-00

Request Review of draft-ietf-grow-unique-origin-as
Requested revision No specific revision (document currently at 01)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2011-04-26
Requested 2011-04-21
Authors Danny R. McPherson , Ryan Donnelly , Frank Scalzo
Draft last updated 2011-04-30
Completed reviews Secdir Last Call review of -?? by Alexey Melnikov
Assignment Reviewer Alexey Melnikov
State Completed Snapshot
Review review-ietf-grow-unique-origin-as-secdir-lc-melnikov-2011-04-30
Completed 2011-04-30
review-ietf-grow-unique-origin-as-secdir-lc-melnikov-2011-04-30-00
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This draft makes recommendations regarding the use of per-node unique
origin ASNs for globally anycasted critical infrastructure services in order
to provide routing system discriminators for a given anycasted prefix.
Network management and monitoring techniques, or other operational
mechanisms can benefit from use of these new discriminators.



Routing security is outside of my field of expertise, but I think the 


document



made a compelling argument why use of per-node unique origin ASNs
(as opposed to one ASN for all anycast nodes) improves the ability to detect
rogue anycast nodes (assuming all nodes use unique ASNs). The proposed
mechanism also better co-exists with SIDR, which is an extra plus.

So overall I think the document is in a good shape and the Security
Considerations section seems adequate.

Best Regards,
Alexey

--
Internet Messaging Team Lead, <

http://www.isode.com

>
JID: same as my email address
twitter: aamelnikov