Last Call Review of draft-ietf-idr-flowspec-redirect-rt-bis-03

Request Review of draft-ietf-idr-flowspec-redirect-rt-bis
Requested rev. no specific revision (document currently at 05)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2015-04-08
Requested 2015-03-23
Authors Jeffrey Haas
Draft last updated 2015-04-19
Completed reviews Genart Last Call review of -03 by Brian Carpenter (diff)
Genart Last Call review of -04 by Brian Carpenter (diff)
Genart Telechat review of -05 by Brian Carpenter
Rtgdir Early review of -00 by Nabil Bitar (diff)
Secdir Last Call review of -03 by Alexey Melnikov (diff)
Opsdir Last Call review of -03 by Carlos Pignataro (diff)
Assignment Reviewer Carlos Pignataro 
State Completed
Review review-ietf-idr-flowspec-redirect-rt-bis-03-opsdir-lc-pignataro-2015-04-19
Reviewed rev. 03 (document currently at 05)
Review result Has Nits
Review completed: 2015-04-19



I have reviewed this document as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written with the intent of improving the operational aspects of the IETF drafts. Comments that are not addressed in last call may be included in AD reviews during the IESG review.  Document editors and WG chairs should treat these comments just like any other last call comments.

This document is on the Standards Track, and clarifies the formatting to the BGP Flowspec Redirect Extended Community.

Thank you for a nice short document.

Relevant operational considerations are specified in RFC 5575.

Summary: Ready with minor issues




3.  Security Considerations

   This document introduces no additional security considerations than
   those already covered in [RFC5575].

This seems correct — however, this document fixes what potentially is a security consideration. A small explanation of the implications of an incorrect matching decision to the wrong VRF would help here.


  -- The draft header indicates that this document updates RFC5575, but the
     abstract doesn't seem to directly say this.

   This "value wildcard" matching behavior, that does not take into
   account the format of the route target defined for a local VRF and
   may result in the wrong matching decision, does not match deployed
   implementations of BGP flowspec.


   It should be noted that the low-order nybble of the Redirect's Type
   field corresponds to the Route Target Extended Community format field


   The IANA Registries for BGP Extended Communities [RFC7153] document
   was written to update the previously-mentioned IANA registries to
   better document BGP Extended Community formats.

Registries … were, or Registry … was.

Use consistent case for “BGP Flowspec” (vs. “BGP flowspec”).

Hope these help,

— Carlos.




 Message signed with OpenPGP using GPGMail