Skip to main content

Last Call Review of draft-ietf-idr-flowspec-redirect-rt-bis-03

Request Review of draft-ietf-idr-flowspec-redirect-rt-bis
Requested revision No specific revision (document currently at 05)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2015-04-08
Requested 2015-03-23
Authors Jeffrey Haas
Draft last updated 2015-04-19
Completed reviews Genart Last Call review of -03 by Brian E. Carpenter (diff)
Genart Last Call review of -04 by Brian E. Carpenter (diff)
Genart Telechat review of -05 by Brian E. Carpenter
Rtgdir Early review of -00 by Dr. Nabil N. Bitar (diff)
Secdir Last Call review of -03 by Alexey Melnikov (diff)
Opsdir Last Call review of -03 by Carlos Pignataro (diff)
Assignment Reviewer Carlos Pignataro
State Completed Snapshot
Review review-ietf-idr-flowspec-redirect-rt-bis-03-opsdir-lc-pignataro-2015-04-19
Reviewed revision 03 (document currently at 05)
Result Has Nits
Completed 2015-04-19

I have reviewed this document as part of the Operational directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written with the intent of improving the operational aspects of
the IETF drafts. Comments that are not addressed in last call may be included
in AD reviews during the IESG review.  Document editors and WG chairs should
treat these comments just like any other last call comments.

This document is on the Standards Track, and clarifies the formatting to the
BGP Flowspec Redirect Extended Community.

Thank you for a nice short document.

Relevant operational considerations are specified in RFC 5575.

Summary: Ready with minor issues




3.  Security Considerations

   This document introduces no additional security considerations than
   those already covered in [RFC5575].

This seems correct — however, this document fixes what potentially is a
security consideration. A small explanation of the implications of an incorrect
matching decision to the wrong VRF would help here.


  -- The draft header indicates that this document updates RFC5575, but the
     abstract doesn't seem to directly say this.

   This "value wildcard" matching behavior, that does not take into
   account the format of the route target defined for a local VRF and
   may result in the wrong matching decision, does not match deployed
   implementations of BGP flowspec.


   It should be noted that the low-order nybble of the Redirect's Type
   field corresponds to the Route Target Extended Community format field


   The IANA Registries for BGP Extended Communities [RFC7153] document
   was written to update the previously-mentioned IANA registries to
   better document BGP Extended Community formats.

Registries … were, or Registry … was.

Use consistent case for “BGP Flowspec” (vs. “BGP flowspec”).

Hope these help,

— Carlos.




 Message signed with OpenPGP using GPGMail