Last Call Review of draft-ietf-l2vpn-pbb-vpls-pe-model-07

Request Review of draft-ietf-l2vpn-pbb-vpls-pe-model
Requested rev. no specific revision (document currently at 07)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2013-06-27
Requested 2013-06-20
Authors Florin Balus, Ali Sajassi, Nabil Bitar
Draft last updated 2013-06-27
Completed reviews Secdir Last Call review of -07 by Phillip Hallam-Baker
Assignment Reviewer Phillip Hallam-Baker 
State Completed
Review review-ietf-l2vpn-pbb-vpls-pe-model-07-secdir-lc-hallam-baker-2013-06-27
Reviewed rev. 07
Review result Has Issues
Review completed: 2013-06-27


I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

The draft is an informational document describing an architecture for moving packets about based on MAC addresses.

While the existence of such architectures and devices is likely relevant to Internet Protocol networking, the draft does not explain how the architecture described is relevant. 

The draft does not contain a substantive Security Considerations, there is instead a reference:


   No new security issues are introduced beyond those that are described

   in [


] and [



The references in turn contain references

   A more comprehensive description of the security issues involved in
   L2VPNs is covered in [



This is a pity if the principle purpose of the document is to explain the differences between IP layer inter-networking and Layer 2 (aka Ethernet layer) networking and the main differences are in the area of security and scalability.

One of the main reasons to prefer L2 networking over IP is the dependence certain LAN protocols still have on the use of broadcast techniques. But broadcast techniques are by their very nature unscalable. Given n nodes the cost of broadcast traffic rises as n^2 as every machine on the network has to process the spam from all the rest.

From a security point of view the L2 approach results in a true peered network which has unfortunate effects on security. Absent mechanisms to authenticate network control messages, every additional machine added to the network is an additional potential point of pollution.