Last Call Review of draft-ietf-nvo3-arch-06
review-ietf-nvo3-arch-06-secdir-lc-takahashi-2016-08-12-00

Request Review of draft-ietf-nvo3-arch
Requested rev. no specific revision (document currently at 08)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-08-12
Requested 2016-08-04
Authors David Black, Jon Hudson, Larry Kreeger, Marc Lasserre, Thomas Narten
Draft last updated 2016-08-12
Completed reviews Secdir Last Call review of -06 by Takeshi Takahashi (diff)
Opsdir Last Call review of -06 by Linda Dunbar (diff)
Assignment Reviewer Takeshi Takahashi
State Completed
Review review-ietf-nvo3-arch-06-secdir-lc-takahashi-2016-08-12
Reviewed rev. 06 (document currently at 08)
Review result Ready
Review completed: 2016-08-12

Review
review-ietf-nvo3-arch-06-secdir-lc-takahashi-2016-08-12

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.

These comments were written primarily for the benefit of the security area directors.

Document editors and WG chairs should treat these comments just like any other last call comments.

 

[General summary]

This document is ready.

 

[Topic of this draft]

This informational document describes a high-level overview architecture for building data center network viatualization overlay (NVO3) networks.

It breaks down the architecture and defines several components needed for realizing the architecture, such as Network Virtualization Edge (NVE) and Network Virtualization Authority (NVA).

 

[Minor Comment]

In Section 16 “Security Considerations”, you could consider addressing the policy enforcement issue you've discussed in Section 5.4.

The sentence starting with "Leakage of sensitive information" could be, for instance, changed from "...by using encryption" to "...by using encryption and ensuring policy enforcement".

 

[Editorial Comment]

In Page 9, there is a sentence "NVAs provide a service, and NVEs access that service via an NVE-to-NVA protocol as discussed in Section 4.3."

This current sentence is fine, but referring Section 8 "NVE-to-NVA Protocol" (instead of Section 4.3 "NVE State") could be better.

 

In Section 2, definition of "VLAN": "are used in this document denote a C-VLAN", could be "are used in this document to denote a C-VLAN".

 

I enjoyed reading the draft.

 

Thank you.

Take