Last Call Review of draft-ietf-ospf-ospfv3-segment-routing-extensions-16

Request Review of draft-ietf-ospf-ospfv3-segment-routing-extensions
Requested rev. no specific revision (document currently at 23)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2018-11-16
Requested 2018-10-23
Authors Peter Psenak, Stefano Previdi
Draft last updated 2018-11-04
Completed reviews Genart Telechat review of -19 by Pete Resnick (diff)
Genart Last Call review of -18 by Pete Resnick (diff)
Secdir Last Call review of -16 by Yaron Sheffer (diff)
Rtgdir Last Call review of -17 by Tomonori Takeda (diff)
Opsdir Last Call review of -16 by Joe Clarke (diff)
Assignment Reviewer Yaron Sheffer
State Completed
Review review-ietf-ospf-ospfv3-segment-routing-extensions-16-secdir-lc-sheffer-2018-11-04
Reviewed rev. 16 (document currently at 23)
Review result Has Nits
Review completed: 2018-11-04


Summary: document has non-security related nits.


* The definition of "segment" is different here from the one used in the architecture RFC. The RFC is more abstract, quoting: A node steers a packet through an ordered list of instructions, called "segments". Whereas here a segment is simply a sub-path. This is confusing to a non-expert, and perhaps indicates a change in the group's thinking.

* SID/Label Sub-TLV: is it Mandatory? If so, please point it out.

* "The SR-Algorithm TLV is optional" - I find this sentence confusing. Maybe replace by "The SR-Algorithm TLV is mandatory for routers that implement segment routing"?

* The reference under "IGP Algorithm Type" registry should be to the IANA registry itself, not to the I-D that defines it. (In particular since the IANA registry has already been established,

* OSPFv3 Extended Prefix Range TLV Flags octet: add the usual incantation about reserved bits.

* In general I agree with the reasoning in the Security Considerations. I would like to raise the question if, in addition to mis-routing, this adds a threat of massive denial-of-service on MPLS endpoints, e.g. by allowing an attacker who has OSPF access to introduce routing loops. (This may be completely bogus, I am far from expert with either of these protocols).