Skip to main content

Last Call Review of draft-ietf-pce-p2mp-app-

Request Review of draft-ietf-pce-p2mp-app
Requested revision No specific revision (document currently at 02)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2009-06-16
Requested 2009-04-16
Authors Adrian Farrel , Seisho Yasukawa
I-D last updated 2009-06-16
Completed reviews Secdir Last Call review of -?? by Brian Weis
Assignment Reviewer Brian Weis
State Completed
Request Last Call review on draft-ietf-pce-p2mp-app by Security Area Directorate Assigned
Completed 2009-06-16
I have reviewed this document as part of the security directorate's  

ongoing effort to review all IETF documents being processed by the  

IESG. These comments were written primarily for the benefit of the  

security area directors. Document editors and WG chairs should treat  

these comments just like any other last call comments.

This Informational document describes how the Path Computation Element  

(PCE)-based architecture defined in RFC 4655 can support point-to- 

multipoint label switched paths. A PCE is a device that computes the  

path of Traffic Engineered Label Switched Paths (TE LSPs) within  

Multiprotocol Label Switching  (MPLS) and Generalized MPLS (GMPLS)  

networks. A PCE-based architecture is generally used to offload path  

computation processing from Label Switching Routers (LSRs).

This document does not substantially change the architecture described  

in RFC 4655. The Security Considerations section states that this  

document does not raise any additional security issues beyond those  

that generally apply to the PCE architecture, and I believe that is  

generally true. However, I do have one minor suggestion for the authors:

The "Note" in the Security Considerations section points out that P2MP  

computation is CPU-intensive, and posits that an attacker injecting  

spurious P2MP path computation requests may be more successful than if  

the attacker injected P2P computation requests. Since you brought up  

the attack, it would be worth noting that the use of a message  

integrity mechanism by a PCE protocol should be used to mitigate  

attacks from devices that are not authorized to send requests to the  

PCE device. I hesitate to be more specific because the document does  

not describe a particular PCE protocol.


Brian Weis
Router/Switch Security Group, ARTG, Cisco Systems
Telephone: +1 408 526 4796
Email: bew at