Telechat Review of draft-ietf-rtgwg-bgp-routing-large-dc-11
review-ietf-rtgwg-bgp-routing-large-dc-11-secdir-telechat-nir-2016-06-17-00
| Request | Review of | draft-ietf-rtgwg-bgp-routing-large-dc |
|---|---|---|
| Requested revision | No specific revision (document currently at 11) | |
| Type | Telechat Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2016-06-14 | |
| Requested | 2016-06-09 | |
| Authors | Petr Lapukhov , Ariff Premji , Jon Mitchell | |
| I-D last updated | 2016-06-17 | |
| Completed reviews |
Genart Telechat review of -10
by Dan Romascanu
(diff)
Genart Telechat review of -11 by Dan Romascanu Secdir Telechat review of -09 by Yoav Nir (diff) Secdir Telechat review of -11 by Yoav Nir Opsdir Telechat review of -09 by Lionel Morand (diff) Rtgdir Early review of -01 by Danny R. McPherson (diff) Rtgdir Early review of -05 by Susan Hares (diff) Rtgdir Early review of -09 by Acee Lindem (diff) |
|
| Assignment | Reviewer | Yoav Nir |
| State | Completed | |
| Request | Telechat review on draft-ietf-rtgwg-bgp-routing-large-dc by Security Area Directorate Assigned | |
| Reviewed revision | 11 | |
| Result | Ready | |
| Completed | 2016-06-17 |
review-ietf-rtgwg-bgp-routing-large-dc-11-secdir-telechat-nir-2016-06-17-00
Hi The new version addresses my concern from the message below. The document is now ready IMO. Thanks Yoav > On 5 May 2016, at 10:24 AM, Yoav Nir <ynir.ietf at gmail.com> wrote: > > Hi. > > I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. > > Summary: Almost Ready > > This document is an Informational discussion of packet routing within data centers. It describes existing practice with using layer-2 protocols such as STP or TRILL, hybrid setups, and layer-3 routing protocols, mostly IGPs. It finally recommends replacing these with EBGP and a Clos structure. The document is very clear and quite an interesting read. > > The document does not deal with security questions such as what kind of damage a rogue node can do, and that is fine. That is not the subject of this document. > > My one issue is with the Security Considerations section. Section 9 defers to the BGP RFCs (4271 and 4272) for the security considerations. This is a common pattern and it's usually fine, but in this case it is missing something. RFC 4271 requires the use of TCP-MD5 (RFC 2385) for authenticating the BGP connections between routers. RFC 4271 also mentions (but does not solve) the problem of key management. ISTM that in a large-scale and dynamically scalable data center, the problem of key management should be addressed. It might also be nice to use something less antiquated than TCP-MD5. > > Now it's possible to decide that all elements within the data center are trusted and under the administrator's control, and that therefore no authentication is necessary as long as BGP is somehow blocked from outside the DC to internal nodes. But if these assumptions exist, I believe they should be stated. > > Yoav