Early Review of draft-ietf-rtgwg-net2cloud-problem-statement-22
review-ietf-rtgwg-net2cloud-problem-statement-22-secdir-early-cooley-2023-04-09-01

Request Review of draft-ietf-rtgwg-net2cloud-problem-statement-19
Requested revision 19 (document currently at 30)
Type Early Review
Team Security Area Directorate (secdir)
Deadline 2023-04-09
Requested 2023-03-06
Requested by Jeff Tantsura
Authors Linda Dunbar , Andrew G. Malis , Christian Jacquenet , Mehmet Toy , Kausik Majumdar
I-D last updated 2023-04-09
Completed reviews Intdir Early review of -26 by Benson Muite (diff)
Secdir Early review of -22 by Deb Cooley (diff)
Genart Early review of -21 by Paul Kyzivat (diff)
Opsdir Early review of -22 by Susan Hares (diff)
Rtgdir Early review of -22 by Ines Robles (diff)
Tsvart Early review of -22 by David L. Black (diff)
Dnsdir Early review of -22 by Florian Obser (diff)
Comments 
Dear colleagues,

RTGWG chairs would like to begin an early review process for the draft.

Thanks,
Yingzhen & Jeff
Assignment Reviewer Deb Cooley
State Completed
Review review-ietf-rtgwg-net2cloud-problem-statement-22-secdir-early-cooley-2023-04-09
Posted at https://mailarchive.ietf.org/arch/msg/secdir/FTeyRrhrQ9zmyWIFulUDCMjDZ74
Reviewed revision 22 (document currently at 30)
Result Not ready
Completed 2023-04-09
review-ietf-rtgwg-net2cloud-problem-statement-22-secdir-early-cooley-2023-04-09-01
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Document: draft-ietf-rtgwg-net2cloud-problem-statement-22
Reviewer: Deb Cooley
Review Date: 2023-04-06 (early review)

Please note that I know almost nothing about BGP, MPLS or routing.

The summary of the review is 'not ready'.

Section 3:  perhaps move this whole section to Section 7?  Sections 4, 5, and 6
seem like they should come before Section 3 anyway?

Section 3.1, para 1, sentence 2: Grammar: 'with more variety of parties' could
be 'with a larger variety of parties.'

Section 3.1, para 2, sentence 2:  'IP tunnels', does this imply IPSec?  Or
something else?

Section 3.1, para 3:  By setting up default eBGP routes, these don't count as
routes from an external entity?  The rest of the paragraph addresses the
handling of exceeding the maximum route threshold?  But there appears to be an
option to keep the BGP session?  This paragraph is confusing.

Section 3.2, paragraph 2:  IGP?  AS?  I can't tell what this is trying to say.

Section 3.2, paragraph 3:  If there is a site failure, how is the Cloud GW
'running fine'?  Is this GW using a different site?  BFD expands to what?

Section 3.2:  Para 1 states why a site might go down.  Para 2-6 outline the
routing (?) issues that occur when a site goes down. I think these could be
better organized.  Only the last para suggests mitigations.

Section 3.3 I'm not an expert, but isn't this an issue to any routing scenario?
Can this be combined with Section 3.6?

Section 3.4, para 3, item 1:  Is this a problem?  Or a feature?  If it is a
problem, can you say why?

Section 3.6, last paragraph:  A globally unique name won't 'resolve the same
way from every perspective'?  Other than being restricted (previous paragraph),
what does this mean? If this is covered in the previous para, I would recommend
deleting the phrase.

Section 4, sentence 1:  Grammar - 'will be mixed of different' should be 'will
be a mix of different'.

Section 4.2, para 2:  Use of a shared key in IPSec implies that IKE isn't used
(shared key was only possible with IKEv1 I believe, which is deprecated).  I
would remove the phrase 'using a shared key'.