On 9/25/15, 2:11 PM, "Jeffrey (Zhaohui) Zhang"
<[email protected]<mailto:[email protected]>> wrote:
Jeffrey:
Hi!
. . .
Major:
1. I-D.ietf-bess-ir and I-D.ietf-bess-mvpn-extranet should be Normative
References.
Zzh> Done.
I-D.ietf-bess-ir wasn’t moved.
. . .
1. Section 4. (Security Considerations) Are there really no security
considerations?
* Section 3.1. (Control State) Says that: "To speed up convergence…PEy
MAY advertise a Leaf A-D route even if does not choose PEx as its Upstream
PE…With that, it will receive traffic from all PEs, but some will arrive with
the label corresponding to its choice of Upstream PE while some will arrive
with a different label, and the traffic in the latter case will be discarded.”
I’m assuming that all the traffic (specially the discarded one) belongs to the
same VPN, so there’s no danger of leaking information, right? It might be
worth including something in the Security Consideration so that it’s easier for
the readers (Security Directorate, for example) to grasp the context.
Zzh> There is indeed no new issues. The quoted text refers to the possible
arrival of duplication for the same flow that the receiving PEs need to
receive, and they will be discarded anyway. There is no deliver of duplication
to CEs, and certainly there is no leaking. I am not sure if that needs to be
called out.
You don’t have to..but saying that there are no issues usually raises a flag
for more thorough review by the SecDir/ADs. You can leave it as is and address
any issues that may come up later.
Thanks!
Alvaro.
_______________________________________________
BESS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/bess
