On 9/25/15, 2:11 PM, "Jeffrey (Zhaohui) Zhang" <zzh...@juniper.net<mailto:zzh...@juniper.net>> wrote:
Jeffrey: Hi! . . . Major: 1. I-D.ietf-bess-ir and I-D.ietf-bess-mvpn-extranet should be Normative References. Zzh> Done. I-D.ietf-bess-ir wasn’t moved. . . . 1. Section 4. (Security Considerations) Are there really no security considerations? * Section 3.1. (Control State) Says that: "To speed up convergence…PEy MAY advertise a Leaf A-D route even if does not choose PEx as its Upstream PE…With that, it will receive traffic from all PEs, but some will arrive with the label corresponding to its choice of Upstream PE while some will arrive with a different label, and the traffic in the latter case will be discarded.” I’m assuming that all the traffic (specially the discarded one) belongs to the same VPN, so there’s no danger of leaking information, right? It might be worth including something in the Security Consideration so that it’s easier for the readers (Security Directorate, for example) to grasp the context. Zzh> There is indeed no new issues. The quoted text refers to the possible arrival of duplication for the same flow that the receiving PEs need to receive, and they will be discarded anyway. There is no deliver of duplication to CEs, and certainly there is no leaking. I am not sure if that needs to be called out. You don’t have to..but saying that there are no issues usually raises a flag for more thorough review by the SecDir/ADs. You can leave it as is and address any issues that may come up later. Thanks! Alvaro.
_______________________________________________ BESS mailing list BESS@ietf.org https://www.ietf.org/mailman/listinfo/bess