|
Dear Takeshi,
We have applied the following changes to the document’s working copy, in response to your review.
Thanks again.
Section 1., paragraph 3:
EXPLANATION: Spell out LDP. OLD: The system applies to monitoring of non Segment Routing Label | Switched Paths (LSP's) like LDP as well as to monitoring of Segment | Routed LSP's (section 7 offers some more information). As compared | to non Segment Routing approaches, Segment Routing is expected to | simplify such a monitoring system by enabling MPLS topology detection | based on IGP signaled segments. The MPLS topology should be detected | and correlated with the IGP topology, which is too detected by IGP | signaling. Thus a centralized and MPLS topology aware monitoring | unit can be realized in a Segment Routed domain. This topology | awareness can be used for Operation, Administration, and Maintenance | (OAM) purposes as described by this document. NEW: The system applies to monitoring of non Segment Routing Label | Switched Paths (LSP's) like Label Distribution Protocol (LDP) as well | as to monitoring of Segment Routed LSP's (section 7 offers some more | information). As compared to non Segment Routing approaches, Segment | Routing is expected to simplify such a monitoring system by enabling | MPLS topology detection based on IGP signaled segments. The MPLS | topology should be detected and correlated with the IGP topology, | which is too detected by IGP signaling. Thus a centralized and MPLS | topology aware monitoring unit can be realized in a Segment Routed | domain. This topology awareness can be used for Operation, | Administration, and Maintenance (OAM) purposes as described by this | document. ------------------------------------------------------------------------ Section 10., paragraph 2: EXPLANATION: Clarify what is meant by “compromise security” in concrete terms. OLD: The PMS allows to insert traffic into non-SR domains. This may be required in the case of an LDP domain attached to the SR domain, but | it can be used to compromise security in the case of external IP | domains and MPLS based VPNs. NEW: The PMS allows to insert traffic into non-SR domains. This may be required in the case of an LDP domain attached to the SR domain, but | it can be used to maliciously insert traffic in the case of external | IP domains and MPLS based VPNs. ------------------------------------------------------------------------ Section 10., paragraph 4: EXPLANATION: Typo. OLD: To limit potential misuse, access to a PMS needs to be authorized and | should be logged. OAM supported by a PMS requires skilled personal and hence only experts requiring PMS access should be allowed to access such a system. It is recommended to directly attach a PMS to an SR domain. Connecting a PMS to an SR domain is technically possible, but adds further security issues. A tunnel based access of a PMS to an SR domain is not recommended. NEW: To limit potential misuse, access to a PMS needs to be authorized and | should be logged. OAM supported by a PMS requires skilled personnel and hence only experts requiring PMS access should be allowed to access such a system. It is recommended to directly attach a PMS to an SR domain. Connecting a PMS to an SR domain is technically possible, but adds further security issues. A tunnel based access of a PMS to an SR domain is not recommended. ------------------------------------------------------------------------ : Best regards,
—
Carlos Pignataro, carlos@xxxxxxxxx “Sometimes I use big words that I do not fully understand, to make myself sound more photosynthesis."
|