Secdir last call review of draft-ietf-ospf-ospfv3-segment-routing-extensions-16

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: Yaron Sheffer
Review result: Has Nits

Summary: document has non-security related nits.

Details

* The definition of "segment" is different here from the one used in the
architecture RFC. The RFC is more abstract, quoting: A node steers a packet
through an ordered list of instructions, called "segments". Whereas here a
segment is simply a sub-path. This is confusing to a non-expert, and perhaps
indicates a change in the group's thinking.

* SID/Label Sub-TLV: is it Mandatory? If so, please point it out.

* "The SR-Algorithm TLV is optional" - I find this sentence confusing. Maybe
replace by "The SR-Algorithm TLV is mandatory for routers that implement
segment routing"?

* The reference under "IGP Algorithm Type" registry should be to the IANA
registry itself, not to the I-D that defines it. (In particular since the IANA
registry has already been established,
https://www.iana.org/assignments/igp-parameters/igp-parameters.xhtml#igp-algorithm-types).

* OSPFv3 Extended Prefix Range TLV Flags octet: add the usual incantation about
reserved bits.

* In general I agree with the reasoning in the Security Considerations. I would
like to raise the question if, in addition to mis-routing, this adds a threat
of massive denial-of-service on MPLS endpoints, e.g. by allowing an attacker
who has OSPF access to introduce routing loops. (This may be completely bogus,
I am far from expert with either of these protocols).




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux