Re: [bess] Genart early review of draft-ietf-bess-evpn-mvpn-seamless-interop-06

"Kesavan Thiruvenkatasamy (kethiruv)" <kethiruv@cisco.com> Fri, 01 March 2024 23:27 UTC

Return-Path: <kethiruv@cisco.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E46C3C14F69D; Fri, 1 Mar 2024 15:27:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.905
X-Spam-Level:
X-Spam-Status: No, score=-11.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M_nRk-yJWIN5; Fri, 1 Mar 2024 15:27:55 -0800 (PST)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E7ADC14F69C; Fri, 1 Mar 2024 15:27:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; i=@cisco.com; l=110942; q=dns/txt; s=iport; t=1709335674; x=1710545274; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=b3k9xBweOgy7D7bPvXqMjpHnp/em1oaVXHGIc+69Yyw=; b=Bj+fuvbUp+7KtmxwXOEh5yo9yB9qG8pooTpRyy2kNmKxNqhKNZoctMeI XeVH6KoV5XVdA0TkbAhKjhF+FBC4aJ2n/b4f7jGtancajemgbWsv6tPRV Hdee2za/9tr9bo/a2eCNJlXS4YljmBUM9QeKwT32mttuI2WDpdxKrMLJk A=;
X-CSE-ConnectionGUID: bUXNW/DcTzSNVc7kuchiXw==
X-CSE-MsgGUID: zDwpMeQuS92e3A+6ADAFKw==
X-IPAS-Result: A0AOAACMY+JlmIMNJK1aHAEBAQEBAQcBARIBAQQEAQFlgRYHAQELAYE1MVJ6Am4pSIRUg0wDhE5fiGsDgROQL4YtgTiEYIF+DwEBAQ0BAUQEAQGFBgIWh1sCJjQJDgECBAEBAQEDAgMBAQEBAQEBAQYBAQUBAQECAQcFFAEBAQEBAQEBHhkFDhAnhXmGTgEBAQEDEggBCEQSEAIBCA4DAwECIQEJAgICLx0IAgQBDQUIDAcHgl4BghdIAwGlHQGBQAKKKHqBMoEBghYFswCBSAGIJQGBUgIChAOCJYIzJxuBSUSBFAFCgjA4PoQbKh4GgzU5gi8EgRQpVoJgMimCKwOBAjsCJYE0gzCJNhsddYFyN4ZBVHkiA30IBFoNGxAeNxEQEw0DCG4dAjE6AwUDBDIKEgwLHwUSQgNDBkkLAwIaBQMDBIEuBQ0aAhAaBgwmAwMSSQIQFAM4AwMGAwoxMFVBDFADZB8yCTwPDBoCGxQNJCMCLD4DCQoQAhYDHRYEMhEJCyYDKgY5AhIMBgYGXSAWCQQlAwgEA1QDIHQRAwQaBwsHeIIJgT0EE0cQgTQGhTKEagyCAYEOAgUlKoFEA0QdQAMLbT0UIQYOGwUEHwGBGQWfToJXBQERHAI8AgQCDwYpFA0DBAMKEBsLMAIkCAINHgQGBTkCBgkCBAQGBAMSBgIIAQUZBwQGDQQaDwOSPRABCQqDWYsihFmecAqEEoYKh12FP4gPhicXhAWMeoZ3jBWFOGSYWyCiYgIuBBQSAYR1AgQCBAUCDgEBBoFkOoFbcBUaIYJnUhkPiEqFYgUICZNReDsCBwEKAQEDCYhvgRlfAQE
IronPort-PHdr: A9a23:uhyfvxZLpheLwKAqan8SLa//LTDlhN3EVzX9orI9gL5IN6O78IunZ wrU5O5mixnCWoCIo/5Hiu+Dq6n7QiRA+peOtnkebYZBHwEIk8QYngEsQYaFBET3IeSsbnkSF 8VZX1gj9Ha+YgBOAMirX1TJuTWp6CIKXBD2NA57POPwT43fk8S2zf2s05bSeA5PwjG6ZOA6I BC/tw6ErsANmsMiMvMrxxnEqWcAd+VNkGVvI1/S1xqp7car95kl+CNV088=
IronPort-Data: A9a23:i9+BEq2+IlOcZrC38PbD5RVxkn2cJEfYwER7XKvMYLTBsI5bpz1Tz mccUWzVOf2JMzf2eY9ya9+1/UhSvMKAytNnT1Nu3Hw8FHgiRegpqji6wuYcGwvIc6UvmWo+t 512huHodZ1yFjmE4E71btANlFEkvYmQXL3wFeXYDS54QA5gWU8JhAlq8wIDqtYAbeORXUXV5 7sen+WFYAX5g2UsazpIg06+gEoHUMra6WtwUmMWPZinjHeG/1EJAZQWI72GLneQauG4ycbjG o4vZJnglo/o109F5uGNy94XQWVWKlLmBjViv1INM0SUbreukQRpukozHKJ0hU66EFxllfgpo DlGncTYpQvEosQglcxFOyS0HR2SMoVMxY/hHj+TuvCB9Gv4eCTv3v5uDXEpaNhwFuZfWQmi9 NQRLDQLKxuEne/zmfSwS/JngYIoK8yD0IE34y47i2qHS699B8mYGs0m5vcAtNs0rsNDAfbff dcHQTFudx/HJRZIPz/7Dbpkxr/z2iSmImMwRFS9t4Yo+03e9RFKgeLga/OWJPWmbOt2gRPNz o7B1z+kWk5BboP3JSC+2n62j+HT2CL2RIxXHrCj7btnnkWVg2kNEBtTTlaypP20kVX7WtRDJ lYT4mwnqawa9UG3QJ/6RRLQiHSJpQU0WtdMHas98g7l4qXZ5UOQHHQsTzNdZpohrsBeeNAx/ laNm9WsDjt1vfjMD3mc7byT6zi1PED5MFPuewcOcDsj3J7Pq70htTTxRYlgDaW1j+3qTGSYL y+xkAAygLAajMgu3qq9/Ezajz/EmnQvZlNrjukwdj/1hj6VdLKYi5qUBU83BMuswa6QSl2H+ XMDgcXbtaYFDIqGk2qGR+Bl8FCVCxStbmO0bb1HRsVJG9GRF5iLJtw4DNZWfxwBDyr8UWW1C HI/QCsIjHOpAFOkbLVsf6W6ANkwwK7rGLzND6+MP4EWOsAhLFfWrUmCgHJ8OUiwwCDAdolia P+mnTqEUh729Iw+lWXmGb1BuVPV7nBumws/uqwXPzz8jOLBPyTKIVv0GFCPdes+pLiVuxnY9 s0XNs2BjX1ivB7WPEHqHXooBQlSdxATXMmuw+QOL7LrClQ9QgkJVaSOqY7NjqQ4xcy5YM+So CHkMqKZoXKi7UD6xfKiMy45NO61Bc0l8BrW/0UEZD6V5pTqWq72hI83fJosdr5h/+tmpcOYh dFcEylcKpyjkgj6xgk=
IronPort-HdrOrdr: A9a23:8UkdHqpnEovbL6LbYXRYBWEaV5tiLNV00zEX/kB9WHVpm5Oj5q OTdaUgtSMc1gxxZJh5o6H/BEDhex/hHZ4c2/h2AV7QZniWhILIFvAv0WKM+UybJ8STzJ846U 4kSdkANDSSNyk0sS+Z2njELz9I+rDum87Y55a6854ud3AXV0gK1XYBNu/vKDwMeOAwP+tAKH Pz3LshmxOQPV4sQoCQAH4DU+Lfp9vNuq7HTHc9bSIP2U2ltx/tzKT1PSS5834lPg+nx41MzU H11yjCoomzufCyzRHRk0XJ6Y5NpdfnwtxfQOSRl8k8MFzX+0eVTbUkf4fHkCE+oemp5lpvus LLuQ0cM8N67G6UVn2poCHqxxLr3F8Vmj/fIB6j8DjeSP7CNXcH4vl69MZkm9zimg0dVeRHoe B2NqSixtxq5F377X3ADpPzJmFXfwKP0AkfeKgo/jJiuU90Us4LkWTZl3klSKsoDWb07psqH/ JpC9yZ7PFKcUmCZ3ScpWV3xsewN05DVStub3Jy8/B96QIm1ExR3g8d3ogSj30A/JUyR91N4P nFKL1hkPVLQtUNZaxwCe8dSY/vY1a9DC7kISaXOxDqBasHM3XCp9r+56g0/vijfNgNwIEpkJ rMXVtEvSo5el7oC8eJwJpXmyq9ClmVTHDo0IVT9pJ5srrzSP7iNjCCUkknl4+6r/AWEqTgKo CO0VJtcojexEfVaPJ0NlfFKutvwFElIbgohuo=
X-Talos-CUID: 9a23:mtwl+myhKzUwfKpPdGOTBgUeJ/ADTTrxx0vCGGmGAjlqVbaVSG+PrfY=
X-Talos-MUID: 9a23:jNJDOgXbnY+5OjTq/C3AmylHOf512PX0BRsk0ssvl+CqFjMlbg==
X-IronPort-Anti-Spam-Filtered: true
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-7.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Mar 2024 23:27:53 +0000
Received: from rcdn-opgw-3.cisco.com (rcdn-opgw-3.cisco.com [72.163.7.164]) by alln-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 421NRq0j021366 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 1 Mar 2024 23:27:52 GMT
X-CSE-ConnectionGUID: BxTlN8l4QbywVsGnXko4YA==
X-CSE-MsgGUID: TGjAnVx2QcOxbXFRdC4OUw==
Authentication-Results: rcdn-opgw-3.cisco.com; dkim=pass (signature verified) header.i=@cisco.com; spf=Pass smtp.mailfrom=kethiruv@cisco.com; dmarc=pass (p=reject dis=none) d=cisco.com
X-IronPort-AV: E=Sophos;i="6.06,197,1705363200"; d="scan'208,217";a="14682990"
Received: from mail-dm6nam11lp2168.outbound.protection.outlook.com (HELO NAM11-DM6-obe.outbound.protection.outlook.com) ([104.47.57.168]) by rcdn-opgw-3.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Mar 2024 23:27:52 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M+f7WgCHky0LlQtcfOxP7dsAnAWJ0dy/wffLCgL1QVXNJQogDxUl0D/6Mlrhy4pQb8Hs1M32AG+RX4xAZB9u8R0A4Xp6kVBsd0G11i7jWif594Q3Xr1noss9YkglOBKNrjl1mVrIjQmcwL/Jz6k7vd6U0f0j3QEdcv1v4Nl046+qMnUEV/zUb2+rJQQv+RWGq0WB/IMeuqQP5uc8Smc86o1b+Io/zCBBNl+NwZDO+4O27iCusUQJI3gb93YSVoSZoFONWP0+lBZQ+QSoK9/aSDp0jR5ku841hQ0LKeBE2Y9r1SajbfitQn32aI5Dii571Z/GPhoFSYZ9QpJfwQE1sA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=b3k9xBweOgy7D7bPvXqMjpHnp/em1oaVXHGIc+69Yyw=; b=k4fYliHFdxmROCAtjF1Vr9IMQo0ZXo1L2ITSmWyCAlJtDy77EmCvgcWzI8vz+64nJ89zgQwjq0cd8+yKMild0sQFE5wdD0KjM9MpCtNg+uqpHU99cmv+RieG/oOEUNm49kbWwyXvC+CbRb5XcEeJMV0mbxO9sQiamK1pNe/NduL6aDrN7uNY2Sn061Acih8jfc47SYx6ZRsWgJPKafq9yo8p8ybMVRpTzNgTK8PeCwBZKQjqX1ztbg667CYq7v/1mXoADQwS/lxcqBI3ElKleqKtAZEEqdqK/LftNSmZJ25Do1U+cJWKRKI37/Ed97Ir22cb46K/fMiFhtntjXxAUA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
Received: from BYAPR11MB3464.namprd11.prod.outlook.com (2603:10b6:a03:7d::13) by MW3PR11MB4553.namprd11.prod.outlook.com (2603:10b6:303:2c::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.18; Fri, 1 Mar 2024 23:27:50 +0000
Received: from BYAPR11MB3464.namprd11.prod.outlook.com ([fe80::2c1:1e87:a56b:65e5]) by BYAPR11MB3464.namprd11.prod.outlook.com ([fe80::2c1:1e87:a56b:65e5%5]) with mapi id 15.20.7339.024; Fri, 1 Mar 2024 23:27:50 +0000
From: "Kesavan Thiruvenkatasamy (kethiruv)" <kethiruv@cisco.com>
To: Susan Hares <shares@ndzh.com>, "gen-art@ietf.org" <gen-art@ietf.org>
CC: "bess@ietf.org" <bess@ietf.org>, "draft-ietf-bess-evpn-mvpn-seamless-interop.all@ietf.org" <draft-ietf-bess-evpn-mvpn-seamless-interop.all@ietf.org>
Thread-Topic: Genart early review of draft-ietf-bess-evpn-mvpn-seamless-interop-06
Thread-Index: AQHaQ1bRBKoRETA9ZU6u05QyLeedxrEj2LkN
Date: Fri, 01 Mar 2024 23:27:50 +0000
Message-ID: <BYAPR11MB346432BC05608837E96D2E24CA5E2@BYAPR11MB3464.namprd11.prod.outlook.com>
References: <170484424225.39446.4390496090289464026@ietfa.amsl.com>
In-Reply-To: <170484424225.39446.4390496090289464026@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BYAPR11MB3464:EE_|MW3PR11MB4553:EE_
x-ms-office365-filtering-correlation-id: 54390e6e-9bbf-407f-6167-08dc3a47361d
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 7hyi+nWCiHl4z65unPzEYsxT7fRSAnnNPYOooFUwk0F8VUtB8xXBfyQjNKcKPLsBrIhsNlc/BScK39hR5uZDfPQzIkoQIrtfORZ4pEZajtJAyKAm9fG4QMZq6yi4VXMuEjN6AOmo58LsGqtJ78EdlAWiL4BNibLP4wVfmkfQx+6KOj1mY0IL3LHGQQ9/19rjXs4kJlaL3Tn5MCh5du1hhJsXeLACAbuSprLlPUU+XKSb5ZeLXkG9PCL98RQN1jof3gJ+cHWIxcrubVSq+9Mg1MTWOKckD42KuN3Is4uk6ttr43ut2eSg23+lWKka/55oHy8yVaMaDQN5b9RkJ1UbEFTdpTTG/ntTjV9lgCq5f6qXdSO1Txl2PILr/DrjwlMS3ANlD0sF5sNiV0tROlCkbTBqeOrtl1KBKAouqJhhwUiSgo883bWl11iPsF5MfGzNQT5CHOGQJRkmDfTq23a5XRP04iXjyeTupAJJ1lpXfZ6CHrC0+CHrymZwgwRLcQwJp/N6ITyHwTdDYG+UP5lQ7fc0MKVGgkgLn0ZFwJsngPcnb6A3aL6aOWAl2C8pV2apeCsNh0tqvEdKCLrDS4uYdBMoBCJ6DcVbn7Y6W0yHH3P0Wobl5+w0O27f0k4CPWut18e4ofVsUI3NeqgjI8M1hoZPRm2va3ojuvYRczflTTw1nza557TbwCw9846TeelqTv1T6Q/4qheoiGdKs5v/QuEkrLPHh5A3vT2UDBcupLA=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB3464.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(38070700009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 2oUP8/XQVfBXEVc/crWRz+7I5I89YU33wVhmEUSI/SzOGbA788xUnSLiPneQeSGBz9qFonieyl2sEifRDe5JGQTA6VYeFZeVxT7S5f3ewH3NxEqbJYWnkoomhPiejX2Oc8hRshWRPgdjLoX37+692LnzvHbvLPXMKquF6svFYA1GgINVMD91S/oJP1lE7urKI87slJg7zAjoDHDxuWRAngwK46MajAYM9VfVFg84ml0d1YmFXyM3XqdnAxfoXk/cTgHoVcVuFPWcPN9oMHwIaOonjOkIYc+dNmMq8APklMRRUYLAH1n5KpC7PV5LAylR+5p4+KUg2RRVVNhDu/MQkkKC5FMTMjLCk2Tz6Cw4CRGaP6SuPnXRSuRzsX3RmGq0U7s3ZYvyuEmUR5Qayh0FKuCoI5nftsJVT9UH7JCVMU90kqNj0ZuGeEbimkV0mfDGaCdVNT9Nu2Z69FtZroeI1t8YyJphbiTWjhj896fqhv80jJm/gnXjMc1OJ7iY6XDySYlftSMEH3Hj7B0vKobdWvowBJBAvQKjhAiiaVIAk0aeKhVNTWSWWicoEHdhl9ur/ZMiair/mVVcmZruJsjwDZb3EXjVtNqUPUoMJ17ITeIkF8nC032Je24BP+hboPlcVVfauAqLYct9puuPuTnD3vdhCz/xQbVHciaOnKfq4ht1XSDSUtzdRD6ga4gi7qq7e6WiDXnI2V1Btcjh2zJjLuDlhK3raXvUPhrVtfifVJzECV1ICUfLzLQwnQVzLrQCA0gYJsayX2GExr9N0Yxe7mC5wEN+aVrQumG0wUIugmelzL81sO97uknMtd/ElqBZ1pFEuApZNs7FAAg7VutcG0NXG/U0ZvG/IY9163lyqOqJ7Enfvk4MPWd1ZJAiElaMrj0VMRQjcffJhpIP2+QpDx63c3excwpyh8fMsYQxYWczvj0aAMd76srZm5fiGGGuY5JwDAftKSlELi28FEUOq0CyuFEe9EmqL14Y8FckUJPZ48R8NWdXKaH9WNzcRDTnqgcJd09hn1TjeRfuS8w/SsyZAw9DHFxIlu05JjMpI/sbbMQaF6uSQJkUqufp1XEyFnvdF3ce5sDcoM9U6tyScC8HL8vpb7Ij8t6MESo5+DylrwbfwhX93fqiaI4BDtEFRRjy8xGzQ6gk1H8X2a7E3ZZ0HwoeTdlRL1E4F6mCO6+SLp6D9xnXLgq9jSAo+aSj/US5liMZURJJq6lmIs/WK+8yAhy9ZGxc7ydlQRZ31YzM5TugfVn1YtWWaypx3uhwGe4rx5otrPh+qnJ4cK9P8SggkAHQP08xrsi/BOugn5ochfsdamLzCSuDA3GzCtbwnqngjjNQd5gpJ4Jzj1YnSwFRSLoQLG9fOt+PGz26crw9STmyF4fR3CPisgWkA9xhFyNVoH8YL8IccndkOgAZr/NmmynpzGNuzD5tec2tEhJXJl2T2a6fjPCC92mhFFQ2r5GYHw8K2OkaWpeRKcWTvjNDU90IPAou/4243KaOeUTWdA2V5OXE+FQ+0V4iKzKb7mTSvAd3eL0TNG9JdLw6hIYNYhcPUtL61PvdwU94hg1u8CTemXaaGpchuSDn74jFAZGTor2Iu+6fRvMIOISpwUPAcEidK4c8Z12Ssc/Gb0hAAOqN/pebJOIRb5C8w0sQ1+vzr2QOzZtiNDxXRmKYMg==
Content-Type: multipart/alternative; boundary="_000_BYAPR11MB346432BC05608837E96D2E24CA5E2BYAPR11MB3464namp_"
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3464.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 54390e6e-9bbf-407f-6167-08dc3a47361d
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Mar 2024 23:27:50.4119 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pc4Zjr3vlY3ijS0t5PfwAfnhaemcZNEYQacZFWoxxCd6U4O1ePJaeU/C5Pcu4XJNTgpOCPzMPfXVB3L2GgLxjw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR11MB4553
X-Outbound-SMTP-Client: 72.163.7.164, rcdn-opgw-3.cisco.com
X-Outbound-Node: alln-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/ppb5D2S0jnJkhajdKOZMjdAxfdM>
Subject: Re: [bess] Genart early review of draft-ietf-bess-evpn-mvpn-seamless-interop-06
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Mar 2024 23:27:59 -0000

Hi Susan,

Many thanks for a detailed review and comments.  Will get back with document updates and  clarifications shortly.

Thanks,
Kesavan

From: Susan Hares via Datatracker <noreply@ietf.org>
Date: Tuesday, January 9, 2024 at 3:51 PM
To: gen-art@ietf.org <gen-art@ietf.org>
Cc: bess@ietf.org <bess@ietf.org>, draft-ietf-bess-evpn-mvpn-seamless-interop.all@ietf.org <draft-ietf-bess-evpn-mvpn-seamless-interop.all@ietf.org>
Subject: Genart early review of draft-ietf-bess-evpn-mvpn-seamless-interop-06
Reviewer: Susan Hares
Review result: Almost Ready

GEN-ART review

Status: Almost ready

Summary Comment:
==========
Multicast distribution can aid the network, so it is important to have a solid
standard.

Wow! This is an amazing amount of work to combine EVPN and MVPN.
I went between RFC6513, RFC6514, RFC7432, and RFC8542. You caught many of the
issues between the EVPN-MVPN.

I'm hopeful this will help catch a few additional issues.

Sue
============================

Status Early Review: On the right track,
 6 technical issues, editorial issues

===============
Summary of Technical issues:

1. Technical issue #1:  Section 5.3 - refers to section 8 and 9
How you do you restriction of importing the same type-5 Route to IPVPN VRF from
multiple PEs (Section 8.1)?

The issue is the same Route-5 from different PEs (MVPN PE or EVPN PE) into the
IPVPN cloud with the same VRF. If type-5  Route is sent from different PEs with
different VRFs, there is not a problem. If type-5 Route is sent once from
different PE with same VRF,  then route selection policy should handle the
resolution. If type-5 Route is sent multiple times from different PEs with Same
VRF, it can encounter the count to infinity problem.

Level: IDR chairs indicate this ia well-known issue, and can be noted in
manageability. Issue: No manageability section.

2. VXLAN tunnels under the MVPN network (Section 8.2.2)
Question: How does the network limit the reach of these tunnels to keep the
EVPN and MVPN?

level: Security/managemeability issue

3. Section 8.2.3 - It is unclear what tunnel types that this RFC draft supports.
Does it support VXLAN plus NVGRE (type = 9) , GRE (type = 2), GENEVE or GPE (?).
Are you supporting any other tunnel types for encapsulation?

Level: Clarity of what is supported in draft

4.      Section 9 – MVPN VPN overlay tunnel over DC network is terminated on
IP-VRF (rather than MAC-VRF/BTs).

Problem 1 – Does the split horizon for EVPN (RFC7432, section 8.3] require MPLS
forwarding in the EVPN-MVPN network? 4a) Does this functioning require MPLS
forwarding of traffic in EVPN--MVPN network? 4b) How is this BUM (Broadcast,
Unknown Unicast, and Multicast traffic) handled in the MVPN/EVPN gateway
    (section 6.3) for three types of tunnels?

5. TTL decrement - the IDR chairs do not think this is a problem.

6. The Security section does not seem to cover all the security and
mangeability issue for the EVPN-MVPN?
==================================================

Full Description of 6 Technical issues
============================

Level: Split-horizon + effective split horizon (RFC8584)

===============
Explanation of technical comments:

General overview:
The procedures in this draft are an extension of RFC6513 and RFC6514.
Figure 1-2 shows two ways to EVPN and MVPN in seamless operation.

Figure 1:
EVPN glued to MVPN via IP VRFs

                        EVPN PE1
                     +------------+
           Src1 +----|(MAC-VRF1)  |                   MVPN PE3
          Rcvr1 +----|      \     |    +---------+   +--------+
                     |    (IP-VRF)|----|         |---|(IP-VRF)|--- Rcvr5
                     |      /     |    |         |   +--------+
           Rcvr2 +---|(MAC-VRF2)  |    |         |
                     +------------+    |         |
                                       |  MPLS/  |
                        EVPN PE2       |  IP     |
                     +------------+    |         |
           Rcvr3 +---|(MAC-VRF1)  |    |         |    MVPN PE4
                     |       \    |    |         |   +--------+
                     |    (IP-VRF)|----|         |---|(IP-VRF)|--- Rcvr6
                     |       /    |    +---------+   +--------+
           Rcvr4 +---|(MAC-VRF3)  |
                     +------------+

                   Figure 1:  MVPN PEs Seamless Interop

Figure 2:
EVPN as MVPN PEs

                       EVPN PE1
                     +------------+
           Src1 +----|(MAC-VRF1)  |
                     |     \      |
          Rcvr1 +----|  +--------+|    +---------+   +--------+
                     |  |MVPN PE1||----|         |---|MVPN PE3|--- Rcvr5
                     |  +--------+|    |         |   +--------+
                     |      /     |    |         |
           Rcvr2 +---|(MAC-VRF2)  |    |         |
                     +------------+    |         |
                                       |  MPLS/  |
                        EVPN PE2       |  IP     |
                     +------------+    |         |
           Rcvr3 +---|(MAC-VRF1)  |    |         |
                     |       \    |    |         |
                     |  +--------+|    |         |   +--------+
                     |  |MVPN PE2||----|         |---|MVPN PE4|--- Rcvr6
                     |  +--------+|    |         |   +--------+
                     |       /    |    +---------+
           Rcvr4 +---|(MAC-VRF3)  |
                     +------------+

                       Figure 2: EVPN PEs as MVPN PEs

MVPN passes NLRI with sub-route types 1-7 (RFC6514, setion 4).
AFI=1, SAFI=5 (MVPN),  AFI=1, SAFI=129 - VPN for MVPN
      + 0 - Reserved
      + 1 - Intra-AS I-PMSI A-D route;
      + 2 - Inter-AS I-PMSI A-D route;
      + 3 - S-PMSI A-D route;
      + 4 - Leaf A-D route;
      + 5 - Source Active A-D route.
      + 6 - Shared Tree Join route;
      + 7 - Source Tree Join route;

PMSI Tunnel attribute with the following tunnel types
      + 0 - No tunnel information present
      + 1 - RSVP-TE P2MP LSP
      + 2 - mLDP P2MP LSP
      + 3 - PIM-SSM Tree
      + 4 - PIM-SM Tree
      + 5 - BIDIR-PIM Tree
      + 6 - Ingress Replication
      + 7 - mLDP MP2MP LSP

PE Distinguisher Labels attribute.

RFC9012 (TEA) - prefers PMSI tunnels if both TEA and PMSI.
Extended Communities: Source AS and VRF-RT Import

EVPN document defines the following Route Types for AFI (RFC7432)
AFI = 25, SAFI: 70
      + 0 - Reserved
      + 1 - Ethernet Auto-Discovery (A-D) route
      + 2 - MAC/IP Advertisement route
      + 3 - Inclusive Multicast Ethernet Tag route
      + 4 - Ethernet Segment route

Extended Communities:
1) ESI Label Extended Community  [0x01]
2) ES-Import Targe Extended Community [0x02]
3) MAC Mobility [0x00]
4) Default Gateway Extended Community [Opague]

====================================================================
Technical issue scope:
Sections 5.3, 5.4, and 5.5 are the key issues in EVPN/MVPN interoperation.

Technical issue #1:  Section 5.3 - refers to section 8 and 9

Problem:

1.      Restriction of importing the same type-5 Route to IPVPN VRF from
multiple PEs (Section 8.1)

The issue is the same Route-5 from different PEs (MVPN PE or EVPN PE) into the
IPVPN cloud with the same VRF. If type-5  Route is sent from different PEs with
different VRFs, there is not a problem. If type-5 Route is sent once from
different PE with same VRF,  then route selection policy should handle the
resolution. If type-5 Route is sent multiple times from different PEs with Same
VRF, it can encounter the count to infinity problem.

Text + explanation behind the problem.
---------------------------------------
1. Section 5.3 paragraph 1

Text:
/  When an IP multicast source is attached to an EVPN PE, the unicast
   route for that IP multicast source needs to be advertised.

   [Case 1]
   When the source is attached to a Single-Active multi-homed Ethernet
   Segment (ES), then the EVPN DF PE is the PE that advertises a unicast
   route corresponding to the source IP address with VRF Route Import
   extended community which in turn is used as the Route Target for Join
   (S,G) messages sent toward the source PE by the remote PEs.  The EVPN
   PE advertises this unicast route using EVPN route type 2 and IPVPN
   unicast route along with VRF Route Import extended community.  EVPN
   route type 2 is advertised with the Route Targets corresponding to
   both IP-VRF and MAC-VRF/BT; whereas, the IPVPN unicast route is
   advertised with RT corresponding to the IP-VRF.  When unicast routes
   are advertised by MVPN PEs, they are advertised using IPVPN unicast
   route along with VRF Route Import extended community per [RFC6514].
/
   Example: Figure-1, src-1, EVPN DF = EVPN-PE1, PE1 announces
   src1 with VRF Route Import Ext-Com in two announcements
   EVPN (RFC7542, AFI=L2 (25), SAFI = 70), Route-type=2, Rt-Targets IP-VRF +
   MAC-VRF MVPN - IP-VPN (RFC6514/6513, AFI=1, SAFI=5) RT-target = IP VRF

    If single access, EVPN routes are added to
        figure 1 + 2 :  PE1 + PE2 MAC VRF + IP-VPN, PE3 + PE - IPVRN

More text on Case 2a/
   When the source is attached to an All-Active multi-homed ES, then the
   PE that learns the source advertises the unicast route for that
   source using EVPN route type 2 and IPVPN unicast route along with VRF
   Route Import extended community.  EVPN route type 2 is advertised
   with the Route Targets corresponding to both IP-VRF and MAC-VRF/BT;
   whereas, the IPVPN unicast route is advertised with RT corresponding
   to the IP-VRF./

 Note: This is the same announcement as above.

 Case 2b (already have) / When the other multi-homing EVPN PEs for that ES
   receive this unicast EVPN route, they import the route and check to
   see if they have learned the route locally for that ES, if they have,
   then they do nothing.
   /

Case 2c  (don't have)
  /But if they have not, then they add the IP and
   MAC addresses to their IP-VRF and MAC-VRF/BT tables respectively with
   the local interface corresponding to that ES as the corresponding
   route adjacency.  Furthermore, these PEs advertise an IPVPN unicast
   route along with VRF Route Import extended community and Route Target
   corresponding to IP-VRF to other remote PEs for that MVPN.
   Therefore, the remote PEs learn the unicast route corresponding to
   the source from all multi-homing PEs associated with that All-Active
   ES even though one of the multi-homing PEs may only have directly
   learned the IP address of the source./

 Result:
   Same as above.
-----------------
Section 8
   Section 8 extends seamless interop procedures to EVPN only fabrics as
   an IRB solution for multicast.  L3VPN provisioning is not needed
   among EVPN PEs.  EVPN PEs only need to advertise unicast routes using
   EVPN route-type 2 or route-type 5 with VRF Route Import extended
   community and don't need to advertise IPVPN routes within EVPN only
   fabric.
----------------
Technical issues for section 8 implementing 5.3

 #1.    Restriction of importing the same type-5 Route to IPVPN VRF from
 multiple PEs (Section 8.1)

Problem: The same Route-5 from different PEs (MVPN PE or EVPN PE) into the
IPVPN cloud with the same VRF.

If type-5 Route is sent from different PEs with different VRFs, there is not a
problem. If type-5 Route is sent once from different PE with same VRF,  then
route selection policy should handle the resolution. If type-5 Route is sent
multiple times from different PEs with Same VRF, it can encounter the count to
infinity problem.

Keyur Comment: This problem is well-known issue, and can be noted in
manageability.

===========================================================================
#2.     VXLAN tunnels under the MVPN network (Section 8.2.2)

technology:
a) VXLAN tunnels (tunnel type = 8)
   1. set up tunnels
   2. Announce MVPN routes I-PMSI (Type 1 or 2) or S-PMSI (Type 3) +
     PMSI Tunnel Attribute + RFC9012 Ext-Com (Encapsulation) with tunnel type 8
     (barebones)
         + VRF Route Import Extended Community + SRC Extended Community
   3. Require Gateway EVPN and MVPN with complete termination of L2 and L3

Question: How does the network limit the reach of these tunnels
to keep the EVPN and MVPN?

The initial assumption for a walled garden with EVPN and MVPN
is that the "configuration that limits the reach of EVPN and MVPN."
However, the text indicates there is little EVPN configuration.

Reference text: /

8.2.2.  VxLAN Encapsulation

   In order to signal VXLAN, the corresponding BGP encapsulation
   extended community [RFC9012] SHOULD be appended to the MVPN I-PMSI
   and S-PMSI A-D routes.  The MPLS label in the PMSI Tunnel Attribute
   MUST be the Virtual Network Identifier (VNI) associated with the
   customer MVPN.  The supported PMSI tunnel types with VXLAN
   encapsulation are: PIM-SSM Tree, PIM-SM Tree, BIDIR-PIM Tree, Ingress
   Replication [RFC6514].  Further details are in [RFC8365].

   In this case, a gateway is needed for inter-operation between the
   EVPN MVPN-capable PEs and non-EVPN MVPN PEs.  The gateway should re-
   originate the control plane signaling with the relevant tunnel
   encapsulation on either side.  In the data plane, the gateway
   terminates the tunnels formed on either side and performs the
   relevant stitching/re- encapsulation on data packets.
 /

 ====================================================
# 3. What tunnel types does this EVPN-MVPN draft support besides VXLAN?

Problem: It is unclear what is the exact list of tunnel types that this RFC
draft supports. VXLAN, NVGRE (type = 9) , GRE (type = 2),  or GENEVE (? see
IANA). Are you supporting any other tunnel types for encapsulation? Would you
include SR-Policy with TEA attribute?

Text:/

 8.2.3.  Other Encapsulation

   In order to signal a different tunneling encapsulation such as NVGRE,
   GPE, or GENEVE the corresponding BGP encapsulation extended community
   [RFC9012] SHOULD be appended to the MVPN I-PMSI and S-PMSI A-D
   routes.  If the Tunnel Type field in the encapsulation extended-
   community is set to a type that requires Virtual Network Identifier
   (VNI), e.g., VXLAN-GPE or NVGRE [RFC9012], then the MPLS label in the
   PMSI Tunnel Attribute MUST be the VNI associated with the customer
   MVPN.  Same as in the VXLAN case, a gateway is needed for inter-
   operation between the EVPN MVPN-capable PEs and non-EVPN MVPN PEs.
/
================================================

#4. Section 9 – MVPN VPN overlay tunnel over DC network is terminated on IP-VRF
(rather than MAC-VRF/BTs).

Problem 1 – Does the split horizon for EVPN (RFC7432, section 8.3] require MPLS
forwarding in the entire EVPN-MVPN network and the gateway between EVPN-MVPN?

If so,
   a) Where are you limiting the EVPN-MVPN network to multicast forwarding via
   MPLS? b) What are all the gateway EVPN/MVPN interactions need to be handled?

draft section 5.4/
   Since the network of interest for seamless interoperability between
   EVPN and MVPN PEs is MPLS, the EVPN handling of BUM traffic for MPLS
   network needs to be considered.  EVPN [RFC7432] uses ESI MPLS label
   for split-horizon filtering of Broadcast/Unknown unicast/multicast
   (BUM) traffic from an All-Active multi-homing Ethernet Segment to
   ensure that BUM traffic doesn't get looped back to the same Ethernet
   Segment that it came from.  This split-horizon filtering mechanism
   applies as-is for multicast IRB scenarios because of using the intra-
   ES tunnel among multi-homing PEs.  Since the multicast traffic
   received from a TS source on an All-Active ES by a multi-homing PE is
   bridged to all other multi-homing PEs in that group, the standard
   EVPN split-horizon filtering described in [RFC7432] applies as-is.
/


Problem 2 - How is BUM traffic handled in the MVPN-EVPN gateway?

There are three types of tunnels listed in section 6
1) intra-ES tunnel - for multihoming of ES traffic -
L2 forwarded among PEs on the same subnet.

2) intra-subnet BUM tunnel - for BUM traffic on a
given subnet (section 6.2) set-up by IMET per RFC7432
(IMET defined in section 7.3, procedures in 11, 12, and 16).

3) Inter-Subnet for IP multicast tunnel - L3 traffic using
 a) I-PMSI A-D Route (RFC6514, sections 4.1 + 9.2) for default underlay tunnel
 route, b) S-PMSI A-D Route (RFC6514, sections 4.2 + 9.1) for customer flow
 specific underlay tunnels,

All-Active multi-homing PE uses two tunnels:
1) intra-ES tunnel among multi-homing PEs (L2 + L3)
2) IMET tunnel for the Link-local multicast BUM part of the intra-ES network,
and

Section 6.3, does not seem to discuss how the L3 Multicast

It would be good to discuss scaling in a manageability section
about inclusive overlay trees versus tenant IP-VRF.

Section of text referenced in RFC7432
========================
RFC7432 section 8.3 Text: /
8.3.  Split Horizon

   Consider a CE that is multihomed to two or more PEs on an Ethernet
   segment ES1 operating in All-Active redundancy mode.  If the CE sends
   a broadcast, unknown unicast, or multicast (BUM) packet to one of the
   non-Designated Forwarder (non-DF) PEs, say PE1, then PE1 will forward
   that packet to all or a subset of the other PEs in that EVPN
   instance, including the DF PE for that Ethernet segment.  In this
   case, the DF PE to which the CE is multihomed MUST drop the packet
   and not forward back to the CE.  This filtering is referred to as
   "split-horizon filtering" in this document.

   When a set of PEs are operating in Single-Active redundancy mode, the
   use of this split-horizon filtering mechanism is highly recommended
   because it prevents transient loops at the time of failure or
   recovery that would impact the Ethernet segment -- e.g., when two PEs
   think that both are DFs for that segment before the DF election
   procedure settles down.

   In order to achieve this split-horizon function, every BUM packet
   originating from a non-DF PE is encapsulated with an MPLS label that
   identifies the Ethernet segment of origin (i.e., the segment from
   which the frame entered the EVPN network).  This label is referred to
   as the ESI label and MUST be distributed by all PEs when operating in
   All-Active redundancy mode using a set of Ethernet A-D per ES routes,
   per Section 8.2.1 above.  The ESI label SHOULD be distributed by all
   PEs when operating in Single-Active redundancy mode using a set of
   Ethernet A-D per ES routes.  These routes are imported by the PEs
   connected to the Ethernet segment and also by the PEs that have at
   least one EVPN instance in common with the Ethernet segment in the
   route.  As described in Section 8.1.1, the route MUST carry an ESI
   Label extended community with a valid ESI label.  The disposition PE
   relies on the value of the ESI label to determine whether or not a
   BUM frame is allowed to egress a specific Ethernet segment.
/

=============================
5.      The points out that inter-subnet will be L2-Switched not routed, so TTL
is decremented (see appendix A)

   The IDR Chairs thought the TTL decrement was a positive thing rather than a
   problem.

========================================
6. Technical - lack of in-depth manageability or security section on
combination.

6-a) How the walled garden for the EVPN/MVPN cloud is delineated?
What attacks can occur within the combined walled garden?

6-b) How does the text discuss the security issues regarding
DOS attacks due to overload with multicast technology?

Old text in draft /

14.  Security Considerations

   All the security considerations in [RFC7432], [RFC6513] and [RFC6514]
   apply directly to this document because this document leverages these
   RFCs control planes and their associated procedures.
/

Why I am concerned about these issues
==========================================

#6-a) How the walled garden for the EVPN/MVPN cloud is delineated?
What attacks can occur within the combined walled garden?

Texts from RFC6513, RFC6514, RFC7432 that cause me to wonder:

Text from RFC6513:/
   An ASBR may receive, from one SP's domain, an mLDP, PIM, or RSVP-TE
   control message that attempts to extend a P-tunnel from one SP's
   domain into another SP's domain.  This is perfectly valid if there is
   an agreement between the SPs to jointly provide an MVPN service.  In
   the absence of such an agreement, however, this could be an
   illegitimate attempt to intercept data packets.  By default, an ASBR
   MUST NOT allow P-tunnels to extend beyond AS boundaries.  However, it
   MUST be possible to configure an ASBR to allow this on a specified
   set of interfaces. /

Review comment:  Is this Extension abnormal for the EVPN-MVPN cloud?
How are tunnels restricted with RFC 9012 TEA?

Text from RFC6514:/

17.  Security Considerations

   The mechanisms described in this document could reuse the existing
   BGP security mechanisms [RFC4271] [RFC4272].  The security model and
   threats specific to Provider Provisioned VPNs, including L3VPNs, are
   discussed in [RFC4111].  [MVPN] discusses additional threats specific
   to the use of multicast in L3VPNs.  There is currently work in
   progress to improve the security of TCP authentication.  When the
   document is finalized as an RFC, the method defined in [RFC5925]
   SHOULD be used where authentication of BGP control packets is needed.

   A PE router MUST NOT accept, from CEs routes, with MCAST-VPN SAFI.

   If BGP is used as a CE-PE routing protocol, then when a PE receives a
   route from a CE, if this route carries the VRF Route Import Extended
   Community, the PE MUST remove this Community from the route before
   turning it into a VPN-IP route.  Routes that a PE advertises to a CE
   MUST NOT carry the VRF Route Import Extended Community.
/

Text from RFC7432 , Section 19 /
   Note that [RFC5925] will not help in keeping MPLS labels private --
   knowing the labels, one can eavesdrop on EVPN traffic.  Such
   eavesdropping additionally requires access to the data path within an
   SP network.  Users of VPN services are expected to take appropriate
   precautions (such as encryption) to protect the data exchanged over
   a VPN.

   One of the requirements for protecting the data plane is that the
   MPLS labels be accepted only from valid interfaces.  For a PE, valid
   interfaces comprise links from other routers in the PE's own AS.  For
   an ASBR, valid interfaces comprise links from other routers in the
   ASBR's own AS, and links from other ASBRs in ASes that have instances
   of a given EVPN.  It is especially important in the case of multi-AS
   EVPN instances that one accept EVPN packets only from valid
   interfaces.

/


#6-b) How does the text discuss the security issues regarding
DOS attacks due to overload with multicast technology?

Text from RFC6513, Sction 13 /

   Many of the procedures in this document cause the SP network to
   create and maintain an amount of state that is proportional to
   customer multicast activity.  If the amount of customer multicast
   activity exceeds expectations, this can potentially cause P and PE
   routers to maintain an unexpectedly large amount of state, which may
   cause control and/or data plane overload.  To protect against this
   situation, an implementation should provide ways for the SP to bound
   the amount of state it devotes to the handling of customer multicast
   activity.

   In particular, an implementation SHOULD provide mechanisms that allow
   an SP to place limitations on the following:

     - total number of (C-*,C-G) and/or (C-S,C-G) states per VRF
     - total number of P-tunnels per VRF used for S-PMSIs
     - total number of P-tunnels traversing a given P router

   A PE implementation MAY also provide mechanisms that allow an SP to
   limit the rate of change of various MVPN-related states on PEs, as
   well as the rate at which MVPN-related control messages may be
   received by a PE from the CEs and/or sent from the PE to other PEs.

   An implementation that provides the procedures specified in Sections
   10.1 or 10.2 MUST provide the capability to impose an upper bound on
   the number of Source Active A-D routes generated and on how
   frequently they may be originated.  This MUST be provided on a per-
   PE, per-MVPN granularity.
/

Text from RFC6514, section 17  /
   It is important to protect the control plane resources within the PE
   to prevent any one VPN from hogging excessive resources.  This is the
   subject of the remainder of the Security Considerations section.

   When C-multicast routing information is exchanged among PEs using
   BGP, an implementation SHOULD provide the ability to rate limit BGP
   messages used for this exchange.  This SHOULD be provided on a per-
   PE, per-MVPN granularity.

   An implementation SHOULD provide capabilities to impose an upper
   bound on the number of S-PMSI A-D routes, as well as on how
   frequently they may be originated.  This SHOULD be provided on a per-
   PE, per-MVPN granularity.

   In conjunction with the procedures specified in Section 14, an
   implementation SHOULD provide capabilities to impose an upper bound
   on the number of Source Active A-D routes, as well as on how
   frequently they may be originated.  This SHOULD be provided on a per-
   PE, per-MVPN granularity.

   In conjunction with the procedures specified in Section 13 limiting
   the amount of (C-S,C-G) state would limit the amount of Source Active
   A-D route, as in the context of this section, Source Active A-D
   routes are created in response to Source Tree Join C-multicast
   routes, and Source Tree Join C-multicast routes are created as a
   result of creation of (C-S,C-G) state on PEs.  However, to provide an
   extra level of robustness in the context of these procedures, an
   implementation MAY provide capabilities to impose an upper bound on
   the number of Source Active A-D routes, as well as on how frequently
   they may be originated.  This MAY be provided on a per-PE, per-MVPN
   granularity.

   Section 16.1.1 describes optional procedures for dampening
   withdrawals of C-multicast routes.  It is RECOMMENDED that an
   implementation support such procedures.

   Section 16.1.1 describes optional procedures for dampening
   withdrawals of Leaf A-D routes.  It is RECOMMENDED that an
   implementation support such procedures.
/
Text from RFC7542 Section 19, /
   As mentioned in [RFC4761], there are two aspects to achieving data
   privacy and protecting against denial-of-service attacks in a VPN:
   securing the control plane and protecting the forwarding path.
   Compromise of the control plane could result in a PE sending customer
   data belonging to some EVPN to another EVPN, or black-holing EVPN
   customer data, or even sending it to an eavesdropper, none of which
   are acceptable from a data privacy point of view.  In addition,
   compromise of the control plane could provide opportunities for
   unauthorized EVPN data usage (e.g., exploiting traffic replication
   within a multicast tree to amplify a denial-of-service attack based
   on sending large amounts of traffic).

   [snip]

   It is also important to help limit malicious traffic into a network
   for an impostor MAC address.  The mechanism described in Section 15.1
   shows how duplicate MAC addresses can be detected and continuous
   false MAC mobility can be prevented.  The mechanism described in
   Section 15.2 shows how MAC addresses can be pinned to a given
   Ethernet segment, such that if they appear behind any other Ethernet
   segments, the traffic for those MAC addresses can be prevented from
   entering the EVPN network from the other Ethernet segments.
/

==============================================
End of Technical Comments

Editorial comments
=========================
1. Introduction, paragraph 2

Problem: Sentence Grammar - Capitalization of first word in sentence.

Old Text/
   - Lower Cost: gateway devices need to have very high scalability to
   handle VPN services for their DCs and as such need to handle large
   number of VPN instances (in tens or hundreds of thousands) and very
   large number of routes (e.g., in tens of millions).
  /

New Text/
   - Lower Cost: Gateway devices need to have very high scalability to
   handle VPN services for their DCs and as such need to handle large
   number of VPN instances (in tens or hundreds of thousands) and very
   large number of routes (e.g., in tens of millions).
  /

Old text:/
   - Optimum Forwarding: in a given Central Office(CO), both EVPN PEs
   and MVPN PEs can be connected to the same fabric/network (e.g., same
   IGP domain).
/
New text: /
   - Optimum Forwarding: In a given Central Office(CO), both EVPN PEs
   and MVPN PEs can be connected to the same fabric/network (e.g., same
   IGP domain).
/

2. Introduction paragraph 2, section starting with "Optimm Forwarding"

Issue: The use of terms "tromboned" or "tromboning" is term of art, but
the lack of a definition in the Terminology section makes it difficult for
starting to read.

Suggestion:

1) Add a definition on tromboned or Tromboning in the Terminology section.

3. Section 3, Terminology

3a) Please alphabetize the terms in this section.

3b) Use a consistent methodology for periods in this section.
I think you are consistent except for the following:
Old text/
         E: Provider Edge device.
/
New text:/
     PE: Provider Edge device.
/

3c) Please consider adding the following terms used in the document:

1) Aggregate Selective P-tunnels
2) Aggregate tunnel (Section 5, paragraph 4)
3) CO (section 4.1)
4) IMET (section 6.2)
5) ingress replication tunnels (section 4.1)
6) Intra subnet (section 4.2)
7) Inter subnet (section 4.
8) P2MP Tunnels (setion 4.10
9) Selective P-tunels

4) Section 5.1.1

Old text:/
   In order to enable seamless integration of EVPN and MVPN PEs, this
   document extends the concept of an emulated VLAN service for
   multicast IRB applications such that the intra-subnet IP multicast
   traffic can get treated the same as inter-subnet IP multicast traffic
   which means intra-subnet IP multicast traffic destined to remote PEs
   gets routed instead of being L2-switched - i.e., TTL value gets
   decremented and the Ethernet header of the L2 frame is de-capsulated
   and encapsulated at both ingress and egress PEs.
   /

 English problem-  This text uses "which means" and "- i.e."

 The abbreviation “i.e.” stands for id est, which is Latin for “that is".
 A main clause followed by two clauses "which means" ... "that is"
 makes the sentence confusing.

 It would be good to rewrite the sentece which takes up the whole paragraph.

 5) Section 5.2, Figure 2

 Old Text:/ Figure 1: & MVPN PEs Seamless Interop/
 New Text:/ Figure 1: MVPN PE Seamless Interop /

The content makes me wonder if the figure should be title something different. ;

6) Section 5.3

context: Sections 5.3, 5.4 and 5.5 contain key technology.

Problem: Section 5.3 is has many run-on sentences.
This level of run-on sentences may be due to multiple edits.
It would be good to suggest the authors try a fresh write of the
section.

One nit if they are rewriting:
Old text: /
   When the source is attached to an All-Active multi-homed ES, then the
   PE that learns the source advertises the unicast route for that
   source using EVPN route type 2 and IPVPN unicast route along with VRF
   Route Import extended community.
/

new text:/
   When the multicast source is attached to an All-Active multi-homed ES, then
   the PE that learns the multicast source advertises the unicast route for
   that source using EVPN route type 2 and IPVPN unicast route along with VRF
   Route Import extended community.
 /

 7) Section 6.1 - paragraph indenting is not consistent.