IETF Logo Mail Archive

[Gen-art] Genart last call review of draft-ietf-6man-vpn-dest-opt-01

Linda Dunbar via Datatracker <noreply@ietf.org> Tue, 04 February 2025 17:14 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from mail.ietf.org (ietfa.amsl.com [50.223.129.194]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPSA id DECF3C1D4A98; Tue, 4 Feb 2025 09:14:23 -0800 (PST)
Received: from [10.244.8.188] (unknown [104.131.183.230]) by ietfa.amsl.com (Postfix) with ESMTP id 86241C110D25; Tue, 4 Feb 2025 09:14:23 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Linda Dunbar via Datatracker <noreply@ietf.org>
To: gen-art@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.34.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <173868926314.296442.869604508080285489@dt-datatracker-6f7f8bdd64-25rl2>
Date: Tue, 04 Feb 2025 09:14:23 -0800
Message-ID-Hash: RC2BYWETTTJE3N4SMNX3EBFD6P4WN5PN
X-Message-ID-Hash: RC2BYWETTTJE3N4SMNX3EBFD6P4WN5PN
X-MailFrom: noreply@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-gen-art.ietf.org-0; header-match-gen-art.ietf.org-1; header-match-gen-art.ietf.org-2; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-6man-vpn-dest-opt.all@ietf.org, ipv6@ietf.org, last-call@ietf.org
X-Mailman-Version: 3.3.9rc6
Reply-To: Linda Dunbar <linda.dunbar@futurewei.com>
Subject: [Gen-art] Genart last call review of draft-ietf-6man-vpn-dest-opt-01
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/I_QaLhWvjTHTVQR5XiCi1yN18h8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Owner: <mailto:gen-art-owner@ietf.org>
List-Post: <mailto:gen-art@ietf.org>
List-Subscribe: <mailto:gen-art-join@ietf.org>
List-Unsubscribe: <mailto:gen-art-leave@ietf.org>

Reviewer: Linda Dunbar
Review result: Not Ready

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://wiki.ietf.org/en/group/gen/GenArtFAQ>.

Document: draft-ietf-6man-vpn-dest-opt-01
Reviewer: Linda Dunbar
Review Date: 2025-02-04
IETF LC End Date: 2025-02-04
IESG Telechat date: Not scheduled for a telechat

Summary: the document proposes an experiment to encode VPN service information
within an IPv6 Destination Option to facilitate VPN deployments

Major issues:
- IPv6 Destination Options are typically meant for end-host processing, not for
PE routers. Many IPv6 deployments drop packets with extension headers,
particularly in transit networks. The draft assumes that ingress and egress PE
routers will process the VPN Service Option, but if intermediate routers drop
these packets, the approach may fail in real-world deployments. - There is a
security risk of VPN boundaries being breached if an attacker injects a packet
with a forged VPN Service Option. - The document does not clearly explain why
this approach is preferable to SRv6 or MPLS-over-IPv6

Minor issues:

Nits/editorial comments:

Best Regards,
Linda Dunbar

v2.46.0 | Report a Bug | By Email | System Status