Re: [Idr] AD Review of draft-ietf-idr-bgp-optimal-route-reflection-22

Robert Raszuk <> Tue, 20 April 2021 20:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 24F243A187C for <>; Tue, 20 Apr 2021 13:32:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id hSdQNx_fPbma for <>; Tue, 20 Apr 2021 13:32:48 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8B9163A187E for <>; Tue, 20 Apr 2021 13:32:47 -0700 (PDT)
Received: by with SMTP id u20so45110636lja.13 for <>; Tue, 20 Apr 2021 13:32:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hP1H96GlH7c8mKe4/x3HoagaUGw+nuXTJFyb8cgoTBk=; b=JPih5FuS9KpRzNyIYi9yDeKaV5Psw+BafDfR+9ksW+EvxTreb8gqBpsFk9kjPnwkVa dESqp/oO7fr9+9cWjqPTHhFODF5GhEDl2HBxg3lQtvWY8YV4KDUDY6hrqqurtNjCPzkH ky29Dlg0WTlaWx7EAL/T7xgLWh54dd4EbrYuRzqV9JY7xUnlp0Ig6KUI/pVM14UcTUiA GAvVzWCUbPMl09pTMYYCKYLS+b3ALCd4NW9q3OUJKkOOFZ5d/c6NT5jlrvE8ZniHNNuh 5nkpB03MlAlyQ+Wkcy+LD6aZAGw3kUCA2f7bqD1onpxtWpQPMmc/gfvm2K8f+XYJjJQy qaiA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hP1H96GlH7c8mKe4/x3HoagaUGw+nuXTJFyb8cgoTBk=; b=HxkHqwcmnQ/gTh2HeqrsktwFzlW15KCksNFJzIOy6wi9BktPxd86UAiViigxO/5lXo VJ8b2o2J/As9Juw0l/8wlJ/A8+Xqt6O7z8/lr5kaZY0qRuf2Ht/wdplbi5C0rzMIzEGv GfJZkxgMXs2WuzTgX3tATTYq8gaYLxoeRqqLimgdUrJ8N+t0Xofc9eIJyeKhlUjRBqTK 9xvzaCVhcXzFPCxON5lOKTHkj5kFN92zqNtgVOAUVWGwyzYRaVbxFBqpFWiGQ7cwvUOG sGXz2M6s4HQZic5y2ufdBtm+HWE6+1I5wsxWWuGPCamemayY4XD66YnKswOBCLCM8J/t 3D1w==
X-Gm-Message-State: AOAM531CDXmi0ffkjUpSMNBk+kWQubgC3V+bRHxMb4OOHjM3mV1tLKcl Bxx+5RRQtabkvt+zi41U+BdZ19e5j9niyHysV+0/+Q==
X-Google-Smtp-Source: ABdhPJxMT09rd3gNuVoLBCKuefacEBmDzOx0bvE+M6I5LYhvPng7L1T3MHKwZeVcOcZVYoC8jOJnlhV3nJDFR5pBe+Q=
X-Received: by 2002:a2e:87c9:: with SMTP id v9mr16142948ljj.321.1618950763507; Tue, 20 Apr 2021 13:32:43 -0700 (PDT)
MIME-Version: 1.0
References: <> <>
In-Reply-To: <>
From: Robert Raszuk <>
Date: Tue, 20 Apr 2021 22:32:32 +0200
Message-ID: <>
To: Alvaro Retana <>
Cc:, Susan Hares <>, "" <>, IDR List <>
Content-Type: multipart/alternative; boundary="0000000000002b04cb05c06d59f1"
Archived-At: <>
Subject: Re: [Idr] AD Review of draft-ietf-idr-bgp-optimal-route-reflection-22
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 20 Apr 2021 20:32:54 -0000

Ack !

Work in progress ...

On Tue, Apr 20, 2021 at 9:29 PM Alvaro Retana <>

> Ping!
> On March 18, 2021 at 3:32:01 PM, Alvaro Retana (
> wrote:
> Dear authors:
> Thank you for your work on this document.  I know that the draft and the
> related ideas have been around for a long time.
> I have a couple of significant issues that I want to highlight upfront,
> and many comments inline (see below).  In general, my focus is to make sure
> that the specification of this mechanism is clear, not just to the
> experienced reader, but to the casual one as well.  I believe that all the
> issues should be easy to resolve.
> (1) Terminology.  Please use the terminology already defined in
> rfc4271/rfc4456 instead of creating new one by indirection.  My first
> inline comment is about the use of "best path", which is not what rfc4271
> uses -- there are other occurrences later on.
> (2) Deployment Considerations.  §6 says that a compliant implementation is
> one that allows the operator to configure "a logical location from which
> the best path will be computed, on the basis of either a peer, a peer
> group, or an entire routing instance".  Please spend some time providing
> guidance so an operator can decide what best works for their network.  [I
> pointed below to other places there operational guidance would be ideal.]
> (3) I don't think that §5 (CPU and Memory Scalability) and Appendix A
> (alternative solutions with limited applicability) should be part of this
> document.  To start, comparisons are never good and the work has already
> been through the WG so there's no need to keep justifying it by comparing
> it to other work.  Both sections contain several claims (e.g. "extra cost
> in terms of CPU", "implemented efficiently", "expected to be higher but
> comparable", "large amount of BGP state and churn", "result in tens of
> paths for each prefix") that don't have references, and could be considered
> subjective because they are clearly relative and can change depending on
> the specific deployment and configuration of the network.  I am not saying
> that the claims are false, simply requesting to take these two sections
> out.
> Thanks!
> Alvaro.
> [Line numbers from idnits.]
> ...
> 17 Abstract
> 19   This document defines an extension to BGP route reflectors.  On route
> 20   reflectors, BGP route selection is modified in order to choose the
> 21   best path from the standpoint of their clients, rather than from the
> 22   standpoint of the route reflectors.  Multiple types of granularity
> 23   are proposed, from a per client BGP route selection or to a per peer
> 24   group, depending on the scaling and precision requirements on route
> 25   selection.  This solution is particularly applicable in deployments
> 26   using centralized route reflectors, where choosing the best route
> 27   based on the route reflector IGP location is suboptimal.  This
> 28   facilitates, for example, best exit point policy (hot potato
> 29   routing).
> [major] "best path"  rfc4271 doesn't use the term "best path".  The
> terminology used in this document should, at the very least, match what the
> base spec defines.  Let's please not create new terminology by indirection
> using the "definition of terms" section.
> [minor] "proposed"  This document is in line to be come an RFC; we're far
> beyond proposing things.  There are a couple of places later on where this
> same wording is used.  Please change it to specified or at least described
> (the latter probably fits best in this specific case).
> [nit] s/from a per client BGP route selection or to a per peer group/from
> per client BGP route selection or per peer group
> [nit] s/precision requirements on route selection./precision requirements.
> [nit] s/route reflector IGP location/route reflector's IGP location
> [major] "IGP location"  Before I forget -- please clearly define (not in
> the Abstract of course) what an "IGP location" is.
> ...
> 70   1.  Definitions of Terms Used in This Memo  . . . . . . . . . . .   2
> 71   2.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
> [nit] It would be nice if the Introduction came up before the terminology.
> ...
> 91 1.  Definitions of Terms Used in This Memo
> [minor] To avoid repeating some terms, it is good practice to indicate
> which other RFCs the reader should be familiar with.  In this case rfc4271
> and rfc4456 come to mind.
> ...
> 132 2.  Introduction
> ...
> 153   Section 11 of [RFC4456] describes a deployment approach and a set of
> 154   constraints which, if satisfied, would result in the deployment of
> 155   route reflection yielding the same results as the IBGP full mesh
> 156   approach.  This deployment approach makes route reflection
> compatible
> 157   with the application of hot potato routing policy.  In accordance
> 158   with these design rules, route reflectors have traditionally often
> 159   been deployed in the forwarding path and carefully placed on the POP
> 160   to core boundaries.
> [nit] s/have traditionally often/have often
> Redundant...
> 162   The evolving model of intra-domain network design has enabled
> 163   deployments of route reflectors outside of the forwarding path.
> 164   Initially this model was only employed for new address families,
> e.g.
> 165   L3VPNs and L2VPNs, however it has been gradually extended to other
> 166   BGP address families including IPv4 and IPv6 Internet using either
> 167   native routing or 6PE.  In such environments, hot potato routing
> 168   policy remains desirable.
> [minor] "new address families, e.g. L3VPNs and L2VPNs"  These are not the
> name of the AFs.  Maybe call them new services.
> [minor] "IPv4 and IPv6 Internet"  The name of the AF is IP/IP6; again, you
> probably mean service/application.
> [nit] "native routing or 6PE"  Not 4PE applications?  ;-)   It seems to me
> that you can save some ink by ending the sentence after "Internet".
> ...
> 194 3.  Modifications to BGP Best Path selection
> 196   The core of this solution is the ability for an operator to specify
> 197   the IGP location for which the route reflector should calculate
> 198   routes.  This can be done on a per route reflector basis, per peer/
> 199   update group basis, or per peer basis.  This ability enables the
> 200   route reflector to send to a given set of clients routes with
> 201   shortest distance to the next hops from the position of the selected
> 202   IGP location.  This provides for freedom of route reflector physical
> 203   location, and allows transient or permanent migration of this
> network
> 204   control plane function to an arbitrary location.
> [major] "ability for an operator to specify the IGP location for which the
> route reflector should calculate routes.  This can be done on a per route
> reflector basis, per peer/update group basis, or per peer basis."
> When should an operator choose per RR vs per peer group vs per peer?
> Choice is good, but providing guidance for the deployment is much better.
> Please consider adding text to §6 about the considerations to chose one or
> the other.
> [minor] "peer/update group"  Where is this defined?  Is there a reference
> to a non-implementation-specific definition?  Can it be called "a group of
> peers"?  Maybe you also want to include it in the definitions in §1.
> ...
> 215   o  it can, and usually will, have a different position in the IGP
> 216      topology, and
> [] "usually will"   The position in the topology will *always* be
> different!
> ...
> 222   This document defines, on BGP Route Reflectors [RFC4456], two
> changes
> 223   to the BGP Best Path selection algorithm:
> [nit] s/defines, on BGP Route Reflectors/defines, for BGP Route Reflectors
> ...
> 235   A route reflector can implement either or both of the modifications
> 236   in order to allow it to choose the best path for its clients that
> the
> 237   clients themselves would have chosen given the same set of candidate
> 238   paths.
> [major] Please provide guidance for the operator to consider then one or
> both should be used in their network.
> 240   A significant advantage of these approaches is that the route
> 241   reflector clients do not need to run new software or hardware.
> [nit] s/do not need to run new software or hardware./do not need to be
> modified.
> 243 3.1.  Best Path Selection from a different IGP location
> 245   In this approach, optimal refers to the decision made during best
> 246   path selection at the IGP metric to BGP next hop comparison step.
> It
> 247   does not apply to path selection preference based on other policy
> 248   steps and provisions.
> [major] Please be specific about what is the "IGP metric to BGP next hop
> comparison step".  There is no step with that name, or even a string match
> in rfc4271.  Later you talk about the step e) tie-breaker -- don't wait to
> be specific!
> ...
> 263      e) Remove from consideration any routes with less-preferred
> 264      interior cost.  The interior cost of a route is determined by
> 265      calculating the metric from the selected IGP location to the
> 266      NEXT_HOP for the route using the shortest IGP path tree rooted at
> 267      the selected IGP location.
> [major] Note that the specification talks about "interior cost", but the
> descriptions in this document uses "IGP cost" and "IGP metric" to refer to
> the same thing.  Please be consistent with existing terminology!
> [major] Related to the definition of "IGP location" and its
> configuration.  How does the IGP location (and thus the calculation of the
> interior cost, as above) change when the configuration is done per
> peer/update groups instead than per peer?  This is another point where
> operators could benefit from guidance (for the peer/update-group and whole
> RR cases, of course).
> ...
> 275   The configuration of the IGP location is outside of the scope of
> this
> 276   document.  The operator may configure it manually, an implementation
> 277   may automate it based on heuristics, or it can be computed centrally
> 278   and configured by an external system.
> [nit] s/outside of the scope/outside the scope
> [major] There are several places later on that talk about the
> configuration, even making it a requirement for compliance (§6).  I think
> that you don't mean the configuration itself, but the way in which the
> configuration is instantiated in the router (which could be considered an
> implementation detail).  As written, the text is not clear.
> 280   This solution does not require any change (BGP or IGP) on the
> 281   clients, as all required changes are limited to the route reflector.
> [] This was also claimed before.
> 283   This solution applies to NLRIs of all address families that can be
> 284   route reflected.
> [] Are there AFs that cannot be reflected?  Just wondering if you really
> need to say this.
> 286 3.1.1.  Restriction when BGP next hop is BGP prefix
> 288   In situations where the BGP next hop is a BGP prefix itself, the IGP
> 289   metric of a route used for its resolution SHOULD be the final IGP
> 290   cost to reach such next hop.  Implementations which can not inform
> 291   BGP of the final IGP metric to a recursive next hop SHOULD treat
> such
> 292   paths as least preferred during next hop metric comparison.  However
> 293   such paths SHOULD still be considered valid for best path selection.
> [major] The recursive resolution is already covered in rfc4271
> (§5.1.3/§  Why isn't that enough?
> There seems to be a difference: if an implementation "can not inform BGP
> of the final IGP metric to a recursive next hop...SHOULD still be
> considered valid for best path selection."  rfc4271 treats these routes as
> unresolvable.  Do you want to consider unresolvable routes?
> Finally, there are a lot of SHOULDs in this paragraph.  Under which
> conditions is it ok to not perform the actions?  IOW, why are these actions
> recommended and not required?
> 295 3.2.  Multiple Best Path Selections
> 297   BGP Route Reflector as per [RFC4456] runs a single best path
> 298   selection.  Optimal route reflection may require calculation of
> 299   multiple best path selections or subsets of best path selection in
> 300   order to consider different IGP locations or BGP policies for
> 301   different sets of clients.
> [] It hasn't been mentioned before, but the talk about policy made me
> think about this:   Can a client be present on different sets?  How is that
> handled in terms of BGP sessions?  Do we need multiple sessions?  Or is
> add-path required?
> 303   If the required routing optimization is limited to the IGP cost to
> 304   the BGP Next-Hop, only step e) as defined [RFC4271] section,
> 305   needs to be duplicated.
> [major] I'm not sure if this paragraph is referencing §3.1 (where step e)
> was just modified), or or you're saying that for each subset (from the last
> paragraph) only step e) is considered, or something else.  ??
> 307   If the routing optimization requires the use of different BGP
> 308   policies for different sets of clients, a larger part of the
> decision
> 309   process needs to be duplicated, up to the whole decision process as
> 310   defined in section 9.1 of [RFC4271].  This is for example the case
> 311   when there is a need to use different policies to compute different
> 312   degree of preference during Phase 1.  This is needed for use cases
> 313   involving traffic engineering or dedicating certain exit points for
> 314   certain clients.  In the latter case, the user MAY specify and apply
> 315   a general policy on the route reflector for a set of clients.  For a
> 316   given set of clients, the policy SHOULD in that case allow the
> 317   operator to select different candidate exit points for different
> 318   address families.  Regular path selection, including IGP perspective
> 319   for a set of clients as per Section 3.1, is then applied to the
> 320   candidate paths to select the final paths to advertise to the
> 321   clients.
> [] Similar comment as before...   The use of "duplicated" is confusing me.
> [major] "the user MAY specify..."  s/MAY/may   It seems to me that you're
> simply stating a fact (the user can do this), and not specifying an
> optional behavior.
> [major] "...the policy SHOULD in that case allow the operator to select
> different candidate exit points for different address families."  There's
> no interoperable action that "the policy" can execute.  It sounds as if
> you're recommending that specific knobs ("allow the operator to...") be
> implemented.  Please reword.
> [] You use "IGP perspective" I guess as equivalent to "IGP location" -- is
> that right?
> 323 4.  Implementation considerations
> 325 4.1.  Likely Deployments and need for backup
> [nit] Do we really need a sub-section if all the text for §4 is in it?
> 327   With IGP based optimal route reflection, even though the IGP
> location
> 328   could be specified on a per route reflector basis or per peer/update
> 329   group basis or per peer basis, in reality, it's most likely to be
> 330   specified per peer/update group basis.  All clients with the same or
> 331   similar IGP location can be grouped into the same peer/update group.
> 332   An IGP location is then specified for the peer/update group.  The
> 333   location is usually specified as the location of one of the clients
> 334   from the peer group or an ABR to the area where clients are located.
> 335   Also, one or more backup locations SHOULD be allowed to be specified
> 336   for redundancy.  Implementations may wish to take advantage of peer
> 337   group mechanisms in order to provide for better scalability of
> 338   optimal route reflector client groups with similar properties.
> [major] "IGP based optimal route reflection"
> This is the first time you use "IGP based optimal route reflection"; I
> peeked forward and see that §5 also mentions "policy based optimal route
> reflection".  But you didn't define them anywhere -- in fact, the
> description before now focuses on the IGP location, which makes me think
> about "IGP based".
> I could guess that the "policy based" version is related to §3.2, but (1)
> no one should have to guess (!), and (2) the end of that section says that
> "IGP then applied", making it also "IGP based".  ??
> Please either define these types of ORR earlier in the text, or (better
> yet) don't use the terms.  Instead, and given that the names are used just
> a couple of times, change "policy based" to "the case where a policy is
> applied"...
> [major] "one or more backup locations SHOULD be allowed to be specified
> for redundancy"
> (1) §3.1 says that the "configuration of the IGP location is outside of
> the scope of this document".  If that is true, then you can't recommend
> anything related to the configuration.
> (2) If there were "backup locations", how would they be used?
> [minor] This is the only time that "optimal route reflector client groups"
> is used.  I had been assuming that a group of clients would correspond to a
> specific peer/update group (as mentioned many times before).  Is there a
> difference between a "client group" and grouping clients to correspond to a
> peer/update group?
> [] "for better scalability of optimal route reflector client groups"  What
> exactly does this mean?  I asked before about references/definitions for
> peer/update groups; this point may be related.
> ...
> 373 6.  Advantages and Deployment Considerations
> 375   The solutions described provide a model for integrating the client
> 376   perspective into the best path computation for route reflectors.
> 377   More specifically, the choice of BGP path factors in either the IGP
> 378   cost between the client and the nexthop (rather than the IGP cost
> 379   from the route reflector to the nexthop) or other user configured
> 380   policies.
> [] "solutions"?   I only see one, where the "second" one simply adds
> policy, which is a pervasive tool in BGP.
> 382   The achievement of optimal routing relies upon all route reflectors
> 383   learning all paths that are eligible for consideration.  In order to
> 384   satisfy this requirement, path diversity enhancing mechanisms such
> as
> 385   BGP add-path [RFC7911] may need to be deployed between route
> 386   reflectors.
> [mayor] "path diversity enhancing mechanisms...may need to be deployed
> between route reflectors"  Given that this is the Deployment Considerations
> section, please provide guidance on when these mechanisms are needed, and
> when they're not.
> [minor] "path diversity enhancing mechanisms such as BGP add-path
> [RFC7911]"  Just out of curiosity, what other mechanisms are you thinking
> of?  Are there deployment considerations, when using ORR, to prefer one?
> 388   Implementations considered compliant with this document allow the
> 389   configuration of a logical location from which the best path will be
> 390   computed, on the basis of either a peer, a peer group, or an entire
> 391   routing instance.
> [] I guess that "logical location" is another name for IGP location...
> [major] §3.1 says that the "configuration of the IGP location is outside
> of the scope of this document".  If that is true, then the configuration
> cannot be a consideration for compliance.
> A better wording for compliance would be: "An implementation MUST allow
> the configuration..."
> 393   These solutions can be deployed in traditional hop-by-hop forwarding
> 394   networks as well as in end-to-end tunneled environments.  In
> networks
> 395   where there are multiple route reflectors and hop-by-hop forwarding
> 396   without encapsulation, such optimizations SHOULD be enabled in a
> 397   consistent way on all route reflectors.  Otherwise, clients may
> 398   receive an inconsistent view of the network, in turn leading to
> 399   intra-domain forwarding loops.
> [major] "optimizations SHOULD be enabled in a consistent way on all route
> reflectors"
> Is "a consistent way" different than "on all"?   s/.../optimizations
> SHOULD be enabled on all route reflectors
> When is it ok for all RRs not to be enabled with the optimizations?  IOW,
> why is it recommended and not required?  Avoiding "intra-domain forwarding
> loops" sounds like a good reason to require it.
> ...
> 406   As per above, these approaches reduce the amount of state which
> needs
> 407   to be pushed to the edge of the network in order to perform hot
> 408   potato routing.  The memory and CPU resources required at the edge
> of
> 409   the network to provide hot potato routing using these approaches is
> 410   lower than what would be required to achieve the same level of
> 411   optimality by pushing and retaining all available paths (potentially
> 412   10s) per each prefix at the edge.
> [] This paragraph sounds very speculative and doesn't seem necessary.  In
> line with §5.
> 414   The solutions above allow for a fast and safe transition to a BGP
> 415   control plane using centralized route reflection, without
> 416   compromising an operator's closest exit operational principle.  This
> 417   enables edge-to-edge LSP/IP encapsulation for traffic to IPv4 and
> 418   IPv6 prefixes.
> [] "allow for a fast and safe transition"  Besides this statement sounding
> like a marketing brochure, if you're going to talk about transition, please
> talk about it in detail.  Please take a look at §2/rfc5706 and include
> details about the transition and how it is "fast and safe".
> 420   Regarding Best Path Selection from a different IGP location, it
> 421   should be self evident that this solution does not interfere with
> 422   policies enforced above IGP tie-breaking in the BGP best path
> 423   algorithm.
> [minor] Don't assume anything is self evident to anyone.
> Suggestion (maybe more appropriate in §3.1)>
>    The modification specified in Section 3.1 does not impact any previous
>    considerations in the BGP Decision Process.
> 425 7.  Security Considerations
> 427   Similarly to [RFC4456], this extension to BGP does not change the
> 428   underlying security issues inherent in the existing IBGP [RFC4456].
> [minor] No need to reference rfc4456 twice in the same sentence.
> 430   It however enables the deployment of base BGP Route Reflection as
> 431   described in [RFC4456] to be possible using virtual compute
> 432   environments without any negative consequence on the BGP routing
> path
> 433   optimality.
> [] I'm not sure how this relates to the specification itself (platform
> independent), but I'm sure the Security ADs will have a lot of questions
> about the security of "virtual compute environments" -- and where the
> details are included in this document.   IOW, that sounds like an
> unnecessary assertion.
> [major] "without any negative consequence"  The new functionality
> specified in this document is having the RR run the client's selection for
> them (even specific policy) -- there are risks related to the duplication
> of the policy, the location of the RRs and the blind trust that the clients
> need to have.  Or should the clients rerun the policy locally?
> This behavior is not necessarily different from normal RR, but the
> instantiation is different.   It would be very easy for a rogue RR to
> propagate incorrect routing information to its clients -- specially if
> policy is offloaded to them.
> In the worst case the result would be a sub-optimal route (maybe even
> worse than what the clients get today), but probably not a "real" security
> issue.  It is probably a good idea to explain why it is not a security
> risk.
> 435   This document does not introduce requirements for any new protection
> 436   measures, but it also does not relax best operational practices for
> 437   keeping the IGP network stable or to pace rate of policy based IGP
> 438   cost to next hops such that it does not have any substantial effect
> 439   on BGP path changes and their propagation to route reflection
> 440   clients.
> [major] "best operational practices"  Like what?  It would be good to
> provide (at least) informational references.
> [major] "to pace rate of policy based IGP cost to next hops such that it
> does not have any substantial effect on BGP path changes"   You will have
> to explain this further because the operation of an IGP is not mentioned
> anywhere else.
> IMHO, there's no need to go into IGP operational details in this
> document.  There is nothing special/different about the operation of an
> IGP.
> [End of Review]