Reviewer: Shawn M. Emery Review result: Ready with issues I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft specifies usage of the Bidirectional Forwarding Detection (BFD) protocol on Virtual eXtensible Local Area Network (VXLAN) tunnels. The security considerations section does exist and discusses the introduction of a possible DDoS attack due to the requirement of the protocol to set the IP TTL to one hop. The prescription outlined is to throttle this traffic. The section continues that BFD sessions should also have an upper limit, but does not give guidance on what is considered reasonable to where it would affect normal traffic vs. some form of DoS. I believe that this section should also document the security impact of deploying BFD on VXLANs for monitoring tunnel traffic. Which additional information, if any, can now be obtained with BFD usage? General comments: This standards track draft makes a normative reference to the base RFC, 7348, which is informational. Are there plans of making the base protocol a standards track specification? Downward references will need to be justified. Editorial comments: NVE is never expanded and not on the RFC Editors Abbreviation List. Echo BFD is out of scope for the document, but does not describe the reason for this or why state this at all? Shawn. --