Hi,

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

The summary of the review is Ready.

The day job has me going and I wasn't able to spend as much time with this that I would have preferred. However, I found it to be understandable and well thought-out. 

I would like the Security Considerations section to include a more direct reference to RFC 8029 rather than just saying an implementation should have filter policies. Perhaps add the same paragraph that is used in the Security Considerations of RFC 8287 as a new paragraph. Also, I think that the reference to MACsec should use a RECOMMENDED rather than a "suggested".

I did see some nits in the document. Unfortunately, I didn't record them. I can point out the last sentence of the Security Considerations section needs some work. It currently has, "the network devices MUST have mechanisms to prevent of Denial-of-service attacks" Either delete the "of" or change it to "for the prevention of".

Best regards,
Chris