This review is several weeks late, I hope it is still useful. I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready. From the abstract, this document describes the use of BGP as a control plane for networks that support Service Function Chaining (SFC). The document is well-written and the security considerations section points to other RFCs where appropriate, and seems to call out all relevant additional considerations. I could leave it at that, but I have little routing expertise/experience, so I can't state with confidence that nothing was missed. The instructions for secdir reviews say that the most important item is to give the (security) ADs a sense of how important it is that they pay attention to the document. Given the complexity and interactions between BGP, SFC, and the control plane mechanisms described in this document, I think it *is* important that the security ADs pay attention to this document. --Scott