Hi Adam, thank you for your review and the very clear suggestions, all is the most helpful. I've followed your recommendations and applied changes to the working version of the draft. Attached, please find the diff that highlights updates. Also, please find my notes in-line tagged GIM>>.
Best regards, Greg On Mon, Dec 16, 2019 at 11:11 PM Adam Roach via Datatracker < nore...@ietf.org> wrote: > Adam Roach has entered the following ballot position for > draft-ietf-bfd-vxlan-09: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-bfd-vxlan/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thanks for the work that everyone has put into this document. I have > a couple of relatively important, related comments that should be > taken into account prior to publication. > > --------------------------------------------------------------------------- > > §3: > > > As per Section 4, the inner destination IP address SHOULD be set to > > one of the loopback addresses (127/8 range for IPv4 and > > 0:0:0:0:0:FFFF:7F00:0/104 range for IPv6). > > Please consider reformatting this IPv6 address according to the > recommendations > of RFC 5952 (paying particular attention to sections 4.2.1, 4.3, and 5): > > ::ffff:127.0.0.0/104 > > It's also worth noting that, as a practical matter, modern operating > systems do > not seem to bind to anything in the IPv4-mapped range assigned to IPv4 > loopback: > > Linux: > > ~$ ping6 ::ffff:127.0.0.1 > PING ::ffff:127.0.0.1(::ffff:127.0.0.1) 56 data bytes > ^C > --- ::ffff:127.0.0.1 ping statistics --- > 14 packets transmitted, 0 received, 100% packet loss, time 13316ms > > MacOS: > > ~$ ping6 ::ffff:127.0.0.1 > PING6(56=40+8+8 bytes) ::ffff:127.0.0.1 --> ::ffff:127.0.0.1 > ping6: sendmsg: Invalid argument > ping6: wrote ::ffff:127.0.0.1 16 chars, ret=-1 > > > It is not clear to me whether this poses an issue for your intended usage.. > GIM>> Thank you for sharing very interesting facts on the handling of these addresses. I don't think that implementation on the egress BFD node would listen on the particular address, more likely it would be on the value of the well-known UDP port. The goal of using one of the addresses from this range is to prevent leaking packets from a broken VXLAN tunnel (as was the original goal in RFC 4379/8029 and RFC 5884). > > In any case, please do not refer to ::ffff:127.0.0.0/104 as "loopback > addresses": IPv6 has only one loopback address defined (::1). The range > you cite is best described as "IPv4-mapped IPv4 loopback addresses." > Alternately -- and this is probably better -- use "::1/128" instead of > "::ffff:127.0.0.0/104" for the inner IP header destination address. > > As an aside, I share Benjamin's unease around the use of loopback addresses > in this fashion. It may be worth noting that IETF protocols can reserve > addresses in the 192.0.0.0/24 and 2001::/23 blocks if necessary, and such > reserved addresses won't ever correspond to a valid destination. > > (There is corresponding text in section 4 that all of the preceding > pertains > to as well) > > --------------------------------------------------------------------------- > > §9: > > > This document recommends using an address from the Internal host > > loopback addresses (127/8 range for IPv4 and > > 0:0:0:0:0:FFFF:7F00:0/104 range for IPv6) as the destination IP > > address in the inner IP header. Using such address prevents the > > forwarding of the encapsulated BFD control message by a transient > > node in case the VXLAN tunnel is broken as according to [RFC1812]: > > > > A router SHOULD NOT forward, except over a loopback interface, any > > packet that has a destination address on network 127. A router > > MAY have a switch that allows the network manager to disable these > > checks. If such a switch is provided, it MUST default to > > performing the checks. > > In addition to the comments above about IPv6 address formatting, the > improper use of "loopback" terminology as it applies to IPv6, and > concerns about using localhost: it's worth noting that this text in > RFC 1812 refers to IPv4 routers -- RFC 8504 has no equivalent language, > and so the use of ::ffff:127.0.0.0/104 implies no special router handling.. > ::1 *probably* does, at least as a practical matter. > GIM>> As noted above, the reason of using addresses from this range was to prevent packets from being routed in case a tunnel is broken. Do you think that the lack of the wording similar to RFC 1812 should be a concern for RFC 8029 and RFC 5884 that use the same range for the destination IP address?
<<< text/html; charset="UTF-8"; name="Diff_ draft-ietf-bfd-vxlan-09.txt - draft-ietf-bfd-vxlan-10.txt.html": Unrecognized >>>
