Hi Eric, thank you for your review, comments, and suggestions. Please find my answers below under GIM>> tag. Also, attached is the diff to the working version of the document that includes updates that Adam has suggested.
Best regards, Greg On Tue, Dec 17, 2019 at 12:51 AM Éric Vyncke via Datatracker < nore...@ietf.org> wrote: > Éric Vyncke has entered the following ballot position for > draft-ietf-bfd-vxlan-09: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-bfd-vxlan/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > > Thank you for the work put into this document. > > I fully second Adam's COMMENT that should be fixed before publication (IMHO > this is a DISCUSS). > GIM>> I've applied changes suggested by Adam to the working version of the document. > > Answers to my COMMENTs below will be welcome, even if those COMMENTs are > not > blocking. > > As usual, an answer to the DISCUSS is required to clear my DISCUSS though.. > > I hope that this helps to improve the document, > > Regards, > > -éric > > == DISCUSS == > > May be I am not familiar enough with BFD, but, RFC 5881 (the one defining > BFD) > specifies the use of TTL = Hop Limit = 255.. Why this document uses a > value of > 1 ? > GIM>> Jeff and Carlos are in a very detailed and insightful discussion. I'll wait for its conclusion and follow on their agreement. > -- Section 3 -- > IPv4-mapped IPv6 addresses are only to be used inside a host and should > never > be transmitted in real packets (including packets inside a tunnel) see > section > 4.2 of RFC 4038 (even if informational). As other IESG reviewers, I wonder > why > ::1/128 is not used? > GIM>> The mechanism of using an address from the loopback address range or IPv4-mapped addresses of that range may be used to create entropy and monitor ECMP paths in an IP/MPLS network (RFC 8029 and RFC 5884). This specification uses the same mechanism for ECMP environment in the underlay network. > > -- Section 8 -- > The document specifies no IANA actions while the shepherd write-up talks > about > a IANA action. > GIM>> RtgDir review from Joel Halpern and the extensive discussion on BFD WG list lead to this change. As a result, the request to allocate a MAC address to be used as the destination MAC address in the inner Ethernet header was withdrawn and removed from the specification. > > -- Section 9 -- > This section is only about IPv4 (TTL and RFC 1812). Please address IPv6 as > well. > GIM>> Added "or Hop Limit". Please let me know if you agree. As for a IPv6 relevant reference equivalent to RFC 1812, Adam Roach has noted that RFC 8504 does not have anything of the kind. At the same time, the use of IPv4-mapped loopback address range has been mandated in RFC 8029 and RFC 5884. > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > == COMMENTS == > > RFC 5881 (BFD) states that it applies to IPv4/IPv6 tunnels, may I infer > that > this document is only required to address the Ethernet encapsulation ? I.e. > specifying the Ethernet MAC addresses? > GIM>> There were several threads on encapsulation of BFD Control packet over VXLAN that, in my estimation, gathered 150+ messages. As you've noticed from the Shepherd write-up, the use of the dedicated MAC address was proposed, discussed, and documented. But later the WG decided not to use the dedicated MAC as the destination MAC in the inner Ethernet frame. Similarly, we had an extended discussion, including valuable input from implementors of BFD over VXLAN, on the selection of the destination IP address in the inner IP header. And another set of issues was discovered related to the selection of VXLAN VNI value when encapsulating BFD control packet. I hope we've analyzed all encapsulation issues and documented them sufficiently for the benefit of future implementations. > > -- Section 3 -- > At first sight, I was surprized by having a BFD session per VXLAN VNI as it > will create some scalability issue, but, I assume that this is to detect > misconfiguration as well. If so, perhaps worth mentionnig the reasoning > behind? > GIM>> I agree, detecting misconfiguration might be one of the reasons to run BFD over some VXLAN VNIs. Would the following text be acceptable: NEW TEXT: Using a BFD session to monitor a set of VXLAN VNIs between the same pair of VTEPs might help to detect and localize problems caused by misconfiguration. > > In "the inner destination IP address SHOULD" it is unclear whether it is > in the > all BFD packets, or only the request one or ... ? > GIM>> This is applicable to all BFD control packets transmitted over a VXLAN tunnel. To clarify, I propose the following change: OLD TEXT: As per Section 4, the inner destination IP address SHOULD be set to ... NEW TEXT: For BFD Control packets encapsulated in VXLAN (Figure 2), the inner destination IP address SHOULD be set to ... > > -- Section 4 -- > While probably defined in RFC7348, should "FCS" be renamed as "Outer > Ethernet > FCS" for consistency with the "Outer Ethernet Header" in figure 2 ? > GIM>> Would s/FCS/Outer FCS/ be acceptable? > > Why not using the Source MAC address as the Destination MAC address ? This > would ensure that there is no conflict at the expense of "forcing" the > transmission of the frame even if addressed to itself. > GIM>> Based on the input from experts familar with existing implementations, WG decided not to require the use of the specific MAC address. I think that using the Source MAC as the Destination might be one of the options an implementation will use. > > Please consider rewriting the section about TTL/Hop Limit as it is not > easy to > parse/read. > GIM>> Could you help me kindly and point to the problematic text? > > -- Section 9 -- > It is unclear to me (see also Ben's comment) what is the 'attack vector' of > sending packets with TTL=1 ? > GIM>> Another input from experts familiar with VXLAN and its deployments reflected in the following: TTL or Hop Limit: MUST be set to 1 to ensure that the BFD packet is not routed within the Layer 3 underlay network. This addresses the scenario when the inner IP destination address is of VXLAN gateway and there is a router in underlay which removes the VXLAN header, then it is possible to route the packet as VXLAN gateway address is routable address.
<<< text/html; charset="UTF-8"; name="Diff_ draft-ietf-bfd-vxlan-09.txt - draft-ietf-bfd-vxlan-10.txt.html": Unrecognized >>>
