IETF Logo Mail Archive

Re: [bess] Éric Vyncke's Discuss on draft-ietf-bess-evpn-proxy-arp-nd-11: (with DISCUSS and COMMENT)

"Joshi, Vinayak" <vinayak.joshi@hpe.com> Wed, 29 September 2021 02:46 UTC

Return-Path: <prvs=0906ab27bf=vinayak.joshi@hpe.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01AEF3A0AA4; Tue, 28 Sep 2021 19:46:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.537
X-Spam-Level:
X-Spam-Status: No, score=-2.537 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hpe.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RFXmiw1yin-K; Tue, 28 Sep 2021 19:46:38 -0700 (PDT)
Received: from mx0b-002e3701.pphosted.com (mx0b-002e3701.pphosted.com [148.163.143.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E525F3A0AA3; Tue, 28 Sep 2021 19:46:37 -0700 (PDT)
Received: from pps.filterd (m0148664.ppops.net [127.0.0.1]) by mx0b-002e3701.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18T2C2GH032544; Wed, 29 Sep 2021 02:46:24 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=pps0720; bh=5+6XhsYlnpG1I1/pctMdmuMWYLjX5MHmjZj+M0W9o9k=; b=QTLL/XgJWzeQDaII2iND1pLjNL+v55IFnvqrL2S9AWQJSVdatZ12fgB8K45aZwfN8I4/ ZWQaptGBaaQR4uNNcwKN5zd+K/l1g4U0mK8UqhBIG7pbYmvsWgsEqUNk7p2TIVOUac62 VSNtbR3E4tNI5XUzOCd7TTMEUcq5EJzI1JJGiGLpwO1dh2yqcTIIbr9tcKSkCUexCM/z q+VIPFGx8nhEqF5IcaOw/KI9fvUjYguzvjvml8urJVsPFaUb+j0/68LTwS4QKJ3hWRcA 1zmUx+7YI/9BVxsNlVYBAOsOtYG/gi3rhDBK3zGczdUIfy99ikCti+ENuLUdKU+B9lB1 Jg==
Received: from g2t2353.austin.hpe.com (g2t2353.austin.hpe.com [15.233.44.26]) by mx0b-002e3701.pphosted.com with ESMTP id 3bc8u9ty63-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 29 Sep 2021 02:46:23 +0000
Received: from G9W8454.americas.hpqcorp.net (g9w8454.houston.hp.com [16.216.161.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by g2t2353.austin.hpe.com (Postfix) with ESMTPS id B30E684; Wed, 29 Sep 2021 02:46:19 +0000 (UTC)
Received: from G9W8453.americas.hpqcorp.net (2002:10d8:a0d3::10d8:a0d3) by G9W8454.americas.hpqcorp.net (2002:10d8:a104::10d8:a104) with Microsoft SMTP Server (TLS) id 15.0.1497.23; Wed, 29 Sep 2021 02:46:19 +0000
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (15.241.52.10) by G9W8453.americas.hpqcorp.net (16.216.160.211) with Microsoft SMTP Server (TLS) id 15.0.1497.23 via Frontend Transport; Wed, 29 Sep 2021 02:46:19 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=k4j5Vm7FGl+2W476FivYA+iJbWSgnwR4SiGz7LTKt+an7hBHRegaSDJiV/zkP2Fq44dwAmIbAi/6QJmdixgszRCWjLKZPDC8az5+8VfgHfivF9/ElUM/TfxuEyfuCdb6lSmmMpx4U45iplRWvRW3oj8DgnRwbzvglBjFFxGF5/XiXcHjTtPbLl1UNu3wEpRsfVK1H/kiSvWwgyGAiuSu6OETKZmWdJ8z2xiIVY3i6iyeDQMxb+MhfBq3Wz0zgJEjJ0ULrx+m2H8CNpphYrgQIt1w1Xt8v+eLxKDaBj52NPgHb5L4hMdRnA0xgn7nYpomprF35FWYIIhgihNE0ROhcg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=qJcCk/sGMxe4NoKaAsV9VzmPM1L49PL0CnqdYdDMl7s=; b=QngZIP0kCeUhEh3u0I69helCaNScrnXynPkq9K2GzpNbY+a4uFX9GVyphqapT5mfAfGTf447D89CL72HvUEP10TQefntWorlR9osB79dhceJZ9NPuC7YZbtiKJ+D/vo/FG1txFx15pEeJOF486B4IheM3doqkVN6fRyZ1pkHPKcoYECgzdljaIJbt3uXQVOhFZXCC1xa/gP6D3SPaNdl5iRCty1xo+WiQKWa4JHMZsxEc8OMIyUTvgzT9F2mXPT7LAK6amnn67h4s7SZv7Ipj8vpdM2aQRXox53ziqlQdJElK7LipTsBAdTL+8oGOX+p8QvQET5njN9FjIMr3AHOHA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=hpe.com; dmarc=pass action=none header.from=hpe.com; dkim=pass header.d=hpe.com; arc=none
Received: from CS1PR8401MB0471.NAMPRD84.PROD.OUTLOOK.COM (2a01:111:e400:750d::13) by CS1PR8401MB0341.NAMPRD84.PROD.OUTLOOK.COM (2a01:111:e400:7509::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.15; Wed, 29 Sep 2021 02:46:17 +0000
Received: from CS1PR8401MB0471.NAMPRD84.PROD.OUTLOOK.COM ([fe80::64cf:9790:7554:5c0e]) by CS1PR8401MB0471.NAMPRD84.PROD.OUTLOOK.COM ([fe80::64cf:9790:7554:5c0e%11]) with mapi id 15.20.4544.021; Wed, 29 Sep 2021 02:46:17 +0000
From: "Joshi, Vinayak" <vinayak.joshi@hpe.com>
To: "Rabadan, Jorge (Nokia - US/Mountain View)" <jorge.rabadan@nokia.com>, The IESG <iesg@ietf.org>, "draft-ietf-bess-evpn-proxy-arp-nd@ietf.org" <draft-ietf-bess-evpn-proxy-arp-nd@ietf.org>, "bess-chairs@ietf.org" <bess-chairs@ietf.org>, "bess@ietf.org" <bess@ietf.org>, "Bocci, Matthew (Nokia - GB)" <matthew.bocci@nokia.com>, "jeanmichel.combes@orange.com" <jeanmichel.combes@orange.com>, "Eric Vyncke (evyncke)" <evyncke@cisco.com>
Thread-Topic: Éric Vyncke's Discuss on draft-ietf-bess-evpn-proxy-arp-nd-11: (with DISCUSS and COMMENT)
Thread-Index: AQHW7/+kojHR0jJxH0WfhBI9FWDqyKqI7LLQgEmobYCAArauf4CBrhUAgE4VwYCADKdNOIAHezhggABUFfKAALfSEIAAO5v8gAFeesA=
Date: Wed, 29 Sep 2021 02:46:16 +0000
Message-ID: <CS1PR8401MB047137969CA0CFBD217BC61BF2A99@CS1PR8401MB0471.NAMPRD84.PROD.OUTLOOK.COM>
References: <161123842361.25230.14225434357147230236@ietfa.amsl.com> <MWHPR08MB3520DEA4E1426AF839CBF079F76A9@MWHPR08MB3520.namprd08.prod.outlook.com> <980E5BB9-CA75-479A-8448-7C4AD76EC1CE@cisco.com> <BY3PR08MB70609B01671FCCC5837786DDF7599@BY3PR08MB7060.namprd08.prod.outlook.com> <1AA5592A-72B2-4522-B144-675237C2F0FC@cisco.com> <9B8C691A-8066-4B0C-873D-D1B9AA735210@cisco.com> <BY3PR08MB7060528BD440CEE407F9ACFAF7A29@BY3PR08MB7060.namprd08.prod.outlook.com> <CS1PR8401MB0471CB08E4AB9D8BE22ECCB4F2A79@CS1PR8401MB0471.NAMPRD84.PROD.OUTLOOK.COM> <BY3PR08MB70606F4891DD7CB3DCEEC01EF7A79@BY3PR08MB7060.namprd08.prod.outlook.com> <DF4PR8401MB0475126A042478F515C82432F2A89@DF4PR8401MB0475.NAMPRD84.PROD.OUTLOOK.COM> <BY3PR08MB7060275682595B2F805756DEF7A89@BY3PR08MB7060.namprd08.prod.outlook.com>
In-Reply-To: <BY3PR08MB7060275682595B2F805756DEF7A89@BY3PR08MB7060.namprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: nokia.com; dkim=none (message not signed) header.d=none;nokia.com; dmarc=none action=none header.from=hpe.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b3f00bfb-765d-4572-1263-08d982f34f75
x-ms-traffictypediagnostic: CS1PR8401MB0341:
x-microsoft-antispam-prvs: <CS1PR8401MB03417DEF407A77FE5B317D8DF2A99@CS1PR8401MB0341.NAMPRD84.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 85vxj5vPi6g5iwQ+CRFZbJ3xdfcGgJwIx8ciKCnJecK7QwrZDP/bR8Hh2LZid4QEUBEzCbcZjJQFkxiCeTNOXPozVCByDf6Y9Eh+15j0ZYhHCx89uJlCIniGBID1g3TkzOZuqlgE+XceGRew8GyDRh0xfc4vE+U9C7YWl3tk3Fhi5AEdWF+TG3nlX6fLNmWG2g2iZYtBX911o3ayEgjmF+4MYY3zDju/mZN2e/f8GOTUtX4zHhKuC02H0jgCO6iSUm10PiIMs0O7LHgdl+KzJgANgLwX3U2vJZ2JaQaqdBoRPRoHS2LC5c8pNrKr0lYQV1m2RXY2S6y/KIjstM9vv+wl0uDGxKsvttkGCuWxZKAD/pCm1dk5WIk/xxff52O1TsgohvNPwreXxITT4fWEEdrdVRQZ61ptAAn/nmrIpnZ/tc0LEohEwBqpslO1wCKaEYjuauakmEeM2ahyfOWRobM1avIsfDm1MEOWjtZQ1tpayA9i1DKw6FpcwSbMbx4KND5JPNJnlXL5g68HIkp39oAJrVqZ0Ze16tmU3MCIYLgzYVudMa2UCMtQhzigGDKMKG5FmPlodMRfcYAMzLOn+IuxFsofWoxOFZMdNwW1Va+39R4QV5wUXBc40azAG8qsG8w7OKd0uooDqaU24oEpzqTfnaBPt31eHGtEJRtrmUpJHDXI6NN+gvTdYiw9phJHZhx0G5KLmHPg2R3FuzehLIITun47bP5R0iDsgYDfFeXtkVwoLBDeTLpC+Tu9oFKHr3mA8fQgjMYLK1JthYBDcR5rE4ErSkMxPneZ9IGpCqNOMC3wVfetWP/aHTyDYsrg
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CS1PR8401MB0471.NAMPRD84.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(66446008)(966005)(66476007)(66556008)(64756008)(2906002)(5660300002)(30864003)(7696005)(66946007)(166002)(33656002)(55016002)(38070700005)(52536014)(122000001)(508600001)(26005)(38100700002)(9686003)(186003)(8936002)(6506007)(55236004)(71200400001)(83380400001)(110136005)(921005)(76116006)(86362001)(53546011)(296002)(316002)(224303003)(579004)(559001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: O8ZA2kShxGywapHg32tSt8c9kCDmnjFx4Q0iVklAhsi6v2mchcM0TuQlBlcRykfSMbAdjMKqwrwi1MKPuuK/U6h07Wal/37VlYGESKWU2xKx6Ao5ATNPWkxYeVrxT6aa7VR/iOwbUgdaPyIgRdAkHvWff1JvXmi+EZZzoxNR9d3vv9E8ynPaMqOqxz3PaZ8nrL3rRVSgSDD4fH/fnigEGl3p0jOWj3bWPE9Wclj+wmmnjkLBDL3/2jEhx9JMONyP8nD49dVhei4H5hkoJy+4YpJOjsVna/h5X55Pn7ZGAs8RdFzNhJyoeRqK0Ys6AjeLo0FzvQHz7PI97qePcYSL0YVlTzFnTVcW1kIwBj+yegml5zFk6JkyKI6spn+J8sxkLI3z3mLFiH/E6vrz0I90yIrg4S+XecOEai4xC6VmU6UcSbmYVlyvuBdX1BBPZBErQLvfduwWqM1fMuspJMtUz22Sj6uybV3naK4xLDeh7t8xfyLmk7tktESWcR1kKOmR5XdgUYGup7Hn3CYsWJlx60Luy32d1sHPF+n1zo/KF+uszgJE5evA6jd/1M94PsOyHykqYx/mayNmI73IMeDuXzSJ2dp48l1JSWkWCMLP++BO+A7GTFvEUEuX0GKw9BReGQvsOgUEW3oIpCNIXQ6WtUe7tKOqnqeidFGaJ7Pq4WolGJCx8nYHCvvqAJUG0mqzIOeP7q7GeAC8uCIqFTTF5SKqGIRp21cDYwrz3+pV+BRt3t2pC2rhsO9y/7zJ7PQ5pR8El+AZ+WI93i9kyBRY21ehH1dAFTWaSH7PxftjG683y/BqHIFK3LPpj9/u4WtEq1XMVSHiKFmLscih0fg8cYRZewXg/swWak3AjoOK4ySAdBY+xBgp1P5NypzsJZgAo6HqUHIuXmGRdH5JC79EDoy7xY+t99+uFgAL57sFD+6cWBw310gu/XkdgDDCOQinkYcpFigMjYjeywXwZEH+MBfqaOlCtO1R9tht6Q+apjd2GoChQuk1xtFenQkONaFSk7xLfUNu8YVSnF1LDa5ysILuvjacAFzQZHBxnmn11QGQ5qRBcqISkW7/yz6jFjrmgmeeRK8EENaHRusu+3h1cl4QnA12VPfkU/2H7/BMG+IKxHDtUndHNgCtTeKztL5lmyE4rLWNRMQuv7XbMjldVNEpUXZbx1eSbCy/EiQE8HlniRCP4U7Ggar7cs8wRxaYNbcs2kwQ/QMZznOrnP/nTmNQNcz50iwVBYOPVM3KDo1RR2nhQ7NY5fNCK/KUnF2mT745/VN6pfWwvZ9fbOl8qxB6vjxWAVD5F+Mbdop4WIDdgFm4F7xnCIpek0EBchWt
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_CS1PR8401MB047137969CA0CFBD217BC61BF2A99CS1PR8401MB0471_"
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CS1PR8401MB0471.NAMPRD84.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: b3f00bfb-765d-4572-1263-08d982f34f75
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Sep 2021 02:46:16.9712 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 105b2061-b669-4b31-92ac-24d304d195dc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: mbNBAaZqMCr7q8If9wHnAdP9r3ohujHYht94+H2QiDjT1RXRKHs6ho+6mtfKv6SfDK7IGPlVQYwDSvR8AKkgxw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CS1PR8401MB0341
X-OriginatorOrg: hpe.com
X-Proofpoint-ORIG-GUID: OfIdXl93dlMyDLpsSxvqJOEdhIeS7oZa
X-Proofpoint-GUID: OfIdXl93dlMyDLpsSxvqJOEdhIeS7oZa
X-Proofpoint-UnRewURL: 2 URL's were un-rewritten
MIME-Version: 1.0
X-HPE-SCL: -1
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-28_11,2021-09-28_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 mlxlogscore=999 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 adultscore=0 lowpriorityscore=0 mlxscore=0 spamscore=0 impostorscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109230001 definitions=main-2109290014
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/9QcOUpVeEtRcD3mXaBsvGPG0P3M>
Subject: Re: [bess] Éric Vyncke's Discuss on draft-ietf-bess-evpn-proxy-arp-nd-11: (with DISCUSS and COMMENT)
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Sep 2021 02:46:46 -0000

Jorge,

Thanks, that should help. No need to change the text.

Regards,
Vinayak

From: Rabadan, Jorge (Nokia - US/Mountain View) [mailto:jorge.rabadan@nokia.com]
Sent: Tuesday, September 28, 2021 11:25 AM
To: Joshi, Vinayak <vinayak.joshi@hpe.com>; The IESG <iesg@ietf.org>; draft-ietf-bess-evpn-proxy-arp-nd@ietf.org; bess-chairs@ietf.org; bess@ietf.org; Bocci, Matthew (Nokia - GB) <matthew.bocci@nokia.com>; jeanmichel.combes@orange.com; Eric Vyncke (evyncke) <evyncke@cisco.com>
Subject: Re: Éric Vyncke's Discuss on draft-ietf-bess-evpn-proxy-arp-nd-11: (with DISCUSS and COMMENT)

Hi Vinayak,

In the document the reply sub-function section says that the PE SHOULD reply to DAD NS messages, but it is not a MUST. So if your implementation has a config knob to not reply DAD NS messages as an exception, it could still be compliant with the document.

Thanks.
Jorge

From: Joshi, Vinayak <vinayak.joshi@hpe.com<mailto:vinayak.joshi@hpe.com>>
Date: Tuesday, September 28, 2021 at 4:21 AM
To: Rabadan, Jorge (Nokia - US/Mountain View) <jorge.rabadan@nokia.com<mailto:jorge.rabadan@nokia.com>>, The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>, draft-ietf-bess-evpn-proxy-arp-nd@ietf.org<mailto:draft-ietf-bess-evpn-proxy-arp-nd@ietf.org> <draft-ietf-bess-evpn-proxy-arp-nd@ietf.org<mailto:draft-ietf-bess-evpn-proxy-arp-nd@ietf.org>>, bess-chairs@ietf.org<mailto:bess-chairs@ietf.org> <bess-chairs@ietf.org<mailto:bess-chairs@ietf.org>>, bess@ietf.org<mailto:bess@ietf.org> <bess@ietf.org<mailto:bess@ietf.org>>, Bocci, Matthew (Nokia - GB) <matthew.bocci@nokia.com<mailto:matthew.bocci@nokia.com>>, jeanmichel.combes@orange.com<mailto:jeanmichel.combes@orange.com> <jeanmichel.combes@orange.com<mailto:jeanmichel.combes@orange.com>>, Eric Vyncke (evyncke) <evyncke@cisco.com<mailto:evyncke@cisco.com>>
Subject: RE: Éric Vyncke's Discuss on draft-ietf-bess-evpn-proxy-arp-nd-11: (with DISCUSS and COMMENT)
Hi Jorge,

Thank you for a detailed response.

As you said this is a corner case - hence may be it can be left to implementation. That is, a PE can have a config knob to treat DAD NS as an exception and not respond to it.

Regards,
Vinayak

From: Rabadan, Jorge (Nokia - US/Mountain View) [mailto:jorge.rabadan@nokia.com]
Sent: Monday, September 27, 2021 9:44 PM
To: Joshi, Vinayak <vinayak.joshi@hpe.com<mailto:vinayak.joshi@hpe.com>>; The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>; draft-ietf-bess-evpn-proxy-arp-nd@ietf.org<mailto:draft-ietf-bess-evpn-proxy-arp-nd@ietf.org>; bess-chairs@ietf.org<mailto:bess-chairs@ietf.org>; bess@ietf.org<mailto:bess@ietf.org>; Bocci, Matthew (Nokia - GB) <matthew.bocci@nokia.com<mailto:matthew.bocci@nokia.com>>; jeanmichel.combes@orange.com<mailto:jeanmichel.combes@orange.com>; Eric Vyncke (evyncke) <evyncke@cisco.com<mailto:evyncke@cisco.com>>
Subject: Re: Éric Vyncke's Discuss on draft-ietf-bess-evpn-proxy-arp-nd-11: (with DISCUSS and COMMENT)

Hi Vinayak,

Others can comment too, but these are my comments:

-    One of the main benefits of proxy-arp/nd is the reduction of flooding, and DAD is multicast traffic and it may be significant in an EVPN BD. So proxy-ND replying to DAD NS messages is still important IMO.
-    Although I guess the use-case you describe may be possible, one may wonder why the DHCPv6 server allocation strategy would allocate IP1 to MAC2, when it had just received a release for the IP from MAC1. And even without proxy-ND, it will take some time for the remote hosts to update their caches anyway, so it is not that the communication is uninterrupted if proxy-nd did not reply to DAD NS.
-    Also, the mechanisms in the document will update the proxy-ND entries as soon as possible, either due to CE1 acquiring a different IP and being learned or via the proxy-nd maintenance sub-function.
-    You mention GARPs for IPv4, there may also be unsolicited NA messages issued by CE1 in some cases, which would speed things up as well.

Due to the above, I would keep the current text in the document in regards to the reply to DAD NS messages. It would be good if others comment too, but to me it sounds like a corner case and in any case, the tables will be updated anyway.

Maybe we can add some text in the security section if it helps?

Thanks.
Jorge


From: Joshi, Vinayak <vinayak.joshi@hpe.com<mailto:vinayak.joshi@hpe.com>>
Date: Monday, September 27, 2021 at 12:34 PM
To: Rabadan, Jorge (Nokia - US/Mountain View) <jorge.rabadan@nokia.com<mailto:jorge.rabadan@nokia.com>>, The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>, draft-ietf-bess-evpn-proxy-arp-nd@ietf.org<mailto:draft-ietf-bess-evpn-proxy-arp-nd@ietf.org> <draft-ietf-bess-evpn-proxy-arp-nd@ietf.org<mailto:draft-ietf-bess-evpn-proxy-arp-nd@ietf.org>>, bess-chairs@ietf.org<mailto:bess-chairs@ietf.org> <bess-chairs@ietf.org<mailto:bess-chairs@ietf.org>>, bess@ietf.org<mailto:bess@ietf.org> <bess@ietf.org<mailto:bess@ietf.org>>, Bocci, Matthew (Nokia - GB) <matthew.bocci@nokia.com<mailto:matthew.bocci@nokia.com>>, jeanmichel.combes@orange.com<mailto:jeanmichel.combes@orange.com> <jeanmichel.combes@orange.com<mailto:jeanmichel.combes@orange.com>>, Eric Vyncke (evyncke) <evyncke@cisco.com<mailto:evyncke@cisco.com>>
Subject: RE: Éric Vyncke's Discuss on draft-ietf-bess-evpn-proxy-arp-nd-11: (with DISCUSS and COMMENT)
Hi Jorge,

A question related to DAD performed by CEs in the context of Proxy-ND.


1)      Say is IP1 allocation to MAC1 on a CE is released by the CE 1 (DHCP release) and IP1 is assigned to MAC2 (CE2) by DHCP server immediately (common in DCs).

2)      Now CE2 tries to perform DAD before accepting IP1 and it sends out a NS.

3)      The local PE might still have IP1==>MAC1 because EVPN route might still be in flight.

4)      If the local PE performs Proxy-ND and responds to the CE2, CE2 falsely detects a duplicate address.

EVPN route convergence latency can lead to incorrect IP==>MAC mapping due to Proxy-ARP/Proxy ND in general. Perhaps in a Grat-ARP arriving from CE2 originated can correct it quickly.
But in the DAD scenario above CE2 might just discard IP1.   Should DAD NSs be not subjected to Proxy-ND by the local PE and should it always be flooded?


Regards,
Vinayak

From: BESS [mailto:bess-bounces@ietf.org] On Behalf Of Rabadan, Jorge (Nokia - US/Mountain View)
Sent: Thursday, September 23, 2021 1:05 PM
To: The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>; draft-ietf-bess-evpn-proxy-arp-nd@ietf.org<mailto:draft-ietf-bess-evpn-proxy-arp-nd@ietf.org>; bess-chairs@ietf.org<mailto:bess-chairs@ietf.org>; bess@ietf.org<mailto:bess@ietf.org>; Bocci, Matthew (Nokia - GB) <matthew.bocci@nokia.com<mailto:matthew.bocci@nokia.com>>; jeanmichel.combes@orange.com<mailto:jeanmichel.combes@orange.com>; Eric Vyncke (evyncke) <evyncke@cisco.com<mailto:evyncke@cisco.com>>
Subject: Re: [bess] Éric Vyncke's Discuss on draft-ietf-bess-evpn-proxy-arp-nd-11: (with DISCUSS and COMMENT)

Hi Eric,

Thank you very much once again for your thorough review, it helped a lot.

Please see my comments and resolutions below with [jorge3]. Revision 15 incorporates all the changes.
Assuming this can clear your DISCUSS and COMMENTs (please let us know otherwise), I think the document also addresses Erik Kline's comments, and it is now ready to go.

Thanks.
Jorge


From: Eric Vyncke (evyncke) <evyncke@cisco.com<mailto:evyncke@cisco.com>>
Date: Tuesday, September 14, 2021 at 2:50 PM
To: Rabadan, Jorge (Nokia - US/Mountain View) <jorge.rabadan@nokia.com<mailto:jorge.rabadan@nokia.com>>, The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>, draft-ietf-bess-evpn-proxy-arp-nd@ietf.org<mailto:draft-ietf-bess-evpn-proxy-arp-nd@ietf.org> <draft-ietf-bess-evpn-proxy-arp-nd@ietf.org<mailto:draft-ietf-bess-evpn-proxy-arp-nd@ietf.org>>, bess-chairs@ietf.org<mailto:bess-chairs@ietf.org> <bess-chairs@ietf.org<mailto:bess-chairs@ietf.org>>, bess@ietf.org<mailto:bess@ietf.org> <bess@ietf.org<mailto:bess@ietf.org>>, Bocci, Matthew (Nokia - GB) <matthew.bocci@nokia.com<mailto:matthew.bocci@nokia.com>>, jeanmichel.combes@orange.com<mailto:jeanmichel.combes@orange.com> <jeanmichel.combes@orange.com<mailto:jeanmichel.combes@orange.com>>
Subject: Re: Éric Vyncke's Discuss on draft-ietf-bess-evpn-proxy-arp-nd-11: (with DISCUSS and COMMENT)
Hello Jorge,

Sorry for belated reply... IETF week and some holidays were on the path...

The -14 revision has vastly improved the document and has addressed the majority of my points. There are anyway still one open blocking DISCUSS point and three COMMENT points (but feel free to ignore them).

See in the elided text for EV3>

Regards,

-éric



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------
== DISCUSS ==


-- Section 3.2 --
Why not flooding to all other PEs the ARP/NS with unknown options ? It would be
safer.
[jorge] yes, the new text is as follows, let me know please:

   f.  A PE MUST only reply to ARP-Request and NS messages with the

       format specified in [RFC0826] and [RFC4861] respectively.

       Received ARP-Requests and NS messages with unknown options SHOULD

       be either forwarded (as unicast packets) to the owner of the

       requested IP (assuming the MAC is known in the Proxy-ARP/ND table

       and BD) or discarded.  An option to flood ARP-Requests/NS

       messages with unknown options MAY be used.  The operator should

       assess if flooding those unknown options may be a security risk

       for the EVPN BD.  An administrative option to control this

       behavior ('unicast-forward', 'discard' or 'forward') SHOULD be

       supported.  The 'unicast-forward' option is described in

       Section 3.4.

EV> please note that the 'forward' behavior does not seem to be listed as a sub-function
[jorge2] Not listed as a specific sub-function but 'forward' is the flooding behavior when the ARP-Request/NS is received and  the lookup in the proxy-ARP/ND table is unsuccessful, as described in section 3. I changed the bullet f) a bit for clarity:
   f.  For Proxy-ARP, a PE MUST only reply to ARP-Request with the
       format specified in [RFC0826].  For Proxy-ND, a PE MUST reply to
       NS messages with the format and options specified in [RFC4861],
       and MAY reply to NS messages containing other options.  Received
       NS messages with unknown options MAY be forwarded (as unicast
       packets) to the owner of the requested IP (assuming the MAC is
       known in the Proxy-ARP/ND table and BD).  An administrative
       choice to control the behavior for received NS messages with
       unknown options ('unicast-forward', 'discard' or 'forward') MAY
       be supported.  The 'forward' option implies flooding the NS message
       based on the MAC DA.  The 'unicast-forward' option is described
       in Section 3.4.  If 'discard' is available, the operator should
       assess if flooding NS unknown options may be a security risk for
       the EVPN BD (and is so, enable 'discard'), or if, on the
       contrary, not forwarding NS unknown options may disrupt
       connectivity.

EV2> the text should also state that NS messages MAY be 'discarded' to be consistent with the administrative choice.
EV2> in the 'MAY be forward', the text is only about unicast while the administrative choice includes the 'forward' / flooding
EV2> the administrative choice should also include 'reply' (even if I really dislike this choice as it can break badly things)
EV2> strongly suggest to add a 'SHOULD forward' or 'This document RECOMMEND to 'forward''

EV3> an answer or a new text for the above is all that remains from my previous DISCUSS points.
[jorge3] I rewrote the text in revision 15 to clarify all those points. I split the bullet and made it clearer for IPv6. Hope it helps remove your concern:
   e.  For Proxy-ARP, a PE MUST only reply to ARP-Request with the
       format specified in [RFC0826].

   f.  For Proxy-ND, a PE MUST reply to NS messages with known options
       with the format and options specified in [RFC4861], and MAY
       reply, discard, forward or unicast-forward NS messages containing
       other options.  An administrative choice to control the behavior
       for received NS messages with unknown options ('reply',
       'discard', 'unicast-forward' or 'forward') MAY be supported.

       -  The 'reply' option implies that the PE ignores the unknown
          options and replies with NA messages, assuming a successful
          lookup on the Proxy-ND table.

       -  If 'discard' is available, the operator should assess if
          flooding NS unknown options may be a security risk for the
          EVPN BD (and if so, enable 'discard'), or if, on the contrary,
          not forwarding/flooding NS unknown options may disrupt
          connectivity.  This option discards NS messages with unknown
          options, irrespective of the result of the lookup on the
          Proxy-ND table.

       -  The 'unicast-forward' option is described in Section 3.4.

       -  The 'forward' option implies flooding the NS message based on
          the MAC DA.  This option forwards NS messages with unknown
          options, irrespective of the result of the lookup on the
          Proxy-ND table.  The 'forward' option is RECOMMENDED by this
          document.



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

-- Section 2.1 --
I would have assumed that the multicast nature of IPv6 address resolution would
cause more problems than IPv4 ARP. The use of link-local multicast groups do
not usually help as MLD snooping is often disabled in switches for link-local.
Not to mention that there could be more IPv6 addresses per node than IPv4
address and IPv6 addresses keep changing. Do the authors have data to back this
section ?
[jorge] I added a sentence in that respect. As a side note, one of the references that we include claims that the use of SN-multicast addresses in NS messages is actually better than broadcast in ARP, given that SN-multicast IP Das can be easily identified and discarded at the receiving CEs (assuming that the PEs do not have MLD snooping enabled) https://delaat.net/rp/2008-2009/p23/report.pdf<https://delaat.net/rp/2008-2009/p23/report.pdf>

EV> I failed to see the added sentence in -13
EV> the URL you wrote above does not work anymore... Also, quite an old reference
[jorge2] you're right - I removed the reference since it no longer exists. Although illustrative, It is not important to understand the text anyway. The paragraph about mcast is this one:
The issue might be better in IPv6 routers if MLD-snooping was
   enabled, since ND uses SN-multicast address in NS messages; however,
   ARP uses broadcast and has to be processed by all the routers in the
   network.  Some routers may also be configured to broadcast periodic
   GARPs [RFC5227].  The amount of ARP/ND flooded traffic grows
   exponentially with the number of IXP participants, therefore the
   issue can only grow worse as new CEs are added.

EV2> The text does not address the fact that IPv6 nodes have more than 1 IPv6 address, which keeps changing.
EV2> The text does not justify the 'exponentially', I would have assumed linearly (or even perhaps squared but not exponential)

EV3> my two points above are still opened but they are non-blocking
[jorge3] I tried to address both comments in revision 15:
   The issue might be better in IPv6 routers if MLD-snooping was
   enabled, since ND uses SN-multicast address in NS messages; however,
   ARP uses broadcast and has to be processed by all the routers in the
   network.  Some routers may also be configured to broadcast periodic
   GARPs [RFC5227].  For IPv6, the fact that IPv6 CEs have more than one
   IPv6 address contributes to the growth of ND flooding in the network.
   The amount of ARP/ND flooded traffic grows linearly with the number
   of IXP participants, therefore the issue can only grow worse as new
   CEs are added.



-- Section 3.2 --

Why is there no IPv6 equivalent of e) ?
[jorge] we think the use of these ARP probes is not that common, whether IPv6 DAD procedures are performed by all CEs, and we want the PEs to reply to DAD messages if they can, to reduce the flooding among PEs. That's how it has been implemented. Let me know if it is ok.

EV2> AFAIK, Windows does (at least did) ARP probe to do IPv4 DAD. So, it MUST either reply when there is a mapping or flood it.
EV3> so, I still wonder what to do with the several Windows (and possibly others) ARP probes (non blocking)
[jorge3] ok, reflecting on this, I think you are right, and we should be consistent with IPv6. In rev 15, I removed the point (e) about ARP probes, and included in point (c):
   c.  A PE SHOULD reply to broadcast/multicast address resolution
       messages, that is, ARP-Request, ARP probes, NS messages as well
       as DAD NS messages.  An ARP probe is an ARP request constructed
       with an all-zero sender IP address that may be used by hosts for
       IPv4 Address Conflict Detection as specified in [RFC5227].  A PE
       SHOULD NOT reply to unicast address resolution requests (for
       instance, NUD NS messages).




In point f), "or discarded" can a packet with known IP->MAC mapping be
discarded as well ?
[jorge] do you mean with known options? I don't think that needs to be specified but let me know if you think differently.

EV2> I meant with known mapping and unknown options. The new text is kind of strange as one sentence says "MAY be forwarded" and the next sentence says that there are 3 choices. A little ambiguous ?

EV3> I still find the text weird and inconsistent
[jorge3] True. Please see above. I hope the new text clears the ambiguity.

v2.23.0 | Report a Bug | By Email