Re: [Idr] Magnus Westerlund's Discuss on draft-ietf-idr-tunnel-encaps-20: (with DISCUSS)

Magnus Westerlund <magnus.westerlund@ericsson.com> Fri, 04 December 2020 10:43 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 550CC3A08DA; Fri, 4 Dec 2020 02:43:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t3cWDt3J-5tu; Fri, 4 Dec 2020 02:43:39 -0800 (PST)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2041.outbound.protection.outlook.com [40.107.22.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0BCD83A08C0; Fri, 4 Dec 2020 02:43:38 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K0dST8tMTdu32vpFnzi6AydTy5/HBEVADJEqh1O02/z6XR6leRZik+D9D9byAFRyWKFxXtvo/0TbjvIEMU47xqRNJFSon7LjHkRsB/bwud5La+l2QFxWf9RDX3pqIGs54Ovajcbm56ywH7uwnXV/zepiel/OyYLtOPShDfKsTmo+qfNXAdT6r3wED3Rp89s3eRfOTrQsd6ljImXNi/bzTTiANwDSz9Nz6k22uMdVLc7bCH05MP4QkPE3trxR/nH0LlU8AQeZyYHl58tSkRa4o/UC5FkyJMwDeOITx8uJ/jdEwV5XDlYtzTknHPeMCkyHgC2/OqmMmSgs30fXRNSimw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SFRubiTR7x6S1R2shpDnZvKknPYP4V7Z1M1RWA+qHSg=; b=I4Jzo5vq4hQRehBgnioV2hw4tCr5VigOtcsZYuRdaO87x10XM75p5IAuexDf69TzcRpx4X4w0EZb+M3UvvaZC2GfvoNupoTYrsHUzqKXAFUuxZHG9+8FLK5E3VkCV+ggAezINhvvt66/4XiN9XjOoH+tI5or5tEqhvJ0diQMtEMjZHWgFI25rJaXYYyUfMgMEmn4GEPQ03UYkwh4ogjwInarvSpz3AtmynKt0CSezD1PVVqVkGoYBQb7hkC8/15jceTIaxHKdHWi8IIxG2zFrCZadK7A3JwHt+ZL4FKMok3eNnzIKUZh1+ECbGFMUn/R+TnSxkZcdGf/0P+ouesgWw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SFRubiTR7x6S1R2shpDnZvKknPYP4V7Z1M1RWA+qHSg=; b=KoUWRPa5WK3DiearXJmy8IetOyjPNYeW004pll9Z3kNfLTBVR5s0QunpznqPLD4MmQ1b1D1Eipa24EcDZjAlvhG6GoMeIaZFUP0uILE8MGiJyU66VjNj6EWh6/UDeuteuELecfeKMAfd+3gtsEN5r4dXlwlvDswpUbA13T5SXHg=
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com (2603:10a6:7:8e::14) by HE1PR0702MB3707.eurprd07.prod.outlook.com (2603:10a6:7:83::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.9; Fri, 4 Dec 2020 10:43:36 +0000
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::8cd:496:65de:4ace]) by HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::8cd:496:65de:4ace%6]) with mapi id 15.20.3632.018; Fri, 4 Dec 2020 10:43:36 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "jgs@juniper.net" <jgs@juniper.net>
CC: "idr@ietf.org" <idr@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "idr-chairs@ietf.org" <idr-chairs@ietf.org>, "draft-ietf-idr-tunnel-encaps@ietf.org" <draft-ietf-idr-tunnel-encaps@ietf.org>, "shares@ndzh.com" <shares@ndzh.com>, "aretana.ietf@gmail.com" <aretana.ietf@gmail.com>
Thread-Topic: Magnus Westerlund's Discuss on draft-ietf-idr-tunnel-encaps-20: (with DISCUSS)
Thread-Index: AQHWyWJuKQHhG1Wgvky8fhmmmVxer6nl5pQAgADbRQA=
Date: Fri, 4 Dec 2020 10:43:36 +0000
Message-ID: <ad54d8b05747127c593aab0337f1496e4ee25dbd.camel@ericsson.com>
References: <160699274176.32616.2646384288138693459@ietfa.amsl.com> <011B5202-4AA9-413F-B16C-C8BF9E43A0CA@juniper.net>
In-Reply-To: <011B5202-4AA9-413F-B16C-C8BF9E43A0CA@juniper.net>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Evolution 3.28.5-0ubuntu0.18.04.2
authentication-results: juniper.net; dkim=none (message not signed) header.d=none;juniper.net; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [158.174.130.243]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 99c86817-2dce-48d8-3cec-08d898417434
x-ms-traffictypediagnostic: HE1PR0702MB3707:
x-microsoft-antispam-prvs: <HE1PR0702MB3707C49676F1F5FE64654BD795F10@HE1PR0702MB3707.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2kPOpU3xiITHY6Hu3nGmZ2slJwUYqRPppJgByw9BbLUfU9So8mxDdr51zx1bjli8s0n5BI6ALVm1b9zv792Z4jDKfjVvU8XpEC+nc11+m+nSCajEkP5h3Pkx5HmoAmLbJf/UemaAdZAH/Yz3uemntVOFpAAgRyjpeCAiJ84cco/Oakuw6ggNCIL1eMsngTL0eaehRpLe+9Eo1h39VQnZP3RAEqrkh1mCficYIJz8d72A9YJmSKsM0/96iOdg2ZzqcMF6JzaKVdZV1pvCViljwmKBV0KNnRanrFKu50knFFfxOaZunm66TD7A1tdYa+7ID5lW936oLJYjb8AcxOcWQm2s5Zz6JaNeK2nsofR3VxP51CDi2I1PBOn/C2yQ3RISbwQqOP6qKbzMEIRwHMweyJRMqIwVw8Q2eFxGNt/36pm0It5bzYi2G5UHQbf+oCm3hmzgcgZdp53/dqVsRF6hpA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3772.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(136003)(39860400002)(346002)(376002)(366004)(26005)(64756008)(6486002)(66476007)(66556008)(86362001)(966005)(71200400001)(186003)(5660300002)(83380400001)(30864003)(6512007)(2906002)(66946007)(478600001)(36756003)(316002)(66616009)(99936003)(2616005)(8936002)(53546011)(76116006)(8676002)(6506007)(54906003)(66446008)(4326008)(6916009)(44832011)(99106002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?THhaOTBPS2pJREFMOHhwM0hOWUhDNGN2V1NsQlp2a2dBR0gwMytqb1lucG13?= =?utf-8?B?T0ZVYkRTZUhvdGpQTEtQVVFqbmJUdy8zdmczK1BnTDRxSnl6WTBMTXN1YXU4?= =?utf-8?B?a2dtUTdYWklUTWJVUURxTWhDQXBCK3VET0tBcVJBWDBRdE81SGkvMFdndnFs?= =?utf-8?B?d05qQ1VQRVBxWXR4UlQzL2Rkc2dTNmkxYTU0TE1XS3hVN0hpcmZidDhwV2lo?= =?utf-8?B?b2FLZTdWcTYxazNXWllrdFFHdzBzZmhtTVNBTGpobVNPVWZiMmdxZHBFNU9E?= =?utf-8?B?VjBQajFVNTh1aW9ITmZOZk95aEtaVmRBZEM4aFBIWWVaK3J6Ty9XdFMwNmx5?= =?utf-8?B?Wmt5bHM5MFhCYllQR0VkQllQYktMKzlPS2JXeFFncUpkWHFwN1Z4VTd1NVNM?= =?utf-8?B?KzJUUzZjM1M0RjVSZ09TcXhrR0RHNnpHUGVGVGV1bGJjRTlsMHMrR2dxNkI5?= =?utf-8?B?dXRWZ05VZU55amFKZmxEejNhcnU0SUFBQXJ4eWxXUGd5MXFDaVBKTWpqWmRE?= =?utf-8?B?YWNwTG5jWjhLMEhKdWlYU0d2c3ZwVk9kMzN6NjJxdys3b2dJeUZiWWtaY3l4?= =?utf-8?B?ZkNMa05zQ2VMTHdSTTgwYnVGajdxYnVSU1ZrMnpSRkRRaGdaOUhJLy9kT3p4?= =?utf-8?B?cis3UUZDamhLY3VIMUoxc1RtQWovVThibTJ2UW9hUFNIdERUbWZLN3d2bkJy?= =?utf-8?B?V2NWcXpQSjBhZUdoNjlsZTlROVhQaEUyekxxelFMR29EWkVlREtvTkVsTlZF?= =?utf-8?B?bHdLRGNNWi9WRy9EMUJWaC9ML2poKzJLYTZVR05EamppQ3ZNTll6NSs1ano1?= =?utf-8?B?dVhBTGJKbUIxTXNjM2s3UnJ5QjdGUUdGSGRsc2JXYk1NdHJvWWltSytnZEFU?= =?utf-8?B?QXFoWkRwRVJmaVRUMDFRRWxIaUd3Rm5BdGJVTnBETlI0S3hXcWRyQzZuNlYr?= =?utf-8?B?ZlJHZ0FCRnpnMUhLWVhxQ2VGbXNOV2ZnSC9DNWZaYkxFUkxYUXlWLzBuV3ZM?= =?utf-8?B?bW9Ta1FGMW9KNTlIdFhpMHpvKzBsMzdteTVVZnlCUW5QQzJTbG9RY1Y4Y09o?= =?utf-8?B?Um9kQitsVkM0KzNHUnIzOS9Mczd0M2hsangxb2xGbGoxZDFkclRZdEFZeUpQ?= =?utf-8?B?amVMV0NRVXAxOUR5Wmt3ay8zbVpYYlBCMGJXWUR0TVlyc0ZNMFA0aXBueGdP?= =?utf-8?B?K3VienQrSFpqdDJWMlJEMnZ1NWdkS0lwZVIrUWxSaDR6WFFnR0dDaEdRYlJ5?= =?utf-8?B?bHJpK1pwemt0NkVvd2Ztb3gvbXA1YXFra0x3YzN6eDhtMERScFoySEdVNFpi?= =?utf-8?Q?oW3uAy6IM5hbB3ElNqhoJSaX9fM0/tbrVl?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; micalg="sha-256"; protocol="application/x-pkcs7-signature"; boundary="=-o7ulHqwZoYE/TmI3rBAc"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0702MB3772.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 99c86817-2dce-48d8-3cec-08d898417434
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Dec 2020 10:43:36.1552 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: kOlYi7KUuEGQFwCUSwhHnIh+7LSXP4np2euAX9FAUuhXFECRuyC+/t7j71RbzgQt/dnxmLRpuw7pwC68vd7oD8C8gkH1gS9uESbhh3gKBxw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3707
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/Ns51vmF0Ah_O7FTCqS1g9SsQpHA>
Subject: Re: [Idr] Magnus Westerlund's Discuss on draft-ietf-idr-tunnel-encaps-20: (with DISCUSS)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2020 10:43:42 -0000

Hi John,

Thanks for clarification. Let me try to explain how I interpreted the document.

So the document do talk in the introduction about a few specific tunneling
protocols. It then defines a number of tools. However, what I am missing is the
specification for protocol foo, which combinations that actually are excepted to
work and what sub-tlvs that are to be used. Basically individual requirements on
what needs to be supported for each protocol. 

The second part is really a question if there are need for additional
configuration of these specific tunnel and encapsulation combinatins when it
comes to ECN, IPv6/UDP zero-checksum, and source ports. I think all of these
questions are easier to answer in the context of particular configuration
combinations compared to the unspecified level. 

So what I propose should be done are the following.

For each tunnel protocol that the WG currently want to signal with this create a
subsection. In that subsection include the following.

 - Which encapsulations alternatives that can be supported, and point to the
data plane specifications for these combinations. 

 - Identify all sub-tlvs that are either required or optional to use with this
protocol to correctly configure any of the identified combinations. 

 - If IP is part of the encapsualtion. Determine if outer ECN processing is
mandatory in egress or not. If not mandatory, then I think you likely have a
need for a configuration. And in that case I don't quite understand if the
entity that creates these tunnel configurations will know the egress
capabilities and this can determine if the configuration is supported.

 - For encapsualtions using IPv6/UDP then zero-checksum considerations per that
data plane specification needs to be considered if it can be supported, and if
there is need for a configuration of that option. 

 - For encapsulation using UDP, the data plane specification does it define
source port usage. You appear to indicate that no such need has so far been
raised. 

For the last 3 bullets it might not be necessary to say anything in the
document. However, as the document is currently not well specified on which
combinations are possible, I can't determine if there are a need for these three
bullets or not. I would suspect that current practice might make this clear more
than necessary our combination of specifications saying this specifically. 

My impression for example when it comes to zero-checksum for IPv6/UDP is used
widely with little consideration about the potential issues. However, this work
is done in a WG for inter domain routing. Thus, the general context is inter
domain routing, and that pushes the zero-checkum usage from within a single
domain into multiple ones. Thus, the risk for errors that checksum would detect
is different and also the potential impact of failure to verify is different.
Thus, there might actually exist a configuraiton need for this if one intended
to pay attention to what might be written into the user plane specification.
Here actually we do have an issue with RFC 7510:

So your document states: 

   MPLS-in-UDP [RFC7510] is also supported, but an
   Encapsulation sub-TLV for it is not needed since there are no
   additional parameters to be signaled.

While if you go read Section 3.1 of RFC 7510 it states the following in regards
to zero-checksum:

   The UDP checksum MUST be implemented and MUST be used in accordance
   with [RFC768] and [RFC2460] for MPLS-in-UDP traffic over IPv6 unless
   one or more of the following exceptions applies and the additional
   requirements stated below are complied with.  There are three
   exceptions that allow use of UDP zero-checksum mode for IPv6 with
   MPLS-in-UDP, subject to the additional requirements stated below in
   this section.  The three exceptions are:

   a.  Use of MPLS-in-UDP in networks under single administrative
       control (such as within a single operator's network) where it is
       known (perhaps through knowledge of equipment types and lower-
       layer checks) that packet corruption is exceptionally unlikely
       and where the operator is willing to take the risk of undetected
       packet corruption.

   b.  Use of MPLS-in-UDP in networks under single administrative
       control (such as within a single operator's network) where it is
       judged through observational measurements (perhaps of historic or
       current traffic flows that use a non-zero checksum) that the
       level of packet corruption is tolerably low and where the
       operator is willing to take the risk of undetected packet
       corruption.

   c.  Use of MPLS-in-UDP for traffic delivery for applications that are
       tolerant of misdelivered or corrupted packets (perhaps through
       higher-layer checksum, validation, and retransmission or
       transmission redundancy) where the operator is willing to rely on
       the applications using the tunnel to survive any corrupt packets.

   These exceptions may also be extended to the use of MPLS-in-UDP
   within a set of closely cooperating network administrations (such as
   network operators who have agreed to work together in order to
   jointly provide specific services).  Even when one of the above
   exceptions applies, use of UDP checksums may be appropriate when VPN
   services are provided over MPLS-in-UDP; see Section 6.

   As such, for IPv6, the UDP checksum for MPLS-in-UDP MUST be used as
   specified in [RFC768] and [RFC2460] for tunnels that span multiple
   networks whose network administrations do not cooperate closely, even
   if each non-cooperating network administration independently
   satisfies one or more of the exceptions for UDP zero-checksum mode
   usage with MPLS-in-UDP over IPv6.

So this indicate to me that there is a significant likelyhood that for the
intended usage of these tunnel encapsulations would not qualify for the
exceptions and should use checksums. If that needs signalling or not is the next
question. That comes back to how the configuring node knows about capabilities
and how one can resolve lack of a capability when signalled. 


Cheers

Magnus

On Thu, 2020-12-03 at 21:38 +0000, John Scudder wrote:
> Hi Magnus,
> 
> Thanks for your comment. My reply below.
> 
> > On Dec 3, 2020, at 5:52 AM, Magnus Westerlund via Datatracker <
> > noreply@ietf.org> wrote:
> > 
> > [External Email. Be cautious of content]
> > 
> > 
> > Magnus Westerlund has entered the following ballot position for
> > draft-ietf-idr-tunnel-encaps-20: Discuss
> > 
> > When responding, please keep the subject line intact and reply to all
> > email addresses included in the To and CC lines. (Feel free to cut this
> > introductory paragraph, however.)
> > 
> > 
> > Please refer to 
> > https://protect2.fireeye.com/v1/url?k=82d10e2c-dd4a3435-82d14eb7-8682aaa22bc0-bdb272a0df47b7f6&q=1&e=99571de8-da16-449c-9dd9-87475a28842b&u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fwww.ietf.org%2Fiesg%2Fstatement%2Fdiscuss-criteria.html__%3B%21%21NEt6yMaO-gk%21R160ShLm3-ilXKD-spxJGlwrvP9vjZX5gkLJJWWbNNKe-2FiwsoZbD19wDsUXw%24
> > for more information about IESG DISCUSS and COMMENT positions.
> > 
> > 
> > The document, along with other ballot positions, can be found here:
> > 
https://protect2.fireeye.com/v1/url?k=9454b6c6-cbcf8cdf-9454f65d-8682aaa22bc0-156a49648ff7e6bf&q=1&e=99571de8-da16-449c-9dd9-87475a28842b&u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-idr-tunnel-encaps%2F__%3B%21%21NEt6yMaO-gk%21R160ShLm3-ilXKD-spxJGlwrvP9vjZX5gkLJJWWbNNKe-2FiwsoZbD2i6NtMNw%24
> > 
> > 
> > 
> > ----------------------------------------------------------------------
> > DISCUSS:
> > ----------------------------------------------------------------------
> > 
> > So this is really to start a discussion of how the framework approach of
> > this
> > document may not be explicit enough on what combination is actually viable
> > combination and have existing specification for how to deal with a number of
> > behaviors for tunnels. So my view after having read this one is that the
> > signalling is specified in a two tier fashion, with an outer encapsulation
> > that
> > can be IPvX, IPvX/UDP for example and then a tunnel protocol like GRE,
> > VXLAN,
> > L2TPv3. So I don't believe all combinations of outer encapsulation and
> > tunnel
> > protocol is actually defined. This document does not provide a table with
> > the
> > reference for where the actual data plan specification for combinations are
> > provided. I think it would be good if there actually existed such a
> > table/list.
> 
> It’s not the goal of the spec to provide an all-encompassing evaluation or
> framework for tunneling as a data-plane technology. It would be a worthy
> effort to do that work, but I don’t think IDR is the right place to do it, nor
> do I think this document is the right document for it. The goal of the spec is
> restricted to signaling; more discussion below.
> 
> It’s also not the goal of the spec to support every conceivable combination in
> which you might construct a tunnel, it’s pragmatically oriented to things
> people actually wanted to ship and deploy. See also my responses to a few of
> the others, where I took the position that if other feature support is desired
> (for example, flow label), it’s up to those wanting that support to specify
> it.
> 
> > The next aspect of this discuss is the difficulty in determining if the
> > provided sub-TLVs are sufficient. I will mention a number of potential ones
> > that I wonder if they are necessary to configure these combinations.
> > 
> > To build on Erik Kline's discuss. So are for all these combinations when IP
> > is
> > the outer encapsulation is the egress ECN behavior to correctly mark or drop
> > inner payload well defined. If the egress is not guaranteed to do the
> > correct,
> > then I think a configuration option is required.
> 
> I’m afraid I don’t follow this point.
> 
> > When using UDP encapsulation combined with IPv6 there is the question if one
> > can safely use zero-checksum. Per RFC 6935 and RFC 6936 some consideration
> > is
> > needed to determine if the inner payload is safe to combine with zero
> > checksum.
> > So this requires the combination of tunnel protocol and inner payload to
> > determine this. So I think some of these tunnel protocols have text on this,
> > but I don't know which combinations have this specified. And also here arise
> > a
> > question if some of these will also need a configuration option as there
> > exist
> > some inner payloads that could not be safe and thus a different tunnel with
> > checksum enabled may be required.
> > 
> > When using UDP encapsulation I am wondering over source port usage. To my
> > knowledge some of these protocols like VXLAN do defines that source ports
> > are
> > picked randomly to ensure header hashing will provide different values for
> > different inner flows. So is there a need in any of this cases to identify a
> > single source port?
> 
> None that’s been raised to date.
> 
> > So I at least are unable to determine if this specification are containing
> > all
> > necessary attributes when it doesn't have identification of what
> > combinations
> > it expect to work, and what behavior on the above aspects is just working.
> 
> I guess it depends on what you mean by “necessary”. The spec has been found
> sufficient for at least three implementations to be shipped, so it’s
> demonstrably solving a real-world problem. (See the IDR wiki implementation
> report.) It’s been found sufficient for a number of other specs, largely in
> BESS, to base their functions on. (See the shepherd report.) I’m certain that
> if you compared the functionality that’s been implemented and/or depended on
> by other specs, with the complete matrix of potential functionality, you would
> find the surface has barely been scratched yet, which I think is fine. In that
> sense, I think of this spec as a framework (the attribute itself, and the
> TLV/sub-TLV structure within it, and their generic processing rules) plus a
> number of applications within that framework (the sub-TLVs). In my opinion, it
> would be problematic if the framework were deficient, but there is no
> expectation on the part of the authors or WG that every possible application
> has been covered, and again, that’s fine.
> 
> I expect there will be a great many extensions specified in the future.
> 
> > So lets start discussing what needs to be addressed here if any.
> 
> Thanks,
> 
> —John