IETF Logo Mail Archive

Re: [nvo3] I-D Action: draft-ietf-nvo3-geneve-04.txt

Tom Herbert <tom@herbertland.com> Mon, 27 March 2017 13:08 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: nvo3@ietfa.amsl.com
Delivered-To: nvo3@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFD58126DC2 for <nvo3@ietfa.amsl.com>; Mon, 27 Mar 2017 06:08:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YLdQQB5-8ZU8 for <nvo3@ietfa.amsl.com>; Mon, 27 Mar 2017 06:08:14 -0700 (PDT)
Received: from mail-qt0-x230.google.com (mail-qt0-x230.google.com [IPv6:2607:f8b0:400d:c0d::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5899A12932A for <nvo3@ietf.org>; Mon, 27 Mar 2017 06:08:12 -0700 (PDT)
Received: by mail-qt0-x230.google.com with SMTP id r45so36367596qte.3 for <nvo3@ietf.org>; Mon, 27 Mar 2017 06:08:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=YuO77JrJEXUa2rCqBh+IH1jfngT3LpfI5rmmjOMpTto=; b=JxnwLIoqpj3EznGbiVsvH67cZ9RtJC1HZmasMY2b9SFc3Wejoz73nd4wFHaQHj8P/D SVJY4BRyI09Zw4IjRpq2wcmFBzSbmYXQIrMJcbh1GFQY46WOAByLVkWiQNJX1X0+1YJi oPljf8RL6HAAZRtUT4ds5bCeSLIc1OHUp0dkOksAnVx6ICUAVdz1RJeUEIBqO/evwttC jx31WnR55xxcYaaZ4fSovpQ9+iduVsNiPkDt12gPNMR6nPtSdNTgFXd3KUo0dBjX+mAw LYR9rjVKqJ/anZkGR31EUEXGN2FAf9sAewGl6ECiJG2FNhnBbnIyNEGhG6shpjvR2V72 AE3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=YuO77JrJEXUa2rCqBh+IH1jfngT3LpfI5rmmjOMpTto=; b=V+csT3RId7I2Y3k5g8GSMM6uc9Ppo2L+MGRcMez0en+U+tPPwGtSyuPO8i/D4PDQpe BJYGEPRJm+iIG2ZEPPKBAnNlonUgQieMsG54LleGZdT9s2gzFTHRrLIQqLFa/ulSYvRY TZr2Z1kNs1dhAJEntJr5UhxZdOIGmOAvmUSQMwR26YerEWKF3ZIFvYVnk6S8k44ubKqS AYypxg8kaV4itawaws+b/amXXxmrcvmSzltw/QOOeupDT7QsBOEpa0AJ1JPT/bJ/PVCv Z5Z38dQkwyWnhvcAYlTZVgcDw+OmhpizGRJd7HdKv99tdR8ZXKqr4WGGmJwoeOll/4fg JePg==
X-Gm-Message-State: AFeK/H3QmToYt6P7c9QNuj87IPWGYV87FgxPpurwiZOPrlgenT9syDu3UxdZLBu1r9K788cp5wGE1OyaplAucw==
X-Received: by 10.200.38.3 with SMTP id u3mr8676251qtu.203.1490620091276; Mon, 27 Mar 2017 06:08:11 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.94.113 with HTTP; Mon, 27 Mar 2017 06:08:10 -0700 (PDT)
In-Reply-To: <148944213947.20276.327932844116144830@ietfa.amsl.com>
References: <148944213947.20276.327932844116144830@ietfa.amsl.com>
From: Tom Herbert <tom@herbertland.com>
Date: Mon, 27 Mar 2017 06:08:10 -0700
Message-ID: <CALx6S37JxHWYyW=Vfvt-5qEV4+sPfZcfCiD=7ij_inG_Dr3tvw@mail.gmail.com>
To: internet-drafts@ietf.org
Cc: i-d-announce@ietf.org, "nvo3@ietf.org" <nvo3@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nvo3/MeulEvzgJ7Ho4HZuP7Zp3zd1vDk>
Subject: Re: [nvo3] I-D Action: draft-ietf-nvo3-geneve-04.txt
X-BeenThere: nvo3@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Network Virtualization Overlays \(NVO3\) Working Group" <nvo3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3>, <mailto:nvo3-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nvo3/>
List-Post: <mailto:nvo3@ietf.org>
List-Help: <mailto:nvo3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3>, <mailto:nvo3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Mar 2017 13:08:16 -0000

The new section "Constraints on Protocol Features" seems to be punting
the issues that were raised concerning processing of TLVs to a control
plane which itself is still TDB. This is not normative and if someone
were implementing a dataplane for Geneve today this provides no
practical guidance on how to make it interoperable.

Alternatively, to address the TLV processing concerns, I would suggest:

1) Eliminate non-critical options. This is the most likely source of
DOS attacks where an attacker just fills up a packet with tiny fake
options. The counter argument to this is that it's need to roll out
new features, but TBH I am am skeptical this is really use in the
datacenter for that. It's more typical we just configure the allowed
options on both sides or rely on negotiation to specify the known
options like we do in TCP.
2) Enforce an ordering on options as was discussed previously. Maybe
just require the TLVs to be ordered by type. This eliminates the
combinatorics of TLVs and since it would be a requirement on the
protocol the order is well known and should yield interoperable
implementations.

Tom



On Mon, Mar 13, 2017 at 2:55 PM,  <internet-drafts@ietf.org> wrote:
>
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Network Virtualization Overlays of the IETF.
>
>         Title           : Geneve: Generic Network Virtualization Encapsulation
>         Authors         : Jesse Gross
>                           Ilango Ganga
>                           T. Sridhar
>         Filename        : draft-ietf-nvo3-geneve-04.txt
>         Pages           : 26
>         Date            : 2017-03-13
>
> Abstract:
>    Network virtualization involves the cooperation of devices with a
>    wide variety of capabilities such as software and hardware tunnel
>    endpoints, transit fabrics, and centralized control clusters.  As a
>    result of their role in tying together different elements in the
>    system, the requirements on tunnels are influenced by all of these
>    components.  Flexibility is therefore the most important aspect of a
>    tunnel protocol if it is to keep pace with the evolution of the
>    system.  This draft describes Geneve, a protocol designed to
>    recognize and accommodate these changing capabilities and needs.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-nvo3-geneve/
>
> There's also a htmlized version available at:
> https://tools.ietf.org/html/draft-ietf-nvo3-geneve-04
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-nvo3-geneve-04
>
>
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> _______________________________________________
> nvo3 mailing list
> nvo3@ietf.org
> https://www.ietf.org/mailman/listinfo/nvo3

v2.23.0 | Report a Bug | By Email