IETF Logo Mail Archive

Re: [nvo3] I-D Action: draft-ietf-nvo3-geneve-04.txt

Tom Herbert <tom@herbertland.com> Fri, 14 April 2017 02:03 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: nvo3@ietfa.amsl.com
Delivered-To: nvo3@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F41AE127333 for <nvo3@ietfa.amsl.com>; Thu, 13 Apr 2017 19:03:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kPFy0h6SopKz for <nvo3@ietfa.amsl.com>; Thu, 13 Apr 2017 19:03:52 -0700 (PDT)
Received: from mail-qt0-x22d.google.com (mail-qt0-x22d.google.com [IPv6:2607:f8b0:400d:c0d::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47B2D1200C5 for <nvo3@ietf.org>; Thu, 13 Apr 2017 19:03:52 -0700 (PDT)
Received: by mail-qt0-x22d.google.com with SMTP id m36so58505768qtb.0 for <nvo3@ietf.org>; Thu, 13 Apr 2017 19:03:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=UX68VGUsmVOs83D2q9t7HgsqVoEIuulk2Y5PC1sReQs=; b=wFwQFpGAscwpieS0sOR22/9CWiNFBYVALLQ5/3oaGlTc1jnNqEpO06uB90OrKGsfRz LfGLa0dzqtDXRqTozCNmnaeQkfW//C5saIUyOB68uddCRF1+HSa9GUuws6AEkdNadEBW tpjVEDC0YB0D9GquLOX6/a786PLMX9NXByWwgC+Nzb8bfqj0uCrJJMNUfWhhW4WV8XGN 4FbqcnQfrA2lIUq3cqo1Nx2QjJQIb+YEBOgrPRupP2/QisXkwyGdBc1mtJudHXMjEF5h 4epOdIw4VnmvKhPjc+5XVeFOX+gMPCypxuLmpOdmREVElrx0G+RrZ5tzg+zA+EhBStcs zpAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=UX68VGUsmVOs83D2q9t7HgsqVoEIuulk2Y5PC1sReQs=; b=byN/TLYEccGrcruuqtO/owedtgK9MF24wCdMw/GRWrr8qHiROLxlXv7WqmS+i46lDh VdCiUoduzNJpydEam9n9jjf7rrkKcR6/chIUj8BiDd1AWJEr0/6dMMQh+uTVQIGkpZw4 veS8dN9U5iUyltBIhqzWHbbgN+84BiR1dbF0Y01EGxEgUsmUC6Cuv9J3wkcApOiU7F+M iq7tIlm+lu4klTUkbNaKG/ORlyYFYnMlKgBo0G5pt/AooqC9I2GSLxL4vOu1kZytdNAk 9ZlX4R94s5mQG1tEiECmwzB467L2WIlhAtNivMnO8rJphfxCYpVe5Ix/KvdnhJmMKcTH W8IQ==
X-Gm-Message-State: AN3rC/4S+5l6+PkNynsvon7k1d1QLGnKx56O6ow7ygw4QJ6JLiRfIVv3 l5YnCB7StM3QsRmWfq72VBpNpndW2A==
X-Received: by 10.200.34.144 with SMTP id f16mr5702596qta.186.1492135431194; Thu, 13 Apr 2017 19:03:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.97.10 with HTTP; Thu, 13 Apr 2017 19:03:50 -0700 (PDT)
In-Reply-To: <CALx6S37JxHWYyW=Vfvt-5qEV4+sPfZcfCiD=7ij_inG_Dr3tvw@mail.gmail.com>
References: <148944213947.20276.327932844116144830@ietfa.amsl.com> <CALx6S37JxHWYyW=Vfvt-5qEV4+sPfZcfCiD=7ij_inG_Dr3tvw@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 13 Apr 2017 19:03:50 -0700
Message-ID: <CALx6S36kuN4j7uxfvbdN9ZnFVTSLU_Eg9_kHYrzLPLTmUXFs0Q@mail.gmail.com>
To: "nvo3@ietf.org" <nvo3@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nvo3/QJkdM7gb7wYq9jec75WcvfLozj0>
Subject: Re: [nvo3] I-D Action: draft-ietf-nvo3-geneve-04.txt
X-BeenThere: nvo3@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Network Virtualization Overlays \(NVO3\) Working Group" <nvo3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3>, <mailto:nvo3-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nvo3/>
List-Post: <mailto:nvo3@ietf.org>
List-Help: <mailto:nvo3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3>, <mailto:nvo3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Apr 2017 02:03:54 -0000

It has been more than two weeks since I posted this. Considering that
there is now a consensus call for Geneve, could someone who is
advocating Geneve please respond to my concerns about this new text
and whether my suggestion for changing the protocol are acceptable.
Strategic silence does not make problems go away... :-)

Tom

On Mon, Mar 27, 2017 at 6:08 AM, Tom Herbert <tom@herbertland.com> wrote:
> The new section "Constraints on Protocol Features" seems to be punting
> the issues that were raised concerning processing of TLVs to a control
> plane which itself is still TDB. This is not normative and if someone
> were implementing a dataplane for Geneve today this provides no
> practical guidance on how to make it interoperable.
>
> Alternatively, to address the TLV processing concerns, I would suggest:
>
> 1) Eliminate non-critical options. This is the most likely source of
> DOS attacks where an attacker just fills up a packet with tiny fake
> options. The counter argument to this is that it's need to roll out
> new features, but TBH I am am skeptical this is really use in the
> datacenter for that. It's more typical we just configure the allowed
> options on both sides or rely on negotiation to specify the known
> options like we do in TCP.
> 2) Enforce an ordering on options as was discussed previously. Maybe
> just require the TLVs to be ordered by type. This eliminates the
> combinatorics of TLVs and since it would be a requirement on the
> protocol the order is well known and should yield interoperable
> implementations.
>
> Tom
>
>
>
> On Mon, Mar 13, 2017 at 2:55 PM,  <internet-drafts@ietf.org> wrote:
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>> This draft is a work item of the Network Virtualization Overlays of the IETF.
>>
>>         Title           : Geneve: Generic Network Virtualization Encapsulation
>>         Authors         : Jesse Gross
>>                           Ilango Ganga
>>                           T. Sridhar
>>         Filename        : draft-ietf-nvo3-geneve-04.txt
>>         Pages           : 26
>>         Date            : 2017-03-13
>>
>> Abstract:
>>    Network virtualization involves the cooperation of devices with a
>>    wide variety of capabilities such as software and hardware tunnel
>>    endpoints, transit fabrics, and centralized control clusters.  As a
>>    result of their role in tying together different elements in the
>>    system, the requirements on tunnels are influenced by all of these
>>    components.  Flexibility is therefore the most important aspect of a
>>    tunnel protocol if it is to keep pace with the evolution of the
>>    system.  This draft describes Geneve, a protocol designed to
>>    recognize and accommodate these changing capabilities and needs.
>>
>>
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-ietf-nvo3-geneve/
>>
>> There's also a htmlized version available at:
>> https://tools.ietf.org/html/draft-ietf-nvo3-geneve-04
>>
>> A diff from the previous version is available at:
>> https://www.ietf.org/rfcdiff?url2=draft-ietf-nvo3-geneve-04
>>
>>
>> Please note that it may take a couple of minutes from the time of submission
>> until the htmlized version and diff are available at tools.ietf.org.
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>>
>> _______________________________________________
>> nvo3 mailing list
>> nvo3@ietf.org
>> https://www.ietf.org/mailman/listinfo/nvo3

v2.23.0 | Report a Bug | By Email