IETF Logo Mail Archive

Re: [nvo3] Mirja Kühlewind's Discuss on draft-ietf-nvo3-geneve-14: (with DISCUSS and COMMENT)

"Ganga, Ilango S" <ilango.s.ganga@intel.com> Sun, 02 February 2020 19:47 UTC

Return-Path: <ilango.s.ganga@intel.com>
X-Original-To: nvo3@ietfa.amsl.com
Delivered-To: nvo3@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52A261200B1; Sun, 2 Feb 2020 11:47:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OTuQG5A-Egwc; Sun, 2 Feb 2020 11:46:57 -0800 (PST)
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31C54120033; Sun, 2 Feb 2020 11:46:56 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Feb 2020 11:46:56 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.70,395,1574150400"; d="scan'208";a="430934963"
Received: from orsmsx106.amr.corp.intel.com ([10.22.225.133]) by fmsmga006.fm.intel.com with ESMTP; 02 Feb 2020 11:46:55 -0800
Received: from orsmsx111.amr.corp.intel.com (10.22.240.12) by ORSMSX106.amr.corp.intel.com (10.22.225.133) with Microsoft SMTP Server (TLS) id 14.3.439.0; Sun, 2 Feb 2020 11:46:55 -0800
Received: from orsmsx116.amr.corp.intel.com ([169.254.7.209]) by ORSMSX111.amr.corp.intel.com ([169.254.12.237]) with mapi id 14.03.0439.000; Sun, 2 Feb 2020 11:46:55 -0800
From: "Ganga, Ilango S" <ilango.s.ganga@intel.com>
To: Mirja Kühlewind <ietf@kuehlewind.net>, The IESG <iesg@ietf.org>
CC: "draft-ietf-nvo3-geneve@ietf.org" <draft-ietf-nvo3-geneve@ietf.org>, Matthew Bocci <matthew.bocci@nokia.com>, "nvo3-chairs@ietf.org" <nvo3-chairs@ietf.org>, "nvo3@ietf.org" <nvo3@ietf.org>, "T. Sridhar" <tsridhar@vmware.com>, Jesse Gross <jesse@kernel.org>
Thread-Topic: Mirja Kühlewind's Discuss on draft-ietf-nvo3-geneve-14: (with DISCUSS and COMMENT)
Thread-Index: AQHVqs6S2HMl4KliBUy3tKO18rzT1agInIdA
Date: Sun, 02 Feb 2020 19:46:54 +0000
Message-ID: <C5A274B25007804B800CB5B289727E35906BB799@ORSMSX116.amr.corp.intel.com>
References: <157548322373.11109.8094931683874603158.idtracker@ietfa.amsl.com>
In-Reply-To: <157548322373.11109.8094931683874603158.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiYjNlOGFlYmItZjE2My00NzRlLWI3MTYtMzM1ZDU5OWQzZjk1IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiQkQ1QzlTaCt2Y1pndmFpQ2F5czAxNDNKNmRKNUZEeHZRZlBNREhBdUdNZjd6MGtcLzM0U09DcWxoZmdVS1pWb0kifQ==
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
x-originating-ip: [10.22.254.138]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/nvo3/ord-OTuC6Qz5TrGp0kTY64jnc5Y>
Subject: Re: [nvo3] Mirja Kühlewind's Discuss on draft-ietf-nvo3-geneve-14: (with DISCUSS and COMMENT)
X-BeenThere: nvo3@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Network Virtualization Overlays \(NVO3\) Working Group" <nvo3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3>, <mailto:nvo3-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nvo3/>
List-Post: <mailto:nvo3@ietf.org>
List-Help: <mailto:nvo3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3>, <mailto:nvo3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Feb 2020 19:47:01 -0000

Hello Mirja,

Thanks for your review of the document and comments. Please see below for our responses inline, enclosed within <Response> </Response>. Let us know if you are satisfied with this resolution. 

Regards,
Ilango Ganga
Geneve Editor


-----Original Message-----
From: Mirja Kühlewind via Datatracker <noreply@ietf.org> 
Sent: Wednesday, December 4, 2019 10:14 AM
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-nvo3-geneve@ietf.org; Matthew Bocci <matthew.bocci@nokia.com>; nvo3-chairs@ietf.org; matthew.bocci@nokia.com; nvo3@ietf.org
Subject: Mirja Kühlewind's Discuss on draft-ietf-nvo3-geneve-14: (with DISCUSS and COMMENT)

Mirja Kühlewind has entered the following ballot position for
draft-ietf-nvo3-geneve-14: Discuss
----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

Thanks for the really well written document that addresses all transport related question well (and thanks to David for the early TSV review!). I only have one minor process point that need to be addressed before publication:

Inline with RFC6335 the Assignee and Contact of the port entry should also be updated to IESG <iesg@ietf.org> and IETF Chair <chair@ietf.org> respectively.

IG>> <Response>
Agreed. This was brought up during the IANA review and we have requested IANA to update the Assignee and Contact information (as noted above) before publication.
</Response>

----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

1) One small comment/question on the editorial note in sec 4.4.1:
"It was discussed during TSVART early review if the level of
   requirement for maintaining tunnel MTU at the ingress has to be "MAY"
   or "SHOULD".  The discussion concluded that it was appropriate to
   leave this as "MAY", considering the high level of state to be
   maintained.
I would have preferred a SHOULD and I'm not sure I understand what state your are talking about...?

IG>> <Response>
The “state” (in the Editorial note) refers to tracking the MTU size per tunnel link (for all links) associated with the endpoint, which could be challenging depending on the number of endpoints and how they are represented internally in the implementation. So we have sufficient text in 4.4.1 to provide guidance to the operators/implementors.
 
We already have text that strongly RECOMMENDs to use Path MTU discovery to prevent or minimize fragmentation. So we could rephrase the sentence to simply restate that fact as follows:

Entire first paragraph of 4.4.1 is referenced below (revised text is enclosed in quotes " ") because we proposed to revise the first sentence in response to another comment:

"It is strongly RECOMMENDED that Path MTU Discovery ([RFC1191],
   [RFC8201]) be used to prevent or minimize fragmentation.”
   The use of Path MTU Discovery on the transit network provides the
   encapsulating tunnel endpoint with soft-state about the link that it
   may use to prevent or minimize fragmentation depending on its role in
   the virtualized network. "The NVE can maintain this state (the MTU size of
   the tunnel link(s) associated with the tunnel endpoint), so if a
   tenant system sends large packets that when encapsulated exceed the
   MTU size of the tunnel link, the tunnel endpoint can discard such
   packets and send exception messages to the tenant system(s)."  If the
   tunnel endpoint is associated with a routing or forwarding function
   and/or has the capability to send ICMP messages, the encapsulating
   tunnel endpoint MAY send ICMP fragmentation needed [RFC0792] or
   Packet Too Big [RFC4443] messages to the tenant system(s). "When determining the MTU size of a tunnel link, 
   maximum length of options should be considered as options may vary on a per-packet basis".

</Response>

2) And one more small question on sec 4.4.1. in general:
Is the assumption that all tunnel packets have the same options (and therefore same Geneve header length) at a certain ingress, or should the announced MTU always consider the maximum length that a certain ingress could produce. Would be good to clarify this in the document!

IG>> <Response>  The options could vary on a per packet basis. We will add a sentence at the end of the first paragraph in 4.4.1 to clarify this point:
“When determining the MTU size of a tunnel link, maximum length of options should be considered as options may vary on a per-packet basis."

The entire paragraph is reproduced above for reference. 
</Response>

3) Section 6:
"When crossing an untrusted link, such as the public Internet, IPsec
   [RFC4301] may be used to provide authentication and/or encryption of
   the IP packets formed as part of Geneve encapsulation."
Should this maybe be a normative SHOULD and not a lower case "may"?

IG>> <Response> We already have this requirement in section 6.1.1.  We can rephrase the sentence as follows to provide reference to the requirement in 6.6.1.

OLD:
When crossing an untrusted link, such as the public Internet, IPsec
   [RFC4301] may be used to provide authentication and/or encryption of
   the IP packets formed as part of Geneve encapsulation.
 
NEW:
“When crossing an untrusted link, such as the public Internet, VPN technologies such as IPsec
   [RFC4301] should be used to provide authentication and/or encryption of
   the IP packets formed as part of Geneve encapsulation (See section 6.1.1).”
</Response>

3) And one random thought on the protocol design (given we all love to design protocols :-) ): Was it considered to require to have critical options first in order to speed up processing?

IG>> <Response> 
There were quite a few discussions in the working group and the NVO3 design team around imposing ordering requirements on options. However, given that Geneve is intended to be a flexible and general purpose protocol, it seemed clear that there wasn't one ordering that would satisfy all the needs. However, certain use cases could order options in a particular way as an optimization and still be compatible with the protocol, and this can be managed by the control plane. The recommendation from the NVO3 design team is to let the control plane negotiate the ordering.  See section 4.5.1 that provides text to this effect.  
</Response>

<End of Responses>

v2.23.0 | Report a Bug | By Email