IETF Logo Mail Archive

Re: [nvo3] I-D Action: draft-ietf-nvo3-geneve-04.txt

Tom Herbert <tom@herbertland.com> Tue, 18 April 2017 02:22 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: nvo3@ietfa.amsl.com
Delivered-To: nvo3@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66F3C1277BB for <nvo3@ietfa.amsl.com>; Mon, 17 Apr 2017 19:22:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9yNCRdSfGkmX for <nvo3@ietfa.amsl.com>; Mon, 17 Apr 2017 19:22:43 -0700 (PDT)
Received: from mail-qk0-x22a.google.com (mail-qk0-x22a.google.com [IPv6:2607:f8b0:400d:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5EB312940C for <nvo3@ietf.org>; Mon, 17 Apr 2017 19:22:39 -0700 (PDT)
Received: by mail-qk0-x22a.google.com with SMTP id h67so119507831qke.0 for <nvo3@ietf.org>; Mon, 17 Apr 2017 19:22:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=OeG/TmAg+ClufOyeEpqM0IQvz/Er/858W/icg7BJRFE=; b=gx30iirtAN7AgEO68PpKkHVIk5NnbI/GLxfUWa1rbbpW1c4fqkhEKkQV/TlYSOuIXb GvLEmI8b6k9aExbqHZySnKq194whmoz8tGur4e7DK91hWKNj0XHGNliaYR3BO3Oi7qCW tyidn4grCewfU8uzckZRo2JKbzDyXlNuMalHhqCipzqeNWkp3Ge3Xe5kWQASJvYcz1WI mzQpIwD4U/irGNSfwlyHo8rw9GxsXGo2rlnL6Cb0/hYZl0WaZTgRk0visiGHxy1XUHMY /lkBG4bm1/QAGhRgmBuQhNbMRcmsHhp+SmGdfWCNxPDnvG2MGb4GzU9qXhJpHvSd8INX nltg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=OeG/TmAg+ClufOyeEpqM0IQvz/Er/858W/icg7BJRFE=; b=YV0MQpvt1TCgWjKl24md6sP+C9Hk5nrrGC6DcImICvT6WGMXoJsV5xad7oBbHpYK3e pc340uZsSj6rKrzOXd3+6WJYvXjHe627nHyd1yxAVhRULOrPn3u4ACPKdiN6Cso68QwG kfdrctn8ulOyahZpdGs3asZsoZRQM3BLUYb3mLhoWdobSo8fkYmYcBDKG1NbKrq4v/OZ iPLMZflqxBN7OjOPl1wO3EUZR1blt3Q6VJjj3bKDmmdoOTv/7Dc63yqCSYFPWxLfp7Y5 03pIZhnmo9Q4QHajgQ/dZgwxObCLRQnhsiX7q8vQ5zD20+Rsb0ptyCgEQ2t9BnuzHrGM CGjw==
X-Gm-Message-State: AN3rC/5ycOspgDPAE/knfrzhLchASlJt3le9khCzB0qtRm9fS+eHZs51 jewww91tmhBNX2SSQYY4/jKQuom2wg==
X-Received: by 10.55.191.69 with SMTP id p66mr11073888qkf.77.1492482158968; Mon, 17 Apr 2017 19:22:38 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.97.10 with HTTP; Mon, 17 Apr 2017 19:22:38 -0700 (PDT)
In-Reply-To: <F90E508C-43DE-4DE2-A3A5-D383AF0A058A@vmware.com>
References: <F90E508C-43DE-4DE2-A3A5-D383AF0A058A@vmware.com>
From: Tom Herbert <tom@herbertland.com>
Date: Mon, 17 Apr 2017 19:22:38 -0700
Message-ID: <CALx6S34ksHCC6ub-qW=ip0Q8w86VPCk6JEZPw5scCob=Z+5e1A@mail.gmail.com>
To: Sami Boutros <sboutros@vmware.com>
Cc: "nvo3@ietf.org" <nvo3@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nvo3/s4NjbnGtWBrINWpGIjlZHUblb28>
Subject: Re: [nvo3] I-D Action: draft-ietf-nvo3-geneve-04.txt
X-BeenThere: nvo3@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Network Virtualization Overlays \(NVO3\) Working Group" <nvo3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3>, <mailto:nvo3-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nvo3/>
List-Post: <mailto:nvo3@ietf.org>
List-Help: <mailto:nvo3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3>, <mailto:nvo3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Apr 2017 02:22:45 -0000

On Mon, Apr 17, 2017 at 4:03 PM, Sami Boutros <sboutros@vmware.com> wrote:
> Tom,
>
> Your points were noted in the data-plane roundtable feedback that we
> presented Thursday at IETF.
>
> The authors will meet to go over the points raised from the roundtable and
> update the dt-encap draft accordingly.
>
Sami,

I really don't understand how this WG is supposed to work :-(. The
draft was posted to this list for purposes of discussion on the list
and now there is a consensus call on the same list. But, the draft has
received very little discussion and now we have to wait for the
committee to get a response? I implore the Geneve advocates to
actively engage with our attempts at critical discussion on the list
about this draft or the protocol draft. I gave a more in depth review
of the dt-encap draft which some direct questions about the content
which should be a starting basis for discussion.

Thanks,
Tom

> Thanks,
>
> Sami
>
>
> It has been more than two weeks since I posted this. Considering that
> there is now a consensus call for Geneve, could someone who is
> advocating Geneve please respond to my concerns about this new text
> and whether my suggestion for changing the protocol are acceptable.
> Strategic silence does not make problems go away... :-)
>
> Tom
>
> On Mon, Mar 27, 2017 at 6:08 AM, Tom Herbert <tom@herbertland.com>; wrote:
>> The new section "Constraints on Protocol Features" seems to be punting
>> the issues that were raised concerning processing of TLVs to a control
>> plane which itself is still TDB. This is not normative and if someone
>> were implementing a dataplane for Geneve today this provides no
>> practical guidance on how to make it interoperable.
>>
>> Alternatively, to address the TLV processing concerns, I would suggest:
>>
>> 1) Eliminate non-critical options. This is the most likely source of
>> DOS attacks where an attacker just fills up a packet with tiny fake
>> options. The counter argument to this is that it's need to roll out
>> new features, but TBH I am am skeptical this is really use in the
>> datacenter for that. It's more typical we just configure the allowed
>> options on both sides or rely on negotiation to specify the known
>> options like we do in TCP.
>> 2) Enforce an ordering on options as was discussed previously. Maybe
>> just require the TLVs to be ordered by type. This eliminates the
>> combinatorics of TLVs and since it would be a requirement on the
>> protocol the order is well known and should yield interoperable
>> implementations.
>>
>> Tom
>>
>>
>>
>> On Mon, Mar 13, 2017 at 2:55 PM,  <internet-drafts@ietf.org>; wrote:
>>>
>>> A New Internet-Draft is available from the on-line Internet-Drafts
>>> directories.
>>> This draft is a work item of the Network Virtualization Overlays of the
>>> IETF.
>>>
>>>         Title           : Geneve: Generic Network Virtualization
>>> Encapsulation
>>>         Authors         : Jesse Gross
>>>                           Ilango Ganga
>>>                           T. Sridhar
>>>         Filename        : draft-ietf-nvo3-geneve-04.txt
>>>         Pages           : 26
>>>         Date            : 2017-03-13
>>>
>>> Abstract:
>>>    Network virtualization involves the cooperation of devices with a
>>>    wide variety of capabilities such as software and hardware tunnel
>>>    endpoints, transit fabrics, and centralized control clusters.  As a
>>>    result of their role in tying together different elements in the
>>>    system, the requirements on tunnels are influenced by all of these
>>>    components.  Flexibility is therefore the most important aspect of a
>>>    tunnel protocol if it is to keep pace with the evolution of the
>>>    system.  This draft describes Geneve, a protocol designed to
>>>    recognize and accommodate these changing capabilities and needs.
>>>
>>>
>>> The IETF datatracker status page for this draft is:
>>> https://datatracker.ietf.org/doc/draft-ietf-nvo3-geneve/
>>>
>>> There's also a htmlized version available at:
>>> https://tools.ietf.org/html/draft-ietf-nvo3-geneve-04
>>>
>>> A diff from the previous version is available at:
>>> https://www.ietf.org/rfcdiff?url2=draft-ietf-nvo3-geneve-04
>>>
>>>
>>> Please note that it may take a couple of minutes from the time of
>>> submission
>>> until the htmlized version and diff are available at tools.ietf.org.
>>>
>>> Internet-Drafts are also available by anonymous FTP at:
>>> ftp://ftp.ietf.org/internet-drafts/
>>>
>>> _______________________________________________
>>> nvo3 mailing list
>>> nvo3@ietf.org
>>> https://www.ietf.org/mailman/listinfo/nvo3
>

v2.23.0 | Report a Bug | By Email