Re: [nvo3] Magnus Westerlund's Discuss on draft-ietf-nvo3-geneve-14: (with DISCUSS)
"Ganga, Ilango S" <ilango.s.ganga@intel.com> Fri, 24 January 2020 23:30 UTC
Return-Path: <ilango.s.ganga@intel.com>
X-Original-To: nvo3@ietfa.amsl.com
Delivered-To: nvo3@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D8DB120047; Fri, 24 Jan 2020 15:30:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.187
X-Spam-Level:
X-Spam-Status: No, score=-4.187 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XYdMfDtFs1zR; Fri, 24 Jan 2020 15:30:42 -0800 (PST)
Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C64B1200C4; Fri, 24 Jan 2020 15:30:40 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Jan 2020 15:30:38 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.70,359,1574150400"; d="scan'208,217";a="426774010"
Received: from orsmsx106.amr.corp.intel.com ([10.22.225.133]) by fmsmga005.fm.intel.com with ESMTP; 24 Jan 2020 15:30:38 -0800
Received: from orsmsx113.amr.corp.intel.com (10.22.240.9) by ORSMSX106.amr.corp.intel.com (10.22.225.133) with Microsoft SMTP Server (TLS) id 14.3.439.0; Fri, 24 Jan 2020 15:30:37 -0800
Received: from orsmsx116.amr.corp.intel.com ([169.254.7.209]) by ORSMSX113.amr.corp.intel.com ([169.254.9.57]) with mapi id 14.03.0439.000; Fri, 24 Jan 2020 15:30:37 -0800
From: "Ganga, Ilango S" <ilango.s.ganga@intel.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>, "iesg@ietf.org" <iesg@ietf.org>
CC: "draft-ietf-nvo3-geneve@ietf.org" <draft-ietf-nvo3-geneve@ietf.org>, "nvo3@ietf.org" <nvo3@ietf.org>, "martin.vigoureux@nokia.com" <martin.vigoureux@nokia.com>, "jesse@kernel.org" <jesse@kernel.org>, "matthew.bocci@nokia.com" <matthew.bocci@nokia.com>, "nvo3-chairs@ietf.org" <nvo3-chairs@ietf.org>, "tsridhar@vmware.com" <tsridhar@vmware.com>
Thread-Topic: [nvo3] Magnus Westerlund's Discuss on draft-ietf-nvo3-geneve-14: (with DISCUSS)
Thread-Index: AQHVq3abyk1/KhTvaUCztwME0QVnv6fsndUQgAE/4ACADOPZEA==
Date: Fri, 24 Jan 2020 23:30:37 +0000
Message-ID: <C5A274B25007804B800CB5B289727E35906B5973@ORSMSX116.amr.corp.intel.com>
References: <157555538886.16382.8953048381105884369.idtracker@ietfa.amsl.com> <C5A274B25007804B800CB5B289727E35906A495A@ORSMSX116.amr.corp.intel.com> <3b42404d1529a03b52187f1aa1e0f2d145e92aa1.camel@ericsson.com>
In-Reply-To: <3b42404d1529a03b52187f1aa1e0f2d145e92aa1.camel@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiODNmOTcxNTgtYTNkYS00MTIyLWJmNzAtNTllNzNkMDJhZDc1IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiMFArZTVWcTVQdnphZWVpRnVaXC95QlJYSjJMQzF5SGtmRzlWQ2trYWZITlQ1enZsYW9Dd0hleUNnaUhUR3B3MzgifQ==
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
x-originating-ip: [10.22.254.139]
Content-Type: multipart/alternative; boundary="_000_C5A274B25007804B800CB5B289727E35906B5973ORSMSX116amrcor_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/nvo3/y0cC5BeexLAHB6iTdZFTdKqs3yw>
Subject: Re: [nvo3] Magnus Westerlund's Discuss on draft-ietf-nvo3-geneve-14: (with DISCUSS)
X-BeenThere: nvo3@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Network Virtualization Overlays \(NVO3\) Working Group" <nvo3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3>, <mailto:nvo3-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nvo3/>
List-Post: <mailto:nvo3@ietf.org>
List-Help: <mailto:nvo3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3>, <mailto:nvo3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jan 2020 23:30:47 -0000
Hi Magnus, Thanks for your comments. Please see below for revised text that is more specific. We hope this addresses your concerns. Thanks, Ilango -----Original Message----- From: Magnus Westerlund <magnus.westerlund@ericsson.com> Sent: Thursday, January 16, 2020 2:25 AM To: Ganga, Ilango S <ilango.s.ganga@intel.com>; iesg@ietf.org Cc: draft-ietf-nvo3-geneve@ietf.org; nvo3@ietf.org; martin.vigoureux@nokia.com; jesse@kernel.org; matthew.bocci@nokia.com; nvo3-chairs@ietf.org; tsridhar@vmware.com Subject: Re: [nvo3] Magnus Westerlund's Discuss on draft-ietf-nvo3-geneve-14: (with DISCUSS) Hi, Please see below. On Wed, 2020-01-15 at 23:32 +0000, Ganga, Ilango S wrote: > Hello Magnus, > > Thanks for your review and comments. Please see below for our responses > inline, enclosed within <Response> </Response>. Let us know if you are > satisfied with this resolution. > > Regards, > Ilango Ganga > Geneve Editor > > > -----Original Message----- > From: nvo3 <nvo3-bounces@ietf.org<mailto:nvo3-bounces@ietf.org>> On Behalf Of Magnus Westerlund via > Datatracker > Sent: Thursday, December 5, 2019 6:16 AM > To: The IESG <iesg@ietf.org<mailto:iesg@ietf.org>> > Cc: matthew.bocci@nokia.com<mailto:matthew.bocci@nokia.com>; draft-ietf-nvo3-geneve@ietf.org<mailto:draft-ietf-nvo3-geneve@ietf.org>; nvo3@ietf.org<mailto:nvo3@ietf.org>; > nvo3-chairs@ietf.org<mailto:nvo3-chairs@ietf.org> > Subject: [nvo3] Magnus Westerlund's Discuss on draft-ietf-nvo3-geneve-14: > (with DISCUSS) > > Magnus Westerlund has entered the following ballot position for > draft-ietf-nvo3-geneve-14: Discuss > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > I want to discuss the implications of the source port usage and if that needs > a bit more consideration of failure cases and ICMP. So Section 3.3 says: > > Source port: A source port selected by the originating tunnel > endpoint. This source port SHOULD be the same for all packets > belonging to a single encapsulated flow to prevent reordering due > to the use of different paths. To encourage an even distribution > of flows across multiple links, the source port SHOULD be > calculated using a hash of the encapsulated packet headers using, > for example, a traditional 5-tuple. Since the port represents a > flow identifier rather than a true UDP connection, the entire > 16-bit range MAY be used to maximize entropy. > > I think using the different source ports to enable flow hashing is a nice > idea. > However, I am a bit worried over the implications of using the full 16-bit > range without caveats. Specifically in cases where a network error or other > failure to forward the Geneve encapsulated packet and that result in any form > a return traffic towards the tunnel ingress. Such as ICMP Packet Too Big > messages or Port / Host unreachable. These messages needs to be consumed by > the Geneve tunneling endpoint to affect the right response to them. However, > if the source port is corresponding to any port where there exist a listenser > or bi-directional server on the tunnel ingress host, such as SSH, Echo etc. > the ICMP messages may be consumed by the wrong entity that only filter on > source port and not the destination port. > > I believe this issue may require at least a explicit consideration in the > document. > > Otherwise thanks for thinking through many transport issues for tunnels. > > IG>> <Response> In Geneve, the source port is used to encode an entropy value > and the destination port is used to identify Geneve tunnel. We will add the > following text to the end of this paragraph in Section 3.3 to address your > point that the generation of source port value and handling of return traffic > should be managed by the tunnel end point implementation: > > “The generation of the UDP source port (e.g. hash value) and the handling of > return traffic to appropriate entity within the end point is managed by the > tunnel end point implementation. Actual mechanisms to manage this is out of > scope of this document.” > </Response> > Magnus>> I think the above text is not particullar clear on what the issue is. Just to make sure I am not missunderstanding anything. So the Geneve encapsulating source node to avoid this issue has basically two possible implementation path to correctly handle ICMP messages or any other return path traffic that reverses the outer IP/UDP headers. Either it has a general listener that first try to determine if the packet incoming is return traffic, or one only uses "free" UDP ports on the outer IP address used when encapsulating. I am fine with you leaving how to solve this up to the implementations, but you at least need to make the issue clear to the implementer. Also, I think it is dangerouse to make assumption that the outer IP address will not be used for anything else then GENEVE encapsulated tunnel traffic. IG>> <Response> Instead of the previously suggested text, we will replace with the revised text below that is more specific in addressing the issue. Add the following text to end of Section 3.3 source port definition (new paragraph): “If Geneve traffic is shared with other UDP listeners on the same IP address, tunnel endpoints SHOULD implement a mechanism to ensure ICMP return traffic arising from network errors is directed to the correct listener. Actual definition of the mechanism is beyond the scope of this document.” </Response> Cheers Magnus Westerlund ---------------------------------------------------------------------- Networks, Ericsson Research ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Torshamnsgatan 23 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com<mailto:magnus.westerlund@ericsson.com> ----------------------------------------------------------------------
- [nvo3] Magnus Westerlund's Discuss on draft-ietf-… Magnus Westerlund via Datatracker
- Re: [nvo3] Magnus Westerlund's Discuss on draft-i… Ganga, Ilango S
- Re: [nvo3] Magnus Westerlund's Discuss on draft-i… Magnus Westerlund
- Re: [nvo3] Magnus Westerlund's Discuss on draft-i… Ganga, Ilango S
- Re: [nvo3] Magnus Westerlund's Discuss on draft-i… Magnus Westerlund
- Re: [nvo3] Magnus Westerlund's Discuss on draft-i… Ganga, Ilango S