< draft-ietf-bfd-vxlan-08.txt | draft-ietf-bfd-vxlan-09.txt > | |||
---|---|---|---|---|
BFD S. Pallagatti, Ed. | BFD S. Pallagatti, Ed. | |||
Internet-Draft VMware | Internet-Draft VMware | |||
Intended status: Standards Track S. Paragiri | Intended status: Standards Track S. Paragiri | |||
Expires: May 4, 2020 Individual Contributor | Expires: May 22, 2020 Individual Contributor | |||
V. Govindan | V. Govindan | |||
M. Mudigonda | M. Mudigonda | |||
Cisco | Cisco | |||
G. Mirsky | G. Mirsky | |||
ZTE Corp. | ZTE Corp. | |||
November 1, 2019 | November 19, 2019 | |||
BFD for VXLAN | BFD for VXLAN | |||
draft-ietf-bfd-vxlan-08 | draft-ietf-bfd-vxlan-09 | |||
Abstract | Abstract | |||
This document describes the use of the Bidirectional Forwarding | This document describes the use of the Bidirectional Forwarding | |||
Detection (BFD) protocol in point-to-point Virtual eXtensible Local | Detection (BFD) protocol in point-to-point Virtual eXtensible Local | |||
Area Network (VXLAN) tunnels forming up an overlay network. | Area Network (VXLAN) tunnels forming up an overlay network. | |||
Status of This Memo | Status of This Memo | |||
This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
skipping to change at page 1, line 38 ¶ | skipping to change at page 1, line 38 ¶ | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
This Internet-Draft will expire on May 4, 2020. | This Internet-Draft will expire on May 22, 2020. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
skipping to change at page 8, line 51 ¶ | skipping to change at page 8, line 51 ¶ | |||
The document requires setting the inner IP TTL to 1, which could be | The document requires setting the inner IP TTL to 1, which could be | |||
used as a DDoS attack vector. Thus the implementation MUST have | used as a DDoS attack vector. Thus the implementation MUST have | |||
throttling in place to control the rate of BFD Control packets sent | throttling in place to control the rate of BFD Control packets sent | |||
to the control plane. On the other hand, over-aggressive throttling | to the control plane. On the other hand, over-aggressive throttling | |||
of BFD Control packets may become the cause of the inability to form | of BFD Control packets may become the cause of the inability to form | |||
and maintain BFD session at scale. Hence, throttling of BFD Control | and maintain BFD session at scale. Hence, throttling of BFD Control | |||
packets SHOULD be adjusted to permit BFD to work according to its | packets SHOULD be adjusted to permit BFD to work according to its | |||
procedures. | procedures. | |||
This document recommends using an address from the Internal host | ||||
loopback addresses range as the destination IP address in the inner | ||||
IP header . Using such address prevents the forwarding of the | ||||
encapsulated BFD control message by a transient node in case the | ||||
VXLAN tunnel is broken as according to [RFC1812]: | ||||
A router SHOULD NOT forward, except over a loopback interface, any | ||||
packet that has a destination address on network 127. A router | ||||
MAY have a switch that allows the network manager to disable these | ||||
checks. If such a switch is provided, it MUST default to | ||||
performing the checks. | ||||
If the implementation supports establishing multiple BFD sessions | If the implementation supports establishing multiple BFD sessions | |||
between the same pair of VTEPs, there SHOULD be a mechanism to | between the same pair of VTEPs, there SHOULD be a mechanism to | |||
control the maximum number of such sessions that can be active at the | control the maximum number of such sessions that can be active at the | |||
same time. | same time. | |||
Other than inner IP TTL set to 1 and limit the number of BFD sessions | Other than inner IP TTL set to 1 and limit the number of BFD sessions | |||
between the same pair of VTEPs, this specification does not raise any | between the same pair of VTEPs, this specification does not raise any | |||
additional security issues beyond those of the specifications | additional security issues beyond those of the specifications | |||
referred to in the list of normative references. | referred to in the list of normative references. | |||
skipping to change at page 9, line 31 ¶ | skipping to change at page 9, line 43 ¶ | |||
reviews and feedback on this material. | reviews and feedback on this material. | |||
Authors would also like to thank Nobo Akiya, Marc Binderberger, | Authors would also like to thank Nobo Akiya, Marc Binderberger, | |||
Shahram Davari, Donald E. Eastlake 3rd, and Anoop Ghanwani for the | Shahram Davari, Donald E. Eastlake 3rd, and Anoop Ghanwani for the | |||
extensive reviews and the most detailed and helpful comments. | extensive reviews and the most detailed and helpful comments. | |||
12. References | 12. References | |||
12.1. Normative References | 12.1. Normative References | |||
[RFC1812] Baker, F., Ed., "Requirements for IP Version 4 Routers", | ||||
RFC 1812, DOI 10.17487/RFC1812, June 1995, | ||||
<https://www.rfc-editor.org/info/rfc1812>. | ||||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
<https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
[RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection | [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection | |||
(BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, | (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, | |||
<https://www.rfc-editor.org/info/rfc5880>. | <https://www.rfc-editor.org/info/rfc5880>. | |||
[RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection | [RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection | |||
End of changes. 6 change blocks. | ||||
4 lines changed or deleted | 20 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |