Re: Éric Vyncke's Discuss on draft-ietf-bfd-vxlan-09: (with DISCUSS and COMMENT)

"Carlos Pignataro (cpignata)" <cpignata@cisco.com> Wed, 18 December 2019 21:28 UTC

Return-Path: <cpignata@cisco.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05DF6120D5F; Wed, 18 Dec 2019 13:28:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Level:
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=SKDgmFPx; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=mv5Jh9LN
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y-TYFWFK8Ipe; Wed, 18 Dec 2019 13:28:37 -0800 (PST)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B97C120CC0; Wed, 18 Dec 2019 13:28:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7772; q=dns/txt; s=iport; t=1576704514; x=1577914114; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=r/YpIZ9DGO+cLza5EM8TmFYB/+kQB5R9joWQ9LaH5xY=; b=SKDgmFPxMwDx1abVkzpmmJVTUZyMRIrvtv6Fu8A2jtyD72ZBpYlBl2tu f5D4YtBxt0wW7kf33NM6KoMAOIjahbRZS6zkYzVkDjW+d2zdpDGRwSYI7 7k6fTN6Q7tK4i1hwgSIknfuB0qYL43fLqihTmHox772ZLkjzrziMC5irV U=;
IronPort-PHdr: =?us-ascii?q?9a23=3AR0LLTRI1LatcwHX0QtmcpTVXNCE6p7X5OBIU4Z?= =?us-ascii?q?M7irVIN76u5InmIFeBvKd2lFGcW4Ld5roEkOfQv636EU04qZea+DFnEtRXUg?= =?us-ascii?q?Mdz8AfngguGsmAXEbjLfHsZjAzNM9DT1RiuXq8NBsdFQ=3D=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CwAABZmfpd/4UNJK1lGgEBAQEBAQE?= =?us-ascii?q?BAQMBAQEBEQEBAQICAQEBAYF8gU1QBWxYIAQLKgqDeoNGA4pygl+YBoFCgRA?= =?us-ascii?q?DVAkBAQEMAQElCAIBAYRAAheCAiQ4EwIDDQEBBAEBAQIBBQRthTcMhV8BAQE?= =?us-ascii?q?DEhERDAEBKQ4BDwIBBgIOCgICIwMCAgIwFAEFCwIEDgUigwABgkYDLgEOA5I?= =?us-ascii?q?6kGQCgTiIYXWBMoJ+AQEFgTUBE0GDGRiCEAMGgQ4oiU+CSRqBQT+BEScggkw?= =?us-ascii?q?+gmQCAQIBgSwBDAYBgy8ygiyNRoI4OYV5iT2PIAqCNYcxikCEIhuCQ4d5hEG?= =?us-ascii?q?LUYNHk1iRfQIEAgQFAg4BAQWBaSJnWBEIcBVlAYJBUBgNjRIMFxWDO4UUhT9?= =?us-ascii?q?0AYEni0UOF4ELAYEPAQE?=
X-IronPort-AV: E=Sophos;i="5.69,330,1571702400"; d="scan'208";a="687999411"
Received: from alln-core-11.cisco.com ([173.36.13.133]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 Dec 2019 21:28:32 +0000
Received: from XCH-RCD-010.cisco.com (xch-rcd-010.cisco.com [173.37.102.20]) by alln-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id xBILSXtA021424 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 18 Dec 2019 21:28:33 GMT
Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-RCD-010.cisco.com (173.37.102.20) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 18 Dec 2019 15:28:32 -0600
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 18 Dec 2019 15:28:31 -0600
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 18 Dec 2019 15:28:31 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LkaJ7F3CovbEq8dW+t5LUplhAS8wcQ9oFSHT5EbYjcKaiOioVDoAHS1JcLYG6U39QlCH4wNE9tjKmsInxl6QTmCq2zK7+AOeJGUiJZzcZEIF8c6zk1gcBRGhcoMMVQvnXpfjSZKNz1Y/2gD6XyTBHxYgmfE3Des/Z2TGAKUs9/EPzFXJTAaVCUsUhGOsgzBKQ+oQGJjtEzWfHHFwwMMQ/O84288Jt0O4SPtiCJx8kiOFMDn7IDYPa44e3rlcgCn6kXZgnCtSLvr9yHsrmYwNtlWZAD3H/QkKNOwClDc5g55xV+Lc2QDZkxdeCDogn6x2DsWekTDEkmMmon4KIle/dA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=r/YpIZ9DGO+cLza5EM8TmFYB/+kQB5R9joWQ9LaH5xY=; b=dkWCyJIvAmsXTSUFCJAXZbgkjb8+A7D6hRrtI/uVLvxhQhBP0DUI94NGov0UGE2vWhaUG5kbRRsTypAgPOzU1IXcn6z5h+SFxHEizWtaHRL+5qsTQdmnkn/oS2GJCWVoSvYltYglf4rzKrmAGNk/BPM7LO3fvCsxScku5HzXpKQz+LtG99UdK8K95XLpmIgePBs+yfi3RzOkL55V/r1pmABxx3Fw5IAiqJgSGVYovg0PPJFOQvj6BPcDzIwTyVc9xz7ZJGazjxKuIvWY/A+ut/KrbvpqpC/4QbnKvEpulWCKpC/8/8HJ7J/NIX9cMdXv/lRxGS4N1zN3CnNO2KMt6g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=r/YpIZ9DGO+cLza5EM8TmFYB/+kQB5R9joWQ9LaH5xY=; b=mv5Jh9LNkrB/OGcyoMkfQ7rUBhFXTXgmmlcJRR9+V9ti1IRphpZHxqwd7on2+MkgRKlrorCU+Bb4soVsxUE2XEMxE2dpi+axli/hlDyrTCSRZVQtOfvY/Flo4OGLZv37pYdlUIdhn/LLl27cYIcH2Y9i31ycUZPzwedh/+bBxfk=
Received: from BN6PR11MB0034.namprd11.prod.outlook.com (10.161.156.160) by BN6PR11MB4116.namprd11.prod.outlook.com (10.255.131.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2559.14; Wed, 18 Dec 2019 21:28:31 +0000
Received: from BN6PR11MB0034.namprd11.prod.outlook.com ([fe80::d4cf:20e6:8706:d006]) by BN6PR11MB0034.namprd11.prod.outlook.com ([fe80::d4cf:20e6:8706:d006%5]) with mapi id 15.20.2538.019; Wed, 18 Dec 2019 21:28:31 +0000
From: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
To: Jeffrey Haas <jhaas@pfrc.org>
CC: "Eric Vyncke (evyncke)" <evyncke@cisco.com>, The IESG <iesg@ietf.org>, "draft-ietf-bfd-vxlan@ietf.org" <draft-ietf-bfd-vxlan@ietf.org>, "rtg-bfd@ietf.org" <rtg-bfd@ietf.org>, "bfd-chairs@ietf.org" <bfd-chairs@ietf.org>
Subject: =?utf-8?B?UmU6IMOJcmljIFZ5bmNrZSdzIERpc2N1c3Mgb24gZHJhZnQtaWV0Zi1iZmQt?= =?utf-8?Q?vxlan-09:_(with_DISCUSS_and_COMMENT)?=
Thread-Topic: =?utf-8?B?w4lyaWMgVnluY2tlJ3MgRGlzY3VzcyBvbiBkcmFmdC1pZXRmLWJmZC12eGxh?= =?utf-8?Q?n-09:_(with_DISCUSS_and_COMMENT)?=
Thread-Index: AQHVtLc75ryADAJO5Ui6+24NC5naA6e+kjMAgAHIsoD//7wKAA==
Date: Wed, 18 Dec 2019 21:28:30 +0000
Message-ID: <FE5AEE55-9F03-49E9-89C3-6C9700C8683E@cisco.com>
References: <157657269782.26511.12421406428553874826.idtracker@ietfa.amsl.com> <CED2B858-AC55-4B0A-ADA2-AC46B628E6DA@cisco.com> <20191218203145.GD6488@pfrc.org>
In-Reply-To: <20191218203145.GD6488@pfrc.org>
Accept-Language: en-US
Content-Language: ja-JP
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.20.0.191208
authentication-results: spf=none (sender IP is ) smtp.mailfrom=cpignata@cisco.com;
x-originating-ip: [173.38.117.71]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e16b056a-18de-4ea9-138b-08d784013aa7
x-ms-traffictypediagnostic: BN6PR11MB4116:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <BN6PR11MB4116FA5EB4AABF0F54548669C7530@BN6PR11MB4116.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0255DF69B9
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(39860400002)(136003)(346002)(396003)(376002)(469094003)(199004)(189003)(501584002)(478600001)(64756008)(66446008)(66476007)(66556008)(6506007)(2906002)(86362001)(966005)(2616005)(33656002)(66946007)(6486002)(81166006)(71200400001)(224303003)(6512007)(186003)(26005)(76116006)(81156014)(66574012)(36756003)(316002)(54906003)(6916009)(4326008)(5660300002)(8936002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR11MB4116; H:BN6PR11MB0034.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: rMQM8LMu3FSsiXnvpA6HRPw7pdR9/sOCA2lz9m6plx7XkWxa44i0ARMcKGZ++sdV32vtpVo4l/16r//zSYRla6ZL+aj9bg0w4XgQ1dwPTeeBgka7YWqSwfl3Ljsv/gfVhbQfwZHzQssgRncHc3Es1op1X5SSuO34+GXIiK59QOw/5784HaOEEv4Sn+EqR/324LWaDK16G8Z0dGp44L+8wAK04NxEuOQmw5q2GpwrE+4RVyJj915ShOoKWW/vdjT2Cq+ickL4BuU0R6dCTnuSP78VUI1Io95pW2hWBAK6tByySA+2y7QwP3Buupb80Uy5HmvRvTGjV2B6SezSlXla7ip7ADO5dvRSlL3nHcqayBveoQ9x+QSgtDXf7FUwfkQY8Nu7HhMzoFm4N4FgoN+xIgAbWOFnTSs7g0WCRtXM5uKdN3W7IxzJ6xUmPq3YRCNKun49hqq3wLno/enkEJptu9YByUwjmS8j24wMtRxYIPsxwVKRKmAzRENI3iBnGvmFTe7xhrBvXZP2WKi5SyRBdf7XoKQ+7v9OQtG/kK16cvTkKe6+rDsJEGf4jJ9VbStC
Content-Type: text/plain; charset="utf-8"
Content-ID: <DF23D7E0E045514782FE280623A275C0@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: e16b056a-18de-4ea9-138b-08d784013aa7
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Dec 2019 21:28:30.7557 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Vt0KbM7MWNSJFpQmAy7XWBIkgvDUSY3Zj+Zy3Om7ANsKuRncKtP4GDgSRmmwjf73EgK0mLxB1I8jmxrDahf1zw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR11MB4116
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.20, xch-rcd-010.cisco.com
X-Outbound-Node: alln-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/0EYHwAqw5kM7KmifX8dcT9gZJjQ>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Dec 2019 21:28:39 -0000

Hi, Jeff,

The TTL of 1 recommended for RFC 4379 / RFC 8029 S4.3 is because if the MPLS packet is mis-routed, or there's a forwarding mis-programming, then an MPLS LSE pop would expose the BFD packet and so that the BFD is not further mis-forwarded.

In the VXLAN case an intermediate router would not remove the VXLAN encap because the outer encap is IP (with a destination address, not an MPLS Label that can be mis-interpreted in context) and a mid-point router would not understand VXLAN.

Thanks,

Carlos.

2019/12/18 午後3:27 に、"Jeffrey Haas" <jhaas@pfrc.org> を書き込みました:

    Carlos, Éric,
    
    Note that I'm not an expert in the underlying MPLS technologies.  I'll make
    two notes:
    
    BFD for vxlan is in a similar feature-space as RFC 5884, BFD for MPLS.
    
    RFC 5884, section 7, paragraph 3, suggests a TTL of 1 and provides a
    reference to RFC 4379.
    
    RFC 4379, section 4.3, provides procedures for TTL of 1.
    
    My personal inference would be that implementations at least in MPLS-land
    really want the TTL to be 1 for purposes of doing appropriate encapsulation
    checks. 
    
    I agree that GTSM procedures would suggest we may want TTL of 255.
    
    I suggest the answer we're looking for here would be provided by parties
    with appropriate history on why RFC 4379 recommends its procedures.  
    
    Failing that, I suspect BFD for vxlan is no worse than 4379.
    
    -- Jeff
    
    
    On Tue, Dec 17, 2019 at 05:17:11PM +0000, Carlos Pignataro (cpignata) wrote:
    > Hi, Éric,
    > 
    > Regarding you first DISCUSS element, I had brought up the same issue. See the 2nd point at https://mailarchive.ietf.org/arch/msg/rtg-bfd/BL9Ob66Yxie4wX13yZJELbYPLJs
    > 
    > Thanks,
    > 
    > Carlos.
    > 
    > 2019/12/17 午前3:51、Éric Vyncke via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>>のメール:
    > 
    > Éric Vyncke has entered the following ballot position for
    > draft-ietf-bfd-vxlan-09: Discuss
    > 
    > When responding, please keep the subject line intact and reply to all
    > email addresses included in the To and CC lines. (Feel free to cut this
    > introductory paragraph, however.)
    > 
    > 
    > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
    > for more information about IESG DISCUSS and COMMENT positions.
    > 
    > 
    > The document, along with other ballot positions, can be found here:
    > https://datatracker.ietf.org/doc/draft-ietf-bfd-vxlan/
    > 
    > 
    > 
    > ----------------------------------------------------------------------
    > DISCUSS:
    > ----------------------------------------------------------------------
    > 
    > 
    > Thank you for the work put into this document.
    > 
    > I fully second Adam's COMMENT that should be fixed before publication (IMHO
    > this is a DISCUSS).
    > 
    > Answers to my COMMENTs below will be welcome, even if those COMMENTs are not
    > blocking.
    > 
    > As usual, an answer to the DISCUSS is required to clear my DISCUSS though.
    > 
    > I hope that this helps to improve the document,
    > 
    > Regards,
    > 
    > -éric
    > 
    > == DISCUSS ==
    > 
    > May be I am not familiar enough with BFD, but, RFC 5881 (the one defining BFD)
    > specifies the use of TTL = Hop Limit = 255.. Why this document uses a value of
    > 1 ?
    > 
    > -- Section 3 --
    > IPv4-mapped IPv6 addresses are only to be used inside a host and should never
    > be transmitted in real packets (including packets inside a tunnel) see section
    > 4.2 of RFC 4038 (even if informational). As other IESG reviewers, I wonder why
    > ::1/128 is not used?
    > 
    > -- Section 8 --
    > The document specifies no IANA actions while the shepherd write-up talks about
    > a IANA action.
    > 
    > -- Section 9 --
    > This section is only about IPv4 (TTL and RFC 1812). Please address IPv6 as well.
    > 
    > 
    > ----------------------------------------------------------------------
    > COMMENT:
    > ----------------------------------------------------------------------
    > 
    > == COMMENTS ==
    > 
    > RFC 5881 (BFD) states that it applies to IPv4/IPv6 tunnels, may I infer that
    > this document is only required to address the Ethernet encapsulation ? I.e.
    > specifying the Ethernet MAC addresses?
    > 
    > -- Section 3 --
    > At first sight, I was surprized by having a BFD session per VXLAN VNI as it
    > will create some scalability issue, but, I assume that this is to detect
    > misconfiguration as well. If so, perhaps worth mentionnig the reasoning behind?
    > 
    > In "the inner destination IP address SHOULD" it is unclear whether it is in the
    > all BFD packets, or only the request one or ... ?
    > 
    > -- Section 4 --
    > While probably defined in RFC7348, should "FCS" be renamed as "Outer Ethernet
    > FCS" for consistency with the "Outer Ethernet Header" in figure 2 ?
    > 
    > Why not using the Source MAC address as the Destination MAC address ? This
    > would ensure that there is no conflict at the expense of "forcing" the
    > transmission of the frame even if addressed to itself.
    > 
    > Please consider rewriting the section about TTL/Hop Limit as it is not easy to
    > parse/read.
    > 
    > -- Section 9 --
    > It is unclear to me (see also Ben's comment) what is the 'attack vector' of
    > sending packets with TTL=1 ?
    > 
    > 
    >